diff options
author | netblue30 <netblue30@protonmail.com> | 2021-07-28 19:01:17 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-28 19:01:17 +0000 |
commit | 2b5eb07e078c560a3ae184f4f997b7d7353a1a32 (patch) | |
tree | 0be4523f0ab86740a0c2e1dbe52b742fc9805b24 /etc | |
parent | moved rules from firefox-common.profile to firefox.profile (diff) | |
parent | Merge pull request #4412 from netblue30/Neo00001-patch-1 (diff) | |
download | firejail-2b5eb07e078c560a3ae184f4f997b7d7353a1a32.tar.gz firejail-2b5eb07e078c560a3ae184f4f997b7d7353a1a32.tar.zst firejail-2b5eb07e078c560a3ae184f4f997b7d7353a1a32.zip |
Merge branch 'master' into master
Diffstat (limited to 'etc')
806 files changed, 5568 insertions, 5119 deletions
diff --git a/etc/ids.config b/etc/ids.config new file mode 100644 index 000000000..09b0ae912 --- /dev/null +++ b/etc/ids.config | |||
@@ -0,0 +1,142 @@ | |||
1 | # /etc/firejail/ids.config - configuration file for Firejail's Intrusion Detection System | ||
2 | # This config file is overwritten when a new version of Firejail is installed. | ||
3 | # For global customization use /etc/firejail/ids.config.local. | ||
4 | include ids.config.local | ||
5 | # | ||
6 | # Each line is a file or directory name such as | ||
7 | # /usr/bin | ||
8 | # or | ||
9 | # ${HOME}/Desktop/*.desktop | ||
10 | # | ||
11 | # ${HOME} is expanded to the user's home directory, and * is the regular | ||
12 | # globbing match for zero or more characters. | ||
13 | # | ||
14 | # File or directory names starting with ! are not scanned. For example | ||
15 | # !${HOME}/.ssh/known_hosts | ||
16 | # ${HOME}/.ssh | ||
17 | # will scan all files in ~/.ssh directory with the exception of known_hosts | ||
18 | |||
19 | ### system executables ### | ||
20 | /bin | ||
21 | /sbin | ||
22 | /usr/bin | ||
23 | /usr/games | ||
24 | /usr/libexec | ||
25 | /usr/sbin | ||
26 | |||
27 | ### user executables ### | ||
28 | #/opt | ||
29 | #/usr/local | ||
30 | |||
31 | ### system libraries ### | ||
32 | #/lib | ||
33 | #/usr/lib | ||
34 | #/usr/lib32 | ||
35 | #/usr/lib64 | ||
36 | #/usr/libx32 | ||
37 | |||
38 | ### shells local ### | ||
39 | # bash | ||
40 | ${HOME}/.bash_login | ||
41 | ${HOME}/.bash_logout | ||
42 | ${HOME}/.bash_profile | ||
43 | ${HOME}/.bashrc | ||
44 | # fish | ||
45 | ${HOME}/.config/fish/config.fish | ||
46 | # others | ||
47 | ${HOME}/.cshrc | ||
48 | ${HOME}/.kshrc | ||
49 | ${HOME}/.login | ||
50 | ${HOME}/.logout | ||
51 | ${HOME}/.profile | ||
52 | ${HOME}/.tcshrc | ||
53 | # zsh | ||
54 | ${HOME}/.zlogin | ||
55 | ${HOME}/.zlogout | ||
56 | ${HOME}/.zshenv | ||
57 | ${HOME}/.zshprofile | ||
58 | ${HOME}/.zshrc | ||
59 | |||
60 | ### shells global ### | ||
61 | # all | ||
62 | /etc/dircolors | ||
63 | /etc/environment | ||
64 | /etc/profile | ||
65 | /etc/profile.d | ||
66 | /etc/shells | ||
67 | /etc/skel | ||
68 | # bash | ||
69 | /etc/bash_completion* | ||
70 | /etc/bash.bashrc | ||
71 | /etc/bashrc | ||
72 | # fish | ||
73 | /etc/fish | ||
74 | # ksh | ||
75 | /etc/ksh.kshrc | ||
76 | # tcsh | ||
77 | /etc/complete.tcsh | ||
78 | /etc/csh.cshrc | ||
79 | /etc/csh.login | ||
80 | /etc/csh.logout | ||
81 | # zsh | ||
82 | /etc/zlogin | ||
83 | /etc/zlogout | ||
84 | /etc/zprofile | ||
85 | /etc/zshenv | ||
86 | /etc/zshrc | ||
87 | |||
88 | ### X11 ### | ||
89 | /etc/X11 | ||
90 | ${HOME}/.xinitrc | ||
91 | ${HOME}/.xmodmaprc | ||
92 | ${HOME}/.xprofile | ||
93 | ${HOME}/.Xresources | ||
94 | ${HOME}/.xserverrc | ||
95 | ${HOME}/.Xsession | ||
96 | ${HOME}/.xsession | ||
97 | ${HOME}/.xsessionrc | ||
98 | |||
99 | ### window/desktop manager ### | ||
100 | ${HOME}/Desktop/*.desktop | ||
101 | ${HOME}/.config/autostart | ||
102 | ${HOME}/.config/lxsession/LXDE/autostart | ||
103 | ${HOME}/.gnomerc | ||
104 | ${HOME}/.gtkrc | ||
105 | ${HOME}/.kderc | ||
106 | |||
107 | ### security ### | ||
108 | /etc/aide | ||
109 | /etc/apparmor* | ||
110 | /etc/chkrootkit.conf | ||
111 | /etc/cracklib | ||
112 | /etc/libaudit.conf | ||
113 | /etc/group* | ||
114 | /etc/gshadow* | ||
115 | /etc/pam.* | ||
116 | /etc/passwd* | ||
117 | /etc/rkhunter* | ||
118 | /etc/securetty | ||
119 | /etc/security | ||
120 | /etc/selinux | ||
121 | /etc/shadow* | ||
122 | /etc/sudoers* | ||
123 | /etc/tripwire | ||
124 | ${HOME}/.config/firejail | ||
125 | ${HOME}/.gnupg | ||
126 | |||
127 | ### network security ### | ||
128 | /etc/ca-certificates* | ||
129 | /etc/hosts.* | ||
130 | /etc/services | ||
131 | /etc/snort | ||
132 | /etc/ssh | ||
133 | /etc/ssl | ||
134 | /etc/wireshark | ||
135 | !${HOME}/.ssh/known_hosts # excluding | ||
136 | ${HOME}/.ssh | ||
137 | /usr/share/ca-certificates | ||
138 | |||
139 | ### system config ### | ||
140 | /etc/cron.* | ||
141 | /etc/crontab | ||
142 | /etc/default | ||
diff --git a/etc/inc/allow-bin-sh.inc b/etc/inc/allow-bin-sh.inc index 59cd40878..d6c295414 100644 --- a/etc/inc/allow-bin-sh.inc +++ b/etc/inc/allow-bin-sh.inc | |||
@@ -2,6 +2,6 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-bin-sh.local | 3 | include allow-bin-sh.local |
4 | 4 | ||
5 | nodeny ${PATH}/bash | 5 | noblacklist ${PATH}/bash |
6 | nodeny ${PATH}/dash | 6 | noblacklist ${PATH}/dash |
7 | nodeny ${PATH}/sh | 7 | noblacklist ${PATH}/sh |
diff --git a/etc/inc/allow-common-devel.inc b/etc/inc/allow-common-devel.inc index 71b1483cd..011bbe226 100644 --- a/etc/inc/allow-common-devel.inc +++ b/etc/inc/allow-common-devel.inc | |||
@@ -3,29 +3,29 @@ | |||
3 | include allow-common-devel.local | 3 | include allow-common-devel.local |
4 | 4 | ||
5 | # Git | 5 | # Git |
6 | nodeny ${HOME}/.config/git | 6 | noblacklist ${HOME}/.config/git |
7 | nodeny ${HOME}/.gitconfig | 7 | noblacklist ${HOME}/.gitconfig |
8 | nodeny ${HOME}/.git-credentials | 8 | noblacklist ${HOME}/.git-credentials |
9 | 9 | ||
10 | # Java | 10 | # Java |
11 | nodeny ${HOME}/.gradle | 11 | noblacklist ${HOME}/.gradle |
12 | nodeny ${HOME}/.java | 12 | noblacklist ${HOME}/.java |
13 | 13 | ||
14 | # Node.js | 14 | # Node.js |
15 | nodeny ${HOME}/.node-gyp | 15 | noblacklist ${HOME}/.node-gyp |
16 | nodeny ${HOME}/.npm | 16 | noblacklist ${HOME}/.npm |
17 | nodeny ${HOME}/.npmrc | 17 | noblacklist ${HOME}/.npmrc |
18 | nodeny ${HOME}/.nvm | 18 | noblacklist ${HOME}/.nvm |
19 | nodeny ${HOME}/.yarn | 19 | noblacklist ${HOME}/.yarn |
20 | nodeny ${HOME}/.yarn-config | 20 | noblacklist ${HOME}/.yarn-config |
21 | nodeny ${HOME}/.yarncache | 21 | noblacklist ${HOME}/.yarncache |
22 | nodeny ${HOME}/.yarnrc | 22 | noblacklist ${HOME}/.yarnrc |
23 | 23 | ||
24 | # Python | 24 | # Python |
25 | nodeny ${HOME}/.pylint.d | 25 | noblacklist ${HOME}/.pylint.d |
26 | nodeny ${HOME}/.python-history | 26 | noblacklist ${HOME}/.python-history |
27 | nodeny ${HOME}/.python_history | 27 | noblacklist ${HOME}/.python_history |
28 | nodeny ${HOME}/.pythonhist | 28 | noblacklist ${HOME}/.pythonhist |
29 | 29 | ||
30 | # Rust | 30 | # Rust |
31 | nodeny ${HOME}/.cargo/* | 31 | noblacklist ${HOME}/.cargo/* |
diff --git a/etc/inc/allow-gjs.inc b/etc/inc/allow-gjs.inc index 2e2490079..c1366e093 100644 --- a/etc/inc/allow-gjs.inc +++ b/etc/inc/allow-gjs.inc | |||
@@ -2,11 +2,11 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-gjs.local | 3 | include allow-gjs.local |
4 | 4 | ||
5 | nodeny ${PATH}/gjs | 5 | noblacklist ${PATH}/gjs |
6 | nodeny ${PATH}/gjs-console | 6 | noblacklist ${PATH}/gjs-console |
7 | nodeny /usr/lib/gjs | 7 | noblacklist /usr/lib/gjs |
8 | nodeny /usr/lib/libgjs* | 8 | noblacklist /usr/lib/libgjs* |
9 | nodeny /usr/lib/libmozjs-* | 9 | noblacklist /usr/lib/libmozjs-* |
10 | nodeny /usr/lib64/gjs | 10 | noblacklist /usr/lib64/gjs |
11 | nodeny /usr/lib64/libgjs* | 11 | noblacklist /usr/lib64/libgjs* |
12 | nodeny /usr/lib64/libmozjs-* | 12 | noblacklist /usr/lib64/libmozjs-* |
diff --git a/etc/inc/allow-java.inc b/etc/inc/allow-java.inc index af44f3664..24d18fb77 100644 --- a/etc/inc/allow-java.inc +++ b/etc/inc/allow-java.inc | |||
@@ -2,8 +2,8 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-java.local | 3 | include allow-java.local |
4 | 4 | ||
5 | nodeny ${HOME}/.java | 5 | noblacklist ${HOME}/.java |
6 | nodeny ${PATH}/java | 6 | noblacklist ${PATH}/java |
7 | nodeny /etc/java | 7 | noblacklist /etc/java |
8 | nodeny /usr/lib/java | 8 | noblacklist /usr/lib/java |
9 | nodeny /usr/share/java | 9 | noblacklist /usr/share/java |
diff --git a/etc/inc/allow-lua.inc b/etc/inc/allow-lua.inc index 3d0a1997b..9c47e7a3b 100644 --- a/etc/inc/allow-lua.inc +++ b/etc/inc/allow-lua.inc | |||
@@ -2,11 +2,11 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-lua.local | 3 | include allow-lua.local |
4 | 4 | ||
5 | nodeny ${PATH}/lua* | 5 | noblacklist ${PATH}/lua* |
6 | nodeny /usr/include | 6 | noblacklist /usr/include |
7 | nodeny /usr/lib/liblua* | 7 | noblacklist /usr/lib/liblua* |
8 | nodeny /usr/lib/lua | 8 | noblacklist /usr/lib/lua |
9 | nodeny /usr/lib64/liblua* | 9 | noblacklist /usr/lib64/liblua* |
10 | nodeny /usr/lib64/lua | 10 | noblacklist /usr/lib64/lua |
11 | nodeny /usr/share/lua | 11 | noblacklist /usr/share/lua |
12 | nodeny /usr/share/lua* | 12 | noblacklist /usr/share/lua* |
diff --git a/etc/inc/allow-nodejs.inc b/etc/inc/allow-nodejs.inc index e915b3866..351c94ab8 100644 --- a/etc/inc/allow-nodejs.inc +++ b/etc/inc/allow-nodejs.inc | |||
@@ -2,8 +2,8 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-nodejs.local | 3 | include allow-nodejs.local |
4 | 4 | ||
5 | nodeny ${PATH}/node | 5 | noblacklist ${PATH}/node |
6 | nodeny /usr/include/node | 6 | noblacklist /usr/include/node |
7 | 7 | ||
8 | # Allow python for node-gyp (blacklisted by disable-interpreters.inc) | 8 | # Allow python for node-gyp (blacklisted by disable-interpreters.inc) |
9 | include allow-python2.inc | 9 | include allow-python2.inc |
diff --git a/etc/inc/allow-opengl-game.inc b/etc/inc/allow-opengl-game.inc index 00e35e983..5d2d6c5c1 100644 --- a/etc/inc/allow-opengl-game.inc +++ b/etc/inc/allow-opengl-game.inc | |||
@@ -2,6 +2,6 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-opengl-game.local | 3 | include allow-opengl-game.local |
4 | 4 | ||
5 | nodeny ${PATH}/bash | 5 | noblacklist ${PATH}/bash |
6 | allow /usr/share/opengl-games-utils/opengl-game-functions.sh | 6 | whitelist /usr/share/opengl-games-utils/opengl-game-functions.sh |
7 | private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity | 7 | private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity |
diff --git a/etc/inc/allow-perl.inc b/etc/inc/allow-perl.inc index 134d27239..5a1952c94 100644 --- a/etc/inc/allow-perl.inc +++ b/etc/inc/allow-perl.inc | |||
@@ -2,11 +2,11 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-perl.local | 3 | include allow-perl.local |
4 | 4 | ||
5 | nodeny ${PATH}/core_perl | 5 | noblacklist ${PATH}/core_perl |
6 | nodeny ${PATH}/cpan* | 6 | noblacklist ${PATH}/cpan* |
7 | nodeny ${PATH}/perl | 7 | noblacklist ${PATH}/perl |
8 | nodeny ${PATH}/site_perl | 8 | noblacklist ${PATH}/site_perl |
9 | nodeny ${PATH}/vendor_perl | 9 | noblacklist ${PATH}/vendor_perl |
10 | nodeny /usr/lib/perl* | 10 | noblacklist /usr/lib/perl* |
11 | nodeny /usr/lib64/perl* | 11 | noblacklist /usr/lib64/perl* |
12 | nodeny /usr/share/perl* | 12 | noblacklist /usr/share/perl* |
diff --git a/etc/inc/allow-php.inc b/etc/inc/allow-php.inc index 520c2019e..a0950dc26 100644 --- a/etc/inc/allow-php.inc +++ b/etc/inc/allow-php.inc | |||
@@ -2,6 +2,6 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-php.local | 3 | include allow-php.local |
4 | 4 | ||
5 | nodeny ${PATH}/php* | 5 | noblacklist ${PATH}/php* |
6 | nodeny /usr/lib/php* | 6 | noblacklist /usr/lib/php* |
7 | nodeny /usr/share/php* | 7 | noblacklist /usr/share/php* |
diff --git a/etc/inc/allow-python2.inc b/etc/inc/allow-python2.inc index f1830043a..b0525e2e1 100644 --- a/etc/inc/allow-python2.inc +++ b/etc/inc/allow-python2.inc | |||
@@ -2,8 +2,8 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-python2.local | 3 | include allow-python2.local |
4 | 4 | ||
5 | nodeny ${PATH}/python2* | 5 | noblacklist ${PATH}/python2* |
6 | nodeny /usr/include/python2* | 6 | noblacklist /usr/include/python2* |
7 | nodeny /usr/lib/python2* | 7 | noblacklist /usr/lib/python2* |
8 | nodeny /usr/local/lib/python2* | 8 | noblacklist /usr/local/lib/python2* |
9 | nodeny /usr/share/python2* | 9 | noblacklist /usr/share/python2* |
diff --git a/etc/inc/allow-python3.inc b/etc/inc/allow-python3.inc index e4b6ed1a9..d968886b0 100644 --- a/etc/inc/allow-python3.inc +++ b/etc/inc/allow-python3.inc | |||
@@ -2,9 +2,9 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-python3.local | 3 | include allow-python3.local |
4 | 4 | ||
5 | nodeny ${PATH}/python3* | 5 | noblacklist ${PATH}/python3* |
6 | nodeny /usr/include/python3* | 6 | noblacklist /usr/include/python3* |
7 | nodeny /usr/lib/python3* | 7 | noblacklist /usr/lib/python3* |
8 | nodeny /usr/lib64/python3* | 8 | noblacklist /usr/lib64/python3* |
9 | nodeny /usr/local/lib/python3* | 9 | noblacklist /usr/local/lib/python3* |
10 | nodeny /usr/share/python3* | 10 | noblacklist /usr/share/python3* |
diff --git a/etc/inc/allow-ruby.inc b/etc/inc/allow-ruby.inc index d949bbc84..a8c701219 100644 --- a/etc/inc/allow-ruby.inc +++ b/etc/inc/allow-ruby.inc | |||
@@ -2,5 +2,5 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-ruby.local | 3 | include allow-ruby.local |
4 | 4 | ||
5 | nodeny ${PATH}/ruby | 5 | noblacklist ${PATH}/ruby |
6 | nodeny /usr/lib/ruby | 6 | noblacklist /usr/lib/ruby |
diff --git a/etc/inc/allow-ssh.inc b/etc/inc/allow-ssh.inc index 44957bf32..67c78a483 100644 --- a/etc/inc/allow-ssh.inc +++ b/etc/inc/allow-ssh.inc | |||
@@ -2,7 +2,7 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-ssh.local | 3 | include allow-ssh.local |
4 | 4 | ||
5 | nodeny ${HOME}/.ssh | 5 | noblacklist ${HOME}/.ssh |
6 | nodeny /etc/ssh | 6 | noblacklist /etc/ssh |
7 | nodeny /etc/ssh/ssh_config | 7 | noblacklist /etc/ssh/ssh_config |
8 | nodeny /tmp/ssh-* | 8 | noblacklist /tmp/ssh-* |
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 1283a3a3d..6df0c4990 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -5,63 +5,63 @@ include disable-common.local | |||
5 | # The following block breaks trash functionality in file managers | 5 | # The following block breaks trash functionality in file managers |
6 | #read-only ${HOME}/.local | 6 | #read-only ${HOME}/.local |
7 | #read-write ${HOME}/.local/share | 7 | #read-write ${HOME}/.local/share |
8 | deny ${HOME}/.local/share/Trash | 8 | blacklist ${HOME}/.local/share/Trash |
9 | 9 | ||
10 | # History files in $HOME and clipboard managers | 10 | # History files in $HOME and clipboard managers |
11 | deny-nolog ${HOME}/.*_history | 11 | blacklist-nolog ${HOME}/.*_history |
12 | deny-nolog ${HOME}/.adobe | 12 | blacklist-nolog ${HOME}/.adobe |
13 | deny-nolog ${HOME}/.cache/greenclip* | 13 | blacklist-nolog ${HOME}/.cache/greenclip* |
14 | deny-nolog ${HOME}/.histfile | 14 | blacklist-nolog ${HOME}/.histfile |
15 | deny-nolog ${HOME}/.history | 15 | blacklist-nolog ${HOME}/.history |
16 | deny-nolog ${HOME}/.kde/share/apps/klipper | 16 | blacklist-nolog ${HOME}/.kde/share/apps/klipper |
17 | deny-nolog ${HOME}/.kde4/share/apps/klipper | 17 | blacklist-nolog ${HOME}/.kde4/share/apps/klipper |
18 | deny-nolog ${HOME}/.local/share/fish/fish_history | 18 | blacklist-nolog ${HOME}/.local/share/fish/fish_history |
19 | deny-nolog ${HOME}/.local/share/klipper | 19 | blacklist-nolog ${HOME}/.local/share/klipper |
20 | deny-nolog ${HOME}/.macromedia | 20 | blacklist-nolog ${HOME}/.macromedia |
21 | deny-nolog ${HOME}/.mupdf.history | 21 | blacklist-nolog ${HOME}/.mupdf.history |
22 | deny-nolog ${HOME}/.python-history | 22 | blacklist-nolog ${HOME}/.python-history |
23 | deny-nolog ${HOME}/.python_history | 23 | blacklist-nolog ${HOME}/.python_history |
24 | deny-nolog ${HOME}/.pythonhist | 24 | blacklist-nolog ${HOME}/.pythonhist |
25 | deny-nolog ${HOME}/.lesshst | 25 | blacklist-nolog ${HOME}/.lesshst |
26 | deny-nolog ${HOME}/.viminfo | 26 | blacklist-nolog ${HOME}/.viminfo |
27 | deny-nolog /tmp/clipmenu* | 27 | blacklist-nolog /tmp/clipmenu* |
28 | 28 | ||
29 | # X11 session autostart | 29 | # X11 session autostart |
30 | # blacklist ${HOME}/.xpra - this will kill --x11=xpra cmdline option for all programs | 30 | # blacklist ${HOME}/.xpra - this will kill --x11=xpra cmdline option for all programs |
31 | deny ${HOME}/.Xsession | 31 | blacklist ${HOME}/.Xsession |
32 | deny ${HOME}/.blackbox | 32 | blacklist ${HOME}/.blackbox |
33 | deny ${HOME}/.config/autostart | 33 | blacklist ${HOME}/.config/autostart |
34 | deny ${HOME}/.config/autostart-scripts | 34 | blacklist ${HOME}/.config/autostart-scripts |
35 | deny ${HOME}/.config/awesome | 35 | blacklist ${HOME}/.config/awesome |
36 | deny ${HOME}/.config/i3 | 36 | blacklist ${HOME}/.config/i3 |
37 | deny ${HOME}/.config/sway | 37 | blacklist ${HOME}/.config/sway |
38 | deny ${HOME}/.config/lxsession/LXDE/autostart | 38 | blacklist ${HOME}/.config/lxsession/LXDE/autostart |
39 | deny ${HOME}/.config/openbox | 39 | blacklist ${HOME}/.config/openbox |
40 | deny ${HOME}/.config/plasma-workspace | 40 | blacklist ${HOME}/.config/plasma-workspace |
41 | deny ${HOME}/.config/startupconfig | 41 | blacklist ${HOME}/.config/startupconfig |
42 | deny ${HOME}/.config/startupconfigkeys | 42 | blacklist ${HOME}/.config/startupconfigkeys |
43 | deny ${HOME}/.fluxbox | 43 | blacklist ${HOME}/.fluxbox |
44 | deny ${HOME}/.gnomerc | 44 | blacklist ${HOME}/.gnomerc |
45 | deny ${HOME}/.kde/Autostart | 45 | blacklist ${HOME}/.kde/Autostart |
46 | deny ${HOME}/.kde/env | 46 | blacklist ${HOME}/.kde/env |
47 | deny ${HOME}/.kde/share/autostart | 47 | blacklist ${HOME}/.kde/share/autostart |
48 | deny ${HOME}/.kde/share/config/startupconfig | 48 | blacklist ${HOME}/.kde/share/config/startupconfig |
49 | deny ${HOME}/.kde/share/config/startupconfigkeys | 49 | blacklist ${HOME}/.kde/share/config/startupconfigkeys |
50 | deny ${HOME}/.kde/shutdown | 50 | blacklist ${HOME}/.kde/shutdown |
51 | deny ${HOME}/.kde4/env | 51 | blacklist ${HOME}/.kde4/env |
52 | deny ${HOME}/.kde4/Autostart | 52 | blacklist ${HOME}/.kde4/Autostart |
53 | deny ${HOME}/.kde4/share/autostart | 53 | blacklist ${HOME}/.kde4/share/autostart |
54 | deny ${HOME}/.kde4/shutdown | 54 | blacklist ${HOME}/.kde4/shutdown |
55 | deny ${HOME}/.kde4/share/config/startupconfig | 55 | blacklist ${HOME}/.kde4/share/config/startupconfig |
56 | deny ${HOME}/.kde4/share/config/startupconfigkeys | 56 | blacklist ${HOME}/.kde4/share/config/startupconfigkeys |
57 | deny ${HOME}/.local/share/autostart | 57 | blacklist ${HOME}/.local/share/autostart |
58 | deny ${HOME}/.xinitrc | 58 | blacklist ${HOME}/.xinitrc |
59 | deny ${HOME}/.xprofile | 59 | blacklist ${HOME}/.xprofile |
60 | deny ${HOME}/.xserverrc | 60 | blacklist ${HOME}/.xserverrc |
61 | deny ${HOME}/.xsession | 61 | blacklist ${HOME}/.xsession |
62 | deny ${HOME}/.xsessionrc | 62 | blacklist ${HOME}/.xsessionrc |
63 | deny /etc/X11/Xsession.d | 63 | blacklist /etc/X11/Xsession.d |
64 | deny /etc/xdg/autostart | 64 | blacklist /etc/xdg/autostart |
65 | read-only ${HOME}/.Xauthority | 65 | read-only ${HOME}/.Xauthority |
66 | 66 | ||
67 | # Session manager | 67 | # Session manager |
@@ -70,46 +70,46 @@ read-only ${HOME}/.Xauthority | |||
70 | #?HAS_X11: blacklist /tmp/.ICE-unix | 70 | #?HAS_X11: blacklist /tmp/.ICE-unix |
71 | 71 | ||
72 | # KDE config | 72 | # KDE config |
73 | deny ${HOME}/.cache/konsole | 73 | blacklist ${HOME}/.cache/konsole |
74 | deny ${HOME}/.config/khotkeysrc | 74 | blacklist ${HOME}/.config/khotkeysrc |
75 | deny ${HOME}/.config/krunnerrc | 75 | blacklist ${HOME}/.config/krunnerrc |
76 | deny ${HOME}/.config/kscreenlockerrc | 76 | blacklist ${HOME}/.config/kscreenlockerrc |
77 | deny ${HOME}/.config/ksslcertificatemanager | 77 | blacklist ${HOME}/.config/ksslcertificatemanager |
78 | deny ${HOME}/.config/kwalletrc | 78 | blacklist ${HOME}/.config/kwalletrc |
79 | deny ${HOME}/.config/kwinrc | 79 | blacklist ${HOME}/.config/kwinrc |
80 | deny ${HOME}/.config/kwinrulesrc | 80 | blacklist ${HOME}/.config/kwinrulesrc |
81 | deny ${HOME}/.config/plasma-locale-settings.sh | 81 | blacklist ${HOME}/.config/plasma-locale-settings.sh |
82 | deny ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc | 82 | blacklist ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc |
83 | deny ${HOME}/.config/plasmashellrc | 83 | blacklist ${HOME}/.config/plasmashellrc |
84 | deny ${HOME}/.config/plasmavaultrc | 84 | blacklist ${HOME}/.config/plasmavaultrc |
85 | deny ${HOME}/.kde/share/apps/kwin | 85 | blacklist ${HOME}/.kde/share/apps/kwin |
86 | deny ${HOME}/.kde/share/apps/plasma | 86 | blacklist ${HOME}/.kde/share/apps/plasma |
87 | deny ${HOME}/.kde/share/apps/solid | 87 | blacklist ${HOME}/.kde/share/apps/solid |
88 | deny ${HOME}/.kde/share/config/khotkeysrc | 88 | blacklist ${HOME}/.kde/share/config/khotkeysrc |
89 | deny ${HOME}/.kde/share/config/krunnerrc | 89 | blacklist ${HOME}/.kde/share/config/krunnerrc |
90 | deny ${HOME}/.kde/share/config/kscreensaverrc | 90 | blacklist ${HOME}/.kde/share/config/kscreensaverrc |
91 | deny ${HOME}/.kde/share/config/ksslcertificatemanager | 91 | blacklist ${HOME}/.kde/share/config/ksslcertificatemanager |
92 | deny ${HOME}/.kde/share/config/kwalletrc | 92 | blacklist ${HOME}/.kde/share/config/kwalletrc |
93 | deny ${HOME}/.kde/share/config/kwinrc | 93 | blacklist ${HOME}/.kde/share/config/kwinrc |
94 | deny ${HOME}/.kde/share/config/kwinrulesrc | 94 | blacklist ${HOME}/.kde/share/config/kwinrulesrc |
95 | deny ${HOME}/.kde/share/config/plasma-desktop-appletsrc | 95 | blacklist ${HOME}/.kde/share/config/plasma-desktop-appletsrc |
96 | deny ${HOME}/.kde4/share/apps/kwin | 96 | blacklist ${HOME}/.kde4/share/apps/kwin |
97 | deny ${HOME}/.kde4/share/apps/plasma | 97 | blacklist ${HOME}/.kde4/share/apps/plasma |
98 | deny ${HOME}/.kde4/share/apps/solid | 98 | blacklist ${HOME}/.kde4/share/apps/solid |
99 | deny ${HOME}/.kde4/share/config/khotkeysrc | 99 | blacklist ${HOME}/.kde4/share/config/khotkeysrc |
100 | deny ${HOME}/.kde4/share/config/krunnerrc | 100 | blacklist ${HOME}/.kde4/share/config/krunnerrc |
101 | deny ${HOME}/.kde4/share/config/kscreensaverrc | 101 | blacklist ${HOME}/.kde4/share/config/kscreensaverrc |
102 | deny ${HOME}/.kde4/share/config/ksslcertificatemanager | 102 | blacklist ${HOME}/.kde4/share/config/ksslcertificatemanager |
103 | deny ${HOME}/.kde4/share/config/kwalletrc | 103 | blacklist ${HOME}/.kde4/share/config/kwalletrc |
104 | deny ${HOME}/.kde4/share/config/kwinrc | 104 | blacklist ${HOME}/.kde4/share/config/kwinrc |
105 | deny ${HOME}/.kde4/share/config/kwinrulesrc | 105 | blacklist ${HOME}/.kde4/share/config/kwinrulesrc |
106 | deny ${HOME}/.kde4/share/config/plasma-desktop-appletsrc | 106 | blacklist ${HOME}/.kde4/share/config/plasma-desktop-appletsrc |
107 | deny ${HOME}/.local/share/kglobalaccel | 107 | blacklist ${HOME}/.local/share/kglobalaccel |
108 | deny ${HOME}/.local/share/kwin | 108 | blacklist ${HOME}/.local/share/kwin |
109 | deny ${HOME}/.local/share/plasma | 109 | blacklist ${HOME}/.local/share/plasma |
110 | deny ${HOME}/.local/share/plasmashell | 110 | blacklist ${HOME}/.local/share/plasmashell |
111 | deny ${HOME}/.local/share/solid | 111 | blacklist ${HOME}/.local/share/solid |
112 | deny /tmp/konsole-*.history | 112 | blacklist /tmp/konsole-*.history |
113 | read-only ${HOME}/.cache/ksycoca5_* | 113 | read-only ${HOME}/.cache/ksycoca5_* |
114 | read-only ${HOME}/.config/*notifyrc | 114 | read-only ${HOME}/.config/*notifyrc |
115 | read-only ${HOME}/.config/kdeglobals | 115 | read-only ${HOME}/.config/kdeglobals |
@@ -138,139 +138,139 @@ read-only ${HOME}/.local/share/kservices5 | |||
138 | read-only ${HOME}/.local/share/kssl | 138 | read-only ${HOME}/.local/share/kssl |
139 | 139 | ||
140 | # KDE sockets | 140 | # KDE sockets |
141 | deny ${RUNUSER}/*.slave-socket | 141 | blacklist ${RUNUSER}/*.slave-socket |
142 | deny ${RUNUSER}/kdeinit5__* | 142 | blacklist ${RUNUSER}/kdeinit5__* |
143 | deny ${RUNUSER}/kdesud_* | 143 | blacklist ${RUNUSER}/kdesud_* |
144 | # see #3358 | 144 | # see #3358 |
145 | #?HAS_NODBUS: blacklist ${RUNUSER}/ksocket-* | 145 | #?HAS_NODBUS: blacklist ${RUNUSER}/ksocket-* |
146 | #?HAS_NODBUS: blacklist /tmp/ksocket-* | 146 | #?HAS_NODBUS: blacklist /tmp/ksocket-* |
147 | 147 | ||
148 | # gnome | 148 | # gnome |
149 | # contains extensions, last used times of applications, and notifications | 149 | # contains extensions, last used times of applications, and notifications |
150 | deny ${HOME}/.local/share/gnome-shell | 150 | blacklist ${HOME}/.local/share/gnome-shell |
151 | # contains recently used files and serials of static/removable storage | 151 | # contains recently used files and serials of static/removable storage |
152 | deny ${HOME}/.local/share/gvfs-metadata | 152 | blacklist ${HOME}/.local/share/gvfs-metadata |
153 | # no direct modification of dconf database | 153 | # no direct modification of dconf database |
154 | read-only ${HOME}/.config/dconf | 154 | read-only ${HOME}/.config/dconf |
155 | deny ${RUNUSER}/gnome-session-leader-fifo | 155 | blacklist ${RUNUSER}/gnome-session-leader-fifo |
156 | deny ${RUNUSER}/gnome-shell | 156 | blacklist ${RUNUSER}/gnome-shell |
157 | deny ${RUNUSER}/gsconnect | 157 | blacklist ${RUNUSER}/gsconnect |
158 | 158 | ||
159 | # systemd | 159 | # systemd |
160 | deny ${HOME}/.config/systemd | 160 | blacklist ${HOME}/.config/systemd |
161 | deny ${HOME}/.local/share/systemd | 161 | blacklist ${HOME}/.local/share/systemd |
162 | deny /var/lib/systemd | 162 | blacklist /var/lib/systemd |
163 | deny ${PATH}/systemd-run | 163 | blacklist ${PATH}/systemd-run |
164 | deny ${RUNUSER}/systemd | 164 | blacklist ${RUNUSER}/systemd |
165 | deny ${PATH}/systemctl | 165 | blacklist ${PATH}/systemctl |
166 | deny /etc/systemd/system | 166 | blacklist /etc/systemd/system |
167 | deny /etc/systemd/network | 167 | blacklist /etc/systemd/network |
168 | # creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf | 168 | # creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf |
169 | #blacklist /var/run/systemd | 169 | #blacklist /var/run/systemd |
170 | 170 | ||
171 | # openrc | 171 | # openrc |
172 | deny /etc/runlevels/ | 172 | blacklist /etc/runlevels/ |
173 | deny /etc/init.d/ | 173 | blacklist /etc/init.d/ |
174 | deny /etc/rc.conf | 174 | blacklist /etc/rc.conf |
175 | 175 | ||
176 | # VirtualBox | 176 | # VirtualBox |
177 | deny ${HOME}/.VirtualBox | 177 | blacklist ${HOME}/.VirtualBox |
178 | deny ${HOME}/.config/VirtualBox | 178 | blacklist ${HOME}/.config/VirtualBox |
179 | deny ${HOME}/VirtualBox VMs | 179 | blacklist ${HOME}/VirtualBox VMs |
180 | 180 | ||
181 | # GNOME Boxes | 181 | # GNOME Boxes |
182 | deny ${HOME}/.config/gnome-boxes | 182 | blacklist ${HOME}/.config/gnome-boxes |
183 | deny ${HOME}/.local/share/gnome-boxes | 183 | blacklist ${HOME}/.local/share/gnome-boxes |
184 | 184 | ||
185 | # libvirt | 185 | # libvirt |
186 | deny ${HOME}/.cache/libvirt | 186 | blacklist ${HOME}/.cache/libvirt |
187 | deny ${HOME}/.config/libvirt | 187 | blacklist ${HOME}/.config/libvirt |
188 | deny ${RUNUSER}/libvirt | 188 | blacklist ${RUNUSER}/libvirt |
189 | deny /var/cache/libvirt | 189 | blacklist /var/cache/libvirt |
190 | deny /var/lib/libvirt | 190 | blacklist /var/lib/libvirt |
191 | deny /var/log/libvirt | 191 | blacklist /var/log/libvirt |
192 | 192 | ||
193 | # OCI-Containers / Podman | 193 | # OCI-Containers / Podman |
194 | deny ${RUNUSER}/containers | 194 | blacklist ${RUNUSER}/containers |
195 | deny ${RUNUSER}/crun | 195 | blacklist ${RUNUSER}/crun |
196 | deny ${RUNUSER}/libpod | 196 | blacklist ${RUNUSER}/libpod |
197 | deny ${RUNUSER}/runc | 197 | blacklist ${RUNUSER}/runc |
198 | deny ${RUNUSER}/toolbox | 198 | blacklist ${RUNUSER}/toolbox |
199 | 199 | ||
200 | # VeraCrypt | 200 | # VeraCrypt |
201 | deny ${HOME}/.VeraCrypt | 201 | blacklist ${HOME}/.VeraCrypt |
202 | deny ${PATH}/veracrypt | 202 | blacklist ${PATH}/veracrypt |
203 | deny ${PATH}/veracrypt-uninstall.sh | 203 | blacklist ${PATH}/veracrypt-uninstall.sh |
204 | deny /usr/share/applications/veracrypt.* | 204 | blacklist /usr/share/applications/veracrypt.* |
205 | deny /usr/share/pixmaps/veracrypt.* | 205 | blacklist /usr/share/pixmaps/veracrypt.* |
206 | deny /usr/share/veracrypt | 206 | blacklist /usr/share/veracrypt |
207 | 207 | ||
208 | # TrueCrypt | 208 | # TrueCrypt |
209 | deny ${HOME}/.TrueCrypt | 209 | blacklist ${HOME}/.TrueCrypt |
210 | deny ${PATH}/truecrypt | 210 | blacklist ${PATH}/truecrypt |
211 | deny ${PATH}/truecrypt-uninstall.sh | 211 | blacklist ${PATH}/truecrypt-uninstall.sh |
212 | deny /usr/share/applications/truecrypt.* | 212 | blacklist /usr/share/applications/truecrypt.* |
213 | deny /usr/share/pixmaps/truecrypt.* | 213 | blacklist /usr/share/pixmaps/truecrypt.* |
214 | deny /usr/share/truecrypt | 214 | blacklist /usr/share/truecrypt |
215 | 215 | ||
216 | # zuluCrypt | 216 | # zuluCrypt |
217 | deny ${HOME}/.zuluCrypt | 217 | blacklist ${HOME}/.zuluCrypt |
218 | deny ${HOME}/.zuluCrypt-socket | 218 | blacklist ${HOME}/.zuluCrypt-socket |
219 | deny ${PATH}/zuluCrypt-cli | 219 | blacklist ${PATH}/zuluCrypt-cli |
220 | deny ${PATH}/zuluMount-cli | 220 | blacklist ${PATH}/zuluMount-cli |
221 | 221 | ||
222 | # var | 222 | # var |
223 | deny /var/cache/apt | 223 | blacklist /var/cache/apt |
224 | deny /var/cache/pacman | 224 | blacklist /var/cache/pacman |
225 | deny /var/lib/apt | 225 | blacklist /var/lib/apt |
226 | deny /var/lib/clamav | 226 | blacklist /var/lib/clamav |
227 | deny /var/lib/dkms | 227 | blacklist /var/lib/dkms |
228 | deny /var/lib/mysql/mysql.sock | 228 | blacklist /var/lib/mysql/mysql.sock |
229 | deny /var/lib/mysqld/mysql.sock | 229 | blacklist /var/lib/mysqld/mysql.sock |
230 | deny /var/lib/pacman | 230 | blacklist /var/lib/pacman |
231 | deny /var/lib/upower | 231 | blacklist /var/lib/upower |
232 | # blacklist /var/log - a virtual /var/log directory (mostly empty) is build up by default for | 232 | # blacklist /var/log - a virtual /var/log directory (mostly empty) is build up by default for |
233 | # every sandbox, unless --writable-var-log switch is activated | 233 | # every sandbox, unless --writable-var-log switch is activated |
234 | deny /var/mail | 234 | blacklist /var/mail |
235 | deny /var/opt | 235 | blacklist /var/opt |
236 | deny /var/run/acpid.socket | 236 | blacklist /var/run/acpid.socket |
237 | deny /var/run/docker.sock | 237 | blacklist /var/run/docker.sock |
238 | deny /var/run/minissdpd.sock | 238 | blacklist /var/run/minissdpd.sock |
239 | deny /var/run/mysql/mysqld.sock | 239 | blacklist /var/run/mysql/mysqld.sock |
240 | deny /var/run/mysqld/mysqld.sock | 240 | blacklist /var/run/mysqld/mysqld.sock |
241 | deny /var/run/rpcbind.sock | 241 | blacklist /var/run/rpcbind.sock |
242 | deny /var/run/screens | 242 | blacklist /var/run/screens |
243 | deny /var/spool/anacron | 243 | blacklist /var/spool/anacron |
244 | deny /var/spool/cron | 244 | blacklist /var/spool/cron |
245 | deny /var/spool/mail | 245 | blacklist /var/spool/mail |
246 | 246 | ||
247 | # etc | 247 | # etc |
248 | deny /etc/anacrontab | 248 | blacklist /etc/anacrontab |
249 | deny /etc/cron* | 249 | blacklist /etc/cron* |
250 | deny /etc/profile.d | 250 | blacklist /etc/profile.d |
251 | deny /etc/rc.local | 251 | blacklist /etc/rc.local |
252 | # rc1.d, rc2.d, ... | 252 | # rc1.d, rc2.d, ... |
253 | deny /etc/rc?.d | 253 | blacklist /etc/rc?.d |
254 | deny /etc/kernel* | 254 | blacklist /etc/kernel* |
255 | deny /etc/grub* | 255 | blacklist /etc/grub* |
256 | deny /etc/dkms | 256 | blacklist /etc/dkms |
257 | deny /etc/apparmor* | 257 | blacklist /etc/apparmor* |
258 | deny /etc/selinux | 258 | blacklist /etc/selinux |
259 | deny /etc/modules* | 259 | blacklist /etc/modules* |
260 | deny /etc/logrotate* | 260 | blacklist /etc/logrotate* |
261 | deny /etc/adduser.conf | 261 | blacklist /etc/adduser.conf |
262 | 262 | ||
263 | # hide config for various intrusion detection systems | 263 | # hide config for various intrusion detection systems |
264 | deny /etc/rkhunter.conf | 264 | blacklist /etc/rkhunter.conf |
265 | deny /var/lib/rkhunter | 265 | blacklist /var/lib/rkhunter |
266 | deny /etc/chkrootkit.conf | 266 | blacklist /etc/chkrootkit.conf |
267 | deny /etc/lynis | 267 | blacklist /etc/lynis |
268 | deny /etc/aide | 268 | blacklist /etc/aide |
269 | deny /etc/logcheck | 269 | blacklist /etc/logcheck |
270 | deny /etc/tripwire | 270 | blacklist /etc/tripwire |
271 | deny /etc/snort | 271 | blacklist /etc/snort |
272 | deny /etc/fail2ban.conf | 272 | blacklist /etc/fail2ban.conf |
273 | deny /etc/suricata | 273 | blacklist /etc/suricata |
274 | 274 | ||
275 | # Startup files | 275 | # Startup files |
276 | read-only ${HOME}/.antigen | 276 | read-only ${HOME}/.antigen |
@@ -307,13 +307,13 @@ read-only ${HOME}/.zshrc | |||
307 | read-only ${HOME}/.zshrc.local | 307 | read-only ${HOME}/.zshrc.local |
308 | 308 | ||
309 | # Remote access | 309 | # Remote access |
310 | deny ${HOME}/.rhosts | 310 | blacklist ${HOME}/.rhosts |
311 | deny ${HOME}/.shosts | 311 | blacklist ${HOME}/.shosts |
312 | deny ${HOME}/.ssh/authorized_keys | 312 | blacklist ${HOME}/.ssh/authorized_keys |
313 | deny ${HOME}/.ssh/authorized_keys2 | 313 | blacklist ${HOME}/.ssh/authorized_keys2 |
314 | deny ${HOME}/.ssh/environment | 314 | blacklist ${HOME}/.ssh/environment |
315 | deny ${HOME}/.ssh/rc | 315 | blacklist ${HOME}/.ssh/rc |
316 | deny /etc/hosts.equiv | 316 | blacklist /etc/hosts.equiv |
317 | read-only ${HOME}/.ssh/config | 317 | read-only ${HOME}/.ssh/config |
318 | read-only ${HOME}/.ssh/config.d | 318 | read-only ${HOME}/.ssh/config.d |
319 | 319 | ||
@@ -374,200 +374,200 @@ read-only ${HOME}/.local/share/mime | |||
374 | read-only ${HOME}/.local/share/thumbnailers | 374 | read-only ${HOME}/.local/share/thumbnailers |
375 | 375 | ||
376 | # prevent access to ssh-agent | 376 | # prevent access to ssh-agent |
377 | deny /tmp/ssh-* | 377 | blacklist /tmp/ssh-* |
378 | 378 | ||
379 | # top secret | 379 | # top secret |
380 | deny ${HOME}/*.kdb | 380 | blacklist ${HOME}/*.kdb |
381 | deny ${HOME}/*.kdbx | 381 | blacklist ${HOME}/*.kdbx |
382 | deny ${HOME}/*.key | 382 | blacklist ${HOME}/*.key |
383 | deny ${HOME}/.Private | 383 | blacklist ${HOME}/.Private |
384 | deny ${HOME}/.caff | 384 | blacklist ${HOME}/.caff |
385 | deny ${HOME}/.cargo/credentials | 385 | blacklist ${HOME}/.cargo/credentials |
386 | deny ${HOME}/.cargo/credentials.toml | 386 | blacklist ${HOME}/.cargo/credentials.toml |
387 | deny ${HOME}/.cert | 387 | blacklist ${HOME}/.cert |
388 | deny ${HOME}/.config/keybase | 388 | blacklist ${HOME}/.config/keybase |
389 | deny ${HOME}/.davfs2/secrets | 389 | blacklist ${HOME}/.davfs2/secrets |
390 | deny ${HOME}/.ecryptfs | 390 | blacklist ${HOME}/.ecryptfs |
391 | deny ${HOME}/.fetchmailrc | 391 | blacklist ${HOME}/.fetchmailrc |
392 | deny ${HOME}/.fscrypt | 392 | blacklist ${HOME}/.fscrypt |
393 | deny ${HOME}/.git-credential-cache | 393 | blacklist ${HOME}/.git-credential-cache |
394 | deny ${HOME}/.git-credentials | 394 | blacklist ${HOME}/.git-credentials |
395 | deny ${HOME}/.gnome2/keyrings | 395 | blacklist ${HOME}/.gnome2/keyrings |
396 | deny ${HOME}/.gnupg | 396 | blacklist ${HOME}/.gnupg |
397 | deny ${HOME}/.config/hub | 397 | blacklist ${HOME}/.config/hub |
398 | deny ${HOME}/.kde/share/apps/kwallet | 398 | blacklist ${HOME}/.kde/share/apps/kwallet |
399 | deny ${HOME}/.kde4/share/apps/kwallet | 399 | blacklist ${HOME}/.kde4/share/apps/kwallet |
400 | deny ${HOME}/.local/share/keyrings | 400 | blacklist ${HOME}/.local/share/keyrings |
401 | deny ${HOME}/.local/share/kwalletd | 401 | blacklist ${HOME}/.local/share/kwalletd |
402 | deny ${HOME}/.local/share/plasma-vault | 402 | blacklist ${HOME}/.local/share/plasma-vault |
403 | deny ${HOME}/.msmtprc | 403 | blacklist ${HOME}/.msmtprc |
404 | deny ${HOME}/.mutt | 404 | blacklist ${HOME}/.mutt |
405 | deny ${HOME}/.muttrc | 405 | blacklist ${HOME}/.muttrc |
406 | deny ${HOME}/.netrc | 406 | blacklist ${HOME}/.netrc |
407 | deny ${HOME}/.nyx | 407 | blacklist ${HOME}/.nyx |
408 | deny ${HOME}/.pki | 408 | blacklist ${HOME}/.pki |
409 | deny ${HOME}/.local/share/pki | 409 | blacklist ${HOME}/.local/share/pki |
410 | deny ${HOME}/.smbcredentials | 410 | blacklist ${HOME}/.smbcredentials |
411 | deny ${HOME}/.ssh | 411 | blacklist ${HOME}/.ssh |
412 | deny ${HOME}/.vaults | 412 | blacklist ${HOME}/.vaults |
413 | deny /.fscrypt | 413 | blacklist /.fscrypt |
414 | deny /etc/davfs2/secrets | 414 | blacklist /etc/davfs2/secrets |
415 | deny /etc/group+ | 415 | blacklist /etc/group+ |
416 | deny /etc/group- | 416 | blacklist /etc/group- |
417 | deny /etc/gshadow | 417 | blacklist /etc/gshadow |
418 | deny /etc/gshadow+ | 418 | blacklist /etc/gshadow+ |
419 | deny /etc/gshadow- | 419 | blacklist /etc/gshadow- |
420 | deny /etc/passwd+ | 420 | blacklist /etc/passwd+ |
421 | deny /etc/passwd- | 421 | blacklist /etc/passwd- |
422 | deny /etc/shadow | 422 | blacklist /etc/shadow |
423 | deny /etc/shadow+ | 423 | blacklist /etc/shadow+ |
424 | deny /etc/shadow- | 424 | blacklist /etc/shadow- |
425 | deny /etc/ssh | 425 | blacklist /etc/ssh |
426 | deny /etc/ssh/* | 426 | blacklist /etc/ssh/* |
427 | deny /home/.ecryptfs | 427 | blacklist /home/.ecryptfs |
428 | deny /home/.fscrypt | 428 | blacklist /home/.fscrypt |
429 | deny /var/backup | 429 | blacklist /var/backup |
430 | 430 | ||
431 | # cloud provider configuration | 431 | # cloud provider configuration |
432 | deny ${HOME}/.aws | 432 | blacklist ${HOME}/.aws |
433 | deny ${HOME}/.boto | 433 | blacklist ${HOME}/.boto |
434 | deny ${HOME}/.config/gcloud | 434 | blacklist ${HOME}/.config/gcloud |
435 | deny ${HOME}/.kube | 435 | blacklist ${HOME}/.kube |
436 | deny ${HOME}/.passwd-s3fs | 436 | blacklist ${HOME}/.passwd-s3fs |
437 | deny ${HOME}/.s3cmd | 437 | blacklist ${HOME}/.s3cmd |
438 | deny /etc/boto.cfg | 438 | blacklist /etc/boto.cfg |
439 | 439 | ||
440 | # system directories | 440 | # system directories |
441 | deny /sbin | 441 | blacklist /sbin |
442 | deny /usr/local/sbin | 442 | blacklist /usr/local/sbin |
443 | deny /usr/sbin | 443 | blacklist /usr/sbin |
444 | 444 | ||
445 | # system management | 445 | # system management |
446 | deny ${PATH}/at | 446 | blacklist ${PATH}/at |
447 | deny ${PATH}/busybox | 447 | blacklist ${PATH}/busybox |
448 | deny ${PATH}/chage | 448 | blacklist ${PATH}/chage |
449 | deny ${PATH}/chfn | 449 | blacklist ${PATH}/chfn |
450 | deny ${PATH}/chsh | 450 | blacklist ${PATH}/chsh |
451 | deny ${PATH}/crontab | 451 | blacklist ${PATH}/crontab |
452 | deny ${PATH}/evtest | 452 | blacklist ${PATH}/evtest |
453 | deny ${PATH}/expiry | 453 | blacklist ${PATH}/expiry |
454 | deny ${PATH}/fusermount | 454 | blacklist ${PATH}/fusermount |
455 | deny ${PATH}/gksu | 455 | blacklist ${PATH}/gksu |
456 | deny ${PATH}/gksudo | 456 | blacklist ${PATH}/gksudo |
457 | deny ${PATH}/gpasswd | 457 | blacklist ${PATH}/gpasswd |
458 | deny ${PATH}/kdesudo | 458 | blacklist ${PATH}/kdesudo |
459 | deny ${PATH}/ksu | 459 | blacklist ${PATH}/ksu |
460 | deny ${PATH}/mount | 460 | blacklist ${PATH}/mount |
461 | deny ${PATH}/mount.ecryptfs_private | 461 | blacklist ${PATH}/mount.ecryptfs_private |
462 | deny ${PATH}/nc | 462 | blacklist ${PATH}/nc |
463 | deny ${PATH}/ncat | 463 | blacklist ${PATH}/ncat |
464 | deny ${PATH}/nmap | 464 | blacklist ${PATH}/nmap |
465 | deny ${PATH}/newgidmap | 465 | blacklist ${PATH}/newgidmap |
466 | deny ${PATH}/newgrp | 466 | blacklist ${PATH}/newgrp |
467 | deny ${PATH}/newuidmap | 467 | blacklist ${PATH}/newuidmap |
468 | deny ${PATH}/ntfs-3g | 468 | blacklist ${PATH}/ntfs-3g |
469 | deny ${PATH}/pkexec | 469 | blacklist ${PATH}/pkexec |
470 | deny ${PATH}/procmail | 470 | blacklist ${PATH}/procmail |
471 | deny ${PATH}/sg | 471 | blacklist ${PATH}/sg |
472 | deny ${PATH}/strace | 472 | blacklist ${PATH}/strace |
473 | deny ${PATH}/su | 473 | blacklist ${PATH}/su |
474 | deny ${PATH}/sudo | 474 | blacklist ${PATH}/sudo |
475 | deny ${PATH}/tcpdump | 475 | blacklist ${PATH}/tcpdump |
476 | deny ${PATH}/umount | 476 | blacklist ${PATH}/umount |
477 | deny ${PATH}/unix_chkpwd | 477 | blacklist ${PATH}/unix_chkpwd |
478 | deny ${PATH}/xev | 478 | blacklist ${PATH}/xev |
479 | deny ${PATH}/xinput | 479 | blacklist ${PATH}/xinput |
480 | 480 | ||
481 | # other SUID binaries | 481 | # other SUID binaries |
482 | deny /usr/lib/virtualbox | 482 | blacklist /usr/lib/virtualbox |
483 | deny /usr/lib64/virtualbox | 483 | blacklist /usr/lib64/virtualbox |
484 | 484 | ||
485 | # prevent lxterminal connecting to an existing lxterminal session | 485 | # prevent lxterminal connecting to an existing lxterminal session |
486 | deny /tmp/.lxterminal-socket* | 486 | blacklist /tmp/.lxterminal-socket* |
487 | # prevent tmux connecting to an existing session | 487 | # prevent tmux connecting to an existing session |
488 | deny /tmp/tmux-* | 488 | blacklist /tmp/tmux-* |
489 | 489 | ||
490 | # disable terminals running as server resulting in sandbox escape | 490 | # disable terminals running as server resulting in sandbox escape |
491 | deny ${PATH}/lxterminal | 491 | blacklist ${PATH}/lxterminal |
492 | deny ${PATH}/gnome-terminal | 492 | blacklist ${PATH}/gnome-terminal |
493 | deny ${PATH}/gnome-terminal.wrapper | 493 | blacklist ${PATH}/gnome-terminal.wrapper |
494 | deny ${PATH}/lilyterm | 494 | blacklist ${PATH}/lilyterm |
495 | deny ${PATH}/mate-terminal | 495 | blacklist ${PATH}/mate-terminal |
496 | deny ${PATH}/mate-terminal.wrapper | 496 | blacklist ${PATH}/mate-terminal.wrapper |
497 | deny ${PATH}/pantheon-terminal | 497 | blacklist ${PATH}/pantheon-terminal |
498 | deny ${PATH}/roxterm | 498 | blacklist ${PATH}/roxterm |
499 | deny ${PATH}/roxterm-config | 499 | blacklist ${PATH}/roxterm-config |
500 | deny ${PATH}/terminix | 500 | blacklist ${PATH}/terminix |
501 | deny ${PATH}/tilix | 501 | blacklist ${PATH}/tilix |
502 | deny ${PATH}/urxvtc | 502 | blacklist ${PATH}/urxvtc |
503 | deny ${PATH}/urxvtcd | 503 | blacklist ${PATH}/urxvtcd |
504 | deny ${PATH}/xfce4-terminal | 504 | blacklist ${PATH}/xfce4-terminal |
505 | deny ${PATH}/xfce4-terminal.wrapper | 505 | blacklist ${PATH}/xfce4-terminal.wrapper |
506 | # blacklist ${PATH}/konsole | 506 | # blacklist ${PATH}/konsole |
507 | # konsole doesn't seem to have this problem - last tested on Ubuntu 16.04 | 507 | # konsole doesn't seem to have this problem - last tested on Ubuntu 16.04 |
508 | 508 | ||
509 | # kernel files | 509 | # kernel files |
510 | deny /initrd* | 510 | blacklist /initrd* |
511 | deny /vmlinuz* | 511 | blacklist /vmlinuz* |
512 | 512 | ||
513 | # snapshot files | 513 | # snapshot files |
514 | deny /.snapshots | 514 | blacklist /.snapshots |
515 | 515 | ||
516 | # flatpak | 516 | # flatpak |
517 | deny ${HOME}/.cache/flatpak | 517 | blacklist ${HOME}/.cache/flatpak |
518 | deny ${HOME}/.config/flatpak | 518 | blacklist ${HOME}/.config/flatpak |
519 | nodeny ${HOME}/.local/share/flatpak/exports | 519 | noblacklist ${HOME}/.local/share/flatpak/exports |
520 | read-only ${HOME}/.local/share/flatpak/exports | 520 | read-only ${HOME}/.local/share/flatpak/exports |
521 | deny ${HOME}/.local/share/flatpak/* | 521 | blacklist ${HOME}/.local/share/flatpak/* |
522 | deny ${HOME}/.var | 522 | blacklist ${HOME}/.var |
523 | deny ${RUNUSER}/app | 523 | blacklist ${RUNUSER}/app |
524 | deny ${RUNUSER}/doc | 524 | blacklist ${RUNUSER}/doc |
525 | deny ${RUNUSER}/.dbus-proxy | 525 | blacklist ${RUNUSER}/.dbus-proxy |
526 | deny ${RUNUSER}/.flatpak | 526 | blacklist ${RUNUSER}/.flatpak |
527 | deny ${RUNUSER}/.flatpak-cache | 527 | blacklist ${RUNUSER}/.flatpak-cache |
528 | deny ${RUNUSER}/.flatpak-helper | 528 | blacklist ${RUNUSER}/.flatpak-helper |
529 | deny /usr/share/flatpak | 529 | blacklist /usr/share/flatpak |
530 | nodeny /var/lib/flatpak/exports | 530 | noblacklist /var/lib/flatpak/exports |
531 | deny /var/lib/flatpak/* | 531 | blacklist /var/lib/flatpak/* |
532 | # most of the time bwrap is SUID binary | 532 | # most of the time bwrap is SUID binary |
533 | deny ${PATH}/bwrap | 533 | blacklist ${PATH}/bwrap |
534 | 534 | ||
535 | # snap | 535 | # snap |
536 | deny ${RUNUSER}/snapd-session-agent.socket | 536 | blacklist ${RUNUSER}/snapd-session-agent.socket |
537 | 537 | ||
538 | # mail directories used by mutt | 538 | # mail directories used by mutt |
539 | deny ${HOME}/.Mail | 539 | blacklist ${HOME}/.Mail |
540 | deny ${HOME}/.mail | 540 | blacklist ${HOME}/.mail |
541 | deny ${HOME}/.signature | 541 | blacklist ${HOME}/.signature |
542 | deny ${HOME}/Mail | 542 | blacklist ${HOME}/Mail |
543 | deny ${HOME}/mail | 543 | blacklist ${HOME}/mail |
544 | deny ${HOME}/postponed | 544 | blacklist ${HOME}/postponed |
545 | deny ${HOME}/sent | 545 | blacklist ${HOME}/sent |
546 | 546 | ||
547 | # kernel configuration | 547 | # kernel configuration |
548 | deny /proc/config.gz | 548 | blacklist /proc/config.gz |
549 | 549 | ||
550 | # prevent DNS malware attempting to communicate with the server | 550 | # prevent DNS malware attempting to communicate with the server |
551 | # using regular DNS tools | 551 | # using regular DNS tools |
552 | deny ${PATH}/dig | 552 | blacklist ${PATH}/dig |
553 | deny ${PATH}/dlint | 553 | blacklist ${PATH}/dlint |
554 | deny ${PATH}/dns2tcp | 554 | blacklist ${PATH}/dns2tcp |
555 | deny ${PATH}/dnssec-* | 555 | blacklist ${PATH}/dnssec-* |
556 | deny ${PATH}/dnswalk | 556 | blacklist ${PATH}/dnswalk |
557 | deny ${PATH}/drill | 557 | blacklist ${PATH}/drill |
558 | deny ${PATH}/host | 558 | blacklist ${PATH}/host |
559 | deny ${PATH}/iodine | 559 | blacklist ${PATH}/iodine |
560 | deny ${PATH}/kdig | 560 | blacklist ${PATH}/kdig |
561 | deny ${PATH}/khost | 561 | blacklist ${PATH}/khost |
562 | deny ${PATH}/knsupdate | 562 | blacklist ${PATH}/knsupdate |
563 | deny ${PATH}/ldns-* | 563 | blacklist ${PATH}/ldns-* |
564 | deny ${PATH}/ldnsd | 564 | blacklist ${PATH}/ldnsd |
565 | deny ${PATH}/nslookup | 565 | blacklist ${PATH}/nslookup |
566 | deny ${PATH}/resolvectl | 566 | blacklist ${PATH}/resolvectl |
567 | deny ${PATH}/unbound-host | 567 | blacklist ${PATH}/unbound-host |
568 | 568 | ||
569 | # rest of ${RUNUSER} | 569 | # rest of ${RUNUSER} |
570 | deny ${RUNUSER}/*.lock | 570 | blacklist ${RUNUSER}/*.lock |
571 | deny ${RUNUSER}/inaccessible | 571 | blacklist ${RUNUSER}/inaccessible |
572 | deny ${RUNUSER}/pk-debconf-socket | 572 | blacklist ${RUNUSER}/pk-debconf-socket |
573 | deny ${RUNUSER}/update-notifier.pid | 573 | blacklist ${RUNUSER}/update-notifier.pid |
diff --git a/etc/inc/disable-devel.inc b/etc/inc/disable-devel.inc index a893eb3f3..e74b1b40b 100644 --- a/etc/inc/disable-devel.inc +++ b/etc/inc/disable-devel.inc | |||
@@ -5,65 +5,65 @@ include disable-devel.local | |||
5 | # development tools | 5 | # development tools |
6 | 6 | ||
7 | # clang/llvm | 7 | # clang/llvm |
8 | deny ${PATH}/clang* | 8 | blacklist ${PATH}/clang* |
9 | deny ${PATH}/lldb* | 9 | blacklist ${PATH}/lldb* |
10 | deny ${PATH}/llvm* | 10 | blacklist ${PATH}/llvm* |
11 | # see issue #2106 - it disables hardware acceleration in Firefox on Radeon GPU | 11 | # see issue #2106 - it disables hardware acceleration in Firefox on Radeon GPU |
12 | # blacklist /usr/lib/llvm* | 12 | # blacklist /usr/lib/llvm* |
13 | 13 | ||
14 | # GCC | 14 | # GCC |
15 | deny ${PATH}/as | 15 | blacklist ${PATH}/as |
16 | deny ${PATH}/cc | 16 | blacklist ${PATH}/cc |
17 | deny ${PATH}/c++* | 17 | blacklist ${PATH}/c++* |
18 | deny ${PATH}/c8* | 18 | blacklist ${PATH}/c8* |
19 | deny ${PATH}/c9* | 19 | blacklist ${PATH}/c9* |
20 | deny ${PATH}/cpp* | 20 | blacklist ${PATH}/cpp* |
21 | deny ${PATH}/g++* | 21 | blacklist ${PATH}/g++* |
22 | deny ${PATH}/gcc* | 22 | blacklist ${PATH}/gcc* |
23 | deny ${PATH}/gdb | 23 | blacklist ${PATH}/gdb |
24 | deny ${PATH}/ld | 24 | blacklist ${PATH}/ld |
25 | deny ${PATH}/*-gcc* | 25 | blacklist ${PATH}/*-gcc* |
26 | deny ${PATH}/*-g++* | 26 | blacklist ${PATH}/*-g++* |
27 | deny ${PATH}/*-gcc* | 27 | blacklist ${PATH}/*-gcc* |
28 | deny ${PATH}/*-g++* | 28 | blacklist ${PATH}/*-g++* |
29 | # seems to create problems on Gentoo | 29 | # seems to create problems on Gentoo |
30 | #blacklist /usr/lib/gcc | 30 | #blacklist /usr/lib/gcc |
31 | 31 | ||
32 | #Go | 32 | #Go |
33 | deny ${PATH}/gccgo | 33 | blacklist ${PATH}/gccgo |
34 | deny ${PATH}/go | 34 | blacklist ${PATH}/go |
35 | deny ${PATH}/gofmt | 35 | blacklist ${PATH}/gofmt |
36 | 36 | ||
37 | # Java | 37 | # Java |
38 | deny ${PATH}/java | 38 | blacklist ${PATH}/java |
39 | deny ${PATH}/javac | 39 | blacklist ${PATH}/javac |
40 | deny /etc/java | 40 | blacklist /etc/java |
41 | deny /usr/lib/java | 41 | blacklist /usr/lib/java |
42 | deny /usr/share/java | 42 | blacklist /usr/share/java |
43 | 43 | ||
44 | #OpenSSL | 44 | #OpenSSL |
45 | deny ${PATH}/openssl | 45 | blacklist ${PATH}/openssl |
46 | deny ${PATH}/openssl-1.0 | 46 | blacklist ${PATH}/openssl-1.0 |
47 | 47 | ||
48 | #Rust | 48 | #Rust |
49 | deny ${PATH}/rust-gdb | 49 | blacklist ${PATH}/rust-gdb |
50 | deny ${PATH}/rust-lldb | 50 | blacklist ${PATH}/rust-lldb |
51 | deny ${PATH}/rustc | 51 | blacklist ${PATH}/rustc |
52 | deny ${HOME}/.rustup | 52 | blacklist ${HOME}/.rustup |
53 | 53 | ||
54 | # tcc - Tiny C Compiler | 54 | # tcc - Tiny C Compiler |
55 | deny ${PATH}/tcc | 55 | blacklist ${PATH}/tcc |
56 | deny ${PATH}/x86_64-tcc | 56 | blacklist ${PATH}/x86_64-tcc |
57 | deny /usr/lib/tcc | 57 | blacklist /usr/lib/tcc |
58 | 58 | ||
59 | # Valgrind | 59 | # Valgrind |
60 | deny ${PATH}/valgrind* | 60 | blacklist ${PATH}/valgrind* |
61 | deny /usr/lib/valgrind | 61 | blacklist /usr/lib/valgrind |
62 | 62 | ||
63 | 63 | ||
64 | # Source-Code | 64 | # Source-Code |
65 | 65 | ||
66 | deny /usr/src | 66 | blacklist /usr/src |
67 | deny /usr/local/src | 67 | blacklist /usr/local/src |
68 | deny /usr/include | 68 | blacklist /usr/include |
69 | deny /usr/local/include | 69 | blacklist /usr/local/include |
diff --git a/etc/inc/disable-interpreters.inc b/etc/inc/disable-interpreters.inc index c77d9a490..5d8a236fb 100644 --- a/etc/inc/disable-interpreters.inc +++ b/etc/inc/disable-interpreters.inc | |||
@@ -3,66 +3,66 @@ | |||
3 | include disable-interpreters.local | 3 | include disable-interpreters.local |
4 | 4 | ||
5 | # gjs | 5 | # gjs |
6 | deny ${PATH}/gjs | 6 | blacklist ${PATH}/gjs |
7 | deny ${PATH}/gjs-console | 7 | blacklist ${PATH}/gjs-console |
8 | deny /usr/lib/gjs | 8 | blacklist /usr/lib/gjs |
9 | deny /usr/lib/libgjs* | 9 | blacklist /usr/lib/libgjs* |
10 | deny /usr/lib64/gjs | 10 | blacklist /usr/lib64/gjs |
11 | deny /usr/lib64/libgjs* | 11 | blacklist /usr/lib64/libgjs* |
12 | 12 | ||
13 | # Lua | 13 | # Lua |
14 | deny ${PATH}/lua* | 14 | blacklist ${PATH}/lua* |
15 | deny /usr/include/lua* | 15 | blacklist /usr/include/lua* |
16 | deny /usr/lib/liblua* | 16 | blacklist /usr/lib/liblua* |
17 | deny /usr/lib/lua | 17 | blacklist /usr/lib/lua |
18 | deny /usr/lib64/liblua* | 18 | blacklist /usr/lib64/liblua* |
19 | deny /usr/lib64/lua | 19 | blacklist /usr/lib64/lua |
20 | deny /usr/share/lua* | 20 | blacklist /usr/share/lua* |
21 | 21 | ||
22 | # mozjs | 22 | # mozjs |
23 | deny /usr/lib/libmozjs-* | 23 | blacklist /usr/lib/libmozjs-* |
24 | deny /usr/lib64/libmozjs-* | 24 | blacklist /usr/lib64/libmozjs-* |
25 | 25 | ||
26 | # Node.js | 26 | # Node.js |
27 | deny ${PATH}/node | 27 | blacklist ${PATH}/node |
28 | deny /usr/include/node | 28 | blacklist /usr/include/node |
29 | 29 | ||
30 | # nvm | 30 | # nvm |
31 | deny ${HOME}/.nvm | 31 | blacklist ${HOME}/.nvm |
32 | 32 | ||
33 | # Perl | 33 | # Perl |
34 | deny ${PATH}/core_perl | 34 | blacklist ${PATH}/core_perl |
35 | deny ${PATH}/cpan* | 35 | blacklist ${PATH}/cpan* |
36 | deny ${PATH}/perl | 36 | blacklist ${PATH}/perl |
37 | deny ${PATH}/site_perl | 37 | blacklist ${PATH}/site_perl |
38 | deny ${PATH}/vendor_perl | 38 | blacklist ${PATH}/vendor_perl |
39 | deny /usr/lib/perl* | 39 | blacklist /usr/lib/perl* |
40 | deny /usr/lib64/perl* | 40 | blacklist /usr/lib64/perl* |
41 | deny /usr/share/perl* | 41 | blacklist /usr/share/perl* |
42 | 42 | ||
43 | # PHP | 43 | # PHP |
44 | deny ${PATH}/php* | 44 | blacklist ${PATH}/php* |
45 | deny /usr/lib/php* | 45 | blacklist /usr/lib/php* |
46 | deny /usr/share/php* | 46 | blacklist /usr/share/php* |
47 | 47 | ||
48 | # Ruby | 48 | # Ruby |
49 | deny ${PATH}/ruby | 49 | blacklist ${PATH}/ruby |
50 | deny /usr/lib/ruby | 50 | blacklist /usr/lib/ruby |
51 | 51 | ||
52 | # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus | 52 | # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus |
53 | # Python 2 | 53 | # Python 2 |
54 | deny ${PATH}/python2* | 54 | blacklist ${PATH}/python2* |
55 | deny /usr/include/python2* | 55 | blacklist /usr/include/python2* |
56 | deny /usr/lib/python2* | 56 | blacklist /usr/lib/python2* |
57 | deny /usr/local/lib/python2* | 57 | blacklist /usr/local/lib/python2* |
58 | deny /usr/share/python2* | 58 | blacklist /usr/share/python2* |
59 | 59 | ||
60 | # You will want to add noblacklist for python3 stuff in the firefox and/or chromium profiles if you use the Gnome connector (see Issue #2026) | 60 | # You will want to add noblacklist for python3 stuff in the firefox and/or chromium profiles if you use the Gnome connector (see Issue #2026) |
61 | 61 | ||
62 | # Python 3 | 62 | # Python 3 |
63 | deny ${PATH}/python3* | 63 | blacklist ${PATH}/python3* |
64 | deny /usr/include/python3* | 64 | blacklist /usr/include/python3* |
65 | deny /usr/lib/python3* | 65 | blacklist /usr/lib/python3* |
66 | deny /usr/lib64/python3* | 66 | blacklist /usr/lib64/python3* |
67 | deny /usr/local/lib/python3* | 67 | blacklist /usr/local/lib/python3* |
68 | deny /usr/share/python3* | 68 | blacklist /usr/share/python3* |
diff --git a/etc/inc/disable-passwdmgr.inc b/etc/inc/disable-passwdmgr.inc index 0a61bc46f..3ed9a1b14 100644 --- a/etc/inc/disable-passwdmgr.inc +++ b/etc/inc/disable-passwdmgr.inc | |||
@@ -2,18 +2,18 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include disable-passwdmgr.local | 3 | include disable-passwdmgr.local |
4 | 4 | ||
5 | deny ${HOME}/.config/Bitwarden | 5 | blacklist ${HOME}/.config/Bitwarden |
6 | deny ${HOME}/.config/KeePass | 6 | blacklist ${HOME}/.config/KeePass |
7 | deny ${HOME}/.config/keepass | 7 | blacklist ${HOME}/.config/keepass |
8 | deny ${HOME}/.config/keepassx | 8 | blacklist ${HOME}/.config/keepassx |
9 | deny ${HOME}/.config/keepassxc | 9 | blacklist ${HOME}/.config/keepassxc |
10 | deny ${HOME}/.config/KeePassXCrc | 10 | blacklist ${HOME}/.config/KeePassXCrc |
11 | deny ${HOME}/.config/Sinew Software Systems | 11 | blacklist ${HOME}/.config/Sinew Software Systems |
12 | deny ${HOME}/.fpm | 12 | blacklist ${HOME}/.fpm |
13 | deny ${HOME}/.keepass | 13 | blacklist ${HOME}/.keepass |
14 | deny ${HOME}/.keepassx | 14 | blacklist ${HOME}/.keepassx |
15 | deny ${HOME}/.keepassxc | 15 | blacklist ${HOME}/.keepassxc |
16 | deny ${HOME}/.lastpass | 16 | blacklist ${HOME}/.lastpass |
17 | deny ${HOME}/.local/share/KeePass | 17 | blacklist ${HOME}/.local/share/KeePass |
18 | deny ${HOME}/.local/share/keepass | 18 | blacklist ${HOME}/.local/share/keepass |
19 | deny ${HOME}/.password-store | 19 | blacklist ${HOME}/.password-store |
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index c87948b27..7da2f276c 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -2,1098 +2,1106 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include disable-programs.local | 3 | include disable-programs.local |
4 | 4 | ||
5 | deny ${HOME}/.*coin | 5 | blacklist ${HOME}/.*coin |
6 | deny ${HOME}/.8pecxstudios | 6 | blacklist ${HOME}/.8pecxstudios |
7 | deny ${HOME}/.AndroidStudio* | 7 | blacklist ${HOME}/.AndroidStudio* |
8 | deny ${HOME}/.Atom | 8 | blacklist ${HOME}/.Atom |
9 | deny ${HOME}/.CLion* | 9 | blacklist ${HOME}/.CLion* |
10 | deny ${HOME}/.FBReader | 10 | blacklist ${HOME}/.FBReader |
11 | deny ${HOME}/.FontForge | 11 | blacklist ${HOME}/.FontForge |
12 | deny ${HOME}/.IdeaIC* | 12 | blacklist ${HOME}/.IdeaIC* |
13 | deny ${HOME}/.LuminanceHDR | 13 | blacklist ${HOME}/.LuminanceHDR |
14 | deny ${HOME}/.Mathematica | 14 | blacklist ${HOME}/.Mathematica |
15 | deny ${HOME}/.Natron | 15 | blacklist ${HOME}/.Natron |
16 | deny ${HOME}/.PlayOnLinux | 16 | blacklist ${HOME}/.PlayOnLinux |
17 | deny ${HOME}/.PyCharm* | 17 | blacklist ${HOME}/.PyCharm* |
18 | deny ${HOME}/.Sayonara | 18 | blacklist ${HOME}/.Sayonara |
19 | deny ${HOME}/.Steam | 19 | blacklist ${HOME}/.Steam |
20 | deny ${HOME}/.Steampath | 20 | blacklist ${HOME}/.Steampath |
21 | deny ${HOME}/.Steampid | 21 | blacklist ${HOME}/.Steampid |
22 | deny ${HOME}/.TelegramDesktop | 22 | blacklist ${HOME}/.TelegramDesktop |
23 | deny ${HOME}/.VSCodium | 23 | blacklist ${HOME}/.VSCodium |
24 | deny ${HOME}/.ViberPC | 24 | blacklist ${HOME}/.ViberPC |
25 | deny ${HOME}/.VirtualBox | 25 | blacklist ${HOME}/.VirtualBox |
26 | deny ${HOME}/.WebStorm* | 26 | blacklist ${HOME}/.WebStorm* |
27 | deny ${HOME}/.Wolfram Research | 27 | blacklist ${HOME}/.Wolfram Research |
28 | deny ${HOME}/.ZAP | 28 | blacklist ${HOME}/.ZAP |
29 | deny ${HOME}/.aMule | 29 | blacklist ${HOME}/.aMule |
30 | deny ${HOME}/.abook | 30 | blacklist ${HOME}/.abook |
31 | deny ${HOME}/.addressbook | 31 | blacklist ${HOME}/.addressbook |
32 | deny ${HOME}/.alpine-smime | 32 | blacklist ${HOME}/.alpine-smime |
33 | deny ${HOME}/.android | 33 | blacklist ${HOME}/.android |
34 | deny ${HOME}/.anydesk | 34 | blacklist ${HOME}/.anydesk |
35 | deny ${HOME}/.arduino15 | 35 | blacklist ${HOME}/.arduino15 |
36 | deny ${HOME}/.aria2 | 36 | blacklist ${HOME}/.aria2 |
37 | deny ${HOME}/.arm | 37 | blacklist ${HOME}/.arm |
38 | deny ${HOME}/.asunder_album_artist | 38 | blacklist ${HOME}/.asunder_album_artist |
39 | deny ${HOME}/.asunder_album_genre | 39 | blacklist ${HOME}/.asunder_album_genre |
40 | deny ${HOME}/.asunder_album_title | 40 | blacklist ${HOME}/.asunder_album_title |
41 | deny ${HOME}/.atom | 41 | blacklist ${HOME}/.atom |
42 | deny ${HOME}/.attic | 42 | blacklist ${HOME}/.attic |
43 | deny ${HOME}/.audacity-data | 43 | blacklist ${HOME}/.audacity-data |
44 | deny ${HOME}/.avidemux6 | 44 | blacklist ${HOME}/.avidemux6 |
45 | deny ${HOME}/.ballbuster.hs | 45 | blacklist ${HOME}/.ballbuster.hs |
46 | deny ${HOME}/.balsa | 46 | blacklist ${HOME}/.balsa |
47 | deny ${HOME}/.bcast5 | 47 | blacklist ${HOME}/.bcast5 |
48 | deny ${HOME}/.bibletime | 48 | blacklist ${HOME}/.bibletime |
49 | deny ${HOME}/.bitcoin | 49 | blacklist ${HOME}/.bitcoin |
50 | deny ${HOME}/.blobby | 50 | blacklist ${HOME}/.blobby |
51 | deny ${HOME}/.bogofilter | 51 | blacklist ${HOME}/.bogofilter |
52 | deny ${HOME}/.bzf | 52 | blacklist ${HOME}/.bzf |
53 | deny ${HOME}/.cargo/* | 53 | blacklist ${HOME}/.cargo/* |
54 | deny ${HOME}/.claws-mail | 54 | blacklist ${HOME}/.claws-mail |
55 | deny ${HOME}/.cliqz | 55 | blacklist ${HOME}/.cliqz |
56 | deny ${HOME}/.clion* | 56 | blacklist ${HOME}/.clion* |
57 | deny ${HOME}/.clonk | 57 | blacklist ${HOME}/.clonk |
58 | deny ${HOME}/.config/0ad | 58 | blacklist ${HOME}/.config/0ad |
59 | deny ${HOME}/.config/2048-qt | 59 | blacklist ${HOME}/.config/2048-qt |
60 | deny ${HOME}/.config/Atom | 60 | blacklist ${HOME}/.config/Atom |
61 | deny ${HOME}/.config/Audaciousrc | 61 | blacklist ${HOME}/.config/Audaciousrc |
62 | deny ${HOME}/.config/Authenticator | 62 | blacklist ${HOME}/.config/Authenticator |
63 | deny ${HOME}/.config/Beaker Browser | 63 | blacklist ${HOME}/.config/Beaker Browser |
64 | deny ${HOME}/.config/Bitcoin | 64 | blacklist ${HOME}/.config/Bitcoin |
65 | deny ${HOME}/.config/Bitwarden | 65 | blacklist ${HOME}/.config/Bitwarden |
66 | deny ${HOME}/.config/Brackets | 66 | blacklist ${HOME}/.config/Brackets |
67 | deny ${HOME}/.config/BraveSoftware | 67 | blacklist ${HOME}/.config/BraveSoftware |
68 | deny ${HOME}/.config/Clementine | 68 | blacklist ${HOME}/.config/Clementine |
69 | deny ${HOME}/.config/Code | 69 | blacklist ${HOME}/.config/Code |
70 | deny ${HOME}/.config/Code - OSS | 70 | blacklist ${HOME}/.config/Code - OSS |
71 | deny ${HOME}/.config/Code Industry | 71 | blacklist ${HOME}/.config/Code Industry |
72 | deny ${HOME}/.config/Cryptocat | 72 | blacklist ${HOME}/.config/Cryptocat |
73 | deny ${HOME}/.config/Debauchee/Barrier.conf | 73 | blacklist ${HOME}/.config/Debauchee/Barrier.conf |
74 | deny ${HOME}/.config/Dharkael | 74 | blacklist ${HOME}/.config/Dharkael |
75 | deny ${HOME}/.config/ENCOM | 75 | blacklist ${HOME}/.config/ENCOM |
76 | deny ${HOME}/.config/Element | 76 | blacklist ${HOME}/.config/Element |
77 | deny ${HOME}/.config/Element (Riot) | 77 | blacklist ${HOME}/.config/Element (Riot) |
78 | deny ${HOME}/.config/Enox | 78 | blacklist ${HOME}/.config/Enox |
79 | deny ${HOME}/.config/Epic | 79 | blacklist ${HOME}/.config/Epic |
80 | deny ${HOME}/.config/Ferdi | 80 | blacklist ${HOME}/.config/Ferdi |
81 | deny ${HOME}/.config/Flavio Tordini | 81 | blacklist ${HOME}/.config/Flavio Tordini |
82 | deny ${HOME}/.config/Franz | 82 | blacklist ${HOME}/.config/Franz |
83 | deny ${HOME}/.config/FreeCAD | 83 | blacklist ${HOME}/.config/FreeCAD |
84 | deny ${HOME}/.config/FreeTube | 84 | blacklist ${HOME}/.config/FreeTube |
85 | deny ${HOME}/.config/Fritzing | 85 | blacklist ${HOME}/.config/Fritzing |
86 | deny ${HOME}/.config/GIMP | 86 | blacklist ${HOME}/.config/GIMP |
87 | deny ${HOME}/.config/GitHub Desktop | 87 | blacklist ${HOME}/.config/GitHub Desktop |
88 | deny ${HOME}/.config/Gitter | 88 | blacklist ${HOME}/.config/Gitter |
89 | deny ${HOME}/.config/Google | 89 | blacklist ${HOME}/.config/Google |
90 | deny ${HOME}/.config/Google Play Music Desktop Player | 90 | blacklist ${HOME}/.config/Google Play Music Desktop Player |
91 | deny ${HOME}/.config/Gpredict | 91 | blacklist ${HOME}/.config/Gpredict |
92 | deny ${HOME}/.config/INRIA | 92 | blacklist ${HOME}/.config/INRIA |
93 | deny ${HOME}/.config/InSilmaril | 93 | blacklist ${HOME}/.config/InSilmaril |
94 | deny ${HOME}/.config/Jitsi Meet | 94 | blacklist ${HOME}/.config/Jitsi Meet |
95 | deny ${HOME}/.config/JetBrains/CLion* | 95 | blacklist ${HOME}/.config/JetBrains/CLion* |
96 | deny ${HOME}/.config/KDE/neochat | 96 | blacklist ${HOME}/.config/KDE/neochat |
97 | deny ${HOME}/.config/Kid3 | 97 | blacklist ${HOME}/.config/Kid3 |
98 | deny ${HOME}/.config/Kingsoft | 98 | blacklist ${HOME}/.config/Kingsoft |
99 | deny ${HOME}/.config/LibreCAD | 99 | blacklist ${HOME}/.config/LibreCAD |
100 | deny ${HOME}/.config/Loop_Hero | 100 | blacklist ${HOME}/.config/Loop_Hero |
101 | deny ${HOME}/.config/Luminance | 101 | blacklist ${HOME}/.config/Luminance |
102 | deny ${HOME}/.config/LyX | 102 | blacklist ${HOME}/.config/LyX |
103 | deny ${HOME}/.config/Mattermost | 103 | blacklist ${HOME}/.config/Mattermost |
104 | deny ${HOME}/.config/Meltytech | 104 | blacklist ${HOME}/.config/Meltytech |
105 | deny ${HOME}/.config/Mendeley Ltd. | 105 | blacklist ${HOME}/.config/Mendeley Ltd. |
106 | deny ${HOME}/.config/Microsoft | 106 | blacklist ${HOME}/.config/Microsoft |
107 | deny ${HOME}/.config/Min | 107 | blacklist ${HOME}/.config/Min |
108 | deny ${HOME}/.config/ModTheSpire | 108 | blacklist ${HOME}/.config/ModTheSpire |
109 | deny ${HOME}/.config/Mousepad | 109 | blacklist ${HOME}/.config/Mousepad |
110 | deny ${HOME}/.config/Mumble | 110 | blacklist ${HOME}/.config/Mumble |
111 | deny ${HOME}/.config/MusE | 111 | blacklist ${HOME}/.config/MusE |
112 | deny ${HOME}/.config/MuseScore | 112 | blacklist ${HOME}/.config/MuseScore |
113 | deny ${HOME}/.config/MusicBrainz | 113 | blacklist ${HOME}/.config/MusicBrainz |
114 | deny ${HOME}/.config/Nathan Osman | 114 | blacklist ${HOME}/.config/Nathan Osman |
115 | deny ${HOME}/.config/Nextcloud | 115 | blacklist ${HOME}/.config/Nextcloud |
116 | deny ${HOME}/.config/NitroShare | 116 | blacklist ${HOME}/.config/NitroShare |
117 | deny ${HOME}/.config/Nylas Mail | 117 | blacklist ${HOME}/.config/Nylas Mail |
118 | deny ${HOME}/.config/PBE | 118 | blacklist ${HOME}/.config/PBE |
119 | deny ${HOME}/.config/PacmanLogViewer | 119 | blacklist ${HOME}/.config/PacmanLogViewer |
120 | deny ${HOME}/.config/PawelStolowski | 120 | blacklist ${HOME}/.config/PawelStolowski |
121 | deny ${HOME}/.config/Philipp Schmieder | 121 | blacklist ${HOME}/.config/Philipp Schmieder |
122 | deny ${HOME}/.config/Pinta | 122 | blacklist ${HOME}/.config/Pinta |
123 | deny ${HOME}/.config/QGIS | 123 | blacklist ${HOME}/.config/QGIS |
124 | deny ${HOME}/.config/QMediathekView | 124 | blacklist ${HOME}/.config/QMediathekView |
125 | deny ${HOME}/.config/Qlipper | 125 | blacklist ${HOME}/.config/Qlipper |
126 | deny ${HOME}/.config/QuiteRss | 126 | blacklist ${HOME}/.config/QuiteRss |
127 | deny ${HOME}/.config/QuiteRssrc | 127 | blacklist ${HOME}/.config/QuiteRssrc |
128 | deny ${HOME}/.config/Quotient | 128 | blacklist ${HOME}/.config/Quotient |
129 | deny ${HOME}/.config/Rambox | 129 | blacklist ${HOME}/.config/Rambox |
130 | deny ${HOME}/.config/Riot | 130 | blacklist ${HOME}/.config/Riot |
131 | deny ${HOME}/.config/Rocket.Chat | 131 | blacklist ${HOME}/.config/Rocket.Chat |
132 | deny ${HOME}/.config/RogueLegacy | 132 | blacklist ${HOME}/.config/RogueLegacy |
133 | deny ${HOME}/.config/RogueLegacyStorageContainer | 133 | blacklist ${HOME}/.config/RogueLegacyStorageContainer |
134 | deny ${HOME}/.config/Signal | 134 | blacklist ${HOME}/.config/Signal |
135 | deny ${HOME}/.config/Sinew Software Systems | 135 | blacklist ${HOME}/.config/Sinew Software Systems |
136 | deny ${HOME}/.config/Slack | 136 | blacklist ${HOME}/.config/Slack |
137 | deny ${HOME}/.config/Standard Notes | 137 | blacklist ${HOME}/.config/Standard Notes |
138 | deny ${HOME}/.config/SubDownloader | 138 | blacklist ${HOME}/.config/SubDownloader |
139 | deny ${HOME}/.config/Thunar | 139 | blacklist ${HOME}/.config/Thunar |
140 | deny ${HOME}/.config/Twitch | 140 | blacklist ${HOME}/.config/Twitch |
141 | deny ${HOME}/.config/Unknown Organization | 141 | blacklist ${HOME}/.config/Unknown Organization |
142 | deny ${HOME}/.config/VirtualBox | 142 | blacklist ${HOME}/.config/VirtualBox |
143 | deny ${HOME}/.config/Whalebird | 143 | blacklist ${HOME}/.config/Whalebird |
144 | deny ${HOME}/.config/Wire | 144 | blacklist ${HOME}/.config/Wire |
145 | deny ${HOME}/.config/Youtube | 145 | blacklist ${HOME}/.config/Youtube |
146 | deny ${HOME}/.config/ZeGrapher Project | 146 | blacklist ${HOME}/.config/ZeGrapher Project |
147 | deny ${HOME}/.config/Zeal | 147 | blacklist ${HOME}/.config/Zeal |
148 | deny ${HOME}/.config/Zulip | 148 | blacklist ${HOME}/.config/Zulip |
149 | deny ${HOME}/.config/aacs | 149 | blacklist ${HOME}/.config/aacs |
150 | deny ${HOME}/.config/abiword | 150 | blacklist ${HOME}/.config/abiword |
151 | deny ${HOME}/.config/agenda | 151 | blacklist ${HOME}/.config/agenda |
152 | deny ${HOME}/.config/akonadi* | 152 | blacklist ${HOME}/.config/akonadi* |
153 | deny ${HOME}/.config/akregatorrc | 153 | blacklist ${HOME}/.config/akregatorrc |
154 | deny ${HOME}/.config/alacritty | 154 | blacklist ${HOME}/.config/alacritty |
155 | deny ${HOME}/.config/ardour4 | 155 | blacklist ${HOME}/.config/ardour4 |
156 | deny ${HOME}/.config/ardour5 | 156 | blacklist ${HOME}/.config/ardour5 |
157 | deny ${HOME}/.config/aria2 | 157 | blacklist ${HOME}/.config/aria2 |
158 | deny ${HOME}/.config/arkrc | 158 | blacklist ${HOME}/.config/arkrc |
159 | deny ${HOME}/.config/artha.conf | 159 | blacklist ${HOME}/.config/artha.conf |
160 | deny ${HOME}/.config/artha.log | 160 | blacklist ${HOME}/.config/artha.log |
161 | deny ${HOME}/.config/asunder | 161 | blacklist ${HOME}/.config/asunder |
162 | deny ${HOME}/.config/atril | 162 | blacklist ${HOME}/.config/atril |
163 | deny ${HOME}/.config/audacious | 163 | blacklist ${HOME}/.config/audacious |
164 | deny ${HOME}/.config/autokey | 164 | blacklist ${HOME}/.config/autokey |
165 | deny ${HOME}/.config/avidemux3_qt5rc | 165 | blacklist ${HOME}/.config/avidemux3_qt5rc |
166 | deny ${HOME}/.config/aweather | 166 | blacklist ${HOME}/.config/aweather |
167 | deny ${HOME}/.config/backintime | 167 | blacklist ${HOME}/.config/backintime |
168 | deny ${HOME}/.config/baloofilerc | 168 | blacklist ${HOME}/.config/baloofilerc |
169 | deny ${HOME}/.config/baloorc | 169 | blacklist ${HOME}/.config/baloorc |
170 | deny ${HOME}/.config/bcompare | 170 | blacklist ${HOME}/.config/bcompare |
171 | deny ${HOME}/.config/blender | 171 | blacklist ${HOME}/.config/blender |
172 | deny ${HOME}/.config/bless | 172 | blacklist ${HOME}/.config/bless |
173 | deny ${HOME}/.config/bnox | 173 | blacklist ${HOME}/.config/bnox |
174 | deny ${HOME}/.config/borg | 174 | blacklist ${HOME}/.config/borg |
175 | deny ${HOME}/.config/brasero | 175 | blacklist ${HOME}/.config/brasero |
176 | deny ${HOME}/.config/brave | 176 | blacklist ${HOME}/.config/brave |
177 | deny ${HOME}/.config/brave-flags.conf | 177 | blacklist ${HOME}/.config/brave-flags.conf |
178 | deny ${HOME}/.config/caja | 178 | blacklist ${HOME}/.config/caja |
179 | deny ${HOME}/.config/calibre | 179 | blacklist ${HOME}/.config/calibre |
180 | deny ${HOME}/.config/cantata | 180 | blacklist ${HOME}/.config/cantata |
181 | deny ${HOME}/.config/catfish | 181 | blacklist ${HOME}/.config/catfish |
182 | deny ${HOME}/.config/cawbird | 182 | blacklist ${HOME}/.config/cawbird |
183 | deny ${HOME}/.config/celluloid | 183 | blacklist ${HOME}/.config/celluloid |
184 | deny ${HOME}/.config/cherrytree | 184 | blacklist ${HOME}/.config/cherrytree |
185 | deny ${HOME}/.config/chrome-beta-flags.conf | 185 | blacklist ${HOME}/.config/chrome-beta-flags.conf |
186 | deny ${HOME}/.config/chrome-beta-flags.config | 186 | blacklist ${HOME}/.config/chrome-beta-flags.config |
187 | deny ${HOME}/.config/chrome-flags.conf | 187 | blacklist ${HOME}/.config/chrome-flags.conf |
188 | deny ${HOME}/.config/chrome-flags.config | 188 | blacklist ${HOME}/.config/chrome-flags.config |
189 | deny ${HOME}/.config/chrome-unstable-flags.conf | 189 | blacklist ${HOME}/.config/chrome-unstable-flags.conf |
190 | deny ${HOME}/.config/chrome-unstable-flags.config | 190 | blacklist ${HOME}/.config/chrome-unstable-flags.config |
191 | deny ${HOME}/.config/chromium | 191 | blacklist ${HOME}/.config/chromium |
192 | deny ${HOME}/.config/chromium-dev | 192 | blacklist ${HOME}/.config/chromium-dev |
193 | deny ${HOME}/.config/chromium-flags.conf | 193 | blacklist ${HOME}/.config/chromium-flags.conf |
194 | deny ${HOME}/.config/clipit | 194 | blacklist ${HOME}/.config/clipit |
195 | deny ${HOME}/.config/cliqz | 195 | blacklist ${HOME}/.config/cliqz |
196 | deny ${HOME}/.config/cmus | 196 | blacklist ${HOME}/.config/cmus |
197 | deny ${HOME}/.config/com.github.bleakgrey.tootle | 197 | blacklist ${HOME}/.config/com.github.bleakgrey.tootle |
198 | deny ${HOME}/.config/corebird | 198 | blacklist ${HOME}/.config/corebird |
199 | deny ${HOME}/.config/cower | 199 | blacklist ${HOME}/.config/cower |
200 | deny ${HOME}/.config/coyim | 200 | blacklist ${HOME}/.config/coyim |
201 | deny ${HOME}/.config/d-feet | 201 | blacklist ${HOME}/.config/d-feet |
202 | deny ${HOME}/.config/darktable | 202 | blacklist ${HOME}/.config/darktable |
203 | deny ${HOME}/.config/deadbeef | 203 | blacklist ${HOME}/.config/deadbeef |
204 | deny ${HOME}/.config/deluge | 204 | blacklist ${HOME}/.config/deluge |
205 | deny ${HOME}/.config/devilspie2 | 205 | blacklist ${HOME}/.config/devilspie2 |
206 | deny ${HOME}/.config/digikam | 206 | blacklist ${HOME}/.config/digikam |
207 | deny ${HOME}/.config/digikamrc | 207 | blacklist ${HOME}/.config/digikamrc |
208 | deny ${HOME}/.config/discord | 208 | blacklist ${HOME}/.config/discord |
209 | deny ${HOME}/.config/discordcanary | 209 | blacklist ${HOME}/.config/discordcanary |
210 | deny ${HOME}/.config/dkl | 210 | blacklist ${HOME}/.config/dkl |
211 | deny ${HOME}/.config/dnox | 211 | blacklist ${HOME}/.config/dnox |
212 | deny ${HOME}/.config/dolphin-emu | 212 | blacklist ${HOME}/.config/dolphin-emu |
213 | deny ${HOME}/.config/dolphinrc | 213 | blacklist ${HOME}/.config/dolphinrc |
214 | deny ${HOME}/.config/dragonplayerrc | 214 | blacklist ${HOME}/.config/dragonplayerrc |
215 | deny ${HOME}/.config/draw.io | 215 | blacklist ${HOME}/.config/draw.io |
216 | deny ${HOME}/.config/electron-mail | 216 | blacklist ${HOME}/.config/electron-mail |
217 | deny ${HOME}/.config/emaildefaults | 217 | blacklist ${HOME}/.config/emaildefaults |
218 | deny ${HOME}/.config/emailidentities | 218 | blacklist ${HOME}/.config/emailidentities |
219 | deny ${HOME}/.config/emilia | 219 | blacklist ${HOME}/.config/emilia |
220 | deny ${HOME}/.config/enchant | 220 | blacklist ${HOME}/.config/enchant |
221 | deny ${HOME}/.config/eog | 221 | blacklist ${HOME}/.config/eog |
222 | deny ${HOME}/.config/epiphany | 222 | blacklist ${HOME}/.config/epiphany |
223 | deny ${HOME}/.config/equalx | 223 | blacklist ${HOME}/.config/equalx |
224 | deny ${HOME}/.config/evince | 224 | blacklist ${HOME}/.config/evince |
225 | deny ${HOME}/.config/evolution | 225 | blacklist ${HOME}/.config/evolution |
226 | deny ${HOME}/.config/falkon | 226 | blacklist ${HOME}/.config/falkon |
227 | deny ${HOME}/.config/filezilla | 227 | blacklist ${HOME}/.config/filezilla |
228 | deny ${HOME}/.config/flameshot | 228 | blacklist ${HOME}/.config/flameshot |
229 | deny ${HOME}/.config/flaska.net | 229 | blacklist ${HOME}/.config/flaska.net |
230 | deny ${HOME}/.config/flowblade | 230 | blacklist ${HOME}/.config/flowblade |
231 | deny ${HOME}/.config/font-manager | 231 | blacklist ${HOME}/.config/font-manager |
232 | deny ${HOME}/.config/freecol | 232 | blacklist ${HOME}/.config/freecol |
233 | deny ${HOME}/.config/gajim | 233 | blacklist ${HOME}/.config/gajim |
234 | deny ${HOME}/.config/galculator | 234 | blacklist ${HOME}/.config/galculator |
235 | deny ${HOME}/.config/gconf | 235 | blacklist ${HOME}/.config/gconf |
236 | deny ${HOME}/.config/geany | 236 | blacklist ${HOME}/.config/geany |
237 | deny ${HOME}/.config/geary | 237 | blacklist ${HOME}/.config/geary |
238 | deny ${HOME}/.config/gedit | 238 | blacklist ${HOME}/.config/gedit |
239 | deny ${HOME}/.config/geeqie | 239 | blacklist ${HOME}/.config/geeqie |
240 | deny ${HOME}/.config/ghb | 240 | blacklist ${HOME}/.config/ghb |
241 | deny ${HOME}/.config/ghostwriter | 241 | blacklist ${HOME}/.config/ghostwriter |
242 | deny ${HOME}/.config/git | 242 | blacklist ${HOME}/.config/git |
243 | deny ${HOME}/.config/git-cola | 243 | blacklist ${HOME}/.config/git-cola |
244 | deny ${HOME}/.config/glade.conf | 244 | blacklist ${HOME}/.config/glade.conf |
245 | deny ${HOME}/.config/globaltime | 245 | blacklist ${HOME}/.config/globaltime |
246 | deny ${HOME}/.config/gmpc | 246 | blacklist ${HOME}/.config/gmpc |
247 | deny ${HOME}/.config/gnome-builder | 247 | blacklist ${HOME}/.config/gnome-builder |
248 | deny ${HOME}/.config/gnome-chess | 248 | blacklist ${HOME}/.config/gnome-chess |
249 | deny ${HOME}/.config/gnome-control-center | 249 | blacklist ${HOME}/.config/gnome-control-center |
250 | deny ${HOME}/.config/gnome-initial-setup-done | 250 | blacklist ${HOME}/.config/gnome-initial-setup-done |
251 | deny ${HOME}/.config/gnome-latex | 251 | blacklist ${HOME}/.config/gnome-latex |
252 | deny ${HOME}/.config/gnome-mplayer | 252 | blacklist ${HOME}/.config/gnome-mplayer |
253 | deny ${HOME}/.config/gnome-mpv | 253 | blacklist ${HOME}/.config/gnome-mpv |
254 | deny ${HOME}/.config/gnome-pie | 254 | blacklist ${HOME}/.config/gnome-pie |
255 | deny ${HOME}/.config/gnome-session | 255 | blacklist ${HOME}/.config/gnome-session |
256 | deny ${HOME}/.config/gnote | 256 | blacklist ${HOME}/.config/gnote |
257 | deny ${HOME}/.config/godot | 257 | blacklist ${HOME}/.config/godot |
258 | deny ${HOME}/.config/google-chrome | 258 | blacklist ${HOME}/.config/google-chrome |
259 | deny ${HOME}/.config/google-chrome-beta | 259 | blacklist ${HOME}/.config/google-chrome-beta |
260 | deny ${HOME}/.config/google-chrome-unstable | 260 | blacklist ${HOME}/.config/google-chrome-unstable |
261 | deny ${HOME}/.config/gpicview | 261 | blacklist ${HOME}/.config/gpicview |
262 | deny ${HOME}/.config/gthumb | 262 | blacklist ${HOME}/.config/gthumb |
263 | deny ${HOME}/.config/gummi | 263 | blacklist ${HOME}/.config/gummi |
264 | deny ${HOME}/.config/guvcview2 | 264 | blacklist ${HOME}/.config/guvcview2 |
265 | deny ${HOME}/.config/gwenviewrc | 265 | blacklist ${HOME}/.config/gwenviewrc |
266 | deny ${HOME}/.config/hexchat | 266 | blacklist ${HOME}/.config/hexchat |
267 | deny ${HOME}/.config/homebank | 267 | blacklist ${HOME}/.config/homebank |
268 | deny ${HOME}/.config/i2p | 268 | blacklist ${HOME}/.config/i2p |
269 | deny ${HOME}/.config/inkscape | 269 | blacklist ${HOME}/.config/inkscape |
270 | deny ${HOME}/.config/inox | 270 | blacklist ${HOME}/.config/inox |
271 | deny ${HOME}/.config/iridium | 271 | blacklist ${HOME}/.config/iridium |
272 | deny ${HOME}/.config/itch | 272 | blacklist ${HOME}/.config/itch |
273 | deny ${HOME}/.config/jami | 273 | blacklist ${HOME}/.config/jami |
274 | deny ${HOME}/.config/jd-gui.cfg | 274 | blacklist ${HOME}/.config/jd-gui.cfg |
275 | deny ${HOME}/.config/k3brc | 275 | blacklist ${HOME}/.config/k3brc |
276 | deny ${HOME}/.config/kaffeinerc | 276 | blacklist ${HOME}/.config/kaffeinerc |
277 | deny ${HOME}/.config/kalgebrarc | 277 | blacklist ${HOME}/.config/kalgebrarc |
278 | deny ${HOME}/.config/katemetainfos | 278 | blacklist ${HOME}/.config/katemetainfos |
279 | deny ${HOME}/.config/katepartrc | 279 | blacklist ${HOME}/.config/katepartrc |
280 | deny ${HOME}/.config/katerc | 280 | blacklist ${HOME}/.config/katerc |
281 | deny ${HOME}/.config/kateschemarc | 281 | blacklist ${HOME}/.config/kateschemarc |
282 | deny ${HOME}/.config/katesyntaxhighlightingrc | 282 | blacklist ${HOME}/.config/katesyntaxhighlightingrc |
283 | deny ${HOME}/.config/katevirc | 283 | blacklist ${HOME}/.config/katevirc |
284 | deny ${HOME}/.config/kazam | 284 | blacklist ${HOME}/.config/kazam |
285 | deny ${HOME}/.config/kdeconnect | 285 | blacklist ${HOME}/.config/kdeconnect |
286 | deny ${HOME}/.config/kdenliverc | 286 | blacklist ${HOME}/.config/kdenliverc |
287 | deny ${HOME}/.config/kdiff3fileitemactionrc | 287 | blacklist ${HOME}/.config/kdiff3fileitemactionrc |
288 | deny ${HOME}/.config/kdiff3rc | 288 | blacklist ${HOME}/.config/kdiff3rc |
289 | deny ${HOME}/.config/kfindrc | 289 | blacklist ${HOME}/.config/kfindrc |
290 | deny ${HOME}/.config/kgetrc | 290 | blacklist ${HOME}/.config/kgetrc |
291 | deny ${HOME}/.config/kid3rc | 291 | blacklist ${HOME}/.config/kid3rc |
292 | deny ${HOME}/.config/klavaro | 292 | blacklist ${HOME}/.config/klavaro |
293 | deny ${HOME}/.config/klipperrc | 293 | blacklist ${HOME}/.config/klipperrc |
294 | deny ${HOME}/.config/kmail2rc | 294 | blacklist ${HOME}/.config/kmail2rc |
295 | deny ${HOME}/.config/kmailsearchindexingrc | 295 | blacklist ${HOME}/.config/kmailsearchindexingrc |
296 | deny ${HOME}/.config/kmplayerrc | 296 | blacklist ${HOME}/.config/kmplayerrc |
297 | deny ${HOME}/.config/knotesrc | 297 | blacklist ${HOME}/.config/knotesrc |
298 | deny ${HOME}/.config/konversation.notifyrc | 298 | blacklist ${HOME}/.config/konversation.notifyrc |
299 | deny ${HOME}/.config/konversationrc | 299 | blacklist ${HOME}/.config/konversationrc |
300 | deny ${HOME}/.config/kritarc | 300 | blacklist ${HOME}/.config/kritarc |
301 | deny ${HOME}/.config/ktorrentrc | 301 | blacklist ${HOME}/.config/ktorrentrc |
302 | deny ${HOME}/.config/ktouch2rc | 302 | blacklist ${HOME}/.config/ktouch2rc |
303 | deny ${HOME}/.config/kube | 303 | blacklist ${HOME}/.config/kube |
304 | deny ${HOME}/.config/kwriterc | 304 | blacklist ${HOME}/.config/kwriterc |
305 | deny ${HOME}/.config/leafpad | 305 | blacklist ${HOME}/.config/leafpad |
306 | deny ${HOME}/.config/libreoffice | 306 | blacklist ${HOME}/.config/libreoffice |
307 | deny ${HOME}/.config/liferea | 307 | blacklist ${HOME}/.config/liferea |
308 | deny ${HOME}/.config/linphone | 308 | blacklist ${HOME}/.config/linphone |
309 | deny ${HOME}/.config/lugaru | 309 | blacklist ${HOME}/.config/lugaru |
310 | deny ${HOME}/.config/lutris | 310 | blacklist ${HOME}/.config/lutris |
311 | deny ${HOME}/.config/lximage-qt | 311 | blacklist ${HOME}/.config/lximage-qt |
312 | deny ${HOME}/.config/mailtransports | 312 | blacklist ${HOME}/.config/mailtransports |
313 | deny ${HOME}/.config/mana | 313 | blacklist ${HOME}/.config/mana |
314 | deny ${HOME}/.config/mate-calc | 314 | blacklist ${HOME}/.config/mate-calc |
315 | deny ${HOME}/.config/mate/eom | 315 | blacklist ${HOME}/.config/mate/eom |
316 | deny ${HOME}/.config/mate/mate-dictionary | 316 | blacklist ${HOME}/.config/mate/mate-dictionary |
317 | deny ${HOME}/.config/matrix-mirage | 317 | blacklist ${HOME}/.config/matrix-mirage |
318 | deny ${HOME}/.config/mcomix | 318 | blacklist ${HOME}/.config/mcomix |
319 | deny ${HOME}/.config/meld | 319 | blacklist ${HOME}/.config/meld |
320 | deny ${HOME}/.config/menulibre.cfg | 320 | blacklist ${HOME}/.config/menulibre.cfg |
321 | deny ${HOME}/.config/meteo-qt | 321 | blacklist ${HOME}/.config/meteo-qt |
322 | deny ${HOME}/.config/mfusion | 322 | blacklist ${HOME}/.config/mfusion |
323 | deny ${HOME}/.config/microsoft-edge-dev | 323 | blacklist ${HOME}/.config/microsoft-edge-beta |
324 | deny ${HOME}/.config/midori | 324 | blacklist ${HOME}/.config/microsoft-edge-dev |
325 | deny ${HOME}/.config/mirage | 325 | blacklist ${HOME}/.config/midori |
326 | deny ${HOME}/.config/mono | 326 | blacklist ${HOME}/.config/mirage |
327 | deny ${HOME}/.config/mpDris2 | 327 | blacklist ${HOME}/.config/mono |
328 | deny ${HOME}/.config/mpd | 328 | blacklist ${HOME}/.config/mpDris2 |
329 | deny ${HOME}/.config/mps-youtube | 329 | blacklist ${HOME}/.config/mpd |
330 | deny ${HOME}/.config/mpv | 330 | blacklist ${HOME}/.config/mps-youtube |
331 | deny ${HOME}/.config/mupen64plus | 331 | blacklist ${HOME}/.config/mpv |
332 | deny ${HOME}/.config/mutt | 332 | blacklist ${HOME}/.config/mupen64plus |
333 | deny ${HOME}/.config/mutter | 333 | blacklist ${HOME}/.config/mutt |
334 | deny ${HOME}/.config/mypaint | 334 | blacklist ${HOME}/.config/mutter |
335 | deny ${HOME}/.config/nano | 335 | blacklist ${HOME}/.config/mypaint |
336 | deny ${HOME}/.config/nautilus | 336 | blacklist ${HOME}/.config/nano |
337 | deny ${HOME}/.config/nemo | 337 | blacklist ${HOME}/.config/nautilus |
338 | deny ${HOME}/.config/neochat.notifyrc | 338 | blacklist ${HOME}/.config/nemo |
339 | deny ${HOME}/.config/neochatrc | 339 | blacklist ${HOME}/.config/neochat.notifyrc |
340 | deny ${HOME}/.config/neomutt | 340 | blacklist ${HOME}/.config/neochatrc |
341 | deny ${HOME}/.config/netsurf | 341 | blacklist ${HOME}/.config/neomutt |
342 | deny ${HOME}/.config/newsbeuter | 342 | blacklist ${HOME}/.config/netsurf |
343 | deny ${HOME}/.config/newsboat | 343 | blacklist ${HOME}/.config/newsbeuter |
344 | deny ${HOME}/.config/newsflash | 344 | blacklist ${HOME}/.config/newsboat |
345 | deny ${HOME}/.config/nheko | 345 | blacklist ${HOME}/.config/newsflash |
346 | deny ${HOME}/.config/nomacs | 346 | blacklist ${HOME}/.config/nheko |
347 | deny ${HOME}/.config/nuclear | 347 | blacklist ${HOME}/.config/nomacs |
348 | deny ${HOME}/.config/obs-studio | 348 | blacklist ${HOME}/.config/nuclear |
349 | deny ${HOME}/.config/okularpartrc | 349 | blacklist ${HOME}/.config/obs-studio |
350 | deny ${HOME}/.config/okularrc | 350 | blacklist ${HOME}/.config/okularpartrc |
351 | deny ${HOME}/.config/onboard | 351 | blacklist ${HOME}/.config/okularrc |
352 | deny ${HOME}/.config/onionshare | 352 | blacklist ${HOME}/.config/onboard |
353 | deny ${HOME}/.config/onlyoffice | 353 | blacklist ${HOME}/.config/onionshare |
354 | deny ${HOME}/.config/openmw | 354 | blacklist ${HOME}/.config/onlyoffice |
355 | deny ${HOME}/.config/opera | 355 | blacklist ${HOME}/.config/openmw |
356 | deny ${HOME}/.config/opera-beta | 356 | blacklist ${HOME}/.config/opera |
357 | deny ${HOME}/.config/orage | 357 | blacklist ${HOME}/.config/opera-beta |
358 | deny ${HOME}/.config/org.gabmus.gfeeds.json | 358 | blacklist ${HOME}/.config/orage |
359 | deny ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 359 | blacklist ${HOME}/.config/org.gabmus.gfeeds.json |
360 | deny ${HOME}/.config/org.kde.gwenviewrc | 360 | blacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
361 | deny ${HOME}/.config/otter | 361 | blacklist ${HOME}/.config/org.kde.gwenviewrc |
362 | deny ${HOME}/.config/pavucontrol-qt | 362 | blacklist ${HOME}/.config/otter |
363 | deny ${HOME}/.config/pavucontrol.ini | 363 | blacklist ${HOME}/.config/pavucontrol-qt |
364 | deny ${HOME}/.config/pcmanfm | 364 | blacklist ${HOME}/.config/pavucontrol.ini |
365 | deny ${HOME}/.config/pdfmod | 365 | blacklist ${HOME}/.config/pcmanfm |
366 | deny ${HOME}/.config/pipe-viewer | 366 | blacklist ${HOME}/.config/pdfmod |
367 | deny ${HOME}/.config/pitivi | 367 | blacklist ${HOME}/.config/pipe-viewer |
368 | deny ${HOME}/.config/pix | 368 | blacklist ${HOME}/.config/pitivi |
369 | deny ${HOME}/.config/pluma | 369 | blacklist ${HOME}/.config/pix |
370 | deny ${HOME}/.config/ppsspp | 370 | blacklist ${HOME}/.config/pluma |
371 | deny ${HOME}/.config/pragha | 371 | blacklist ${HOME}/.config/ppsspp |
372 | deny ${HOME}/.config/profanity | 372 | blacklist ${HOME}/.config/pragha |
373 | deny ${HOME}/.config/psi | 373 | blacklist ${HOME}/.config/profanity |
374 | deny ${HOME}/.config/psi+ | 374 | blacklist ${HOME}/.config/psi |
375 | deny ${HOME}/.config/qBittorrent | 375 | blacklist ${HOME}/.config/psi+ |
376 | deny ${HOME}/.config/qBittorrentrc | 376 | blacklist ${HOME}/.config/qBittorrent |
377 | deny ${HOME}/.config/qnapi.ini | 377 | blacklist ${HOME}/.config/qBittorrentrc |
378 | deny ${HOME}/.config/qpdfview | 378 | blacklist ${HOME}/.config/qnapi.ini |
379 | deny ${HOME}/.config/quodlibet | 379 | blacklist ${HOME}/.config/qpdfview |
380 | deny ${HOME}/.config/qupzilla | 380 | blacklist ${HOME}/.config/quodlibet |
381 | deny ${HOME}/.config/qutebrowser | 381 | blacklist ${HOME}/.config/qupzilla |
382 | deny ${HOME}/.config/ranger | 382 | blacklist ${HOME}/.config/qutebrowser |
383 | deny ${HOME}/.config/redshift | 383 | blacklist ${HOME}/.config/ranger |
384 | deny ${HOME}/.config/redshift.conf | 384 | blacklist ${HOME}/.config/redshift |
385 | deny ${HOME}/.config/remmina | 385 | blacklist ${HOME}/.config/redshift.conf |
386 | deny ${HOME}/.config/ristretto | 386 | blacklist ${HOME}/.config/remmina |
387 | deny ${HOME}/.config/rtv | 387 | blacklist ${HOME}/.config/ristretto |
388 | deny ${HOME}/.config/scribus | 388 | blacklist ${HOME}/.config/rtv |
389 | deny ${HOME}/.config/scribusrc | 389 | blacklist ${HOME}/.config/scribus |
390 | deny ${HOME}/.config/sinew.in | 390 | blacklist ${HOME}/.config/scribusrc |
391 | deny ${HOME}/.config/sink | 391 | blacklist ${HOME}/.config/sinew.in |
392 | deny ${HOME}/.config/skypeforlinux | 392 | blacklist ${HOME}/.config/sink |
393 | deny ${HOME}/.config/slimjet | 393 | blacklist ${HOME}/.config/skypeforlinux |
394 | deny ${HOME}/.config/smplayer | 394 | blacklist ${HOME}/.config/slimjet |
395 | deny ${HOME}/.config/smtube | 395 | blacklist ${HOME}/.config/smplayer |
396 | deny ${HOME}/.config/smuxi | 396 | blacklist ${HOME}/.config/smtube |
397 | deny ${HOME}/.config/snox | 397 | blacklist ${HOME}/.config/smuxi |
398 | deny ${HOME}/.config/sound-juicer | 398 | blacklist ${HOME}/.config/snox |
399 | deny ${HOME}/.config/specialmailcollectionsrc | 399 | blacklist ${HOME}/.config/sound-juicer |
400 | deny ${HOME}/.config/spectaclerc | 400 | blacklist ${HOME}/.config/specialmailcollectionsrc |
401 | deny ${HOME}/.config/spotify | 401 | blacklist ${HOME}/.config/spectaclerc |
402 | deny ${HOME}/.config/sqlitebrowser | 402 | blacklist ${HOME}/.config/spotify |
403 | deny ${HOME}/.config/stellarium | 403 | blacklist ${HOME}/.config/sqlitebrowser |
404 | deny ${HOME}/.config/straw-viewer | 404 | blacklist ${HOME}/.config/stellarium |
405 | deny ${HOME}/.config/strawberry | 405 | blacklist ${HOME}/.config/straw-viewer |
406 | deny ${HOME}/.config/supertuxkart | 406 | blacklist ${HOME}/.config/strawberry |
407 | deny ${HOME}/.config/synfig | 407 | blacklist ${HOME}/.config/supertuxkart |
408 | deny ${HOME}/.config/teams | 408 | blacklist ${HOME}/.config/synfig |
409 | deny ${HOME}/.config/teams-for-linux | 409 | blacklist ${HOME}/.config/teams |
410 | deny ${HOME}/.config/telepathy-account-widgets | 410 | blacklist ${HOME}/.config/teams-for-linux |
411 | deny ${HOME}/.config/torbrowser | 411 | blacklist ${HOME}/.config/telepathy-account-widgets |
412 | deny ${HOME}/.config/totem | 412 | blacklist ${HOME}/.config/torbrowser |
413 | deny ${HOME}/.config/tox | 413 | blacklist ${HOME}/.config/totem |
414 | deny ${HOME}/.config/transgui | 414 | blacklist ${HOME}/.config/tox |
415 | deny ${HOME}/.config/transmission | 415 | blacklist ${HOME}/.config/transgui |
416 | deny ${HOME}/.config/truecraft | 416 | blacklist ${HOME}/.config/transmission |
417 | deny ${HOME}/.config/tuta_integration | 417 | blacklist ${HOME}/.config/truecraft |
418 | deny ${HOME}/.config/tutanota-desktop | 418 | blacklist ${HOME}/.config/tuta_integration |
419 | deny ${HOME}/.config/tvbrowser | 419 | blacklist ${HOME}/.config/tutanota-desktop |
420 | deny ${HOME}/.config/uGet | 420 | blacklist ${HOME}/.config/tvbrowser |
421 | deny ${HOME}/.config/ungoogled-chromium | 421 | blacklist ${HOME}/.config/uGet |
422 | deny ${HOME}/.config/uzbl | 422 | blacklist ${HOME}/.config/ungoogled-chromium |
423 | deny ${HOME}/.config/viewnior | 423 | blacklist ${HOME}/.config/uzbl |
424 | deny ${HOME}/.config/vivaldi | 424 | blacklist ${HOME}/.config/viewnior |
425 | deny ${HOME}/.config/vivaldi-snapshot | 425 | blacklist ${HOME}/.config/vivaldi |
426 | deny ${HOME}/.config/vlc | 426 | blacklist ${HOME}/.config/vivaldi-snapshot |
427 | deny ${HOME}/.config/wesnoth | 427 | blacklist ${HOME}/.config/vlc |
428 | deny ${HOME}/.config/wireshark | 428 | blacklist ${HOME}/.config/wesnoth |
429 | deny ${HOME}/.config/wormux | 429 | blacklist ${HOME}/.config/wireshark |
430 | deny ${HOME}/.config/xchat | 430 | blacklist ${HOME}/.config/wormux |
431 | deny ${HOME}/.config/xed | 431 | blacklist ${HOME}/.config/xchat |
432 | deny ${HOME}/.config/xfburn | 432 | blacklist ${HOME}/.config/xed |
433 | deny ${HOME}/.config/xfce4-dict | 433 | blacklist ${HOME}/.config/xfburn |
434 | deny ${HOME}/.config/xfce4/xfce4-notes.gtkrc | 434 | blacklist ${HOME}/.config/xfce4-dict |
435 | deny ${HOME}/.config/xfce4/xfce4-notes.rc | 435 | blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc |
436 | deny ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml | 436 | blacklist ${HOME}/.config/xfce4/xfce4-notes.rc |
437 | deny ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml | 437 | blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml |
438 | deny ${HOME}/.config/xiaoyong | 438 | blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml |
439 | deny ${HOME}/.config/xmms2 | 439 | blacklist ${HOME}/.config/xiaoyong |
440 | deny ${HOME}/.config/xplayer | 440 | blacklist ${HOME}/.config/xmms2 |
441 | deny ${HOME}/.config/xreader | 441 | blacklist ${HOME}/.config/xplayer |
442 | deny ${HOME}/.config/xviewer | 442 | blacklist ${HOME}/.config/xreader |
443 | deny ${HOME}/.config/yandex-browser | 443 | blacklist ${HOME}/.config/xviewer |
444 | deny ${HOME}/.config/yandex-browser-beta | 444 | blacklist ${HOME}/.config/yandex-browser |
445 | deny ${HOME}/.config/yelp | 445 | blacklist ${HOME}/.config/yandex-browser-beta |
446 | deny ${HOME}/.config/youtube-dl | 446 | blacklist ${HOME}/.config/yelp |
447 | deny ${HOME}/.config/youtube-dlg | 447 | blacklist ${HOME}/.config/youtube-dl |
448 | deny ${HOME}/.config/youtube-music-desktop-app | 448 | blacklist ${HOME}/.config/youtube-dlg |
449 | deny ${HOME}/.config/youtube-viewer | 449 | blacklist ${HOME}/.config/youtube-music-desktop-app |
450 | deny ${HOME}/.config/youtubemusic-nativefier-040164 | 450 | blacklist ${HOME}/.config/youtube-viewer |
451 | deny ${HOME}/.config/zathura | 451 | blacklist ${HOME}/.config/youtubemusic-nativefier-040164 |
452 | deny ${HOME}/.config/zoomus.conf | 452 | blacklist ${HOME}/.config/zathura |
453 | deny ${HOME}/.conkeror.mozdev.org | 453 | blacklist ${HOME}/.config/zim |
454 | deny ${HOME}/.crawl | 454 | blacklist ${HOME}/.config/zoomus.conf |
455 | deny ${HOME}/.cups | 455 | blacklist ${HOME}/.conkeror.mozdev.org |
456 | deny ${HOME}/.curl-hsts | 456 | blacklist ${HOME}/.crawl |
457 | deny ${HOME}/.curlrc | 457 | blacklist ${HOME}/.cups |
458 | deny ${HOME}/.dashcore | 458 | blacklist ${HOME}/.curl-hsts |
459 | deny ${HOME}/.devilspie | 459 | blacklist ${HOME}/.curlrc |
460 | deny ${HOME}/.dia | 460 | blacklist ${HOME}/.dashcore |
461 | deny ${HOME}/.digrc | 461 | blacklist ${HOME}/.devilspie |
462 | deny ${HOME}/.dillo | 462 | blacklist ${HOME}/.dia |
463 | deny ${HOME}/.dooble | 463 | blacklist ${HOME}/.digrc |
464 | deny ${HOME}/.dosbox | 464 | blacklist ${HOME}/.dillo |
465 | deny ${HOME}/.dropbox* | 465 | blacklist ${HOME}/.dooble |
466 | deny ${HOME}/.easystroke | 466 | blacklist ${HOME}/.dosbox |
467 | deny ${HOME}/.electron-cache | 467 | blacklist ${HOME}/.dropbox* |
468 | deny ${HOME}/.electrum* | 468 | blacklist ${HOME}/.easystroke |
469 | deny ${HOME}/.elinks | 469 | blacklist ${HOME}/.electron-cache |
470 | deny ${HOME}/.emacs | 470 | blacklist ${HOME}/.electrum* |
471 | deny ${HOME}/.emacs.d | 471 | blacklist ${HOME}/.elinks |
472 | deny ${HOME}/.equalx | 472 | blacklist ${HOME}/.emacs |
473 | deny ${HOME}/.ethereum | 473 | blacklist ${HOME}/.emacs.d |
474 | deny ${HOME}/.etr | 474 | blacklist ${HOME}/.equalx |
475 | deny ${HOME}/.filezilla | 475 | blacklist ${HOME}/.ethereum |
476 | deny ${HOME}/.firedragon | 476 | blacklist ${HOME}/.etr |
477 | deny ${HOME}/.flowblade | 477 | blacklist ${HOME}/.filezilla |
478 | deny ${HOME}/.fltk | 478 | blacklist ${HOME}/.firedragon |
479 | deny ${HOME}/.fossamail | 479 | blacklist ${HOME}/.flowblade |
480 | deny ${HOME}/.freeciv | 480 | blacklist ${HOME}/.fltk |
481 | deny ${HOME}/.freecol | 481 | blacklist ${HOME}/.fossamail |
482 | deny ${HOME}/.freemind | 482 | blacklist ${HOME}/.freeciv |
483 | deny ${HOME}/.frogatto | 483 | blacklist ${HOME}/.freecol |
484 | deny ${HOME}/.frozen-bubble | 484 | blacklist ${HOME}/.freemind |
485 | deny ${HOME}/.funnyboat | 485 | blacklist ${HOME}/.frogatto |
486 | deny ${HOME}/.gimp* | 486 | blacklist ${HOME}/.frozen-bubble |
487 | deny ${HOME}/.gist | 487 | blacklist ${HOME}/.funnyboat |
488 | deny ${HOME}/.gitconfig | 488 | blacklist ${HOME}/.gimp* |
489 | deny ${HOME}/.gl-117 | 489 | blacklist ${HOME}/.gist |
490 | deny ${HOME}/.glaxiumrc | 490 | blacklist ${HOME}/.gitconfig |
491 | deny ${HOME}/.gnome/gnome-schedule | 491 | blacklist ${HOME}/.gl-117 |
492 | deny ${HOME}/.googleearth | 492 | blacklist ${HOME}/.glaxiumrc |
493 | deny ${HOME}/.gradle | 493 | blacklist ${HOME}/.gnome/gnome-schedule |
494 | deny ${HOME}/.gramps | 494 | blacklist ${HOME}/.googleearth |
495 | deny ${HOME}/.guayadeque | 495 | blacklist ${HOME}/.gradle |
496 | deny ${HOME}/.hashcat | 496 | blacklist ${HOME}/.gramps |
497 | deny ${HOME}/.hedgewars | 497 | blacklist ${HOME}/.guayadeque |
498 | deny ${HOME}/.hex-a-hop | 498 | blacklist ${HOME}/.hashcat |
499 | deny ${HOME}/.hugin | 499 | blacklist ${HOME}/.hedgewars |
500 | deny ${HOME}/.i2p | 500 | blacklist ${HOME}/.hex-a-hop |
501 | deny ${HOME}/.icedove | 501 | blacklist ${HOME}/.hugin |
502 | deny ${HOME}/.imagej | 502 | blacklist ${HOME}/.i2p |
503 | deny ${HOME}/.inkscape | 503 | blacklist ${HOME}/.icedove |
504 | deny ${HOME}/.itch | 504 | blacklist ${HOME}/.imagej |
505 | deny ${HOME}/.jack-server | 505 | blacklist ${HOME}/.inkscape |
506 | deny ${HOME}/.jack-settings | 506 | blacklist ${HOME}/.itch |
507 | deny ${HOME}/.jak | 507 | blacklist ${HOME}/.jack-server |
508 | deny ${HOME}/.java | 508 | blacklist ${HOME}/.jack-settings |
509 | deny ${HOME}/.jd | 509 | blacklist ${HOME}/.jak |
510 | deny ${HOME}/.jitsi | 510 | blacklist ${HOME}/.java |
511 | deny ${HOME}/.jumpnbump | 511 | blacklist ${HOME}/.jd |
512 | deny ${HOME}/.kde/share/apps/digikam | 512 | blacklist ${HOME}/.jitsi |
513 | deny ${HOME}/.kde/share/apps/gwenview | 513 | blacklist ${HOME}/.jumpnbump |
514 | deny ${HOME}/.kde/share/apps/kaffeine | 514 | blacklist ${HOME}/.kde/share/apps/digikam |
515 | deny ${HOME}/.kde/share/apps/kcookiejar | 515 | blacklist ${HOME}/.kde/share/apps/gwenview |
516 | deny ${HOME}/.kde/share/apps/kget | 516 | blacklist ${HOME}/.kde/share/apps/kaffeine |
517 | deny ${HOME}/.kde/share/apps/khtml | 517 | blacklist ${HOME}/.kde/share/apps/kcookiejar |
518 | deny ${HOME}/.kde/share/apps/klatexformula | 518 | blacklist ${HOME}/.kde/share/apps/kget |
519 | deny ${HOME}/.kde/share/apps/konqsidebartng | 519 | blacklist ${HOME}/.kde/share/apps/khtml |
520 | deny ${HOME}/.kde/share/apps/konqueror | 520 | blacklist ${HOME}/.kde/share/apps/klatexformula |
521 | deny ${HOME}/.kde/share/apps/kopete | 521 | blacklist ${HOME}/.kde/share/apps/konqsidebartng |
522 | deny ${HOME}/.kde/share/apps/ktorrent | 522 | blacklist ${HOME}/.kde/share/apps/konqueror |
523 | deny ${HOME}/.kde/share/apps/okular | 523 | blacklist ${HOME}/.kde/share/apps/kopete |
524 | deny ${HOME}/.kde/share/config/baloofilerc | 524 | blacklist ${HOME}/.kde/share/apps/ktorrent |
525 | deny ${HOME}/.kde/share/config/baloorc | 525 | blacklist ${HOME}/.kde/share/apps/okular |
526 | deny ${HOME}/.kde/share/config/digikam | 526 | blacklist ${HOME}/.kde/share/config/baloofilerc |
527 | deny ${HOME}/.kde/share/config/gwenviewrc | 527 | blacklist ${HOME}/.kde/share/config/baloorc |
528 | deny ${HOME}/.kde/share/config/k3brc | 528 | blacklist ${HOME}/.kde/share/config/digikam |
529 | deny ${HOME}/.kde/share/config/kaffeinerc | 529 | blacklist ${HOME}/.kde/share/config/gwenviewrc |
530 | deny ${HOME}/.kde/share/config/kcookiejarrc | 530 | blacklist ${HOME}/.kde/share/config/k3brc |
531 | deny ${HOME}/.kde/share/config/kfindrc | 531 | blacklist ${HOME}/.kde/share/config/kaffeinerc |
532 | deny ${HOME}/.kde/share/config/kgetrc | 532 | blacklist ${HOME}/.kde/share/config/kcookiejarrc |
533 | deny ${HOME}/.kde/share/config/khtmlrc | 533 | blacklist ${HOME}/.kde/share/config/kfindrc |
534 | deny ${HOME}/.kde/share/config/klipperrc | 534 | blacklist ${HOME}/.kde/share/config/kgetrc |
535 | deny ${HOME}/.kde/share/config/kmplayerrc | 535 | blacklist ${HOME}/.kde/share/config/khtmlrc |
536 | deny ${HOME}/.kde/share/config/konq_history | 536 | blacklist ${HOME}/.kde/share/config/klipperrc |
537 | deny ${HOME}/.kde/share/config/konqsidebartngrc | 537 | blacklist ${HOME}/.kde/share/config/kmplayerrc |
538 | deny ${HOME}/.kde/share/config/konquerorrc | 538 | blacklist ${HOME}/.kde/share/config/konq_history |
539 | deny ${HOME}/.kde/share/config/konversationrc | 539 | blacklist ${HOME}/.kde/share/config/konqsidebartngrc |
540 | deny ${HOME}/.kde/share/config/kopeterc | 540 | blacklist ${HOME}/.kde/share/config/konquerorrc |
541 | deny ${HOME}/.kde/share/config/ktorrentrc | 541 | blacklist ${HOME}/.kde/share/config/konversationrc |
542 | deny ${HOME}/.kde/share/config/okularpartrc | 542 | blacklist ${HOME}/.kde/share/config/kopeterc |
543 | deny ${HOME}/.kde/share/config/okularrc | 543 | blacklist ${HOME}/.kde/share/config/ktorrentrc |
544 | deny ${HOME}/.kde4/share/apps/digikam | 544 | blacklist ${HOME}/.kde/share/config/okularpartrc |
545 | deny ${HOME}/.kde4/share/apps/gwenview | 545 | blacklist ${HOME}/.kde/share/config/okularrc |
546 | deny ${HOME}/.kde4/share/apps/kaffeine | 546 | blacklist ${HOME}/.kde4/share/apps/digikam |
547 | deny ${HOME}/.kde4/share/apps/kcookiejar | 547 | blacklist ${HOME}/.kde4/share/apps/gwenview |
548 | deny ${HOME}/.kde4/share/apps/kget | 548 | blacklist ${HOME}/.kde4/share/apps/kaffeine |
549 | deny ${HOME}/.kde4/share/apps/khtml | 549 | blacklist ${HOME}/.kde4/share/apps/kcookiejar |
550 | deny ${HOME}/.kde4/share/apps/konqsidebartng | 550 | blacklist ${HOME}/.kde4/share/apps/kget |
551 | deny ${HOME}/.kde4/share/apps/konqueror | 551 | blacklist ${HOME}/.kde4/share/apps/khtml |
552 | deny ${HOME}/.kde4/share/apps/kopete | 552 | blacklist ${HOME}/.kde4/share/apps/konqsidebartng |
553 | deny ${HOME}/.kde4/share/apps/ktorrent | 553 | blacklist ${HOME}/.kde4/share/apps/konqueror |
554 | deny ${HOME}/.kde4/share/apps/okular | 554 | blacklist ${HOME}/.kde4/share/apps/kopete |
555 | deny ${HOME}/.kde4/share/config/baloofilerc | 555 | blacklist ${HOME}/.kde4/share/apps/ktorrent |
556 | deny ${HOME}/.kde4/share/config/baloorc | 556 | blacklist ${HOME}/.kde4/share/apps/okular |
557 | deny ${HOME}/.kde4/share/config/digikam | 557 | blacklist ${HOME}/.kde4/share/config/baloofilerc |
558 | deny ${HOME}/.kde4/share/config/gwenviewrc | 558 | blacklist ${HOME}/.kde4/share/config/baloorc |
559 | deny ${HOME}/.kde4/share/config/k3brc | 559 | blacklist ${HOME}/.kde4/share/config/digikam |
560 | deny ${HOME}/.kde4/share/config/kaffeinerc | 560 | blacklist ${HOME}/.kde4/share/config/gwenviewrc |
561 | deny ${HOME}/.kde4/share/config/kcookiejarrc | 561 | blacklist ${HOME}/.kde4/share/config/k3brc |
562 | deny ${HOME}/.kde4/share/config/kfindrc | 562 | blacklist ${HOME}/.kde4/share/config/kaffeinerc |
563 | deny ${HOME}/.kde4/share/config/kgetrc | 563 | blacklist ${HOME}/.kde4/share/config/kcookiejarrc |
564 | deny ${HOME}/.kde4/share/config/khtmlrc | 564 | blacklist ${HOME}/.kde4/share/config/kfindrc |
565 | deny ${HOME}/.kde4/share/config/klipperrc | 565 | blacklist ${HOME}/.kde4/share/config/kgetrc |
566 | deny ${HOME}/.kde4/share/config/konq_history | 566 | blacklist ${HOME}/.kde4/share/config/khtmlrc |
567 | deny ${HOME}/.kde4/share/config/konqsidebartngrc | 567 | blacklist ${HOME}/.kde4/share/config/klipperrc |
568 | deny ${HOME}/.kde4/share/config/konquerorrc | 568 | blacklist ${HOME}/.kde4/share/config/konq_history |
569 | deny ${HOME}/.kde4/share/config/konversationrc | 569 | blacklist ${HOME}/.kde4/share/config/konqsidebartngrc |
570 | deny ${HOME}/.kde4/share/config/kopeterc | 570 | blacklist ${HOME}/.kde4/share/config/konquerorrc |
571 | deny ${HOME}/.kde4/share/config/ktorrentrc | 571 | blacklist ${HOME}/.kde4/share/config/konversationrc |
572 | deny ${HOME}/.kde4/share/config/okularpartrc | 572 | blacklist ${HOME}/.kde4/share/config/kopeterc |
573 | deny ${HOME}/.kde4/share/config/okularrc | 573 | blacklist ${HOME}/.kde4/share/config/ktorrentrc |
574 | deny ${HOME}/.killingfloor | 574 | blacklist ${HOME}/.kde4/share/config/okularpartrc |
575 | deny ${HOME}/.kingsoft | 575 | blacklist ${HOME}/.kde4/share/config/okularrc |
576 | deny ${HOME}/.kino-history | 576 | blacklist ${HOME}/.killingfloor |
577 | deny ${HOME}/.kinorc | 577 | blacklist ${HOME}/.kingsoft |
578 | deny ${HOME}/.klatexformula | 578 | blacklist ${HOME}/.kino-history |
579 | deny ${HOME}/.klei | 579 | blacklist ${HOME}/.kinorc |
580 | deny ${HOME}/.kodi | 580 | blacklist ${HOME}/.klatexformula |
581 | deny ${HOME}/.librewolf | 581 | blacklist ${HOME}/.klei |
582 | deny ${HOME}/.lincity-ng | 582 | blacklist ${HOME}/.kodi |
583 | deny ${HOME}/.links | 583 | blacklist ${HOME}/.librewolf |
584 | deny ${HOME}/.links2 | 584 | blacklist ${HOME}/.lincity-ng |
585 | deny ${HOME}/.linphone-history.db | 585 | blacklist ${HOME}/.links |
586 | deny ${HOME}/.linphonerc | 586 | blacklist ${HOME}/.links2 |
587 | deny ${HOME}/.lmmsrc.xml | 587 | blacklist ${HOME}/.linphone-history.db |
588 | deny ${HOME}/.local/lib/vivaldi | 588 | blacklist ${HOME}/.linphonerc |
589 | deny ${HOME}/.local/share/0ad | 589 | blacklist ${HOME}/.lmmsrc.xml |
590 | deny ${HOME}/.local/share/3909/PapersPlease | 590 | blacklist ${HOME}/.local/lib/vivaldi |
591 | deny ${HOME}/.local/share/Anki2 | 591 | blacklist ${HOME}/.local/share/0ad |
592 | deny ${HOME}/.local/share/Dredmor | 592 | blacklist ${HOME}/.local/share/3909/PapersPlease |
593 | deny ${HOME}/.local/share/Empathy | 593 | blacklist ${HOME}/.local/share/Anki2 |
594 | deny ${HOME}/.local/share/Enpass | 594 | blacklist ${HOME}/.local/share/Dredmor |
595 | deny ${HOME}/.local/share/FasterThanLight | 595 | blacklist ${HOME}/.local/share/Empathy |
596 | deny ${HOME}/.local/share/Flavio Tordini | 596 | blacklist ${HOME}/.local/share/Enpass |
597 | deny ${HOME}/.local/share/IntoTheBreach | 597 | blacklist ${HOME}/.local/share/FasterThanLight |
598 | deny ${HOME}/.local/share/JetBrains | 598 | blacklist ${HOME}/.local/share/Flavio Tordini |
599 | deny ${HOME}/.local/share/KDE/neochat | 599 | blacklist ${HOME}/.local/share/IntoTheBreach |
600 | deny ${HOME}/.local/share/Kingsoft | 600 | blacklist ${HOME}/.local/share/JetBrains |
601 | deny ${HOME}/.local/share/LibreCAD | 601 | blacklist ${HOME}/.local/share/KDE/neochat |
602 | deny ${HOME}/.local/share/Mendeley Ltd. | 602 | blacklist ${HOME}/.local/share/Kingsoft |
603 | deny ${HOME}/.local/share/Mumble | 603 | blacklist ${HOME}/.local/share/LibreCAD |
604 | deny ${HOME}/.local/share/Nextcloud | 604 | blacklist ${HOME}/.local/share/Mendeley Ltd. |
605 | deny ${HOME}/.local/share/PBE | 605 | blacklist ${HOME}/.local/share/Mumble |
606 | deny ${HOME}/.local/share/Paradox Interactive | 606 | blacklist ${HOME}/.local/share/Nextcloud |
607 | deny ${HOME}/.local/share/PawelStolowski | 607 | blacklist ${HOME}/.local/share/PBE |
608 | deny ${HOME}/.local/share/PillarsOfEternity | 608 | blacklist ${HOME}/.local/share/Paradox Interactive |
609 | deny ${HOME}/.local/share/Psi | 609 | blacklist ${HOME}/.local/share/PawelStolowski |
610 | deny ${HOME}/.local/share/QGIS | 610 | blacklist ${HOME}/.local/share/PillarsOfEternity |
611 | deny ${HOME}/.local/share/QMediathekView | 611 | blacklist ${HOME}/.local/share/Psi |
612 | deny ${HOME}/.local/share/QuiteRss | 612 | blacklist ${HOME}/.local/share/QGIS |
613 | deny ${HOME}/.local/share/Ricochet | 613 | blacklist ${HOME}/.local/share/QMediathekView |
614 | deny ${HOME}/.local/share/RogueLegacy | 614 | blacklist ${HOME}/.local/share/QuiteRss |
615 | deny ${HOME}/.local/share/RogueLegacyStorageContainer | 615 | blacklist ${HOME}/.local/share/Ricochet |
616 | deny ${HOME}/.local/share/Shortwave | 616 | blacklist ${HOME}/.local/share/RogueLegacy |
617 | deny ${HOME}/.local/share/Steam | 617 | blacklist ${HOME}/.local/share/RogueLegacyStorageContainer |
618 | deny ${HOME}/.local/share/SteamWorld Dig 2 | 618 | blacklist ${HOME}/.local/share/Shortwave |
619 | deny ${HOME}/.local/share/SteamWorldDig | 619 | blacklist ${HOME}/.local/share/Steam |
620 | deny ${HOME}/.local/share/SuperHexagon | 620 | blacklist ${HOME}/.local/share/SteamWorld Dig 2 |
621 | deny ${HOME}/.local/share/TelegramDesktop | 621 | blacklist ${HOME}/.local/share/SteamWorldDig |
622 | deny ${HOME}/.local/share/Terraria | 622 | blacklist ${HOME}/.local/share/SuperHexagon |
623 | deny ${HOME}/.local/share/TpLogger | 623 | blacklist ${HOME}/.local/share/TelegramDesktop |
624 | deny ${HOME}/.local/share/Zeal | 624 | blacklist ${HOME}/.local/share/Terraria |
625 | deny ${HOME}/.local/share/agenda | 625 | blacklist ${HOME}/.local/share/TpLogger |
626 | deny ${HOME}/.local/share/akonadi* | 626 | blacklist ${HOME}/.local/share/Zeal |
627 | deny ${HOME}/.local/share/akregator | 627 | blacklist ${HOME}/.local/share/agenda |
628 | deny ${HOME}/.local/share/apps/korganizer | 628 | blacklist ${HOME}/.local/share/akonadi* |
629 | deny ${HOME}/.local/share/aspyr-media | 629 | blacklist ${HOME}/.local/share/akregator |
630 | deny ${HOME}/.local/share/authenticator-rs | 630 | blacklist ${HOME}/.local/share/apps/korganizer |
631 | deny ${HOME}/.local/share/autokey | 631 | blacklist ${HOME}/.local/share/aspyr-media |
632 | deny ${HOME}/.local/share/backintime | 632 | blacklist ${HOME}/.local/share/authenticator-rs |
633 | deny ${HOME}/.local/share/baloo | 633 | blacklist ${HOME}/.local/share/autokey |
634 | deny ${HOME}/.local/share/barrier | 634 | blacklist ${HOME}/.local/share/backintime |
635 | deny ${HOME}/.local/share/bibletime | 635 | blacklist ${HOME}/.local/share/baloo |
636 | deny ${HOME}/.local/share/bijiben | 636 | blacklist ${HOME}/.local/share/barrier |
637 | deny ${HOME}/.local/share/bohemiainteractive | 637 | blacklist ${HOME}/.local/share/bibletime |
638 | deny ${HOME}/.local/share/caja-python | 638 | blacklist ${HOME}/.local/share/bijiben |
639 | deny ${HOME}/.local/share/calligragemini | 639 | blacklist ${HOME}/.local/share/bohemiainteractive |
640 | deny ${HOME}/.local/share/cantata | 640 | blacklist ${HOME}/.local/share/caja-python |
641 | deny ${HOME}/.local/share/cdprojektred | 641 | blacklist ${HOME}/.local/share/calligragemini |
642 | deny ${HOME}/.local/share/clipit | 642 | blacklist ${HOME}/.local/share/cantata |
643 | deny ${HOME}/.local/share/com.github.johnfactotum.Foliate | 643 | blacklist ${HOME}/.local/share/cdprojektred |
644 | deny ${HOME}/.local/share/contacts | 644 | blacklist ${HOME}/.local/share/clipit |
645 | deny ${HOME}/.local/share/cor-games | 645 | blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate |
646 | deny ${HOME}/.local/share/data/Mendeley Ltd. | 646 | blacklist ${HOME}/.local/share/contacts |
647 | deny ${HOME}/.local/share/data/Mumble | 647 | blacklist ${HOME}/.local/share/cor-games |
648 | deny ${HOME}/.local/share/data/MusE | 648 | blacklist ${HOME}/.local/share/data/Mendeley Ltd. |
649 | deny ${HOME}/.local/share/data/MuseScore | 649 | blacklist ${HOME}/.local/share/data/Mumble |
650 | deny ${HOME}/.local/share/data/nomacs | 650 | blacklist ${HOME}/.local/share/data/MusE |
651 | deny ${HOME}/.local/share/data/qBittorrent | 651 | blacklist ${HOME}/.local/share/data/MuseScore |
652 | deny ${HOME}/.local/share/dino | 652 | blacklist ${HOME}/.local/share/data/nomacs |
653 | deny ${HOME}/.local/share/dolphin | 653 | blacklist ${HOME}/.local/share/data/qBittorrent |
654 | deny ${HOME}/.local/share/dolphin-emu | 654 | blacklist ${HOME}/.local/share/dino |
655 | deny ${HOME}/.local/share/emailidentities | 655 | blacklist ${HOME}/.local/share/dolphin |
656 | deny ${HOME}/.local/share/epiphany | 656 | blacklist ${HOME}/.local/share/dolphin-emu |
657 | deny ${HOME}/.local/share/evolution | 657 | blacklist ${HOME}/.local/share/emailidentities |
658 | deny ${HOME}/.local/share/feedreader | 658 | blacklist ${HOME}/.local/share/epiphany |
659 | deny ${HOME}/.local/share/feral-interactive | 659 | blacklist ${HOME}/.local/share/evolution |
660 | deny ${HOME}/.local/share/five-or-more | 660 | blacklist ${HOME}/.local/share/feedreader |
661 | deny ${HOME}/.local/share/freecol | 661 | blacklist ${HOME}/.local/share/feral-interactive |
662 | deny ${HOME}/.local/share/gajim | 662 | blacklist ${HOME}/.local/share/five-or-more |
663 | deny ${HOME}/.local/share/geary | 663 | blacklist ${HOME}/.local/share/freecol |
664 | deny ${HOME}/.local/share/geeqie | 664 | blacklist ${HOME}/.local/share/gajim |
665 | deny ${HOME}/.local/share/ghostwriter | 665 | blacklist ${HOME}/.local/share/geary |
666 | deny ${HOME}/.local/share/gitg | 666 | blacklist ${HOME}/.local/share/geeqie |
667 | deny ${HOME}/.local/share/gnome-2048 | 667 | blacklist ${HOME}/.local/share/ghostwriter |
668 | deny ${HOME}/.local/share/gnome-boxes | 668 | blacklist ${HOME}/.local/share/gitg |
669 | deny ${HOME}/.local/share/gnome-builder | 669 | blacklist ${HOME}/.local/share/gnome-2048 |
670 | deny ${HOME}/.local/share/gnome-chess | 670 | blacklist ${HOME}/.local/share/gnome-boxes |
671 | deny ${HOME}/.local/share/gnome-klotski | 671 | blacklist ${HOME}/.local/share/gnome-builder |
672 | deny ${HOME}/.local/share/gnome-latex | 672 | blacklist ${HOME}/.local/share/gnome-chess |
673 | deny ${HOME}/.local/share/gnome-mines | 673 | blacklist ${HOME}/.local/share/gnome-klotski |
674 | deny ${HOME}/.local/share/gnome-music | 674 | blacklist ${HOME}/.local/share/gnome-latex |
675 | deny ${HOME}/.local/share/gnome-nibbles | 675 | blacklist ${HOME}/.local/share/gnome-mines |
676 | deny ${HOME}/.local/share/gnome-photos | 676 | blacklist ${HOME}/.local/share/gnome-music |
677 | deny ${HOME}/.local/share/gnome-pomodoro | 677 | blacklist ${HOME}/.local/share/gnome-nibbles |
678 | deny ${HOME}/.local/share/gnome-recipes | 678 | blacklist ${HOME}/.local/share/gnome-photos |
679 | deny ${HOME}/.local/share/gnome-ring | 679 | blacklist ${HOME}/.local/share/gnome-pomodoro |
680 | deny ${HOME}/.local/share/gnome-sudoku | 680 | blacklist ${HOME}/.local/share/gnome-recipes |
681 | deny ${HOME}/.local/share/gnome-twitch | 681 | blacklist ${HOME}/.local/share/gnome-ring |
682 | deny ${HOME}/.local/share/gnote | 682 | blacklist ${HOME}/.local/share/gnome-sudoku |
683 | deny ${HOME}/.local/share/godot | 683 | blacklist ${HOME}/.local/share/gnome-twitch |
684 | deny ${HOME}/.local/share/gradio | 684 | blacklist ${HOME}/.local/share/gnote |
685 | deny ${HOME}/.local/share/gwenview | 685 | blacklist ${HOME}/.local/share/godot |
686 | deny ${HOME}/.local/share/i2p | 686 | blacklist ${HOME}/.local/share/gradio |
687 | deny ${HOME}/.local/share/jami | 687 | blacklist ${HOME}/.local/share/gwenview |
688 | deny ${HOME}/.local/share/kaffeine | 688 | blacklist ${HOME}/.local/share/i2p |
689 | deny ${HOME}/.local/share/kalgebra | 689 | blacklist ${HOME}/.local/share/io.github.lainsce.Notejot |
690 | deny ${HOME}/.local/share/kate | 690 | blacklist ${HOME}/.local/share/jami |
691 | deny ${HOME}/.local/share/kdenlive | 691 | blacklist ${HOME}/.local/share/kaffeine |
692 | deny ${HOME}/.local/share/kget | 692 | blacklist ${HOME}/.local/share/kalgebra |
693 | deny ${HOME}/.local/share/kiwix | 693 | blacklist ${HOME}/.local/share/kate |
694 | deny ${HOME}/.local/share/kiwix-desktop | 694 | blacklist ${HOME}/.local/share/kdenlive |
695 | deny ${HOME}/.local/share/klavaro | 695 | blacklist ${HOME}/.local/share/kget |
696 | deny ${HOME}/.local/share/kmail2 | 696 | blacklist ${HOME}/.local/share/kiwix |
697 | deny ${HOME}/.local/share/kmplayer | 697 | blacklist ${HOME}/.local/share/kiwix-desktop |
698 | deny ${HOME}/.local/share/knotes | 698 | blacklist ${HOME}/.local/share/klavaro |
699 | deny ${HOME}/.local/share/krita | 699 | blacklist ${HOME}/.local/share/kmail2 |
700 | deny ${HOME}/.local/share/ktorrent | 700 | blacklist ${HOME}/.local/share/kmplayer |
701 | deny ${HOME}/.local/share/ktorrentrc | 701 | blacklist ${HOME}/.local/share/knotes |
702 | deny ${HOME}/.local/share/ktouch | 702 | blacklist ${HOME}/.local/share/krita |
703 | deny ${HOME}/.local/share/kube | 703 | blacklist ${HOME}/.local/share/ktorrent |
704 | deny ${HOME}/.local/share/kwrite | 704 | blacklist ${HOME}/.local/share/ktorrentrc |
705 | deny ${HOME}/.local/share/kxmlgui5/* | 705 | blacklist ${HOME}/.local/share/ktouch |
706 | deny ${HOME}/.local/share/liferea | 706 | blacklist ${HOME}/.local/share/kube |
707 | deny ${HOME}/.local/share/linphone | 707 | blacklist ${HOME}/.local/share/kwrite |
708 | deny ${HOME}/.local/share/local-mail | 708 | blacklist ${HOME}/.local/share/kxmlgui5/* |
709 | deny ${HOME}/.local/share/lollypop | 709 | blacklist ${HOME}/.local/share/liferea |
710 | deny ${HOME}/.local/share/love | 710 | blacklist ${HOME}/.local/share/linphone |
711 | deny ${HOME}/.local/share/lugaru | 711 | blacklist ${HOME}/.local/share/local-mail |
712 | deny ${HOME}/.local/share/lutris | 712 | blacklist ${HOME}/.local/share/lollypop |
713 | deny ${HOME}/.local/share/man | 713 | blacklist ${HOME}/.local/share/love |
714 | deny ${HOME}/.local/share/mana | 714 | blacklist ${HOME}/.local/share/lugaru |
715 | deny ${HOME}/.local/share/maps-places.json | 715 | blacklist ${HOME}/.local/share/lutris |
716 | deny ${HOME}/.local/share/matrix-mirage | 716 | blacklist ${HOME}/.local/share/man |
717 | deny ${HOME}/.local/share/mcomix | 717 | blacklist ${HOME}/.local/share/mana |
718 | deny ${HOME}/.local/share/meld | 718 | blacklist ${HOME}/.local/share/maps-places.json |
719 | deny ${HOME}/.local/share/midori | 719 | blacklist ${HOME}/.local/share/matrix-mirage |
720 | deny ${HOME}/.local/share/minder | 720 | blacklist ${HOME}/.local/share/mcomix |
721 | deny ${HOME}/.local/share/mirage | 721 | blacklist ${HOME}/.local/share/meld |
722 | deny ${HOME}/.local/share/multimc | 722 | blacklist ${HOME}/.local/share/midori |
723 | deny ${HOME}/.local/share/multimc5 | 723 | blacklist ${HOME}/.local/share/minder |
724 | deny ${HOME}/.local/share/mupen64plus | 724 | blacklist ${HOME}/.local/share/mirage |
725 | deny ${HOME}/.local/share/mypaint | 725 | blacklist ${HOME}/.local/share/multimc |
726 | deny ${HOME}/.local/share/nautilus | 726 | blacklist ${HOME}/.local/share/multimc5 |
727 | deny ${HOME}/.local/share/nautilus-python | 727 | blacklist ${HOME}/.local/share/mupen64plus |
728 | deny ${HOME}/.local/share/nemo | 728 | blacklist ${HOME}/.local/share/mypaint |
729 | deny ${HOME}/.local/share/nemo-python | 729 | blacklist ${HOME}/.local/share/nautilus |
730 | deny ${HOME}/.local/share/news-flash | 730 | blacklist ${HOME}/.local/share/nautilus-python |
731 | deny ${HOME}/.local/share/newsbeuter | 731 | blacklist ${HOME}/.local/share/nemo |
732 | deny ${HOME}/.local/share/newsboat | 732 | blacklist ${HOME}/.local/share/nemo-python |
733 | deny ${HOME}/.local/share/nheko | 733 | blacklist ${HOME}/.local/share/news-flash |
734 | deny ${HOME}/.local/share/nomacs | 734 | blacklist ${HOME}/.local/share/newsbeuter |
735 | deny ${HOME}/.local/share/notes | 735 | blacklist ${HOME}/.local/share/newsboat |
736 | deny ${HOME}/.local/share/ocenaudio | 736 | blacklist ${HOME}/.local/share/nheko |
737 | deny ${HOME}/.local/share/okular | 737 | blacklist ${HOME}/.local/share/nomacs |
738 | deny ${HOME}/.local/share/onlyoffice | 738 | blacklist ${HOME}/.local/share/notes |
739 | deny ${HOME}/.local/share/openmw | 739 | blacklist ${HOME}/.local/share/ocenaudio |
740 | deny ${HOME}/.local/share/orage | 740 | blacklist ${HOME}/.local/share/okular |
741 | deny ${HOME}/.local/share/org.kde.gwenview | 741 | blacklist ${HOME}/.local/share/onlyoffice |
742 | deny ${HOME}/.local/share/pix | 742 | blacklist ${HOME}/.local/share/openmw |
743 | deny ${HOME}/.local/share/plasma_notes | 743 | blacklist ${HOME}/.local/share/orage |
744 | deny ${HOME}/.local/share/profanity | 744 | blacklist ${HOME}/.local/share/org.kde.gwenview |
745 | deny ${HOME}/.local/share/psi | 745 | blacklist ${HOME}/.local/share/pix |
746 | deny ${HOME}/.local/share/psi+ | 746 | blacklist ${HOME}/.local/share/plasma_notes |
747 | deny ${HOME}/.local/share/qpdfview | 747 | blacklist ${HOME}/.local/share/profanity |
748 | deny ${HOME}/.local/share/quadrapassel | 748 | blacklist ${HOME}/.local/share/psi |
749 | deny ${HOME}/.local/share/qutebrowser | 749 | blacklist ${HOME}/.local/share/psi+ |
750 | deny ${HOME}/.local/share/remmina | 750 | blacklist ${HOME}/.local/share/qpdfview |
751 | deny ${HOME}/.local/share/rhythmbox | 751 | blacklist ${HOME}/.local/share/quadrapassel |
752 | deny ${HOME}/.local/share/rtv | 752 | blacklist ${HOME}/.local/share/qutebrowser |
753 | deny ${HOME}/.local/share/scribus | 753 | blacklist ${HOME}/.local/share/remmina |
754 | deny ${HOME}/.local/share/shotwell | 754 | blacklist ${HOME}/.local/share/rhythmbox |
755 | deny ${HOME}/.local/share/signal-cli | 755 | blacklist ${HOME}/.local/share/rtv |
756 | deny ${HOME}/.local/share/sink | 756 | blacklist ${HOME}/.local/share/scribus |
757 | deny ${HOME}/.local/share/smuxi | 757 | blacklist ${HOME}/.local/share/shotwell |
758 | deny ${HOME}/.local/share/spotify | 758 | blacklist ${HOME}/.local/share/signal-cli |
759 | deny ${HOME}/.local/share/steam | 759 | blacklist ${HOME}/.local/share/sink |
760 | deny ${HOME}/.local/share/strawberry | 760 | blacklist ${HOME}/.local/share/smuxi |
761 | deny ${HOME}/.local/share/supertux2 | 761 | blacklist ${HOME}/.local/share/spotify |
762 | deny ${HOME}/.local/share/supertuxkart | 762 | blacklist ${HOME}/.local/share/steam |
763 | deny ${HOME}/.local/share/swell-foop | 763 | blacklist ${HOME}/.local/share/strawberry |
764 | deny ${HOME}/.local/share/telepathy | 764 | blacklist ${HOME}/.local/share/supertux2 |
765 | deny ${HOME}/.local/share/terasology | 765 | blacklist ${HOME}/.local/share/supertuxkart |
766 | deny ${HOME}/.local/share/torbrowser | 766 | blacklist ${HOME}/.local/share/swell-foop |
767 | deny ${HOME}/.local/share/totem | 767 | blacklist ${HOME}/.local/share/telepathy |
768 | deny ${HOME}/.local/share/uzbl | 768 | blacklist ${HOME}/.local/share/terasology |
769 | deny ${HOME}/.local/share/vlc | 769 | blacklist ${HOME}/.local/share/torbrowser |
770 | deny ${HOME}/.local/share/vpltd | 770 | blacklist ${HOME}/.local/share/totem |
771 | deny ${HOME}/.local/share/vulkan | 771 | blacklist ${HOME}/.local/share/uzbl |
772 | deny ${HOME}/.local/share/warsow-2.1 | 772 | blacklist ${HOME}/.local/share/vlc |
773 | deny ${HOME}/.local/share/wesnoth | 773 | blacklist ${HOME}/.local/share/vpltd |
774 | deny ${HOME}/.local/share/wormux | 774 | blacklist ${HOME}/.local/share/vulkan |
775 | deny ${HOME}/.local/share/xplayer | 775 | blacklist ${HOME}/.local/share/warsow-2.1 |
776 | deny ${HOME}/.local/share/xreader | 776 | blacklist ${HOME}/.local/share/wesnoth |
777 | deny ${HOME}/.local/share/zathura | 777 | blacklist ${HOME}/.local/share/wormux |
778 | deny ${HOME}/.lv2 | 778 | blacklist ${HOME}/.local/share/xplayer |
779 | deny ${HOME}/.lyx | 779 | blacklist ${HOME}/.local/share/xreader |
780 | deny ${HOME}/.magicor | 780 | blacklist ${HOME}/.local/share/zathura |
781 | deny ${HOME}/.masterpdfeditor | 781 | blacklist ${HOME}/.lv2 |
782 | deny ${HOME}/.mbwarband | 782 | blacklist ${HOME}/.lyx |
783 | deny ${HOME}/.mcabber | 783 | blacklist ${HOME}/.magicor |
784 | deny ${HOME}/.mcabberrc | 784 | blacklist ${HOME}/.masterpdfeditor |
785 | deny ${HOME}/.mediathek3 | 785 | blacklist ${HOME}/.mbwarband |
786 | deny ${HOME}/.megaglest | 786 | blacklist ${HOME}/.mcabber |
787 | deny ${HOME}/.minecraft | 787 | blacklist ${HOME}/.mcabberrc |
788 | deny ${HOME}/.minetest | 788 | blacklist ${HOME}/.mediathek3 |
789 | deny ${HOME}/.mirrormagic | 789 | blacklist ${HOME}/.megaglest |
790 | deny ${HOME}/.moc | 790 | blacklist ${HOME}/.minecraft |
791 | deny ${HOME}/.moonchild productions/basilisk | 791 | blacklist ${HOME}/.minetest |
792 | deny ${HOME}/.moonchild productions/pale moon | 792 | blacklist ${HOME}/.mirrormagic |
793 | deny ${HOME}/.mozilla | 793 | blacklist ${HOME}/.moc |
794 | deny ${HOME}/.mp3splt-gtk | 794 | blacklist ${HOME}/.moonchild productions/basilisk |
795 | deny ${HOME}/.mpd | 795 | blacklist ${HOME}/.moonchild productions/pale moon |
796 | deny ${HOME}/.mpdconf | 796 | blacklist ${HOME}/.mozilla |
797 | deny ${HOME}/.mplayer | 797 | blacklist ${HOME}/.mp3splt-gtk |
798 | deny ${HOME}/.msmtprc | 798 | blacklist ${HOME}/.mpd |
799 | deny ${HOME}/.multimc5 | 799 | blacklist ${HOME}/.mpdconf |
800 | deny ${HOME}/.nanorc | 800 | blacklist ${HOME}/.mplayer |
801 | deny ${HOME}/.netactview | 801 | blacklist ${HOME}/.msmtprc |
802 | deny ${HOME}/.neverball | 802 | blacklist ${HOME}/.multimc5 |
803 | deny ${HOME}/.newsbeuter | 803 | blacklist ${HOME}/.nanorc |
804 | deny ${HOME}/.newsboat | 804 | blacklist ${HOME}/.netactview |
805 | deny ${HOME}/.newsrc | 805 | blacklist ${HOME}/.neverball |
806 | deny ${HOME}/.nicotine | 806 | blacklist ${HOME}/.newsbeuter |
807 | deny ${HOME}/.node-gyp | 807 | blacklist ${HOME}/.newsboat |
808 | deny ${HOME}/.npm | 808 | blacklist ${HOME}/.newsrc |
809 | deny ${HOME}/.npmrc | 809 | blacklist ${HOME}/.nicotine |
810 | deny ${HOME}/.nv | 810 | blacklist ${HOME}/.node-gyp |
811 | deny ${HOME}/.nvm | 811 | blacklist ${HOME}/.npm |
812 | deny ${HOME}/.nylas-mail | 812 | blacklist ${HOME}/.npmrc |
813 | deny ${HOME}/.openarena | 813 | blacklist ${HOME}/.nv |
814 | deny ${HOME}/.opencity | 814 | blacklist ${HOME}/.nvm |
815 | deny ${HOME}/.openinvaders | 815 | blacklist ${HOME}/.nylas-mail |
816 | deny ${HOME}/.openshot | 816 | blacklist ${HOME}/.openarena |
817 | deny ${HOME}/.openshot_qt | 817 | blacklist ${HOME}/.opencity |
818 | deny ${HOME}/.openttd | 818 | blacklist ${HOME}/.openinvaders |
819 | deny ${HOME}/.opera | 819 | blacklist ${HOME}/.openshot |
820 | deny ${HOME}/.opera-beta | 820 | blacklist ${HOME}/.openshot_qt |
821 | deny ${HOME}/.ostrichriders | 821 | blacklist ${HOME}/.openttd |
822 | deny ${HOME}/.paradoxinteractive | 822 | blacklist ${HOME}/.opera |
823 | deny ${HOME}/.parallelrealities/blobwars | 823 | blacklist ${HOME}/.opera-beta |
824 | deny ${HOME}/.pcsxr | 824 | blacklist ${HOME}/.ostrichriders |
825 | deny ${HOME}/.penguin-command | 825 | blacklist ${HOME}/.paradoxinteractive |
826 | deny ${HOME}/.pine-crash | 826 | blacklist ${HOME}/.parallelrealities/blobwars |
827 | deny ${HOME}/.pine-debug1 | 827 | blacklist ${HOME}/.pcsxr |
828 | deny ${HOME}/.pine-debug2 | 828 | blacklist ${HOME}/.penguin-command |
829 | deny ${HOME}/.pine-debug3 | 829 | blacklist ${HOME}/.pine-crash |
830 | deny ${HOME}/.pine-debug4 | 830 | blacklist ${HOME}/.pine-debug1 |
831 | deny ${HOME}/.pine-interrupted-mail | 831 | blacklist ${HOME}/.pine-debug2 |
832 | deny ${HOME}/.pinerc | 832 | blacklist ${HOME}/.pine-debug3 |
833 | deny ${HOME}/.pinercex | 833 | blacklist ${HOME}/.pine-debug4 |
834 | deny ${HOME}/.pingus | 834 | blacklist ${HOME}/.pine-interrupted-mail |
835 | deny ${HOME}/.pioneer | 835 | blacklist ${HOME}/.pinerc |
836 | deny ${HOME}/.purple | 836 | blacklist ${HOME}/.pinercex |
837 | deny ${HOME}/.pylint.d | 837 | blacklist ${HOME}/.pingus |
838 | deny ${HOME}/.qemu-launcher | 838 | blacklist ${HOME}/.pioneer |
839 | deny ${HOME}/.qgis2 | 839 | blacklist ${HOME}/.purple |
840 | deny ${HOME}/.qmmp | 840 | blacklist ${HOME}/.pylint.d |
841 | deny ${HOME}/.quodlibet | 841 | blacklist ${HOME}/.qemu-launcher |
842 | deny ${HOME}/.redeclipse | 842 | blacklist ${HOME}/.qgis2 |
843 | deny ${HOME}/.remmina | 843 | blacklist ${HOME}/.qmmp |
844 | deny ${HOME}/.repo_.gitconfig.json | 844 | blacklist ${HOME}/.quodlibet |
845 | deny ${HOME}/.repoconfig | 845 | blacklist ${HOME}/.redeclipse |
846 | deny ${HOME}/.retroshare | 846 | blacklist ${HOME}/.rednotebook |
847 | deny ${HOME}/.ripperXrc | 847 | blacklist ${HOME}/.remmina |
848 | deny ${HOME}/.scorched3d | 848 | blacklist ${HOME}/.repo_.gitconfig.json |
849 | deny ${HOME}/.scribus | 849 | blacklist ${HOME}/.repoconfig |
850 | deny ${HOME}/.scribusrc | 850 | blacklist ${HOME}/.retroshare |
851 | deny ${HOME}/.simutrans | 851 | blacklist ${HOME}/.ripperXrc |
852 | deny ${HOME}/.smartgit/*/passwords | 852 | blacklist ${HOME}/.scorched3d |
853 | deny ${HOME}/.ssr | 853 | blacklist ${HOME}/.scribus |
854 | deny ${HOME}/.steam | 854 | blacklist ${HOME}/.scribusrc |
855 | deny ${HOME}/.steampath | 855 | blacklist ${HOME}/.simutrans |
856 | deny ${HOME}/.steampid | 856 | blacklist ${HOME}/.smartgit/*/passwords |
857 | deny ${HOME}/.stellarium | 857 | blacklist ${HOME}/.ssr |
858 | deny ${HOME}/.subversion | 858 | blacklist ${HOME}/.steam |
859 | deny ${HOME}/.surf | 859 | blacklist ${HOME}/.steampath |
860 | deny ${HOME}/.suve/colorful | 860 | blacklist ${HOME}/.steampid |
861 | deny ${HOME}/.swb.ini | 861 | blacklist ${HOME}/.stellarium |
862 | deny ${HOME}/.sword | 862 | blacklist ${HOME}/.subversion |
863 | deny ${HOME}/.sylpheed-2.0 | 863 | blacklist ${HOME}/.surf |
864 | deny ${HOME}/.synfig | 864 | blacklist ${HOME}/.suve/colorful |
865 | deny ${HOME}/.tb | 865 | blacklist ${HOME}/.swb.ini |
866 | deny ${HOME}/.tconn | 866 | blacklist ${HOME}/.sword |
867 | deny ${HOME}/.teeworlds | 867 | blacklist ${HOME}/.sylpheed-2.0 |
868 | deny ${HOME}/.texlive20* | 868 | blacklist ${HOME}/.synfig |
869 | deny ${HOME}/.thunderbird | 869 | blacklist ${HOME}/.tb |
870 | deny ${HOME}/.tilp | 870 | blacklist ${HOME}/.tconn |
871 | deny ${HOME}/.tin | 871 | blacklist ${HOME}/.teeworlds |
872 | deny ${HOME}/.tooling | 872 | blacklist ${HOME}/.texlive20* |
873 | deny ${HOME}/.tor-browser* | 873 | blacklist ${HOME}/.thunderbird |
874 | deny ${HOME}/.torcs | 874 | blacklist ${HOME}/.tilp |
875 | deny ${HOME}/.tremulous | 875 | blacklist ${HOME}/.tin |
876 | deny ${HOME}/.ts3client | 876 | blacklist ${HOME}/.tooling |
877 | deny ${HOME}/.tuxguitar* | 877 | blacklist ${HOME}/.tor-browser* |
878 | deny ${HOME}/.tvbrowser | 878 | blacklist ${HOME}/.torcs |
879 | deny ${HOME}/.unknown-horizons | 879 | blacklist ${HOME}/.tremulous |
880 | deny ${HOME}/.viking | 880 | blacklist ${HOME}/.ts3client |
881 | deny ${HOME}/.viking-maps | 881 | blacklist ${HOME}/.tuxguitar* |
882 | deny ${HOME}/.vim | 882 | blacklist ${HOME}/.tvbrowser |
883 | deny ${HOME}/.vimrc | 883 | blacklist ${HOME}/.unknown-horizons |
884 | deny ${HOME}/.vmware | 884 | blacklist ${HOME}/.viking |
885 | deny ${HOME}/.vscode | 885 | blacklist ${HOME}/.viking-maps |
886 | deny ${HOME}/.vscode-oss | 886 | blacklist ${HOME}/.vim |
887 | deny ${HOME}/.vst | 887 | blacklist ${HOME}/.vimrc |
888 | deny ${HOME}/.vultures | 888 | blacklist ${HOME}/.vmware |
889 | deny ${HOME}/.w3m | 889 | blacklist ${HOME}/.vscode |
890 | deny ${HOME}/.warzone2100-3.* | 890 | blacklist ${HOME}/.vscode-oss |
891 | deny ${HOME}/.waterfox | 891 | blacklist ${HOME}/.vst |
892 | deny ${HOME}/.weechat | 892 | blacklist ${HOME}/.vultures |
893 | deny ${HOME}/.wget-hsts | 893 | blacklist ${HOME}/.w3m |
894 | deny ${HOME}/.wgetrc | 894 | blacklist ${HOME}/.warzone2100-3.* |
895 | deny ${HOME}/.widelands | 895 | blacklist ${HOME}/.waterfox |
896 | deny ${HOME}/.wine | 896 | blacklist ${HOME}/.weechat |
897 | deny ${HOME}/.wine64 | 897 | blacklist ${HOME}/.wget-hsts |
898 | deny ${HOME}/.wireshark | 898 | blacklist ${HOME}/.wgetrc |
899 | deny ${HOME}/.wordwarvi | 899 | blacklist ${HOME}/.widelands |
900 | deny ${HOME}/.wormux | 900 | blacklist ${HOME}/.wine |
901 | deny ${HOME}/.xiphos | 901 | blacklist ${HOME}/.wine64 |
902 | deny ${HOME}/.xmind | 902 | blacklist ${HOME}/.wireshark |
903 | deny ${HOME}/.xmms | 903 | blacklist ${HOME}/.wordwarvi |
904 | deny ${HOME}/.xmr-stak | 904 | blacklist ${HOME}/.wormux |
905 | deny ${HOME}/.xonotic | 905 | blacklist ${HOME}/.xiphos |
906 | deny ${HOME}/.xournalpp | 906 | blacklist ${HOME}/.xmind |
907 | deny ${HOME}/.xpdfrc | 907 | blacklist ${HOME}/.xmms |
908 | deny ${HOME}/.yarn | 908 | blacklist ${HOME}/.xmr-stak |
909 | deny ${HOME}/.yarn-config | 909 | blacklist ${HOME}/.xonotic |
910 | deny ${HOME}/.yarncache | 910 | blacklist ${HOME}/.xournalpp |
911 | deny ${HOME}/.yarnrc | 911 | blacklist ${HOME}/.xpdfrc |
912 | deny ${HOME}/.zoom | 912 | blacklist ${HOME}/.yarn |
913 | deny ${HOME}/Arduino | 913 | blacklist ${HOME}/.yarn-config |
914 | deny ${HOME}/Monero/wallets | 914 | blacklist ${HOME}/.yarncache |
915 | deny ${HOME}/Nextcloud | 915 | blacklist ${HOME}/.yarnrc |
916 | deny ${HOME}/Nextcloud/Notes | 916 | blacklist ${HOME}/.zoom |
917 | deny ${HOME}/SoftMaker | 917 | blacklist ${HOME}/Arduino |
918 | deny ${HOME}/Standard Notes Backups | 918 | blacklist ${HOME}/Monero/wallets |
919 | deny ${HOME}/TeamSpeak3-Client-linux_amd64 | 919 | blacklist ${HOME}/Nextcloud |
920 | deny ${HOME}/TeamSpeak3-Client-linux_x86 | 920 | blacklist ${HOME}/Nextcloud/Notes |
921 | deny ${HOME}/hyperrogue.ini | 921 | blacklist ${HOME}/SoftMaker |
922 | deny ${HOME}/i2p | 922 | blacklist ${HOME}/Standard Notes Backups |
923 | deny ${HOME}/mps | 923 | blacklist ${HOME}/TeamSpeak3-Client-linux_amd64 |
924 | deny ${HOME}/wallet.dat | 924 | blacklist ${HOME}/TeamSpeak3-Client-linux_x86 |
925 | deny /tmp/.wine-* | 925 | blacklist ${HOME}/hyperrogue.ini |
926 | deny /tmp/akonadi-* | 926 | blacklist ${HOME}/i2p |
927 | deny /var/games/nethack | 927 | blacklist ${HOME}/mps |
928 | deny /var/games/slashem | 928 | blacklist ${HOME}/wallet.dat |
929 | deny /var/games/vulturesclaw | 929 | blacklist /tmp/.wine-* |
930 | deny /var/games/vultureseye | 930 | blacklist /tmp/akonadi-* |
931 | deny /var/lib/games/Maelstrom-Scores | 931 | blacklist /var/games/nethack |
932 | blacklist /var/games/slashem | ||
933 | blacklist /var/games/vulturesclaw | ||
934 | blacklist /var/games/vultureseye | ||
935 | blacklist /var/lib/games/Maelstrom-Scores | ||
932 | 936 | ||
933 | # ${HOME}/.cache directory | 937 | # ${HOME}/.cache directory |
934 | deny ${HOME}/.cache/0ad | 938 | blacklist ${HOME}/.cache/0ad |
935 | deny ${HOME}/.cache/8pecxstudios | 939 | blacklist ${HOME}/.cache/8pecxstudios |
936 | deny ${HOME}/.cache/Authenticator | 940 | blacklist ${HOME}/.cache/Authenticator |
937 | deny ${HOME}/.cache/BraveSoftware | 941 | blacklist ${HOME}/.cache/BraveSoftware |
938 | deny ${HOME}/.cache/Clementine | 942 | blacklist ${HOME}/.cache/Clementine |
939 | deny ${HOME}/.cache/ENCOM/Spectral | 943 | blacklist ${HOME}/.cache/ENCOM/Spectral |
940 | deny ${HOME}/.cache/Enox | 944 | blacklist ${HOME}/.cache/Enox |
941 | deny ${HOME}/.cache/Enpass | 945 | blacklist ${HOME}/.cache/Enpass |
942 | deny ${HOME}/.cache/Ferdi | 946 | blacklist ${HOME}/.cache/Ferdi |
943 | deny ${HOME}/.cache/Flavio Tordini | 947 | blacklist ${HOME}/.cache/Flavio Tordini |
944 | deny ${HOME}/.cache/Franz | 948 | blacklist ${HOME}/.cache/Franz |
945 | deny ${HOME}/.cache/INRIA | 949 | blacklist ${HOME}/.cache/INRIA |
946 | deny ${HOME}/.cache/INRIA/Natron | 950 | blacklist ${HOME}/.cache/INRIA/Natron |
947 | deny ${HOME}/.cache/KDE/neochat | 951 | blacklist ${HOME}/.cache/KDE/neochat |
948 | deny ${HOME}/.cache/Mendeley Ltd. | 952 | blacklist ${HOME}/.cache/Mendeley Ltd. |
949 | deny ${HOME}/.cache/MusicBrainz | 953 | blacklist ${HOME}/.cache/MusicBrainz |
950 | deny ${HOME}/.cache/NewsFlashGTK | 954 | blacklist ${HOME}/.cache/NewsFlashGTK |
951 | deny ${HOME}/.cache/Otter | 955 | blacklist ${HOME}/.cache/Otter |
952 | deny ${HOME}/.cache/PawelStolowski | 956 | blacklist ${HOME}/.cache/PawelStolowski |
953 | deny ${HOME}/.cache/Psi | 957 | blacklist ${HOME}/.cache/Psi |
954 | deny ${HOME}/.cache/QuiteRss | 958 | blacklist ${HOME}/.cache/QuiteRss |
955 | deny ${HOME}/.cache/Quotient/quaternion | 959 | blacklist ${HOME}/.cache/Quotient/quaternion |
956 | deny ${HOME}/.cache/Shortwave | 960 | blacklist ${HOME}/.cache/Shortwave |
957 | deny ${HOME}/.cache/Tox | 961 | blacklist ${HOME}/.cache/Tox |
958 | deny ${HOME}/.cache/Zeal | 962 | blacklist ${HOME}/.cache/Zeal |
959 | deny ${HOME}/.cache/agenda | 963 | blacklist ${HOME}/.cache/agenda |
960 | deny ${HOME}/.cache/akonadi* | 964 | blacklist ${HOME}/.cache/akonadi* |
961 | deny ${HOME}/.cache/atril | 965 | blacklist ${HOME}/.cache/atril |
962 | deny ${HOME}/.cache/attic | 966 | blacklist ${HOME}/.cache/attic |
963 | deny ${HOME}/.cache/babl | 967 | blacklist ${HOME}/.cache/babl |
964 | deny ${HOME}/.cache/bnox | 968 | blacklist ${HOME}/.cache/bnox |
965 | deny ${HOME}/.cache/borg | 969 | blacklist ${HOME}/.cache/borg |
966 | deny ${HOME}/.cache/calibre | 970 | blacklist ${HOME}/.cache/calibre |
967 | deny ${HOME}/.cache/cantata | 971 | blacklist ${HOME}/.cache/cantata |
968 | deny ${HOME}/.cache/champlain | 972 | blacklist ${HOME}/.cache/champlain |
969 | deny ${HOME}/.cache/chromium | 973 | blacklist ${HOME}/.cache/chromium |
970 | deny ${HOME}/.cache/chromium-dev | 974 | blacklist ${HOME}/.cache/chromium-dev |
971 | deny ${HOME}/.cache/cliqz | 975 | blacklist ${HOME}/.cache/cliqz |
972 | deny ${HOME}/.cache/com.github.johnfactotum.Foliate | 976 | blacklist ${HOME}/.cache/com.github.johnfactotum.Foliate |
973 | deny ${HOME}/.cache/darktable | 977 | blacklist ${HOME}/.cache/darktable |
974 | deny ${HOME}/.cache/deja-dup | 978 | blacklist ${HOME}/.cache/deja-dup |
975 | deny ${HOME}/.cache/discover | 979 | blacklist ${HOME}/.cache/discover |
976 | deny ${HOME}/.cache/dnox | 980 | blacklist ${HOME}/.cache/dnox |
977 | deny ${HOME}/.cache/dolphin | 981 | blacklist ${HOME}/.cache/dolphin |
978 | deny ${HOME}/.cache/dolphin-emu | 982 | blacklist ${HOME}/.cache/dolphin-emu |
979 | deny ${HOME}/.cache/ephemeral | 983 | blacklist ${HOME}/.cache/ephemeral |
980 | deny ${HOME}/.cache/epiphany | 984 | blacklist ${HOME}/.cache/epiphany |
981 | deny ${HOME}/.cache/evolution | 985 | blacklist ${HOME}/.cache/evolution |
982 | deny ${HOME}/.cache/falkon | 986 | blacklist ${HOME}/.cache/falkon |
983 | deny ${HOME}/.cache/feedreader | 987 | blacklist ${HOME}/.cache/feedreader |
984 | deny ${HOME}/.cache/firedragon | 988 | blacklist ${HOME}/.cache/firedragon |
985 | deny ${HOME}/.cache/flaska.net/trojita | 989 | blacklist ${HOME}/.cache/flaska.net/trojita |
986 | deny ${HOME}/.cache/folks | 990 | blacklist ${HOME}/.cache/folks |
987 | deny ${HOME}/.cache/font-manager | 991 | blacklist ${HOME}/.cache/font-manager |
988 | deny ${HOME}/.cache/fossamail | 992 | blacklist ${HOME}/.cache/fossamail |
989 | deny ${HOME}/.cache/fractal | 993 | blacklist ${HOME}/.cache/fractal |
990 | deny ${HOME}/.cache/freecol | 994 | blacklist ${HOME}/.cache/freecol |
991 | deny ${HOME}/.cache/gajim | 995 | blacklist ${HOME}/.cache/gajim |
992 | deny ${HOME}/.cache/geary | 996 | blacklist ${HOME}/.cache/geary |
993 | deny ${HOME}/.cache/geeqie | 997 | blacklist ${HOME}/.cache/geeqie |
994 | deny ${HOME}/.cache/gegl-0.4 | 998 | blacklist ${HOME}/.cache/gegl-0.4 |
995 | deny ${HOME}/.cache/gfeeds | 999 | blacklist ${HOME}/.cache/gfeeds |
996 | deny ${HOME}/.cache/gimp | 1000 | blacklist ${HOME}/.cache/gimp |
997 | deny ${HOME}/.cache/gnome-boxes | 1001 | blacklist ${HOME}/.cache/gnome-boxes |
998 | deny ${HOME}/.cache/gnome-builder | 1002 | blacklist ${HOME}/.cache/gnome-builder |
999 | deny ${HOME}/.cache/gnome-control-center | 1003 | blacklist ${HOME}/.cache/gnome-control-center |
1000 | deny ${HOME}/.cache/gnome-recipes | 1004 | blacklist ${HOME}/.cache/gnome-recipes |
1001 | deny ${HOME}/.cache/gnome-screenshot | 1005 | blacklist ${HOME}/.cache/gnome-screenshot |
1002 | deny ${HOME}/.cache/gnome-software | 1006 | blacklist ${HOME}/.cache/gnome-software |
1003 | deny ${HOME}/.cache/gnome-twitch | 1007 | blacklist ${HOME}/.cache/gnome-twitch |
1004 | deny ${HOME}/.cache/godot | 1008 | blacklist ${HOME}/.cache/godot |
1005 | deny ${HOME}/.cache/google-chrome | 1009 | blacklist ${HOME}/.cache/google-chrome |
1006 | deny ${HOME}/.cache/google-chrome-beta | 1010 | blacklist ${HOME}/.cache/google-chrome-beta |
1007 | deny ${HOME}/.cache/google-chrome-unstable | 1011 | blacklist ${HOME}/.cache/google-chrome-unstable |
1008 | deny ${HOME}/.cache/gradio | 1012 | blacklist ${HOME}/.cache/gradio |
1009 | deny ${HOME}/.cache/gummi | 1013 | blacklist ${HOME}/.cache/gummi |
1010 | deny ${HOME}/.cache/icedove | 1014 | blacklist ${HOME}/.cache/icedove |
1011 | deny ${HOME}/.cache/inkscape | 1015 | blacklist ${HOME}/.cache/inkscape |
1012 | deny ${HOME}/.cache/inox | 1016 | blacklist ${HOME}/.cache/inox |
1013 | deny ${HOME}/.cache/iridium | 1017 | blacklist ${HOME}/.cache/io.github.lainsce.Notejot |
1014 | deny ${HOME}/.cache/JetBrains/CLion* | 1018 | blacklist ${HOME}/.cache/iridium |
1015 | deny ${HOME}/.cache/kcmshell5 | 1019 | blacklist ${HOME}/.cache/JetBrains/CLion* |
1016 | deny ${HOME}/.cache/kdenlive | 1020 | blacklist ${HOME}/.cache/kcmshell5 |
1017 | deny ${HOME}/.cache/keepassxc | 1021 | blacklist ${HOME}/.cache/kdenlive |
1018 | deny ${HOME}/.cache/kfind | 1022 | blacklist ${HOME}/.cache/keepassxc |
1019 | deny ${HOME}/.cache/kinfocenter | 1023 | blacklist ${HOME}/.cache/kfind |
1020 | deny ${HOME}/.cache/kmail2 | 1024 | blacklist ${HOME}/.cache/kinfocenter |
1021 | deny ${HOME}/.cache/krunner | 1025 | blacklist ${HOME}/.cache/kmail2 |
1022 | deny ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* | 1026 | blacklist ${HOME}/.cache/krunner |
1023 | deny ${HOME}/.cache/kscreenlocker_greet | 1027 | blacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* |
1024 | deny ${HOME}/.cache/ksmserver-logout-greeter | 1028 | blacklist ${HOME}/.cache/kscreenlocker_greet |
1025 | deny ${HOME}/.cache/ksplashqml | 1029 | blacklist ${HOME}/.cache/ksmserver-logout-greeter |
1026 | deny ${HOME}/.cache/kube | 1030 | blacklist ${HOME}/.cache/ksplashqml |
1027 | deny ${HOME}/.cache/kwin | 1031 | blacklist ${HOME}/.cache/kube |
1028 | deny ${HOME}/.cache/libgweather | 1032 | blacklist ${HOME}/.cache/kwin |
1029 | deny ${HOME}/.cache/librewolf | 1033 | blacklist ${HOME}/.cache/libgweather |
1030 | deny ${HOME}/.cache/liferea | 1034 | blacklist ${HOME}/.cache/librewolf |
1031 | deny ${HOME}/.cache/lutris | 1035 | blacklist ${HOME}/.cache/liferea |
1032 | deny ${HOME}/.cache/marker | 1036 | blacklist ${HOME}/.cache/lutris |
1033 | deny ${HOME}/.cache/matrix-mirage | 1037 | blacklist ${HOME}/.cache/marker |
1034 | deny ${HOME}/.cache/microsoft-edge-dev | 1038 | blacklist ${HOME}/.cache/matrix-mirage |
1035 | deny ${HOME}/.cache/midori | 1039 | blacklist ${HOME}/.cache/microsoft-edge-beta |
1036 | deny ${HOME}/.cache/minetest | 1040 | blacklist ${HOME}/.cache/microsoft-edge-dev |
1037 | deny ${HOME}/.cache/mirage | 1041 | blacklist ${HOME}/.cache/midori |
1038 | deny ${HOME}/.cache/moonchild productions/basilisk | 1042 | blacklist ${HOME}/.cache/minetest |
1039 | deny ${HOME}/.cache/moonchild productions/pale moon | 1043 | blacklist ${HOME}/.cache/mirage |
1040 | deny ${HOME}/.cache/mozilla | 1044 | blacklist ${HOME}/.cache/moonchild productions/basilisk |
1041 | deny ${HOME}/.cache/ms-excel-online | 1045 | blacklist ${HOME}/.cache/moonchild productions/pale moon |
1042 | deny ${HOME}/.cache/ms-office-online | 1046 | blacklist ${HOME}/.cache/mozilla |
1043 | deny ${HOME}/.cache/ms-onenote-online | 1047 | blacklist ${HOME}/.cache/ms-excel-online |
1044 | deny ${HOME}/.cache/ms-outlook-online | 1048 | blacklist ${HOME}/.cache/ms-office-online |
1045 | deny ${HOME}/.cache/ms-powerpoint-online | 1049 | blacklist ${HOME}/.cache/ms-onenote-online |
1046 | deny ${HOME}/.cache/ms-skype-online | 1050 | blacklist ${HOME}/.cache/ms-outlook-online |
1047 | deny ${HOME}/.cache/ms-word-online | 1051 | blacklist ${HOME}/.cache/ms-powerpoint-online |
1048 | deny ${HOME}/.cache/mutt | 1052 | blacklist ${HOME}/.cache/ms-skype-online |
1049 | deny ${HOME}/.cache/mypaint | 1053 | blacklist ${HOME}/.cache/ms-word-online |
1050 | deny ${HOME}/.cache/netsurf | 1054 | blacklist ${HOME}/.cache/mutt |
1051 | deny ${HOME}/.cache/nheko | 1055 | blacklist ${HOME}/.cache/mypaint |
1052 | deny ${HOME}/.cache/okular | 1056 | blacklist ${HOME}/.cache/netsurf |
1053 | deny ${HOME}/.cache/opera | 1057 | blacklist ${HOME}/.cache/nheko |
1054 | deny ${HOME}/.cache/opera-beta | 1058 | blacklist ${HOME}/.cache/okular |
1055 | deny ${HOME}/.cache/org.gabmus.gfeeds | 1059 | blacklist ${HOME}/.cache/opera |
1056 | deny ${HOME}/.cache/org.gnome.Books | 1060 | blacklist ${HOME}/.cache/opera-beta |
1057 | deny ${HOME}/.cache/org.gnome.Maps | 1061 | blacklist ${HOME}/.cache/org.gabmus.gfeeds |
1058 | deny ${HOME}/.cache/pdfmod | 1062 | blacklist ${HOME}/.cache/org.gnome.Books |
1059 | deny ${HOME}/.cache/peek | 1063 | blacklist ${HOME}/.cache/org.gnome.Maps |
1060 | deny ${HOME}/.cache/pip | 1064 | blacklist ${HOME}/.cache/pdfmod |
1061 | deny ${HOME}/.cache/pipe-viewer | 1065 | blacklist ${HOME}/.cache/peek |
1062 | deny ${HOME}/.cache/plasmashell | 1066 | blacklist ${HOME}/.cache/pip |
1063 | deny ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite* | 1067 | blacklist ${HOME}/.cache/pipe-viewer |
1064 | deny ${HOME}/.cache/psi | 1068 | blacklist ${HOME}/.cache/plasmashell |
1065 | deny ${HOME}/.cache/qBittorrent | 1069 | blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite* |
1066 | deny ${HOME}/.cache/quodlibet | 1070 | blacklist ${HOME}/.cache/psi |
1067 | deny ${HOME}/.cache/qupzilla | 1071 | blacklist ${HOME}/.cache/qBittorrent |
1068 | deny ${HOME}/.cache/qutebrowser | 1072 | blacklist ${HOME}/.cache/quodlibet |
1069 | deny ${HOME}/.cache/rhythmbox | 1073 | blacklist ${HOME}/.cache/qupzilla |
1070 | deny ${HOME}/.cache/shotwell | 1074 | blacklist ${HOME}/.cache/qutebrowser |
1071 | deny ${HOME}/.cache/simple-scan | 1075 | blacklist ${HOME}/.cache/rednotebook |
1072 | deny ${HOME}/.cache/slimjet | 1076 | blacklist ${HOME}/.cache/rhythmbox |
1073 | deny ${HOME}/.cache/smuxi | 1077 | blacklist ${HOME}/.cache/shotwell |
1074 | deny ${HOME}/.cache/snox | 1078 | blacklist ${HOME}/.cache/simple-scan |
1075 | deny ${HOME}/.cache/spotify | 1079 | blacklist ${HOME}/.cache/slimjet |
1076 | deny ${HOME}/.cache/straw-viewer | 1080 | blacklist ${HOME}/.cache/smuxi |
1077 | deny ${HOME}/.cache/strawberry | 1081 | blacklist ${HOME}/.cache/snox |
1078 | deny ${HOME}/.cache/supertuxkart | 1082 | blacklist ${HOME}/.cache/spotify |
1079 | deny ${HOME}/.cache/systemsettings | 1083 | blacklist ${HOME}/.cache/straw-viewer |
1080 | deny ${HOME}/.cache/telepathy | 1084 | blacklist ${HOME}/.cache/strawberry |
1081 | deny ${HOME}/.cache/thunderbird | 1085 | blacklist ${HOME}/.cache/supertuxkart |
1082 | deny ${HOME}/.cache/torbrowser | 1086 | blacklist ${HOME}/.cache/systemsettings |
1083 | deny ${HOME}/.cache/transmission | 1087 | blacklist ${HOME}/.cache/telepathy |
1084 | deny ${HOME}/.cache/ungoogled-chromium | 1088 | blacklist ${HOME}/.cache/thunderbird |
1085 | deny ${HOME}/.cache/vivaldi | 1089 | blacklist ${HOME}/.cache/torbrowser |
1086 | deny ${HOME}/.cache/vivaldi-snapshot | 1090 | blacklist ${HOME}/.cache/transmission |
1087 | deny ${HOME}/.cache/vlc | 1091 | blacklist ${HOME}/.cache/ungoogled-chromium |
1088 | deny ${HOME}/.cache/vmware | 1092 | blacklist ${HOME}/.cache/vivaldi |
1089 | deny ${HOME}/.cache/warsow-2.1 | 1093 | blacklist ${HOME}/.cache/vivaldi-snapshot |
1090 | deny ${HOME}/.cache/waterfox | 1094 | blacklist ${HOME}/.cache/vlc |
1091 | deny ${HOME}/.cache/wesnoth | 1095 | blacklist ${HOME}/.cache/vmware |
1092 | deny ${HOME}/.cache/winetricks | 1096 | blacklist ${HOME}/.cache/warsow-2.1 |
1093 | deny ${HOME}/.cache/xmms2 | 1097 | blacklist ${HOME}/.cache/waterfox |
1094 | deny ${HOME}/.cache/xreader | 1098 | blacklist ${HOME}/.cache/wesnoth |
1095 | deny ${HOME}/.cache/yandex-browser | 1099 | blacklist ${HOME}/.cache/winetricks |
1096 | deny ${HOME}/.cache/yandex-browser-beta | 1100 | blacklist ${HOME}/.cache/xmms2 |
1097 | deny ${HOME}/.cache/youtube-dl | 1101 | blacklist ${HOME}/.cache/xreader |
1098 | deny ${HOME}/.cache/youtube-viewer | 1102 | blacklist ${HOME}/.cache/yandex-browser |
1099 | deny ${RUNUSER}/*firefox* | 1103 | blacklist ${HOME}/.cache/yandex-browser-beta |
1104 | blacklist ${HOME}/.cache/youtube-dl | ||
1105 | blacklist ${HOME}/.cache/youtube-viewer | ||
1106 | blacklist ${RUNUSER}/*firefox* | ||
1107 | blacklist ${HOME}/.cache/zim | ||
diff --git a/etc/inc/disable-shell.inc b/etc/inc/disable-shell.inc index da6fb31a3..8274b0215 100644 --- a/etc/inc/disable-shell.inc +++ b/etc/inc/disable-shell.inc | |||
@@ -2,14 +2,14 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include disable-shell.local | 3 | include disable-shell.local |
4 | 4 | ||
5 | deny ${PATH}/bash | 5 | blacklist ${PATH}/bash |
6 | deny ${PATH}/csh | 6 | blacklist ${PATH}/csh |
7 | deny ${PATH}/dash | 7 | blacklist ${PATH}/dash |
8 | deny ${PATH}/fish | 8 | blacklist ${PATH}/fish |
9 | deny ${PATH}/ksh | 9 | blacklist ${PATH}/ksh |
10 | deny ${PATH}/mksh | 10 | blacklist ${PATH}/mksh |
11 | deny ${PATH}/oksh | 11 | blacklist ${PATH}/oksh |
12 | deny ${PATH}/sh | 12 | blacklist ${PATH}/sh |
13 | deny ${PATH}/tclsh | 13 | blacklist ${PATH}/tclsh |
14 | deny ${PATH}/tcsh | 14 | blacklist ${PATH}/tcsh |
15 | deny ${PATH}/zsh | 15 | blacklist ${PATH}/zsh |
diff --git a/etc/inc/disable-xdg.inc b/etc/inc/disable-xdg.inc index 32aa8c7f6..22acf272d 100644 --- a/etc/inc/disable-xdg.inc +++ b/etc/inc/disable-xdg.inc | |||
@@ -2,10 +2,10 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include disable-xdg.local | 3 | include disable-xdg.local |
4 | 4 | ||
5 | deny ${DOCUMENTS} | 5 | blacklist ${DOCUMENTS} |
6 | deny ${MUSIC} | 6 | blacklist ${MUSIC} |
7 | deny ${PICTURES} | 7 | blacklist ${PICTURES} |
8 | deny ${VIDEOS} | 8 | blacklist ${VIDEOS} |
9 | 9 | ||
10 | # The following should be considered catch-all directories | 10 | # The following should be considered catch-all directories |
11 | #blacklist ${DESKTOP} | 11 | #blacklist ${DESKTOP} |
diff --git a/etc/inc/whitelist-1793-workaround.inc b/etc/inc/whitelist-1793-workaround.inc index 06a424440..862837f12 100644 --- a/etc/inc/whitelist-1793-workaround.inc +++ b/etc/inc/whitelist-1793-workaround.inc | |||
@@ -3,27 +3,27 @@ | |||
3 | include whitelist-1793-workaround.local | 3 | include whitelist-1793-workaround.local |
4 | # This works around bug 1793, and allows whitelisting to be used for some KDE applications. | 4 | # This works around bug 1793, and allows whitelisting to be used for some KDE applications. |
5 | 5 | ||
6 | nodeny ${HOME}/.config/ibus | 6 | noblacklist ${HOME}/.config/ibus |
7 | nodeny ${HOME}/.config/mimeapps.list | 7 | noblacklist ${HOME}/.config/mimeapps.list |
8 | nodeny ${HOME}/.config/pkcs11 | 8 | noblacklist ${HOME}/.config/pkcs11 |
9 | nodeny ${HOME}/.config/user-dirs.dirs | 9 | noblacklist ${HOME}/.config/user-dirs.dirs |
10 | nodeny ${HOME}/.config/user-dirs.locale | 10 | noblacklist ${HOME}/.config/user-dirs.locale |
11 | nodeny ${HOME}/.config/dconf | 11 | noblacklist ${HOME}/.config/dconf |
12 | nodeny ${HOME}/.config/fontconfig | 12 | noblacklist ${HOME}/.config/fontconfig |
13 | nodeny ${HOME}/.config/gtk-2.0 | 13 | noblacklist ${HOME}/.config/gtk-2.0 |
14 | nodeny ${HOME}/.config/gtk-3.0 | 14 | noblacklist ${HOME}/.config/gtk-3.0 |
15 | nodeny ${HOME}/.config/gtk-4.0 | 15 | noblacklist ${HOME}/.config/gtk-4.0 |
16 | nodeny ${HOME}/.config/gtkrc | 16 | noblacklist ${HOME}/.config/gtkrc |
17 | nodeny ${HOME}/.config/gtkrc-2.0 | 17 | noblacklist ${HOME}/.config/gtkrc-2.0 |
18 | nodeny ${HOME}/.config/Kvantum | 18 | noblacklist ${HOME}/.config/Kvantum |
19 | nodeny ${HOME}/.config/Trolltech.conf | 19 | noblacklist ${HOME}/.config/Trolltech.conf |
20 | nodeny ${HOME}/.config/QtProject.conf | 20 | noblacklist ${HOME}/.config/QtProject.conf |
21 | nodeny ${HOME}/.config/kdeglobals | 21 | noblacklist ${HOME}/.config/kdeglobals |
22 | nodeny ${HOME}/.config/kio_httprc | 22 | noblacklist ${HOME}/.config/kio_httprc |
23 | nodeny ${HOME}/.config/kioslaverc | 23 | noblacklist ${HOME}/.config/kioslaverc |
24 | nodeny ${HOME}/.config/ksslcablacklist | 24 | noblacklist ${HOME}/.config/ksslcablacklist |
25 | nodeny ${HOME}/.config/qt5ct | 25 | noblacklist ${HOME}/.config/qt5ct |
26 | nodeny ${HOME}/.config/qtcurve | 26 | noblacklist ${HOME}/.config/qtcurve |
27 | 27 | ||
28 | deny ${HOME}/.config/* | 28 | blacklist ${HOME}/.config/* |
29 | allow ${HOME}/.config | 29 | whitelist ${HOME}/.config |
diff --git a/etc/inc/whitelist-common.inc b/etc/inc/whitelist-common.inc index 11070e372..fedfb2bc2 100644 --- a/etc/inc/whitelist-common.inc +++ b/etc/inc/whitelist-common.inc | |||
@@ -4,82 +4,82 @@ include whitelist-common.local | |||
4 | 4 | ||
5 | # common whitelist for all profiles | 5 | # common whitelist for all profiles |
6 | 6 | ||
7 | allow ${HOME}/.XCompose | 7 | whitelist ${HOME}/.XCompose |
8 | allow ${HOME}/.alsaequal.bin | 8 | whitelist ${HOME}/.alsaequal.bin |
9 | allow ${HOME}/.asoundrc | 9 | whitelist ${HOME}/.asoundrc |
10 | allow ${HOME}/.config/ibus | 10 | whitelist ${HOME}/.config/ibus |
11 | allow ${HOME}/.config/mimeapps.list | 11 | whitelist ${HOME}/.config/mimeapps.list |
12 | allow ${HOME}/.config/pkcs11 | 12 | whitelist ${HOME}/.config/pkcs11 |
13 | read-only ${HOME}/.config/pkcs11 | 13 | read-only ${HOME}/.config/pkcs11 |
14 | allow ${HOME}/.config/user-dirs.dirs | 14 | whitelist ${HOME}/.config/user-dirs.dirs |
15 | read-only ${HOME}/.config/user-dirs.dirs | 15 | read-only ${HOME}/.config/user-dirs.dirs |
16 | allow ${HOME}/.config/user-dirs.locale | 16 | whitelist ${HOME}/.config/user-dirs.locale |
17 | read-only ${HOME}/.config/user-dirs.locale | 17 | read-only ${HOME}/.config/user-dirs.locale |
18 | allow ${HOME}/.drirc | 18 | whitelist ${HOME}/.drirc |
19 | allow ${HOME}/.icons | 19 | whitelist ${HOME}/.icons |
20 | ?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit | 20 | ?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit |
21 | allow ${HOME}/.local/share/applications | 21 | whitelist ${HOME}/.local/share/applications |
22 | read-only ${HOME}/.local/share/applications | 22 | read-only ${HOME}/.local/share/applications |
23 | allow ${HOME}/.local/share/icons | 23 | whitelist ${HOME}/.local/share/icons |
24 | allow ${HOME}/.local/share/mime | 24 | whitelist ${HOME}/.local/share/mime |
25 | allow ${HOME}/.mime.types | 25 | whitelist ${HOME}/.mime.types |
26 | allow ${HOME}/.sndio/cookie | 26 | whitelist ${HOME}/.sndio/cookie |
27 | allow ${HOME}/.uim.d | 27 | whitelist ${HOME}/.uim.d |
28 | 28 | ||
29 | # dconf | 29 | # dconf |
30 | mkdir ${HOME}/.config/dconf | 30 | mkdir ${HOME}/.config/dconf |
31 | allow ${HOME}/.config/dconf | 31 | whitelist ${HOME}/.config/dconf |
32 | 32 | ||
33 | # fonts | 33 | # fonts |
34 | allow ${HOME}/.cache/fontconfig | 34 | whitelist ${HOME}/.cache/fontconfig |
35 | allow ${HOME}/.config/fontconfig | 35 | whitelist ${HOME}/.config/fontconfig |
36 | allow ${HOME}/.fontconfig | 36 | whitelist ${HOME}/.fontconfig |
37 | allow ${HOME}/.fonts | 37 | whitelist ${HOME}/.fonts |
38 | allow ${HOME}/.fonts.conf | 38 | whitelist ${HOME}/.fonts.conf |
39 | allow ${HOME}/.fonts.conf.d | 39 | whitelist ${HOME}/.fonts.conf.d |
40 | allow ${HOME}/.fonts.d | 40 | whitelist ${HOME}/.fonts.d |
41 | allow ${HOME}/.local/share/fonts | 41 | whitelist ${HOME}/.local/share/fonts |
42 | allow ${HOME}/.pangorc | 42 | whitelist ${HOME}/.pangorc |
43 | 43 | ||
44 | # gtk | 44 | # gtk |
45 | allow ${HOME}/.config/gtk-2.0 | 45 | whitelist ${HOME}/.config/gtk-2.0 |
46 | allow ${HOME}/.config/gtk-3.0 | 46 | whitelist ${HOME}/.config/gtk-3.0 |
47 | allow ${HOME}/.config/gtk-4.0 | 47 | whitelist ${HOME}/.config/gtk-4.0 |
48 | allow ${HOME}/.config/gtkrc | 48 | whitelist ${HOME}/.config/gtkrc |
49 | allow ${HOME}/.config/gtkrc-2.0 | 49 | whitelist ${HOME}/.config/gtkrc-2.0 |
50 | allow ${HOME}/.gnome2 | 50 | whitelist ${HOME}/.gnome2 |
51 | allow ${HOME}/.gnome2-private | 51 | whitelist ${HOME}/.gnome2-private |
52 | allow ${HOME}/.gtk-2.0 | 52 | whitelist ${HOME}/.gtk-2.0 |
53 | allow ${HOME}/.gtkrc | 53 | whitelist ${HOME}/.gtkrc |
54 | allow ${HOME}/.gtkrc-2.0 | 54 | whitelist ${HOME}/.gtkrc-2.0 |
55 | allow ${HOME}/.kde/share/config/gtkrc | 55 | whitelist ${HOME}/.kde/share/config/gtkrc |
56 | allow ${HOME}/.kde/share/config/gtkrc-2.0 | 56 | whitelist ${HOME}/.kde/share/config/gtkrc-2.0 |
57 | allow ${HOME}/.kde4/share/config/gtkrc | 57 | whitelist ${HOME}/.kde4/share/config/gtkrc |
58 | allow ${HOME}/.kde4/share/config/gtkrc-2.0 | 58 | whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 |
59 | allow ${HOME}/.local/share/themes | 59 | whitelist ${HOME}/.local/share/themes |
60 | allow ${HOME}/.themes | 60 | whitelist ${HOME}/.themes |
61 | 61 | ||
62 | # qt/kde | 62 | # qt/kde |
63 | allow ${HOME}/.cache/kioexec/krun | 63 | whitelist ${HOME}/.cache/kioexec/krun |
64 | allow ${HOME}/.config/Kvantum | 64 | whitelist ${HOME}/.config/Kvantum |
65 | allow ${HOME}/.config/Trolltech.conf | 65 | whitelist ${HOME}/.config/Trolltech.conf |
66 | allow ${HOME}/.config/QtProject.conf | 66 | whitelist ${HOME}/.config/QtProject.conf |
67 | allow ${HOME}/.config/kdeglobals | 67 | whitelist ${HOME}/.config/kdeglobals |
68 | allow ${HOME}/.config/kio_httprc | 68 | whitelist ${HOME}/.config/kio_httprc |
69 | allow ${HOME}/.config/kioslaverc | 69 | whitelist ${HOME}/.config/kioslaverc |
70 | allow ${HOME}/.config/ksslcablacklist | 70 | whitelist ${HOME}/.config/ksslcablacklist |
71 | allow ${HOME}/.config/qt5ct | 71 | whitelist ${HOME}/.config/qt5ct |
72 | allow ${HOME}/.config/qtcurve | 72 | whitelist ${HOME}/.config/qtcurve |
73 | allow ${HOME}/.kde/share/config/kdeglobals | 73 | whitelist ${HOME}/.kde/share/config/kdeglobals |
74 | allow ${HOME}/.kde/share/config/kio_httprc | 74 | whitelist ${HOME}/.kde/share/config/kio_httprc |
75 | allow ${HOME}/.kde/share/config/kioslaverc | 75 | whitelist ${HOME}/.kde/share/config/kioslaverc |
76 | allow ${HOME}/.kde/share/config/ksslcablacklist | 76 | whitelist ${HOME}/.kde/share/config/ksslcablacklist |
77 | allow ${HOME}/.kde/share/config/oxygenrc | 77 | whitelist ${HOME}/.kde/share/config/oxygenrc |
78 | allow ${HOME}/.kde/share/icons | 78 | whitelist ${HOME}/.kde/share/icons |
79 | allow ${HOME}/.kde4/share/config/kdeglobals | 79 | whitelist ${HOME}/.kde4/share/config/kdeglobals |
80 | allow ${HOME}/.kde4/share/config/kio_httprc | 80 | whitelist ${HOME}/.kde4/share/config/kio_httprc |
81 | allow ${HOME}/.kde4/share/config/kioslaverc | 81 | whitelist ${HOME}/.kde4/share/config/kioslaverc |
82 | allow ${HOME}/.kde4/share/config/ksslcablacklist | 82 | whitelist ${HOME}/.kde4/share/config/ksslcablacklist |
83 | allow ${HOME}/.kde4/share/config/oxygenrc | 83 | whitelist ${HOME}/.kde4/share/config/oxygenrc |
84 | allow ${HOME}/.kde4/share/icons | 84 | whitelist ${HOME}/.kde4/share/icons |
85 | allow ${HOME}/.local/share/qt5ct | 85 | whitelist ${HOME}/.local/share/qt5ct |
diff --git a/etc/inc/whitelist-player-common.inc b/etc/inc/whitelist-player-common.inc index d6ae8eab6..e5bf36804 100644 --- a/etc/inc/whitelist-player-common.inc +++ b/etc/inc/whitelist-player-common.inc | |||
@@ -4,8 +4,8 @@ include whitelist-player-common.local | |||
4 | 4 | ||
5 | # common whitelist for all media players | 5 | # common whitelist for all media players |
6 | 6 | ||
7 | allow ${DESKTOP} | 7 | whitelist ${DESKTOP} |
8 | allow ${DOWNLOADS} | 8 | whitelist ${DOWNLOADS} |
9 | allow ${MUSIC} | 9 | whitelist ${MUSIC} |
10 | allow ${PICTURES} | 10 | whitelist ${PICTURES} |
11 | allow ${VIDEOS} | 11 | whitelist ${VIDEOS} |
diff --git a/etc/inc/whitelist-runuser-common.inc b/etc/inc/whitelist-runuser-common.inc index 86e5264b9..48309ffe3 100644 --- a/etc/inc/whitelist-runuser-common.inc +++ b/etc/inc/whitelist-runuser-common.inc | |||
@@ -4,13 +4,13 @@ include whitelist-runuser-common.local | |||
4 | 4 | ||
5 | # common ${RUNUSER} (=/run/user/$UID) whitelist for all profiles | 5 | # common ${RUNUSER} (=/run/user/$UID) whitelist for all profiles |
6 | 6 | ||
7 | allow ${RUNUSER}/bus | 7 | whitelist ${RUNUSER}/bus |
8 | allow ${RUNUSER}/dconf | 8 | whitelist ${RUNUSER}/dconf |
9 | allow ${RUNUSER}/gdm/Xauthority | 9 | whitelist ${RUNUSER}/gdm/Xauthority |
10 | allow ${RUNUSER}/ICEauthority | 10 | whitelist ${RUNUSER}/ICEauthority |
11 | allow ${RUNUSER}/.mutter-Xwaylandauth.* | 11 | whitelist ${RUNUSER}/.mutter-Xwaylandauth.* |
12 | allow ${RUNUSER}/pulse/native | 12 | whitelist ${RUNUSER}/pulse/native |
13 | allow ${RUNUSER}/wayland-0 | 13 | whitelist ${RUNUSER}/wayland-0 |
14 | allow ${RUNUSER}/wayland-1 | 14 | whitelist ${RUNUSER}/wayland-1 |
15 | allow ${RUNUSER}/xauth_* | 15 | whitelist ${RUNUSER}/xauth_* |
16 | allow ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] | 16 | whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] |
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc index 64296da15..fe0097934 100644 --- a/etc/inc/whitelist-usr-share-common.inc +++ b/etc/inc/whitelist-usr-share-common.inc | |||
@@ -4,66 +4,66 @@ include whitelist-usr-share-common.local | |||
4 | 4 | ||
5 | # common /usr/share whitelist for all profiles | 5 | # common /usr/share whitelist for all profiles |
6 | 6 | ||
7 | allow /usr/share/alsa | 7 | whitelist /usr/share/alsa |
8 | allow /usr/share/applications | 8 | whitelist /usr/share/applications |
9 | allow /usr/share/ca-certificates | 9 | whitelist /usr/share/ca-certificates |
10 | allow /usr/share/crypto-policies | 10 | whitelist /usr/share/crypto-policies |
11 | allow /usr/share/cursors | 11 | whitelist /usr/share/cursors |
12 | allow /usr/share/dconf | 12 | whitelist /usr/share/dconf |
13 | allow /usr/share/distro-info | 13 | whitelist /usr/share/distro-info |
14 | allow /usr/share/drirc.d | 14 | whitelist /usr/share/drirc.d |
15 | allow /usr/share/enchant | 15 | whitelist /usr/share/enchant |
16 | allow /usr/share/enchant-2 | 16 | whitelist /usr/share/enchant-2 |
17 | allow /usr/share/file | 17 | whitelist /usr/share/file |
18 | allow /usr/share/fontconfig | 18 | whitelist /usr/share/fontconfig |
19 | allow /usr/share/fonts | 19 | whitelist /usr/share/fonts |
20 | allow /usr/share/fonts-config | 20 | whitelist /usr/share/fonts-config |
21 | allow /usr/share/gir-1.0 | 21 | whitelist /usr/share/gir-1.0 |
22 | allow /usr/share/gjs-1.0 | 22 | whitelist /usr/share/gjs-1.0 |
23 | allow /usr/share/glib-2.0 | 23 | whitelist /usr/share/glib-2.0 |
24 | allow /usr/share/glvnd | 24 | whitelist /usr/share/glvnd |
25 | allow /usr/share/gtk-2.0 | 25 | whitelist /usr/share/gtk-2.0 |
26 | allow /usr/share/gtk-3.0 | 26 | whitelist /usr/share/gtk-3.0 |
27 | allow /usr/share/gtk-engines | 27 | whitelist /usr/share/gtk-engines |
28 | allow /usr/share/gtksourceview-3.0 | 28 | whitelist /usr/share/gtksourceview-3.0 |
29 | allow /usr/share/gtksourceview-4 | 29 | whitelist /usr/share/gtksourceview-4 |
30 | allow /usr/share/hunspell | 30 | whitelist /usr/share/hunspell |
31 | allow /usr/share/hwdata | 31 | whitelist /usr/share/hwdata |
32 | allow /usr/share/icons | 32 | whitelist /usr/share/icons |
33 | allow /usr/share/icu | 33 | whitelist /usr/share/icu |
34 | allow /usr/share/knotifications5 | 34 | whitelist /usr/share/knotifications5 |
35 | allow /usr/share/kservices5 | 35 | whitelist /usr/share/kservices5 |
36 | allow /usr/share/Kvantum | 36 | whitelist /usr/share/Kvantum |
37 | allow /usr/share/kxmlgui5 | 37 | whitelist /usr/share/kxmlgui5 |
38 | allow /usr/share/libdrm | 38 | whitelist /usr/share/libdrm |
39 | allow /usr/share/libthai | 39 | whitelist /usr/share/libthai |
40 | allow /usr/share/locale | 40 | whitelist /usr/share/locale |
41 | allow /usr/share/mime | 41 | whitelist /usr/share/mime |
42 | allow /usr/share/misc | 42 | whitelist /usr/share/misc |
43 | allow /usr/share/Modules | 43 | whitelist /usr/share/Modules |
44 | allow /usr/share/myspell | 44 | whitelist /usr/share/myspell |
45 | allow /usr/share/p11-kit | 45 | whitelist /usr/share/p11-kit |
46 | allow /usr/share/perl | 46 | whitelist /usr/share/perl |
47 | allow /usr/share/perl5 | 47 | whitelist /usr/share/perl5 |
48 | allow /usr/share/pixmaps | 48 | whitelist /usr/share/pixmaps |
49 | allow /usr/share/pki | 49 | whitelist /usr/share/pki |
50 | allow /usr/share/plasma | 50 | whitelist /usr/share/plasma |
51 | allow /usr/share/publicsuffix | 51 | whitelist /usr/share/publicsuffix |
52 | allow /usr/share/qt | 52 | whitelist /usr/share/qt |
53 | allow /usr/share/qt4 | 53 | whitelist /usr/share/qt4 |
54 | allow /usr/share/qt5 | 54 | whitelist /usr/share/qt5 |
55 | allow /usr/share/qt5ct | 55 | whitelist /usr/share/qt5ct |
56 | allow /usr/share/sounds | 56 | whitelist /usr/share/sounds |
57 | allow /usr/share/tcl8.6 | 57 | whitelist /usr/share/tcl8.6 |
58 | allow /usr/share/tcltk | 58 | whitelist /usr/share/tcltk |
59 | allow /usr/share/terminfo | 59 | whitelist /usr/share/terminfo |
60 | allow /usr/share/texlive | 60 | whitelist /usr/share/texlive |
61 | allow /usr/share/texmf | 61 | whitelist /usr/share/texmf |
62 | allow /usr/share/themes | 62 | whitelist /usr/share/themes |
63 | allow /usr/share/thumbnail.so | 63 | whitelist /usr/share/thumbnail.so |
64 | allow /usr/share/uim | 64 | whitelist /usr/share/uim |
65 | allow /usr/share/vulkan | 65 | whitelist /usr/share/vulkan |
66 | allow /usr/share/X11 | 66 | whitelist /usr/share/X11 |
67 | allow /usr/share/xml | 67 | whitelist /usr/share/xml |
68 | allow /usr/share/zenity | 68 | whitelist /usr/share/zenity |
69 | allow /usr/share/zoneinfo | 69 | whitelist /usr/share/zoneinfo |
diff --git a/etc/inc/whitelist-var-common.inc b/etc/inc/whitelist-var-common.inc index c449e8905..d8ba84ad0 100644 --- a/etc/inc/whitelist-var-common.inc +++ b/etc/inc/whitelist-var-common.inc | |||
@@ -4,12 +4,12 @@ include whitelist-var-common.local | |||
4 | 4 | ||
5 | # common /var whitelist for all profiles | 5 | # common /var whitelist for all profiles |
6 | 6 | ||
7 | allow /var/lib/aspell | 7 | whitelist /var/lib/aspell |
8 | allow /var/lib/ca-certificates | 8 | whitelist /var/lib/ca-certificates |
9 | allow /var/lib/dbus | 9 | whitelist /var/lib/dbus |
10 | allow /var/lib/menu-xdg | 10 | whitelist /var/lib/menu-xdg |
11 | allow /var/lib/uim | 11 | whitelist /var/lib/uim |
12 | allow /var/cache/fontconfig | 12 | whitelist /var/cache/fontconfig |
13 | allow /var/tmp | 13 | whitelist /var/tmp |
14 | allow /var/run | 14 | whitelist /var/run |
15 | allow /var/lock | 15 | whitelist /var/lock |
diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile index 6f493fff1..4009853d3 100644 --- a/etc/profile-a-l/0ad.profile +++ b/etc/profile-a-l/0ad.profile | |||
@@ -6,11 +6,11 @@ include 0ad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/0ad | 9 | noblacklist ${HOME}/.cache/0ad |
10 | nodeny ${HOME}/.config/0ad | 10 | noblacklist ${HOME}/.config/0ad |
11 | nodeny ${HOME}/.local/share/0ad | 11 | noblacklist ${HOME}/.local/share/0ad |
12 | 12 | ||
13 | deny /usr/libexec | 13 | blacklist /usr/libexec |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -23,11 +23,11 @@ include disable-xdg.inc | |||
23 | mkdir ${HOME}/.cache/0ad | 23 | mkdir ${HOME}/.cache/0ad |
24 | mkdir ${HOME}/.config/0ad | 24 | mkdir ${HOME}/.config/0ad |
25 | mkdir ${HOME}/.local/share/0ad | 25 | mkdir ${HOME}/.local/share/0ad |
26 | allow ${HOME}/.cache/0ad | 26 | whitelist ${HOME}/.cache/0ad |
27 | allow ${HOME}/.config/0ad | 27 | whitelist ${HOME}/.config/0ad |
28 | allow ${HOME}/.local/share/0ad | 28 | whitelist ${HOME}/.local/share/0ad |
29 | allow /usr/share/0ad | 29 | whitelist /usr/share/0ad |
30 | allow /usr/share/games | 30 | whitelist /usr/share/games |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/2048-qt.profile b/etc/profile-a-l/2048-qt.profile index 3a7b331a7..1d787cba7 100644 --- a/etc/profile-a-l/2048-qt.profile +++ b/etc/profile-a-l/2048-qt.profile | |||
@@ -6,8 +6,8 @@ include 2048-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/2048-qt | 9 | noblacklist ${HOME}/.config/2048-qt |
10 | nodeny ${HOME}/.config/xiaoyong | 10 | noblacklist ${HOME}/.config/xiaoyong |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.config/2048-qt | 19 | mkdir ${HOME}/.config/2048-qt |
20 | mkdir ${HOME}/.config/xiaoyong | 20 | mkdir ${HOME}/.config/xiaoyong |
21 | allow ${HOME}/.config/2048-qt | 21 | whitelist ${HOME}/.config/2048-qt |
22 | allow ${HOME}/.config/xiaoyong | 22 | whitelist ${HOME}/.config/xiaoyong |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-a-l/Cryptocat.profile b/etc/profile-a-l/Cryptocat.profile index def0ec111..1d86b0fbf 100644 --- a/etc/profile-a-l/Cryptocat.profile +++ b/etc/profile-a-l/Cryptocat.profile | |||
@@ -5,7 +5,7 @@ include Cryptocat.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/Cryptocat | 8 | noblacklist ${HOME}/.config/Cryptocat |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/Discord.profile b/etc/profile-a-l/Discord.profile index 1d3ae49ca..3f274b21c 100644 --- a/etc/profile-a-l/Discord.profile +++ b/etc/profile-a-l/Discord.profile | |||
@@ -5,10 +5,10 @@ include Discord.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/discord | 8 | noblacklist ${HOME}/.config/discord |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discord | 10 | mkdir ${HOME}/.config/discord |
11 | allow ${HOME}/.config/discord | 11 | whitelist ${HOME}/.config/discord |
12 | 12 | ||
13 | private-bin Discord | 13 | private-bin Discord |
14 | private-opt Discord | 14 | private-opt Discord |
diff --git a/etc/profile-a-l/DiscordCanary.profile b/etc/profile-a-l/DiscordCanary.profile index 3c85f187b..d24e73ed8 100644 --- a/etc/profile-a-l/DiscordCanary.profile +++ b/etc/profile-a-l/DiscordCanary.profile | |||
@@ -5,10 +5,10 @@ include DiscordCanary.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/discordcanary | 8 | noblacklist ${HOME}/.config/discordcanary |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discordcanary | 10 | mkdir ${HOME}/.config/discordcanary |
11 | allow ${HOME}/.config/discordcanary | 11 | whitelist ${HOME}/.config/discordcanary |
12 | 12 | ||
13 | private-bin DiscordCanary | 13 | private-bin DiscordCanary |
14 | private-opt DiscordCanary | 14 | private-opt DiscordCanary |
diff --git a/etc/profile-a-l/Fritzing.profile b/etc/profile-a-l/Fritzing.profile index 8f746581f..7dc6b5ff0 100644 --- a/etc/profile-a-l/Fritzing.profile +++ b/etc/profile-a-l/Fritzing.profile | |||
@@ -6,8 +6,8 @@ include Fritzing.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Fritzing | 9 | noblacklist ${HOME}/.config/Fritzing |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/JDownloader.profile b/etc/profile-a-l/JDownloader.profile index 9a00c3230..d10b70796 100644 --- a/etc/profile-a-l/JDownloader.profile +++ b/etc/profile-a-l/JDownloader.profile | |||
@@ -5,7 +5,7 @@ include JDownloader.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.jd | 8 | noblacklist ${HOME}/.jd |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
@@ -19,8 +19,8 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.jd | 21 | mkdir ${HOME}/.jd |
22 | allow ${HOME}/.jd | 22 | whitelist ${HOME}/.jd |
23 | allow ${DOWNLOADS} | 23 | whitelist ${DOWNLOADS} |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile index 2a92c7db4..75da9a956 100644 --- a/etc/profile-a-l/abiword.profile +++ b/etc/profile-a-l/abiword.profile | |||
@@ -6,7 +6,7 @@ include abiword.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/abiword | 9 | noblacklist ${HOME}/.config/abiword |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | allow /usr/share/abiword-3.0 | 19 | whitelist /usr/share/abiword-3.0 |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/abrowser.profile b/etc/profile-a-l/abrowser.profile index 70ddcec20..2e6e8f1af 100644 --- a/etc/profile-a-l/abrowser.profile +++ b/etc/profile-a-l/abrowser.profile | |||
@@ -5,13 +5,13 @@ include abrowser.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/mozilla | 8 | noblacklist ${HOME}/.cache/mozilla |
9 | nodeny ${HOME}/.mozilla | 9 | noblacklist ${HOME}/.mozilla |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/mozilla/abrowser | 11 | mkdir ${HOME}/.cache/mozilla/abrowser |
12 | mkdir ${HOME}/.mozilla | 12 | mkdir ${HOME}/.mozilla |
13 | allow ${HOME}/.cache/mozilla/abrowser | 13 | whitelist ${HOME}/.cache/mozilla/abrowser |
14 | allow ${HOME}/.mozilla | 14 | whitelist ${HOME}/.mozilla |
15 | 15 | ||
16 | # private-etc must first be enabled in firefox-common.profile | 16 | # private-etc must first be enabled in firefox-common.profile |
17 | #private-etc abrowser | 17 | #private-etc abrowser |
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile index d32586c5b..34f59769e 100644 --- a/etc/profile-a-l/agetpkg.profile +++ b/etc/profile-a-l/agetpkg.profile | |||
@@ -7,8 +7,8 @@ include agetpkg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER}/wayland-* | 11 | blacklist ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | #include allow-python2.inc | 14 | #include allow-python2.inc |
@@ -23,7 +23,7 @@ include disable-programs.inc | |||
23 | include disable-shell.inc | 23 | include disable-shell.inc |
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | allow ${DOWNLOADS} | 26 | whitelist ${DOWNLOADS} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile index 7b1d1445f..37fdb38b5 100644 --- a/etc/profile-a-l/akonadi_control.profile +++ b/etc/profile-a-l/akonadi_control.profile | |||
@@ -4,22 +4,22 @@ include akonadi_control.local | |||
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include globals.local | 5 | include globals.local |
6 | 6 | ||
7 | nodeny ${HOME}/.cache/akonadi* | 7 | noblacklist ${HOME}/.cache/akonadi* |
8 | nodeny ${HOME}/.config/akonadi* | 8 | noblacklist ${HOME}/.config/akonadi* |
9 | nodeny ${HOME}/.config/baloorc | 9 | noblacklist ${HOME}/.config/baloorc |
10 | nodeny ${HOME}/.config/emaildefaults | 10 | noblacklist ${HOME}/.config/emaildefaults |
11 | nodeny ${HOME}/.config/emailidentities | 11 | noblacklist ${HOME}/.config/emailidentities |
12 | nodeny ${HOME}/.config/kmail2rc | 12 | noblacklist ${HOME}/.config/kmail2rc |
13 | nodeny ${HOME}/.config/mailtransports | 13 | noblacklist ${HOME}/.config/mailtransports |
14 | nodeny ${HOME}/.config/specialmailcollectionsrc | 14 | noblacklist ${HOME}/.config/specialmailcollectionsrc |
15 | nodeny ${HOME}/.local/share/akonadi* | 15 | noblacklist ${HOME}/.local/share/akonadi* |
16 | nodeny ${HOME}/.local/share/apps/korganizer | 16 | noblacklist ${HOME}/.local/share/apps/korganizer |
17 | nodeny ${HOME}/.local/share/contacts | 17 | noblacklist ${HOME}/.local/share/contacts |
18 | nodeny ${HOME}/.local/share/local-mail | 18 | noblacklist ${HOME}/.local/share/local-mail |
19 | nodeny ${HOME}/.local/share/notes | 19 | noblacklist ${HOME}/.local/share/notes |
20 | nodeny /sbin | 20 | noblacklist /sbin |
21 | nodeny /tmp/akonadi-* | 21 | noblacklist /tmp/akonadi-* |
22 | nodeny /usr/sbin | 22 | noblacklist /usr/sbin |
23 | 23 | ||
24 | include disable-common.inc | 24 | include disable-common.inc |
25 | include disable-devel.inc | 25 | include disable-devel.inc |
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile index b2323547c..38fcd2dc1 100644 --- a/etc/profile-a-l/akregator.profile +++ b/etc/profile-a-l/akregator.profile | |||
@@ -6,9 +6,9 @@ include akregator.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/akregatorrc | 9 | noblacklist ${HOME}/.config/akregatorrc |
10 | nodeny ${HOME}/.local/share/akregator | 10 | noblacklist ${HOME}/.local/share/akregator |
11 | nodeny ${HOME}/.local/share/kxmlgui5/akregator | 11 | noblacklist ${HOME}/.local/share/kxmlgui5/akregator |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,10 +21,10 @@ include disable-shell.inc | |||
21 | mkfile ${HOME}/.config/akregatorrc | 21 | mkfile ${HOME}/.config/akregatorrc |
22 | mkdir ${HOME}/.local/share/akregator | 22 | mkdir ${HOME}/.local/share/akregator |
23 | mkdir ${HOME}/.local/share/kxmlgui5/akregator | 23 | mkdir ${HOME}/.local/share/kxmlgui5/akregator |
24 | allow ${HOME}/.config/akregatorrc | 24 | whitelist ${HOME}/.config/akregatorrc |
25 | allow ${HOME}/.local/share/akregator | 25 | whitelist ${HOME}/.local/share/akregator |
26 | allow ${HOME}/.local/share/kssl | 26 | whitelist ${HOME}/.local/share/kssl |
27 | allow ${HOME}/.local/share/kxmlgui5/akregator | 27 | whitelist ${HOME}/.local/share/kxmlgui5/akregator |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile index ca6c8d887..4c6d68020 100644 --- a/etc/profile-a-l/alacarte.profile +++ b/etc/profile-a-l/alacarte.profile | |||
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | # Whitelist your system icon directory,varies by distro | 21 | # Whitelist your system icon directory,varies by distro |
22 | allow /usr/share/alacarte | 22 | whitelist /usr/share/alacarte |
23 | allow /usr/share/app-info | 23 | whitelist /usr/share/app-info |
24 | allow /usr/share/desktop-directories | 24 | whitelist /usr/share/desktop-directories |
25 | allow /usr/share/icons | 25 | whitelist /usr/share/icons |
26 | allow /var/lib/app-info/icons | 26 | whitelist /var/lib/app-info/icons |
27 | allow /var/lib/flatpak/exports/share/applications | 27 | whitelist /var/lib/flatpak/exports/share/applications |
28 | allow /var/lib/flatpak/exports/share/icons | 28 | whitelist /var/lib/flatpak/exports/share/icons |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile index 220c3345d..81ee6bd46 100644 --- a/etc/profile-a-l/alienarena.profile +++ b/etc/profile-a-l/alienarena.profile | |||
@@ -6,7 +6,7 @@ include alienarena.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/cor-games | 9 | noblacklist ${HOME}/.local/share/cor-games |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/cor-games | 20 | mkdir ${HOME}/.local/share/cor-games |
21 | allow ${HOME}/.local/share/cor-games | 21 | whitelist ${HOME}/.local/share/cor-games |
22 | allow /usr/share/alienarena | 22 | whitelist /usr/share/alienarena |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile index 6fa3edfa1..0b5cf0df0 100644 --- a/etc/profile-a-l/alpine.profile +++ b/etc/profile-a-l/alpine.profile | |||
@@ -10,28 +10,28 @@ include globals.local | |||
10 | # Workaround for bug https://github.com/netblue30/firejail/issues/2747 | 10 | # Workaround for bug https://github.com/netblue30/firejail/issues/2747 |
11 | # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)' | 11 | # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)' |
12 | 12 | ||
13 | nodeny /var/mail | 13 | noblacklist /var/mail |
14 | nodeny /var/spool/mail | 14 | noblacklist /var/spool/mail |
15 | nodeny ${DOCUMENTS} | 15 | noblacklist ${DOCUMENTS} |
16 | nodeny ${HOME}/.addressbook | 16 | noblacklist ${HOME}/.addressbook |
17 | nodeny ${HOME}/.alpine-smime | 17 | noblacklist ${HOME}/.alpine-smime |
18 | nodeny ${HOME}/.mailcap | 18 | noblacklist ${HOME}/.mailcap |
19 | nodeny ${HOME}/.mh_profile | 19 | noblacklist ${HOME}/.mh_profile |
20 | nodeny ${HOME}/.mime.types | 20 | noblacklist ${HOME}/.mime.types |
21 | nodeny ${HOME}/.newsrc | 21 | noblacklist ${HOME}/.newsrc |
22 | nodeny ${HOME}/.pine-crash | 22 | noblacklist ${HOME}/.pine-crash |
23 | nodeny ${HOME}/.pine-debug1 | 23 | noblacklist ${HOME}/.pine-debug1 |
24 | nodeny ${HOME}/.pine-debug2 | 24 | noblacklist ${HOME}/.pine-debug2 |
25 | nodeny ${HOME}/.pine-debug3 | 25 | noblacklist ${HOME}/.pine-debug3 |
26 | nodeny ${HOME}/.pine-debug4 | 26 | noblacklist ${HOME}/.pine-debug4 |
27 | nodeny ${HOME}/.pine-interrupted-mail | 27 | noblacklist ${HOME}/.pine-interrupted-mail |
28 | nodeny ${HOME}/.pinerc | 28 | noblacklist ${HOME}/.pinerc |
29 | nodeny ${HOME}/.pinercex | 29 | noblacklist ${HOME}/.pinercex |
30 | nodeny ${HOME}/.signature | 30 | noblacklist ${HOME}/.signature |
31 | nodeny ${HOME}/mail | 31 | noblacklist ${HOME}/mail |
32 | 32 | ||
33 | deny /tmp/.X11-unix | 33 | blacklist /tmp/.X11-unix |
34 | deny ${RUNUSER}/wayland-* | 34 | blacklist ${RUNUSER}/wayland-* |
35 | 35 | ||
36 | include disable-common.inc | 36 | include disable-common.inc |
37 | include disable-devel.inc | 37 | include disable-devel.inc |
@@ -60,8 +60,8 @@ include disable-xdg.inc | |||
60 | #whitelist ${HOME}/.pine-debug4 | 60 | #whitelist ${HOME}/.pine-debug4 |
61 | #whitelist ${HOME}/.signature | 61 | #whitelist ${HOME}/.signature |
62 | #whitelist ${HOME}/mail | 62 | #whitelist ${HOME}/mail |
63 | allow /var/mail | 63 | whitelist /var/mail |
64 | allow /var/spool/mail | 64 | whitelist /var/spool/mail |
65 | #include whitelist-common.inc | 65 | #include whitelist-common.inc |
66 | include whitelist-runuser-common.inc | 66 | include whitelist-runuser-common.inc |
67 | include whitelist-usr-share-common.inc | 67 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile index 03aba36e4..a7caddc4c 100644 --- a/etc/profile-a-l/amarok.profile +++ b/etc/profile-a-l/amarok.profile | |||
@@ -6,7 +6,7 @@ include amarok.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/amule.profile b/etc/profile-a-l/amule.profile index 00039a7e9..e3c4164ee 100644 --- a/etc/profile-a-l/amule.profile +++ b/etc/profile-a-l/amule.profile | |||
@@ -6,7 +6,7 @@ include amule.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.aMule | 9 | noblacklist ${HOME}/.aMule |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.aMule | 18 | mkdir ${HOME}/.aMule |
19 | allow ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | allow ${HOME}/.aMule | 20 | whitelist ${HOME}/.aMule |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile index 5bf6ed773..5a21744cf 100644 --- a/etc/profile-a-l/android-studio.profile +++ b/etc/profile-a-l/android-studio.profile | |||
@@ -5,13 +5,13 @@ include android-studio.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/Google | 8 | noblacklist ${HOME}/.config/Google |
9 | nodeny ${HOME}/.AndroidStudio* | 9 | noblacklist ${HOME}/.AndroidStudio* |
10 | nodeny ${HOME}/.android | 10 | noblacklist ${HOME}/.android |
11 | nodeny ${HOME}/.jack-server | 11 | noblacklist ${HOME}/.jack-server |
12 | nodeny ${HOME}/.jack-settings | 12 | noblacklist ${HOME}/.jack-settings |
13 | nodeny ${HOME}/.local/share/JetBrains | 13 | noblacklist ${HOME}/.local/share/JetBrains |
14 | nodeny ${HOME}/.tooling | 14 | noblacklist ${HOME}/.tooling |
15 | 15 | ||
16 | # Allows files commonly used by IDEs | 16 | # Allows files commonly used by IDEs |
17 | include allow-common-devel.inc | 17 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile index c1aa18ff3..13bb01ce2 100644 --- a/etc/profile-a-l/anki.profile +++ b/etc/profile-a-l/anki.profile | |||
@@ -6,8 +6,8 @@ include anki.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | nodeny ${HOME}/.local/share/Anki2 | 10 | noblacklist ${HOME}/.local/share/Anki2 |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -23,8 +23,8 @@ include disable-shell.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.local/share/Anki2 | 25 | mkdir ${HOME}/.local/share/Anki2 |
26 | allow ${DOCUMENTS} | 26 | whitelist ${DOCUMENTS} |
27 | allow ${HOME}/.local/share/Anki2 | 27 | whitelist ${HOME}/.local/share/Anki2 |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile index cb30ed8da..fdaf10259 100644 --- a/etc/profile-a-l/anydesk.profile +++ b/etc/profile-a-l/anydesk.profile | |||
@@ -5,7 +5,7 @@ include anydesk.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.anydesk | 8 | noblacklist ${HOME}/.anydesk |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.anydesk | 17 | mkdir ${HOME}/.anydesk |
18 | allow ${HOME}/.anydesk | 18 | whitelist ${HOME}/.anydesk |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile index d647a4657..e7b09283e 100644 --- a/etc/profile-a-l/aosp.profile +++ b/etc/profile-a-l/aosp.profile | |||
@@ -5,13 +5,13 @@ include aosp.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.android | 8 | noblacklist ${HOME}/.android |
9 | nodeny ${HOME}/.bash_history | 9 | noblacklist ${HOME}/.bash_history |
10 | nodeny ${HOME}/.jack-server | 10 | noblacklist ${HOME}/.jack-server |
11 | nodeny ${HOME}/.jack-settings | 11 | noblacklist ${HOME}/.jack-settings |
12 | nodeny ${HOME}/.repo_.gitconfig.json | 12 | noblacklist ${HOME}/.repo_.gitconfig.json |
13 | nodeny ${HOME}/.repoconfig | 13 | noblacklist ${HOME}/.repoconfig |
14 | nodeny ${HOME}/.tooling | 14 | noblacklist ${HOME}/.tooling |
15 | 15 | ||
16 | # Allows files commonly used by IDEs | 16 | # Allows files commonly used by IDEs |
17 | include allow-common-devel.inc | 17 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile index 020ae2812..01566314f 100644 --- a/etc/profile-a-l/apostrophe.profile +++ b/etc/profile-a-l/apostrophe.profile | |||
@@ -6,9 +6,9 @@ include apostrophe.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.texlive20* | 9 | noblacklist ${HOME}/.texlive20* |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | nodeny ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | 12 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -31,12 +31,12 @@ include disable-programs.inc | |||
31 | include disable-shell.inc | 31 | include disable-shell.inc |
32 | include disable-xdg.inc | 32 | include disable-xdg.inc |
33 | 33 | ||
34 | allow /usr/libexec/webkit2gtk-4.0 | 34 | whitelist /usr/libexec/webkit2gtk-4.0 |
35 | allow /usr/share/apostrophe | 35 | whitelist /usr/share/apostrophe |
36 | allow /usr/share/texlive | 36 | whitelist /usr/share/texlive |
37 | allow /usr/share/texmf | 37 | whitelist /usr/share/texmf |
38 | allow /usr/share/pandoc-* | 38 | whitelist /usr/share/pandoc-* |
39 | allow /usr/share/perl5 | 39 | whitelist /usr/share/perl5 |
40 | include whitelist-runuser-common.inc | 40 | include whitelist-runuser-common.inc |
41 | include whitelist-usr-share-common.inc | 41 | include whitelist-usr-share-common.inc |
42 | include whitelist-var-common.inc | 42 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile index 8c71dd574..accabb6f5 100644 --- a/etc/profile-a-l/arch-audit.profile +++ b/etc/profile-a-l/arch-audit.profile | |||
@@ -7,7 +7,7 @@ include arch-audit.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny /var/lib/pacman | 10 | noblacklist /var/lib/pacman |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | allow /usr/share/arch-audit | 21 | whitelist /usr/share/arch-audit |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | 23 | ||
24 | apparmor | 24 | apparmor |
diff --git a/etc/profile-a-l/archaudit-report.profile b/etc/profile-a-l/archaudit-report.profile index 0915ede33..19c37f90e 100644 --- a/etc/profile-a-l/archaudit-report.profile +++ b/etc/profile-a-l/archaudit-report.profile | |||
@@ -6,7 +6,7 @@ include archaudit-report.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny /var/lib/pacman | 9 | noblacklist /var/lib/pacman |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile index 5b859ceb1..1fab4606b 100644 --- a/etc/profile-a-l/archiver-common.profile +++ b/etc/profile-a-l/archiver-common.profile | |||
@@ -4,7 +4,7 @@ include archiver-common.local | |||
4 | 4 | ||
5 | # common profile for archiver/compression tools | 5 | # common profile for archiver/compression tools |
6 | 6 | ||
7 | deny ${RUNUSER} | 7 | blacklist ${RUNUSER} |
8 | 8 | ||
9 | # Comment/uncomment the relevant include file(s) in your archiver-common.local | 9 | # Comment/uncomment the relevant include file(s) in your archiver-common.local |
10 | # to (un)restrict file access for **all** archivers. Another option is to do this **per archiver** | 10 | # to (un)restrict file access for **all** archivers. Another option is to do this **per archiver** |
diff --git a/etc/profile-a-l/ardour5.profile b/etc/profile-a-l/ardour5.profile index 960948afc..84b1d6c18 100644 --- a/etc/profile-a-l/ardour5.profile +++ b/etc/profile-a-l/ardour5.profile | |||
@@ -5,12 +5,12 @@ include ardour5.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/ardour4 | 8 | noblacklist ${HOME}/.config/ardour4 |
9 | nodeny ${HOME}/.config/ardour5 | 9 | noblacklist ${HOME}/.config/ardour5 |
10 | nodeny ${HOME}/.lv2 | 10 | noblacklist ${HOME}/.lv2 |
11 | nodeny ${HOME}/.vst | 11 | noblacklist ${HOME}/.vst |
12 | nodeny ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | nodeny ${MUSIC} | 13 | noblacklist ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/arduino.profile b/etc/profile-a-l/arduino.profile index 88f14fbfe..fd1ca9a09 100644 --- a/etc/profile-a-l/arduino.profile +++ b/etc/profile-a-l/arduino.profile | |||
@@ -6,9 +6,9 @@ include arduino.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.arduino15 | 9 | noblacklist ${HOME}/.arduino15 |
10 | nodeny ${HOME}/Arduino | 10 | noblacklist ${HOME}/Arduino |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | # Allow java (blacklisted by disable-devel.inc) | 13 | # Allow java (blacklisted by disable-devel.inc) |
14 | include allow-java.inc | 14 | include allow-java.inc |
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile index be56011f0..22b8ecd65 100644 --- a/etc/profile-a-l/aria2c.profile +++ b/etc/profile-a-l/aria2c.profile | |||
@@ -6,12 +6,12 @@ include aria2c.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.aria2 | 9 | noblacklist ${HOME}/.aria2 |
10 | nodeny ${HOME}/.config/aria2 | 10 | noblacklist ${HOME}/.config/aria2 |
11 | nodeny ${HOME}/.netrc | 11 | noblacklist ${HOME}/.netrc |
12 | 12 | ||
13 | deny /tmp/.X11-unix | 13 | blacklist /tmp/.X11-unix |
14 | deny ${RUNUSER}/wayland-* | 14 | blacklist ${RUNUSER}/wayland-* |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile index 031c57080..a63dd8f5f 100644 --- a/etc/profile-a-l/ark.profile +++ b/etc/profile-a-l/ark.profile | |||
@@ -6,8 +6,8 @@ include ark.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/arkrc | 9 | noblacklist ${HOME}/.config/arkrc |
10 | nodeny ${HOME}/.local/share/kxmlgui5/ark | 10 | noblacklist ${HOME}/.local/share/kxmlgui5/ark |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-interpreters.inc | |||
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | allow /usr/share/ark | 19 | whitelist /usr/share/ark |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile index 9ed8076be..2c8b630ce 100644 --- a/etc/profile-a-l/arm.profile +++ b/etc/profile-a-l/arm.profile | |||
@@ -6,7 +6,7 @@ include arm.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.arm | 9 | noblacklist ${HOME}/.arm |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.arm | 22 | mkdir ${HOME}/.arm |
23 | allow ${HOME}/.arm | 23 | whitelist ${HOME}/.arm |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile index 7cfac4915..fab72b7d3 100644 --- a/etc/profile-a-l/artha.profile +++ b/etc/profile-a-l/artha.profile | |||
@@ -6,12 +6,12 @@ include artha.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/artha.conf | 9 | noblacklist ${HOME}/.config/artha.conf |
10 | nodeny ${HOME}/.config/artha.log | 10 | noblacklist ${HOME}/.config/artha.log |
11 | nodeny ${HOME}/.config/enchant | 11 | noblacklist ${HOME}/.config/enchant |
12 | 12 | ||
13 | deny /tmp/.X11-unix | 13 | blacklist /tmp/.X11-unix |
14 | deny ${RUNUSER}/wayland-* | 14 | blacklist ${RUNUSER}/wayland-* |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -28,8 +28,8 @@ include disable-xdg.inc | |||
28 | #whitelist ${HOME}/.config/artha.conf | 28 | #whitelist ${HOME}/.config/artha.conf |
29 | #whitelist ${HOME}/.config/artha.log | 29 | #whitelist ${HOME}/.config/artha.log |
30 | #whitelist ${HOME}/.config/enchant | 30 | #whitelist ${HOME}/.config/enchant |
31 | allow /usr/share/artha | 31 | whitelist /usr/share/artha |
32 | allow /usr/share/wordnet | 32 | whitelist /usr/share/wordnet |
33 | #include whitelist-common.inc | 33 | #include whitelist-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile index f2251c210..977fe30a4 100644 --- a/etc/profile-a-l/assogiate.profile +++ b/etc/profile-a-l/assogiate.profile | |||
@@ -6,7 +6,7 @@ include assogiate.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | allow ${PICTURES} | 20 | whitelist ${PICTURES} |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/asunder.profile b/etc/profile-a-l/asunder.profile index e65072266..c97fd691a 100644 --- a/etc/profile-a-l/asunder.profile +++ b/etc/profile-a-l/asunder.profile | |||
@@ -6,11 +6,11 @@ include asunder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/asunder | 9 | noblacklist ${HOME}/.config/asunder |
10 | nodeny ${HOME}/.asunder_album_genre | 10 | noblacklist ${HOME}/.asunder_album_genre |
11 | nodeny ${HOME}/.asunder_album_title | 11 | noblacklist ${HOME}/.asunder_album_title |
12 | nodeny ${HOME}/.asunder_album_artist | 12 | noblacklist ${HOME}/.asunder_album_artist |
13 | nodeny ${MUSIC} | 13 | noblacklist ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/atom.profile b/etc/profile-a-l/atom.profile index ea3038537..5f237ac59 100644 --- a/etc/profile-a-l/atom.profile +++ b/etc/profile-a-l/atom.profile | |||
@@ -18,8 +18,8 @@ ignore include whitelist-var-common.inc | |||
18 | ignore apparmor | 18 | ignore apparmor |
19 | ignore disable-mnt | 19 | ignore disable-mnt |
20 | 20 | ||
21 | nodeny ${HOME}/.atom | 21 | noblacklist ${HOME}/.atom |
22 | nodeny ${HOME}/.config/Atom | 22 | noblacklist ${HOME}/.config/Atom |
23 | 23 | ||
24 | # Allows files commonly used by IDEs | 24 | # Allows files commonly used by IDEs |
25 | include allow-common-devel.inc | 25 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile index 8ae8617cf..1c3ed66ff 100644 --- a/etc/profile-a-l/atril.profile +++ b/etc/profile-a-l/atril.profile | |||
@@ -6,9 +6,9 @@ include atril.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/atril | 9 | noblacklist ${HOME}/.cache/atril |
10 | nodeny ${HOME}/.config/atril | 10 | noblacklist ${HOME}/.config/atril |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | #noblacklist ${HOME}/.local/share | 13 | #noblacklist ${HOME}/.local/share |
14 | # it seems to use only ${HOME}/.local/share/webkitgtk | 14 | # it seems to use only ${HOME}/.local/share/webkitgtk |
diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile index 53baf0a2a..f9f209786 100644 --- a/etc/profile-a-l/audacious.profile +++ b/etc/profile-a-l/audacious.profile | |||
@@ -6,9 +6,9 @@ include audacious.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Audaciousrc | 9 | noblacklist ${HOME}/.config/Audaciousrc |
10 | nodeny ${HOME}/.config/audacious | 10 | noblacklist ${HOME}/.config/audacious |
11 | nodeny ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile index c244846e1..a2de8436a 100644 --- a/etc/profile-a-l/audacity.profile +++ b/etc/profile-a-l/audacity.profile | |||
@@ -6,9 +6,9 @@ include audacity.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.audacity-data | 9 | noblacklist ${HOME}/.audacity-data |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | nodeny ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile index 534792cc6..2c7fdc812 100644 --- a/etc/profile-a-l/audio-recorder.profile +++ b/etc/profile-a-l/audio-recorder.profile | |||
@@ -7,7 +7,7 @@ include audio-recorder.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,10 +17,10 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | allow ${MUSIC} | 20 | whitelist ${MUSIC} |
21 | allow ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
22 | allow /usr/share/audio-recorder | 22 | whitelist /usr/share/audio-recorder |
23 | allow /usr/share/gstreamer-1.0 | 23 | whitelist /usr/share/gstreamer-1.0 |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile index 0d6eb6a21..2ebe35dd5 100644 --- a/etc/profile-a-l/authenticator-rs.profile +++ b/etc/profile-a-l/authenticator-rs.profile | |||
@@ -6,7 +6,7 @@ include authenticator-rs.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/authenticator-rs | 9 | noblacklist ${HOME}/.local/share/authenticator-rs |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/authenticator-rs | 20 | mkdir ${HOME}/.local/share/authenticator-rs |
21 | allow ${HOME}/.local/share/authenticator-rs | 21 | whitelist ${HOME}/.local/share/authenticator-rs |
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | allow /usr/share/uk.co.grumlimited.authenticator-rs | 23 | whitelist /usr/share/uk.co.grumlimited.authenticator-rs |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile index 55d967e3e..42d9cd56a 100644 --- a/etc/profile-a-l/authenticator.profile +++ b/etc/profile-a-l/authenticator.profile | |||
@@ -6,8 +6,8 @@ include authenticator.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/Authenticator | 9 | noblacklist ${HOME}/.cache/Authenticator |
10 | nodeny ${HOME}/.config/Authenticator | 10 | noblacklist ${HOME}/.config/Authenticator |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | #include allow-python2.inc | 13 | #include allow-python2.inc |
diff --git a/etc/profile-a-l/autokey-common.profile b/etc/profile-a-l/autokey-common.profile index a5b3b22f6..891928e5a 100644 --- a/etc/profile-a-l/autokey-common.profile +++ b/etc/profile-a-l/autokey-common.profile | |||
@@ -7,8 +7,8 @@ include autokey-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.config/autokey | 10 | noblacklist ${HOME}/.config/autokey |
11 | nodeny ${HOME}/.local/share/autokey | 11 | noblacklist ${HOME}/.local/share/autokey |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-a-l/avidemux.profile b/etc/profile-a-l/avidemux.profile index 0feb05d75..7f9d0f6e7 100644 --- a/etc/profile-a-l/avidemux.profile +++ b/etc/profile-a-l/avidemux.profile | |||
@@ -5,9 +5,9 @@ include avidemux.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.avidemux6 | 8 | noblacklist ${HOME}/.avidemux6 |
9 | nodeny ${HOME}/.config/avidemux3_qt5rc | 9 | noblacklist ${HOME}/.config/avidemux3_qt5rc |
10 | nodeny ${VIDEOS} | 10 | noblacklist ${VIDEOS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,9 +20,10 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.avidemux6 | 21 | mkdir ${HOME}/.avidemux6 |
22 | mkdir ${HOME}/.config/avidemux3_qt5rc | 22 | mkdir ${HOME}/.config/avidemux3_qt5rc |
23 | allow ${HOME}/.avidemux6 | 23 | whitelist ${HOME}/.avidemux6 |
24 | allow ${HOME}/.config/avidemux3_qt5rc | 24 | whitelist ${HOME}/.config/avidemux3_qt5rc |
25 | allow ${VIDEOS} | 25 | whitelist ${VIDEOS} |
26 | |||
26 | include whitelist-common.inc | 27 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile index abe9fdb24..a57ad4014 100644 --- a/etc/profile-a-l/aweather.profile +++ b/etc/profile-a-l/aweather.profile | |||
@@ -6,7 +6,7 @@ include aweather.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/aweather | 9 | noblacklist ${HOME}/.config/aweather |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/aweather | 18 | mkdir ${HOME}/.config/aweather |
19 | allow ${HOME}/.config/aweather | 19 | whitelist ${HOME}/.config/aweather |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile index 58f4f5e96..5d1bf5071 100644 --- a/etc/profile-a-l/awesome.profile +++ b/etc/profile-a-l/awesome.profile | |||
@@ -7,7 +7,7 @@ include awesome.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in awesome will run in this profile | 9 | # all applications started in awesome will run in this profile |
10 | nodeny ${HOME}/.config/awesome | 10 | noblacklist ${HOME}/.config/awesome |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile index 46bb0b44e..3952921a3 100644 --- a/etc/profile-a-l/ballbuster.profile +++ b/etc/profile-a-l/ballbuster.profile | |||
@@ -6,7 +6,7 @@ include ballbuster.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.ballbuster.hs | 9 | noblacklist ${HOME}/.ballbuster.hs |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/.ballbuster.hs | 20 | mkfile ${HOME}/.ballbuster.hs |
21 | allow ${HOME}/.ballbuster.hs | 21 | whitelist ${HOME}/.ballbuster.hs |
22 | allow /usr/share/ballbuster | 22 | whitelist /usr/share/ballbuster |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile index 2b10883f7..fe86d9b80 100644 --- a/etc/profile-a-l/baloo_file.profile +++ b/etc/profile-a-l/baloo_file.profile | |||
@@ -12,12 +12,12 @@ include globals.local | |||
12 | # read-write ${HOME}/.local/share/baloo | 12 | # read-write ${HOME}/.local/share/baloo |
13 | # ignore read-write | 13 | # ignore read-write |
14 | 14 | ||
15 | nodeny ${HOME}/.config/baloofilerc | 15 | noblacklist ${HOME}/.config/baloofilerc |
16 | nodeny ${HOME}/.kde/share/config/baloofilerc | 16 | noblacklist ${HOME}/.kde/share/config/baloofilerc |
17 | nodeny ${HOME}/.kde/share/config/baloorc | 17 | noblacklist ${HOME}/.kde/share/config/baloorc |
18 | nodeny ${HOME}/.kde4/share/config/baloofilerc | 18 | noblacklist ${HOME}/.kde4/share/config/baloofilerc |
19 | nodeny ${HOME}/.kde4/share/config/baloorc | 19 | noblacklist ${HOME}/.kde4/share/config/baloorc |
20 | nodeny ${HOME}/.local/share/baloo | 20 | noblacklist ${HOME}/.local/share/baloo |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile index 1e74443aa..8c69652c5 100644 --- a/etc/profile-a-l/balsa.profile +++ b/etc/profile-a-l/balsa.profile | |||
@@ -6,13 +6,13 @@ include balsa.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.balsa | 9 | noblacklist ${HOME}/.balsa |
10 | nodeny ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | nodeny ${HOME}/.mozilla | 11 | noblacklist ${HOME}/.mozilla |
12 | nodeny ${HOME}/.signature | 12 | noblacklist ${HOME}/.signature |
13 | nodeny ${HOME}/mail | 13 | noblacklist ${HOME}/mail |
14 | nodeny /var/mail | 14 | noblacklist /var/mail |
15 | nodeny /var/spool/mail | 15 | noblacklist /var/spool/mail |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -27,17 +27,17 @@ mkdir ${HOME}/.balsa | |||
27 | mkdir ${HOME}/.gnupg | 27 | mkdir ${HOME}/.gnupg |
28 | mkfile ${HOME}/.signature | 28 | mkfile ${HOME}/.signature |
29 | mkdir ${HOME}/mail | 29 | mkdir ${HOME}/mail |
30 | allow ${HOME}/.balsa | 30 | whitelist ${HOME}/.balsa |
31 | allow ${HOME}/.gnupg | 31 | whitelist ${HOME}/.gnupg |
32 | allow ${HOME}/.mozilla/firefox/profiles.ini | 32 | whitelist ${HOME}/.mozilla/firefox/profiles.ini |
33 | allow ${HOME}/.signature | 33 | whitelist ${HOME}/.signature |
34 | allow ${HOME}/mail | 34 | whitelist ${HOME}/mail |
35 | allow ${RUNUSER}/gnupg | 35 | whitelist ${RUNUSER}/gnupg |
36 | allow /usr/share/balsa | 36 | whitelist /usr/share/balsa |
37 | allow /usr/share/gnupg | 37 | whitelist /usr/share/gnupg |
38 | allow /usr/share/gnupg2 | 38 | whitelist /usr/share/gnupg2 |
39 | allow /var/mail | 39 | whitelist /var/mail |
40 | allow /var/spool/mail | 40 | whitelist /var/spool/mail |
41 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-runuser-common.inc | 42 | include whitelist-runuser-common.inc |
43 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/barrier.profile b/etc/profile-a-l/barrier.profile index fcea9b3ba..7b50e9199 100644 --- a/etc/profile-a-l/barrier.profile +++ b/etc/profile-a-l/barrier.profile | |||
@@ -6,9 +6,9 @@ include barrier.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Debauchee/Barrier.conf | 9 | noblacklist ${HOME}/.config/Debauchee/Barrier.conf |
10 | nodeny ${HOME}/.local/share/barrier | 10 | noblacklist ${HOME}/.local/share/barrier |
11 | nodeny ${PATH}/openssl | 11 | noblacklist ${PATH}/openssl |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile index 547c67fc8..8dc3847a0 100644 --- a/etc/profile-a-l/basilisk.profile +++ b/etc/profile-a-l/basilisk.profile | |||
@@ -5,13 +5,13 @@ include basilisk.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/moonchild productions/basilisk | 8 | noblacklist ${HOME}/.cache/moonchild productions/basilisk |
9 | nodeny ${HOME}/.moonchild productions/basilisk | 9 | noblacklist ${HOME}/.moonchild productions/basilisk |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/moonchild productions/basilisk | 11 | mkdir ${HOME}/.cache/moonchild productions/basilisk |
12 | mkdir ${HOME}/.moonchild productions | 12 | mkdir ${HOME}/.moonchild productions |
13 | allow ${HOME}/.cache/moonchild productions/basilisk | 13 | whitelist ${HOME}/.cache/moonchild productions/basilisk |
14 | allow ${HOME}/.moonchild productions | 14 | whitelist ${HOME}/.moonchild productions |
15 | 15 | ||
16 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) | 16 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) |
17 | seccomp | 17 | seccomp |
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile index a1d2b1e73..3ecaea7fe 100644 --- a/etc/profile-a-l/bcompare.profile +++ b/etc/profile-a-l/bcompare.profile | |||
@@ -7,10 +7,10 @@ include bcompare.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.config/bcompare | 10 | noblacklist ${HOME}/.config/bcompare |
11 | # In case the user decides to include disable-programs.inc, still allow | 11 | # In case the user decides to include disable-programs.inc, still allow |
12 | # KDE's Gwenview to view images via right click -> Open With -> Associated Application | 12 | # KDE's Gwenview to view images via right click -> Open With -> Associated Application |
13 | nodeny ${HOME}/.config/gwenviewrc | 13 | noblacklist ${HOME}/.config/gwenviewrc |
14 | 14 | ||
15 | # Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc. | 15 | # Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc. |
16 | #include disable-common.inc | 16 | #include disable-common.inc |
diff --git a/etc/profile-a-l/beaker.profile b/etc/profile-a-l/beaker.profile index 588f460a8..f3a9568bd 100644 --- a/etc/profile-a-l/beaker.profile +++ b/etc/profile-a-l/beaker.profile | |||
@@ -19,10 +19,10 @@ ignore private-cache | |||
19 | ignore private-dev | 19 | ignore private-dev |
20 | ignore private-tmp | 20 | ignore private-tmp |
21 | 21 | ||
22 | nodeny ${HOME}/.config/Beaker Browser | 22 | noblacklist ${HOME}/.config/Beaker Browser |
23 | 23 | ||
24 | mkdir ${HOME}/.config/Beaker Browser | 24 | mkdir ${HOME}/.config/Beaker Browser |
25 | allow ${HOME}/.config/Beaker Browser | 25 | whitelist ${HOME}/.config/Beaker Browser |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include electron.profile | 28 | include electron.profile |
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile index 717d7258d..c7a82afbd 100644 --- a/etc/profile-a-l/bibletime.profile +++ b/etc/profile-a-l/bibletime.profile | |||
@@ -6,11 +6,11 @@ include bibletime.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.bibletime | 9 | noblacklist ${HOME}/.bibletime |
10 | nodeny ${HOME}/.sword | 10 | noblacklist ${HOME}/.sword |
11 | nodeny ${HOME}/.local/share/bibletime | 11 | noblacklist ${HOME}/.local/share/bibletime |
12 | 12 | ||
13 | deny ${HOME}/.bashrc | 13 | blacklist ${HOME}/.bashrc |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,12 +22,12 @@ include disable-programs.inc | |||
22 | mkdir ${HOME}/.bibletime | 22 | mkdir ${HOME}/.bibletime |
23 | mkdir ${HOME}/.sword | 23 | mkdir ${HOME}/.sword |
24 | mkdir ${HOME}/.local/share/bibletime | 24 | mkdir ${HOME}/.local/share/bibletime |
25 | allow ${HOME}/.bibletime | 25 | whitelist ${HOME}/.bibletime |
26 | allow ${HOME}/.sword | 26 | whitelist ${HOME}/.sword |
27 | allow ${HOME}/.local/share/bibletime | 27 | whitelist ${HOME}/.local/share/bibletime |
28 | allow /usr/share/bibletime | 28 | whitelist /usr/share/bibletime |
29 | allow /usr/share/doc/bibletime | 29 | whitelist /usr/share/doc/bibletime |
30 | allow /usr/share/sword | 30 | whitelist /usr/share/sword |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile index b02fcc3e0..854fe5cb9 100644 --- a/etc/profile-a-l/bijiben.profile +++ b/etc/profile-a-l/bijiben.profile | |||
@@ -6,7 +6,7 @@ include bijiben.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/bijiben | 9 | noblacklist ${HOME}/.local/share/bijiben |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,12 +18,12 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/bijiben | 20 | mkdir ${HOME}/.local/share/bijiben |
21 | allow ${HOME}/.local/share/bijiben | 21 | whitelist ${HOME}/.local/share/bijiben |
22 | allow ${HOME}/.cache/tracker | 22 | whitelist ${HOME}/.cache/tracker |
23 | allow /usr/libexec/webkit2gtk-4.0 | 23 | whitelist /usr/libexec/webkit2gtk-4.0 |
24 | allow /usr/share/bijiben | 24 | whitelist /usr/share/bijiben |
25 | allow /usr/share/tracker | 25 | whitelist /usr/share/tracker |
26 | allow /usr/share/tracker3 | 26 | whitelist /usr/share/tracker3 |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile index c4ec0f820..932db9b73 100644 --- a/etc/profile-a-l/bitcoin-qt.profile +++ b/etc/profile-a-l/bitcoin-qt.profile | |||
@@ -6,8 +6,8 @@ include bitcoin-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.bitcoin | 9 | noblacklist ${HOME}/.bitcoin |
10 | nodeny ${HOME}/.config/Bitcoin | 10 | noblacklist ${HOME}/.config/Bitcoin |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-shell.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.bitcoin | 20 | mkdir ${HOME}/.bitcoin |
21 | mkdir ${HOME}/.config/Bitcoin | 21 | mkdir ${HOME}/.config/Bitcoin |
22 | allow ${HOME}/.bitcoin | 22 | whitelist ${HOME}/.bitcoin |
23 | allow ${HOME}/.config/Bitcoin | 23 | whitelist ${HOME}/.config/Bitcoin |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/bitlbee.profile b/etc/profile-a-l/bitlbee.profile index 0f000b26b..dd7651979 100644 --- a/etc/profile-a-l/bitlbee.profile +++ b/etc/profile-a-l/bitlbee.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | nodeny /sbin | 11 | noblacklist /sbin |
12 | nodeny /usr/sbin | 12 | noblacklist /usr/sbin |
13 | # noblacklist /var/log | 13 | # noblacklist /var/log |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile index 4b292d72a..ba2eb2ea7 100644 --- a/etc/profile-a-l/bitwarden.profile +++ b/etc/profile-a-l/bitwarden.profile | |||
@@ -11,12 +11,12 @@ ignore include whitelist-usr-share-common.inc | |||
11 | 11 | ||
12 | ignore noexec /tmp | 12 | ignore noexec /tmp |
13 | 13 | ||
14 | nodeny ${HOME}/.config/Bitwarden | 14 | noblacklist ${HOME}/.config/Bitwarden |
15 | 15 | ||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/Bitwarden | 18 | mkdir ${HOME}/.config/Bitwarden |
19 | allow ${HOME}/.config/Bitwarden | 19 | whitelist ${HOME}/.config/Bitwarden |
20 | 20 | ||
21 | machine-id | 21 | machine-id |
22 | no3d | 22 | no3d |
diff --git a/etc/profile-a-l/blackbox.profile b/etc/profile-a-l/blackbox.profile index 616ad6801..233f9a96f 100644 --- a/etc/profile-a-l/blackbox.profile +++ b/etc/profile-a-l/blackbox.profile | |||
@@ -7,7 +7,7 @@ include blackbox.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in blackbox will run in this profile | 9 | # all applications started in blackbox will run in this profile |
10 | nodeny ${HOME}/.blackbox | 10 | noblacklist ${HOME}/.blackbox |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/blender.profile b/etc/profile-a-l/blender.profile index 8d0b5616f..701ae431e 100644 --- a/etc/profile-a-l/blender.profile +++ b/etc/profile-a-l/blender.profile | |||
@@ -6,7 +6,7 @@ include blender.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/blender | 9 | noblacklist ${HOME}/.config/blender |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | # Allow usage of AMD GPU by OpenCL | 22 | # Allow usage of AMD GPU by OpenCL |
23 | nodeny /sys/module | 23 | noblacklist /sys/module |
24 | allow /sys/module/amdgpu | 24 | whitelist /sys/module/amdgpu |
25 | read-only /sys/module/amdgpu | 25 | read-only /sys/module/amdgpu |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile index ca5f96eee..80dc750f7 100644 --- a/etc/profile-a-l/bless.profile +++ b/etc/profile-a-l/bless.profile | |||
@@ -6,7 +6,7 @@ include bless.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/bless | 9 | noblacklist ${HOME}/.config/bless |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile index ee2a73b54..229c20293 100644 --- a/etc/profile-a-l/blobby.profile +++ b/etc/profile-a-l/blobby.profile | |||
@@ -4,7 +4,7 @@ include blobby.local | |||
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include globals.local | 5 | include globals.local |
6 | 6 | ||
7 | nodeny ${HOME}/.blobby | 7 | noblacklist ${HOME}/.blobby |
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
10 | include disable-devel.inc | 10 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-shell.inc | |||
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.blobby | 18 | mkdir ${HOME}/.blobby |
19 | allow ${HOME}/.blobby | 19 | whitelist ${HOME}/.blobby |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | allow /usr/share/blobby | 21 | whitelist /usr/share/blobby |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile index e0be5261e..904710cb5 100644 --- a/etc/profile-a-l/blobwars.profile +++ b/etc/profile-a-l/blobwars.profile | |||
@@ -6,7 +6,7 @@ include blobwars.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.parallelrealities/blobwars | 9 | noblacklist ${HOME}/.parallelrealities/blobwars |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.parallelrealities/blobwars | 20 | mkdir ${HOME}/.parallelrealities/blobwars |
21 | allow ${HOME}/.parallelrealities/blobwars | 21 | whitelist ${HOME}/.parallelrealities/blobwars |
22 | allow /usr/share/blobwars | 22 | whitelist /usr/share/blobwars |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/bnox.profile b/etc/profile-a-l/bnox.profile index dcfd5d8d2..6e8f0d7d1 100644 --- a/etc/profile-a-l/bnox.profile +++ b/etc/profile-a-l/bnox.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/bnox | 13 | noblacklist ${HOME}/.cache/bnox |
14 | nodeny ${HOME}/.config/bnox | 14 | noblacklist ${HOME}/.config/bnox |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/bnox | 16 | mkdir ${HOME}/.cache/bnox |
17 | mkdir ${HOME}/.config/bnox | 17 | mkdir ${HOME}/.config/bnox |
18 | allow ${HOME}/.cache/bnox | 18 | whitelist ${HOME}/.cache/bnox |
19 | allow ${HOME}/.config/bnox | 19 | whitelist ${HOME}/.config/bnox |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/brackets.profile b/etc/profile-a-l/brackets.profile index a14bb8fef..0cbac049a 100644 --- a/etc/profile-a-l/brackets.profile +++ b/etc/profile-a-l/brackets.profile | |||
@@ -5,7 +5,7 @@ include brackets.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/Brackets | 8 | noblacklist ${HOME}/.config/Brackets |
9 | #noblacklist /opt/brackets | 9 | #noblacklist /opt/brackets |
10 | #noblacklist /opt/google | 10 | #noblacklist /opt/google |
11 | 11 | ||
diff --git a/etc/profile-a-l/brasero.profile b/etc/profile-a-l/brasero.profile index a78882409..417a6b3e0 100644 --- a/etc/profile-a-l/brasero.profile +++ b/etc/profile-a-l/brasero.profile | |||
@@ -6,7 +6,7 @@ include brasero.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/brasero | 9 | noblacklist ${HOME}/.config/brasero |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile index bc2d7a6a1..09548c761 100644 --- a/etc/profile-a-l/brave.profile +++ b/etc/profile-a-l/brave.profile | |||
@@ -14,24 +14,24 @@ ignore noexec /tmp | |||
14 | # Alternatively you can add 'ignore apparmor' to your brave.local. | 14 | # Alternatively you can add 'ignore apparmor' to your brave.local. |
15 | ignore noexec ${HOME} | 15 | ignore noexec ${HOME} |
16 | 16 | ||
17 | nodeny ${HOME}/.cache/BraveSoftware | 17 | noblacklist ${HOME}/.cache/BraveSoftware |
18 | nodeny ${HOME}/.config/BraveSoftware | 18 | noblacklist ${HOME}/.config/BraveSoftware |
19 | nodeny ${HOME}/.config/brave | 19 | noblacklist ${HOME}/.config/brave |
20 | nodeny ${HOME}/.config/brave-flags.conf | 20 | noblacklist ${HOME}/.config/brave-flags.conf |
21 | # brave uses gpg for built-in password manager | 21 | # brave uses gpg for built-in password manager |
22 | nodeny ${HOME}/.gnupg | 22 | noblacklist ${HOME}/.gnupg |
23 | 23 | ||
24 | mkdir ${HOME}/.cache/BraveSoftware | 24 | mkdir ${HOME}/.cache/BraveSoftware |
25 | mkdir ${HOME}/.config/BraveSoftware | 25 | mkdir ${HOME}/.config/BraveSoftware |
26 | mkdir ${HOME}/.config/brave | 26 | mkdir ${HOME}/.config/brave |
27 | allow ${HOME}/.cache/BraveSoftware | 27 | whitelist ${HOME}/.cache/BraveSoftware |
28 | allow ${HOME}/.config/BraveSoftware | 28 | whitelist ${HOME}/.config/BraveSoftware |
29 | allow ${HOME}/.config/brave | 29 | whitelist ${HOME}/.config/brave |
30 | allow ${HOME}/.config/brave-flags.conf | 30 | whitelist ${HOME}/.config/brave-flags.conf |
31 | allow ${HOME}/.gnupg | 31 | whitelist ${HOME}/.gnupg |
32 | 32 | ||
33 | # Brave sandbox needs read access to /proc/config.gz | 33 | # Brave sandbox needs read access to /proc/config.gz |
34 | nodeny /proc/config.gz | 34 | noblacklist /proc/config.gz |
35 | 35 | ||
36 | # Redirect | 36 | # Redirect |
37 | include chromium-common.profile | 37 | include chromium-common.profile |
diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile index 62ca041c2..bda96bbb3 100644 --- a/etc/profile-a-l/bzflag.profile +++ b/etc/profile-a-l/bzflag.profile | |||
@@ -6,7 +6,7 @@ include bzflag.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.bzf | 9 | noblacklist ${HOME}/.bzf |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.bzf | 20 | mkdir ${HOME}/.bzf |
21 | allow ${HOME}/.bzf | 21 | whitelist ${HOME}/.bzf |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/calibre.profile b/etc/profile-a-l/calibre.profile index 99706620c..83571397b 100644 --- a/etc/profile-a-l/calibre.profile +++ b/etc/profile-a-l/calibre.profile | |||
@@ -6,9 +6,9 @@ include calibre.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/calibre | 9 | noblacklist ${HOME}/.cache/calibre |
10 | nodeny ${HOME}/.config/calibre | 10 | noblacklist ${HOME}/.config/calibre |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile index 36ecc06a0..fcff47662 100644 --- a/etc/profile-a-l/calligra.profile +++ b/etc/profile-a-l/calligra.profile | |||
@@ -6,7 +6,7 @@ include calligra.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kxmlgui5/calligra | 9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligra |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/calligragemini.profile b/etc/profile-a-l/calligragemini.profile index 76123c96a..006c307ab 100644 --- a/etc/profile-a-l/calligragemini.profile +++ b/etc/profile-a-l/calligragemini.profile | |||
@@ -6,7 +6,7 @@ include calligragemini.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/calligragemini | 9 | noblacklist ${HOME}/.local/share/calligragemini |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligraplan.profile b/etc/profile-a-l/calligraplan.profile index 5fb1e16da..81dbd4dcd 100644 --- a/etc/profile-a-l/calligraplan.profile +++ b/etc/profile-a-l/calligraplan.profile | |||
@@ -6,7 +6,7 @@ include calligraplan.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kxmlgui5/calligraplan | 9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligraplan |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligraplanwork.profile b/etc/profile-a-l/calligraplanwork.profile index c176bfea1..bba91b66b 100644 --- a/etc/profile-a-l/calligraplanwork.profile +++ b/etc/profile-a-l/calligraplanwork.profile | |||
@@ -6,7 +6,7 @@ include calligraplanwork.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kxmlgui5/calligraplanwork | 9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligraplanwork |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligrasheets.profile b/etc/profile-a-l/calligrasheets.profile index b7ac68945..7bc296047 100644 --- a/etc/profile-a-l/calligrasheets.profile +++ b/etc/profile-a-l/calligrasheets.profile | |||
@@ -6,7 +6,7 @@ include calligrasheets.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kxmlgui5/calligrasheets | 9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligrasheets |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligrastage.profile b/etc/profile-a-l/calligrastage.profile index 1258fec56..7694abbe4 100644 --- a/etc/profile-a-l/calligrastage.profile +++ b/etc/profile-a-l/calligrastage.profile | |||
@@ -6,7 +6,7 @@ include calligrastage.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kxmlgui5/calligrastage | 9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligrastage |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligrawords.profile b/etc/profile-a-l/calligrawords.profile index c2b6c8041..d69d56a95 100644 --- a/etc/profile-a-l/calligrawords.profile +++ b/etc/profile-a-l/calligrawords.profile | |||
@@ -6,7 +6,7 @@ include calligrawords.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kxmlgui5/calligrawords | 9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligrawords |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile index 390ae383c..74c7cc34b 100644 --- a/etc/profile-a-l/cameramonitor.profile +++ b/etc/profile-a-l/cameramonitor.profile | |||
@@ -20,7 +20,7 @@ include disable-programs.inc | |||
20 | include disable-shell.inc | 20 | include disable-shell.inc |
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | allow /usr/share/cameramonitor | 23 | whitelist /usr/share/cameramonitor |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile index 77bdc09e0..96f88a7c4 100644 --- a/etc/profile-a-l/cantata.profile +++ b/etc/profile-a-l/cantata.profile | |||
@@ -6,10 +6,10 @@ include cantata.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/cantata | 9 | noblacklist ${HOME}/.cache/cantata |
10 | nodeny ${HOME}/.config/cantata | 10 | noblacklist ${HOME}/.config/cantata |
11 | nodeny ${HOME}/.local/share/cantata | 11 | noblacklist ${HOME}/.local/share/cantata |
12 | nodeny ${MUSIC} | 12 | noblacklist ${MUSIC} |
13 | 13 | ||
14 | # Allow perl (blacklisted by disable-interpreters.inc) | 14 | # Allow perl (blacklisted by disable-interpreters.inc) |
15 | include allow-perl.inc | 15 | include allow-perl.inc |
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile index 9c53af84f..7cf04c550 100644 --- a/etc/profile-a-l/cargo.profile +++ b/etc/profile-a-l/cargo.profile | |||
@@ -10,11 +10,11 @@ include globals.local | |||
10 | ignore noexec ${HOME} | 10 | ignore noexec ${HOME} |
11 | ignore noexec /tmp | 11 | ignore noexec /tmp |
12 | 12 | ||
13 | deny /tmp/.X11-unix | 13 | blacklist /tmp/.X11-unix |
14 | deny ${RUNUSER} | 14 | blacklist ${RUNUSER} |
15 | 15 | ||
16 | nodeny ${HOME}/.cargo/credentials | 16 | noblacklist ${HOME}/.cargo/credentials |
17 | nodeny ${HOME}/.cargo/credentials.toml | 17 | noblacklist ${HOME}/.cargo/credentials.toml |
18 | 18 | ||
19 | # Allows files commonly used by IDEs | 19 | # Allows files commonly used by IDEs |
20 | include allow-common-devel.inc | 20 | include allow-common-devel.inc |
@@ -34,7 +34,7 @@ include disable-xdg.inc | |||
34 | #whitelist ${HOME}/.cargo | 34 | #whitelist ${HOME}/.cargo |
35 | #whitelist ${HOME}/.rustup | 35 | #whitelist ${HOME}/.rustup |
36 | #include whitelist-common.inc | 36 | #include whitelist-common.inc |
37 | allow /usr/share/pkgconfig | 37 | whitelist /usr/share/pkgconfig |
38 | include whitelist-runuser-common.inc | 38 | include whitelist-runuser-common.inc |
39 | include whitelist-usr-share-common.inc | 39 | include whitelist-usr-share-common.inc |
40 | include whitelist-var-common.inc | 40 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/catfish.profile b/etc/profile-a-l/catfish.profile index 4ea53ea6b..009d3a049 100644 --- a/etc/profile-a-l/catfish.profile +++ b/etc/profile-a-l/catfish.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | # We can't blacklist much since catfish | 9 | # We can't blacklist much since catfish |
10 | # is for finding files/content | 10 | # is for finding files/content |
11 | 11 | ||
12 | nodeny ${HOME}/.config/catfish | 12 | noblacklist ${HOME}/.config/catfish |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
@@ -21,7 +21,7 @@ include disable-interpreters.inc | |||
21 | include disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | # include disable-programs.inc | 22 | # include disable-programs.inc |
23 | 23 | ||
24 | allow /var/lib/mlocate | 24 | whitelist /var/lib/mlocate |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
27 | apparmor | 27 | apparmor |
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile index d7aee1902..6e137010c 100644 --- a/etc/profile-a-l/cawbird.profile +++ b/etc/profile-a-l/cawbird.profile | |||
@@ -6,7 +6,7 @@ include cawbird.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/cawbird | 9 | noblacklist ${HOME}/.config/cawbird |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile index d6f4306ba..1c539cc93 100644 --- a/etc/profile-a-l/celluloid.profile +++ b/etc/profile-a-l/celluloid.profile | |||
@@ -6,9 +6,9 @@ include celluloid.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/celluloid | 9 | noblacklist ${HOME}/.config/celluloid |
10 | nodeny ${HOME}/.config/gnome-mpv | 10 | noblacklist ${HOME}/.config/gnome-mpv |
11 | nodeny ${HOME}/.config/youtube-dl | 11 | noblacklist ${HOME}/.config/youtube-dl |
12 | 12 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -17,7 +17,7 @@ include allow-lua.inc | |||
17 | include allow-python2.inc | 17 | include allow-python2.inc |
18 | include allow-python3.inc | 18 | include allow-python3.inc |
19 | 19 | ||
20 | deny /usr/libexec | 20 | blacklist /usr/libexec |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
@@ -30,9 +30,9 @@ read-only ${DESKTOP} | |||
30 | mkdir ${HOME}/.config/celluloid | 30 | mkdir ${HOME}/.config/celluloid |
31 | mkdir ${HOME}/.config/gnome-mpv | 31 | mkdir ${HOME}/.config/gnome-mpv |
32 | mkdir ${HOME}/.config/youtube-dl | 32 | mkdir ${HOME}/.config/youtube-dl |
33 | allow ${HOME}/.config/celluloid | 33 | whitelist ${HOME}/.config/celluloid |
34 | allow ${HOME}/.config/gnome-mpv | 34 | whitelist ${HOME}/.config/gnome-mpv |
35 | allow ${HOME}/.config/youtube-dl | 35 | whitelist ${HOME}/.config/youtube-dl |
36 | include whitelist-common.inc | 36 | include whitelist-common.inc |
37 | include whitelist-player-common.inc | 37 | include whitelist-player-common.inc |
38 | include whitelist-runuser-common.inc | 38 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile index 0f61084e0..24939fc70 100644 --- a/etc/profile-a-l/checkbashisms.profile +++ b/etc/profile-a-l/checkbashisms.profile | |||
@@ -7,9 +7,9 @@ include checkbashisms.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | nodeny ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | 13 | ||
14 | # Allow perl (blacklisted by disable-interpreters.inc) | 14 | # Allow perl (blacklisted by disable-interpreters.inc) |
15 | include allow-perl.inc | 15 | include allow-perl.inc |
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile index bde3e1311..aca1f5876 100644 --- a/etc/profile-a-l/cheese.profile +++ b/etc/profile-a-l/cheese.profile | |||
@@ -6,8 +6,8 @@ include cheese.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${VIDEOS} | 9 | noblacklist ${VIDEOS} |
10 | nodeny ${PICTURES} | 10 | noblacklist ${PICTURES} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | allow ${VIDEOS} | 20 | whitelist ${VIDEOS} |
21 | allow ${PICTURES} | 21 | whitelist ${PICTURES} |
22 | allow /usr/share/gnome-video-effects | 22 | whitelist /usr/share/gnome-video-effects |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/cherrytree.profile b/etc/profile-a-l/cherrytree.profile index d5dedd81d..7621b3c8c 100644 --- a/etc/profile-a-l/cherrytree.profile +++ b/etc/profile-a-l/cherrytree.profile | |||
@@ -6,8 +6,8 @@ include cherrytree.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/cherrytree | 9 | noblacklist ${HOME}/.config/cherrytree |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/chromium-browser-privacy.profile b/etc/profile-a-l/chromium-browser-privacy.profile index 64c45772a..8803a4d9d 100644 --- a/etc/profile-a-l/chromium-browser-privacy.profile +++ b/etc/profile-a-l/chromium-browser-privacy.profile | |||
@@ -3,15 +3,15 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include chromium-browser-privacy.local | 4 | include chromium-browser-privacy.local |
5 | 5 | ||
6 | nodeny ${HOME}/.cache/ungoogled-chromium | 6 | noblacklist ${HOME}/.cache/ungoogled-chromium |
7 | nodeny ${HOME}/.config/ungoogled-chromium | 7 | noblacklist ${HOME}/.config/ungoogled-chromium |
8 | 8 | ||
9 | deny /usr/libexec | 9 | blacklist /usr/libexec |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/ungoogled-chromium | 11 | mkdir ${HOME}/.cache/ungoogled-chromium |
12 | mkdir ${HOME}/.config/ungoogled-chromium | 12 | mkdir ${HOME}/.config/ungoogled-chromium |
13 | allow ${HOME}/.cache/ungoogled-chromium | 13 | whitelist ${HOME}/.cache/ungoogled-chromium |
14 | allow ${HOME}/.config/ungoogled-chromium | 14 | whitelist ${HOME}/.config/ungoogled-chromium |
15 | 15 | ||
16 | # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings | 16 | # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings |
17 | 17 | ||
diff --git a/etc/profile-a-l/chromium-common-hardened.inc.profile b/etc/profile-a-l/chromium-common-hardened.inc.profile index 87a0a0994..19addd285 100644 --- a/etc/profile-a-l/chromium-common-hardened.inc.profile +++ b/etc/profile-a-l/chromium-common-hardened.inc.profile | |||
@@ -6,5 +6,4 @@ caps.drop all | |||
6 | nonewprivs | 6 | nonewprivs |
7 | noroot | 7 | noroot |
8 | protocol unix,inet,inet6,netlink | 8 | protocol unix,inet,inet6,netlink |
9 | # kcmp is required for ozone-platform=wayland, see #3783. | 9 | seccomp !chroot |
10 | seccomp !chroot,!kcmp | ||
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile index dbeb715d4..b0e0254d4 100644 --- a/etc/profile-a-l/chromium-common.profile +++ b/etc/profile-a-l/chromium-common.profile | |||
@@ -9,8 +9,8 @@ include chromium-common.local | |||
9 | # noexec ${HOME} breaks DRM binaries. | 9 | # noexec ${HOME} breaks DRM binaries. |
10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
11 | 11 | ||
12 | nodeny ${HOME}/.pki | 12 | noblacklist ${HOME}/.pki |
13 | nodeny ${HOME}/.local/share/pki | 13 | noblacklist ${HOME}/.local/share/pki |
14 | 14 | ||
15 | # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser | 15 | # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser |
16 | # to have access to Gnome extensions (extensions.gnome.org) via browser connector | 16 | # to have access to Gnome extensions (extensions.gnome.org) via browser connector |
@@ -26,9 +26,9 @@ include disable-xdg.inc | |||
26 | 26 | ||
27 | mkdir ${HOME}/.pki | 27 | mkdir ${HOME}/.pki |
28 | mkdir ${HOME}/.local/share/pki | 28 | mkdir ${HOME}/.local/share/pki |
29 | allow ${DOWNLOADS} | 29 | whitelist ${DOWNLOADS} |
30 | allow ${HOME}/.pki | 30 | whitelist ${HOME}/.pki |
31 | allow ${HOME}/.local/share/pki | 31 | whitelist ${HOME}/.local/share/pki |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/chromium.profile b/etc/profile-a-l/chromium.profile index ea92e90a8..9ac33aa1c 100644 --- a/etc/profile-a-l/chromium.profile +++ b/etc/profile-a-l/chromium.profile | |||
@@ -6,17 +6,17 @@ include chromium.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/chromium | 9 | noblacklist ${HOME}/.cache/chromium |
10 | nodeny ${HOME}/.config/chromium | 10 | noblacklist ${HOME}/.config/chromium |
11 | nodeny ${HOME}/.config/chromium-flags.conf | 11 | noblacklist ${HOME}/.config/chromium-flags.conf |
12 | 12 | ||
13 | mkdir ${HOME}/.cache/chromium | 13 | mkdir ${HOME}/.cache/chromium |
14 | mkdir ${HOME}/.config/chromium | 14 | mkdir ${HOME}/.config/chromium |
15 | allow ${HOME}/.cache/chromium | 15 | whitelist ${HOME}/.cache/chromium |
16 | allow ${HOME}/.config/chromium | 16 | whitelist ${HOME}/.config/chromium |
17 | allow ${HOME}/.config/chromium-flags.conf | 17 | whitelist ${HOME}/.config/chromium-flags.conf |
18 | allow /usr/share/chromium | 18 | whitelist /usr/share/chromium |
19 | allow /usr/share/mozilla/extensions | 19 | whitelist /usr/share/mozilla/extensions |
20 | 20 | ||
21 | # private-bin chromium,chromium-browser,chromedriver | 21 | # private-bin chromium,chromium-browser,chromedriver |
22 | 22 | ||
diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile index c967e1c96..e1f9523c4 100644 --- a/etc/profile-a-l/cin.profile +++ b/etc/profile-a-l/cin.profile | |||
@@ -5,7 +5,7 @@ include cin.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.bcast5 | 8 | noblacklist ${HOME}/.bcast5 |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/clamav.profile b/etc/profile-a-l/clamav.profile index 0efbcd4f2..e403c2c41 100644 --- a/etc/profile-a-l/clamav.profile +++ b/etc/profile-a-l/clamav.profile | |||
@@ -7,7 +7,7 @@ include clamav.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-exec.inc | 12 | include disable-exec.inc |
13 | 13 | ||
diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile index 3e4e1f2a1..691657fa0 100644 --- a/etc/profile-a-l/claws-mail.profile +++ b/etc/profile-a-l/claws-mail.profile | |||
@@ -6,17 +6,17 @@ include claws-mail.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.claws-mail | 9 | noblacklist ${HOME}/.claws-mail |
10 | 10 | ||
11 | mkdir ${HOME}/.claws-mail | 11 | mkdir ${HOME}/.claws-mail |
12 | allow ${HOME}/.claws-mail | 12 | whitelist ${HOME}/.claws-mail |
13 | 13 | ||
14 | # Add the below lines to your claws-mail.local if you use python-based plugins. | 14 | # Add the below lines to your claws-mail.local if you use python-based plugins. |
15 | # Allow python (blacklisted by disable-interpreters.inc) | 15 | # Allow python (blacklisted by disable-interpreters.inc) |
16 | #include allow-python2.inc | 16 | #include allow-python2.inc |
17 | #include allow-python3.inc | 17 | #include allow-python3.inc |
18 | 18 | ||
19 | allow /usr/share/doc/claws-mail | 19 | whitelist /usr/share/doc/claws-mail |
20 | 20 | ||
21 | # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2 | 21 | # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2 |
22 | 22 | ||
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile index ee64391d9..9b62a1f73 100644 --- a/etc/profile-a-l/clawsker.profile +++ b/etc/profile-a-l/clawsker.profile | |||
@@ -6,7 +6,7 @@ include clawsker.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.claws-mail | 9 | noblacklist ${HOME}/.claws-mail |
10 | 10 | ||
11 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
12 | include allow-perl.inc | 12 | include allow-perl.inc |
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.claws-mail | 21 | mkdir ${HOME}/.claws-mail |
22 | allow ${HOME}/.claws-mail | 22 | whitelist ${HOME}/.claws-mail |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile index f9c0006f9..fa33795c1 100644 --- a/etc/profile-a-l/clementine.profile +++ b/etc/profile-a-l/clementine.profile | |||
@@ -6,9 +6,9 @@ include clementine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/Clementine | 9 | noblacklist ${HOME}/.cache/Clementine |
10 | nodeny ${HOME}/.config/Clementine | 10 | noblacklist ${HOME}/.config/Clementine |
11 | nodeny ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile index 5c5399069..77952358f 100644 --- a/etc/profile-a-l/clion.profile +++ b/etc/profile-a-l/clion.profile | |||
@@ -5,16 +5,16 @@ include clion.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/JetBrains/CLion* | 8 | noblacklist ${HOME}/.config/JetBrains/CLion* |
9 | nodeny ${HOME}/.cache/JetBrains/CLion* | 9 | noblacklist ${HOME}/.cache/JetBrains/CLion* |
10 | nodeny ${HOME}/.clion* | 10 | noblacklist ${HOME}/.clion* |
11 | nodeny ${HOME}/.CLion* | 11 | noblacklist ${HOME}/.CLion* |
12 | nodeny ${HOME}/.config/git | 12 | noblacklist ${HOME}/.config/git |
13 | nodeny ${HOME}/.gitconfig | 13 | noblacklist ${HOME}/.gitconfig |
14 | nodeny ${HOME}/.git-credentials | 14 | noblacklist ${HOME}/.git-credentials |
15 | nodeny ${HOME}/.java | 15 | noblacklist ${HOME}/.java |
16 | nodeny ${HOME}/.local/share/JetBrains | 16 | noblacklist ${HOME}/.local/share/JetBrains |
17 | nodeny ${HOME}/.tooling | 17 | noblacklist ${HOME}/.tooling |
18 | 18 | ||
19 | # Allow ssh (blacklisted by disable-common.inc) | 19 | # Allow ssh (blacklisted by disable-common.inc) |
20 | include allow-ssh.inc | 20 | include allow-ssh.inc |
diff --git a/etc/profile-a-l/clipgrab.profile b/etc/profile-a-l/clipgrab.profile index 89f8d96f0..c8258da07 100644 --- a/etc/profile-a-l/clipgrab.profile +++ b/etc/profile-a-l/clipgrab.profile | |||
@@ -6,9 +6,9 @@ include clipgrab.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Philipp Schmieder | 9 | noblacklist ${HOME}/.config/Philipp Schmieder |
10 | nodeny ${HOME}/.pki | 10 | noblacklist ${HOME}/.pki |
11 | nodeny ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile index 4a2a5171b..d421903a3 100644 --- a/etc/profile-a-l/clipit.profile +++ b/etc/profile-a-l/clipit.profile | |||
@@ -6,8 +6,8 @@ include clipit.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/clipit | 9 | noblacklist ${HOME}/.config/clipit |
10 | nodeny ${HOME}/.local/share/clipit | 10 | noblacklist ${HOME}/.local/share/clipit |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.config/clipit | 20 | mkdir ${HOME}/.config/clipit |
21 | mkdir ${HOME}/.local/share/clipit | 21 | mkdir ${HOME}/.local/share/clipit |
22 | allow ${HOME}/.config/clipit | 22 | whitelist ${HOME}/.config/clipit |
23 | allow ${HOME}/.local/share/clipit | 23 | whitelist ${HOME}/.local/share/clipit |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/cliqz.profile b/etc/profile-a-l/cliqz.profile index 22c6ef882..d0b8cc0ef 100644 --- a/etc/profile-a-l/cliqz.profile +++ b/etc/profile-a-l/cliqz.profile | |||
@@ -5,16 +5,16 @@ include cliqz.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/cliqz | 8 | noblacklist ${HOME}/.cache/cliqz |
9 | nodeny ${HOME}/.cliqz | 9 | noblacklist ${HOME}/.cliqz |
10 | nodeny ${HOME}/.config/cliqz | 10 | noblacklist ${HOME}/.config/cliqz |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/cliqz | 12 | mkdir ${HOME}/.cache/cliqz |
13 | mkdir ${HOME}/.cliqz | 13 | mkdir ${HOME}/.cliqz |
14 | mkdir ${HOME}/.config/cliqz | 14 | mkdir ${HOME}/.config/cliqz |
15 | allow ${HOME}/.cache/cliqz | 15 | whitelist ${HOME}/.cache/cliqz |
16 | allow ${HOME}/.cliqz | 16 | whitelist ${HOME}/.cliqz |
17 | allow ${HOME}/.config/cliqz | 17 | whitelist ${HOME}/.config/cliqz |
18 | 18 | ||
19 | # private-etc must first be enabled in firefox-common.profile | 19 | # private-etc must first be enabled in firefox-common.profile |
20 | #private-etc cliqz | 20 | #private-etc cliqz |
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile index 51e53209f..bcd557787 100644 --- a/etc/profile-a-l/cmus.profile +++ b/etc/profile-a-l/cmus.profile | |||
@@ -6,8 +6,8 @@ include cmus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/cmus | 9 | noblacklist ${HOME}/.config/cmus |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/code.profile b/etc/profile-a-l/code.profile index 1933c66fa..fdf94ec41 100644 --- a/etc/profile-a-l/code.profile +++ b/etc/profile-a-l/code.profile | |||
@@ -5,39 +5,36 @@ include code.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/Code | 8 | # Disabled until someone reported positive feedback |
9 | nodeny ${HOME}/.config/Code - OSS | 9 | ignore include disable-devel.inc |
10 | nodeny ${HOME}/.vscode | 10 | ignore include disable-exec.inc |
11 | nodeny ${HOME}/.vscode-oss | 11 | ignore include disable-interpreters.inc |
12 | ignore include disable-xdg.inc | ||
13 | ignore whitelist ${DOWNLOADS} | ||
14 | ignore include whitelist-common.inc | ||
15 | ignore include whitelist-runuser-common.inc | ||
16 | ignore include whitelist-usr-share-common.inc | ||
17 | ignore include whitelist-var-common.inc | ||
18 | ignore apparmor | ||
19 | ignore disable-mnt | ||
20 | ignore dbus-user none | ||
21 | ignore dbus-system none | ||
22 | |||
23 | noblacklist ${HOME}/.config/Code | ||
24 | noblacklist ${HOME}/.config/Code - OSS | ||
25 | noblacklist ${HOME}/.vscode | ||
26 | noblacklist ${HOME}/.vscode-oss | ||
12 | 27 | ||
13 | # Allows files commonly used by IDEs | 28 | # Allows files commonly used by IDEs |
14 | include allow-common-devel.inc | 29 | include allow-common-devel.inc |
15 | 30 | ||
16 | include disable-common.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | |||
20 | caps.drop all | ||
21 | netfilter | ||
22 | nodvd | ||
23 | nogroups | ||
24 | noinput | ||
25 | nonewprivs | ||
26 | noroot | ||
27 | nosound | 31 | nosound |
28 | notv | ||
29 | nou2f | ||
30 | novideo | ||
31 | protocol unix,inet,inet6,netlink | ||
32 | seccomp | ||
33 | shell none | ||
34 | |||
35 | private-cache | ||
36 | private-dev | ||
37 | private-tmp | ||
38 | 32 | ||
39 | # Disabling noexec ${HOME} for now since it will | 33 | # Disabling noexec ${HOME} for now since it will |
40 | # probably interfere with running some programmes | 34 | # probably interfere with running some programmes |
41 | # in VS Code | 35 | # in VS Code |
42 | # noexec ${HOME} | 36 | # noexec ${HOME} |
43 | noexec /tmp | 37 | noexec /tmp |
38 | |||
39 | # Redirect | ||
40 | include electron.profile | ||
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile index efa7f516c..bd6d8f5b0 100644 --- a/etc/profile-a-l/colorful.profile +++ b/etc/profile-a-l/colorful.profile | |||
@@ -6,7 +6,7 @@ include colorful.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.suve/colorful | 9 | noblacklist ${HOME}/.suve/colorful |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.suve/colorful | 20 | mkdir ${HOME}/.suve/colorful |
21 | allow ${HOME}/.suve/colorful | 21 | whitelist ${HOME}/.suve/colorful |
22 | allow /usr/share/suve | 22 | whitelist /usr/share/suve |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile index 34b662959..c8bdfec23 100644 --- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile +++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile | |||
@@ -6,7 +6,7 @@ include com.github.bleakgrey.tootle.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/com.github.bleakgrey.tootle | 9 | noblacklist ${HOME}/.config/com.github.bleakgrey.tootle |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/com.github.bleakgrey.tootle | 20 | mkdir ${HOME}/.config/com.github.bleakgrey.tootle |
21 | allow ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
22 | allow ${HOME}/.config/com.github.bleakgrey.tootle | 22 | whitelist ${HOME}/.config/com.github.bleakgrey.tootle |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile index 4e26e4925..b467a0f7a 100644 --- a/etc/profile-a-l/com.github.dahenson.agenda.profile +++ b/etc/profile-a-l/com.github.dahenson.agenda.profile | |||
@@ -6,9 +6,9 @@ include com.github.dahenson.agenda.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/agenda | 9 | noblacklist ${HOME}/.cache/agenda |
10 | nodeny ${HOME}/.config/agenda | 10 | noblacklist ${HOME}/.config/agenda |
11 | nodeny ${HOME}/.local/share/agenda | 11 | noblacklist ${HOME}/.local/share/agenda |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,9 +22,9 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.cache/agenda | 22 | mkdir ${HOME}/.cache/agenda |
23 | mkdir ${HOME}/.config/agenda | 23 | mkdir ${HOME}/.config/agenda |
24 | mkdir ${HOME}/.local/share/agenda | 24 | mkdir ${HOME}/.local/share/agenda |
25 | allow ${HOME}/.cache/agenda | 25 | whitelist ${HOME}/.cache/agenda |
26 | allow ${HOME}/.config/agenda | 26 | whitelist ${HOME}/.config/agenda |
27 | allow ${HOME}/.local/share/agenda | 27 | whitelist ${HOME}/.local/share/agenda |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile index bbfc1fe41..c13f9618b 100644 --- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile +++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile | |||
@@ -6,9 +6,9 @@ include foliate.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | nodeny ${HOME}/.cache/com.github.johnfactotum.Foliate | 10 | noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate |
11 | nodeny ${HOME}/.local/share/com.github.johnfactotum.Foliate | 11 | noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate |
12 | 12 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | 13 | # Allow gjs (blacklisted by disable-interpreters.inc) |
14 | include allow-gjs.inc | 14 | include allow-gjs.inc |
@@ -24,12 +24,12 @@ include disable-xdg.inc | |||
24 | 24 | ||
25 | mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate | 25 | mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate |
26 | mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate | 26 | mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate |
27 | allow ${HOME}/.cache/com.github.johnfactotum.Foliate | 27 | whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate |
28 | allow ${HOME}/.local/share/com.github.johnfactotum.Foliate | 28 | whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate |
29 | allow ${DOCUMENTS} | 29 | whitelist ${DOCUMENTS} |
30 | allow ${DOWNLOADS} | 30 | whitelist ${DOWNLOADS} |
31 | allow /usr/share/com.github.johnfactotum.Foliate | 31 | whitelist /usr/share/com.github.johnfactotum.Foliate |
32 | allow /usr/share/hyphen | 32 | whitelist /usr/share/hyphen |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile index 3e9acc6c8..d0402d188 100644 --- a/etc/profile-a-l/com.github.phase1geo.minder.profile +++ b/etc/profile-a-l/com.github.phase1geo.minder.profile | |||
@@ -6,9 +6,9 @@ include com.github.phase1geo.minder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/minder | 9 | noblacklist ${HOME}/.local/share/minder |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | nodeny ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,10 +20,10 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.local/share/minder | 22 | mkdir ${HOME}/.local/share/minder |
23 | allow ${HOME}/.local/share/minder | 23 | whitelist ${HOME}/.local/share/minder |
24 | allow ${DOCUMENTS} | 24 | whitelist ${DOCUMENTS} |
25 | allow ${DOWNLOADS} | 25 | whitelist ${DOWNLOADS} |
26 | allow ${PICTURES} | 26 | whitelist ${PICTURES} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/conkeror.profile b/etc/profile-a-l/conkeror.profile index 6cc9ec551..38edf0d21 100644 --- a/etc/profile-a-l/conkeror.profile +++ b/etc/profile-a-l/conkeror.profile | |||
@@ -5,23 +5,23 @@ include conkeror.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.conkeror.mozdev.org | 8 | noblacklist ${HOME}/.conkeror.mozdev.org |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-programs.inc | 11 | include disable-programs.inc |
12 | 12 | ||
13 | mkdir ${HOME}/.conkeror.mozdev.org | 13 | mkdir ${HOME}/.conkeror.mozdev.org |
14 | mkfile ${HOME}/.conkerorrc | 14 | mkfile ${HOME}/.conkerorrc |
15 | allow ${HOME}/.conkeror.mozdev.org | 15 | whitelist ${HOME}/.conkeror.mozdev.org |
16 | allow ${HOME}/.conkerorrc | 16 | whitelist ${HOME}/.conkerorrc |
17 | allow ${HOME}/.lastpass | 17 | whitelist ${HOME}/.lastpass |
18 | allow ${HOME}/.pentadactyl | 18 | whitelist ${HOME}/.pentadactyl |
19 | allow ${HOME}/.pentadactylrc | 19 | whitelist ${HOME}/.pentadactylrc |
20 | allow ${HOME}/.vimperator | 20 | whitelist ${HOME}/.vimperator |
21 | allow ${HOME}/.vimperatorrc | 21 | whitelist ${HOME}/.vimperatorrc |
22 | allow ${HOME}/.zotero | 22 | whitelist ${HOME}/.zotero |
23 | allow ${HOME}/dwhelper | 23 | whitelist ${HOME}/dwhelper |
24 | allow ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-a-l/conky.profile b/etc/profile-a-l/conky.profile index 1b3fe6651..eaa18739d 100644 --- a/etc/profile-a-l/conky.profile +++ b/etc/profile-a-l/conky.profile | |||
@@ -6,7 +6,7 @@ include conky.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | 10 | ||
11 | # Allow lua (blacklisted by disable-interpreters.inc) | 11 | # Allow lua (blacklisted by disable-interpreters.inc) |
12 | include allow-lua.inc | 12 | include allow-lua.inc |
diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile index 266c404ee..2fb446e2a 100644 --- a/etc/profile-a-l/corebird.profile +++ b/etc/profile-a-l/corebird.profile | |||
@@ -6,7 +6,7 @@ include corebird.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/corebird | 9 | noblacklist ${HOME}/.config/corebird |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile index 0a1353e40..1635995dc 100644 --- a/etc/profile-a-l/cower.profile +++ b/etc/profile-a-l/cower.profile | |||
@@ -7,8 +7,8 @@ include cower.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.config/cower | 10 | noblacklist ${HOME}/.config/cower |
11 | nodeny /var/lib/pacman | 11 | noblacklist /var/lib/pacman |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile index 5e48c8022..7ece35c2b 100644 --- a/etc/profile-a-l/coyim.profile +++ b/etc/profile-a-l/coyim.profile | |||
@@ -6,7 +6,7 @@ include coyim.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/coyim | 9 | noblacklist ${HOME}/.config/coyim |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/coyim | 20 | mkdir ${HOME}/.config/coyim |
21 | allow ${HOME}/.config/coyim | 21 | whitelist ${HOME}/.config/coyim |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/cpio.profile b/etc/profile-a-l/cpio.profile index dec8c086b..bdc4f21a6 100644 --- a/etc/profile-a-l/cpio.profile +++ b/etc/profile-a-l/cpio.profile | |||
@@ -7,8 +7,8 @@ include cpio.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny /sbin | 10 | noblacklist /sbin |
11 | nodeny /usr/sbin | 11 | noblacklist /usr/sbin |
12 | 12 | ||
13 | # Redirect | 13 | # Redirect |
14 | include archiver-common.profile | 14 | include archiver-common.profile |
diff --git a/etc/profile-a-l/crawl.profile b/etc/profile-a-l/crawl.profile index 81292c01c..b10216895 100644 --- a/etc/profile-a-l/crawl.profile +++ b/etc/profile-a-l/crawl.profile | |||
@@ -6,7 +6,7 @@ include crawl-tiles.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.crawl | 9 | noblacklist ${HOME}/.crawl |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.crawl | 19 | mkdir ${HOME}/.crawl |
20 | allow ${HOME}/.crawl | 20 | whitelist ${HOME}/.crawl |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile index 36bd93778..02b15ecc2 100644 --- a/etc/profile-a-l/crow.profile +++ b/etc/profile-a-l/crow.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | mkdir ${HOME}/.config/crow | 9 | mkdir ${HOME}/.config/crow |
10 | mkdir ${HOME}/.cache/gstreamer-1.0 | 10 | mkdir ${HOME}/.cache/gstreamer-1.0 |
11 | allow ${HOME}/.config/crow | 11 | whitelist ${HOME}/.config/crow |
12 | allow ${HOME}/.cache/gstreamer-1.0 | 12 | whitelist ${HOME}/.cache/gstreamer-1.0 |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile index 4950b7a4c..c9867c5d7 100644 --- a/etc/profile-a-l/curl.profile +++ b/etc/profile-a-l/curl.profile | |||
@@ -12,11 +12,11 @@ include globals.local | |||
12 | # Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts. | 12 | # Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts. |
13 | # If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local | 13 | # If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local |
14 | # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact. | 14 | # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact. |
15 | nodeny ${HOME}/.curl-hsts | 15 | noblacklist ${HOME}/.curl-hsts |
16 | nodeny ${HOME}/.curlrc | 16 | noblacklist ${HOME}/.curlrc |
17 | 17 | ||
18 | deny /tmp/.X11-unix | 18 | blacklist /tmp/.X11-unix |
19 | deny ${RUNUSER} | 19 | blacklist ${RUNUSER} |
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-exec.inc | 22 | include disable-exec.inc |
diff --git a/etc/profile-a-l/cyberfox.profile b/etc/profile-a-l/cyberfox.profile index 49f972e4a..d1fff0004 100644 --- a/etc/profile-a-l/cyberfox.profile +++ b/etc/profile-a-l/cyberfox.profile | |||
@@ -5,13 +5,13 @@ include cyberfox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.8pecxstudios | 8 | noblacklist ${HOME}/.8pecxstudios |
9 | nodeny ${HOME}/.cache/8pecxstudios | 9 | noblacklist ${HOME}/.cache/8pecxstudios |
10 | 10 | ||
11 | mkdir ${HOME}/.8pecxstudios | 11 | mkdir ${HOME}/.8pecxstudios |
12 | mkdir ${HOME}/.cache/8pecxstudios | 12 | mkdir ${HOME}/.cache/8pecxstudios |
13 | allow ${HOME}/.8pecxstudios | 13 | whitelist ${HOME}/.8pecxstudios |
14 | allow ${HOME}/.cache/8pecxstudios | 14 | whitelist ${HOME}/.cache/8pecxstudios |
15 | 15 | ||
16 | # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which | 16 | # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which |
17 | # private-etc must first be enabled in firefox-common.profile | 17 | # private-etc must first be enabled in firefox-common.profile |
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile index c7ce1730a..ba1e7adad 100644 --- a/etc/profile-a-l/d-feet.profile +++ b/etc/profile-a-l/d-feet.profile | |||
@@ -6,7 +6,7 @@ include d-feet.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/d-feet | 9 | noblacklist ${HOME}/.config/d-feet |
10 | 10 | ||
11 | # Allow python (disabled by disable-interpreters.inc) | 11 | # Allow python (disabled by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,8 +22,8 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.config/d-feet | 24 | mkdir ${HOME}/.config/d-feet |
25 | allow ${HOME}/.config/d-feet | 25 | whitelist ${HOME}/.config/d-feet |
26 | allow /usr/share/d-feet | 26 | whitelist /usr/share/d-feet |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/darktable.profile b/etc/profile-a-l/darktable.profile index 4d51c255e..61fa52928 100644 --- a/etc/profile-a-l/darktable.profile +++ b/etc/profile-a-l/darktable.profile | |||
@@ -6,9 +6,9 @@ include darktable.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/darktable | 9 | noblacklist ${HOME}/.cache/darktable |
10 | nodeny ${HOME}/.config/darktable | 10 | noblacklist ${HOME}/.config/darktable |
11 | nodeny ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile index 745042d6f..67a61bb60 100644 --- a/etc/profile-a-l/dbus-send.profile +++ b/etc/profile-a-l/dbus-send.profile | |||
@@ -7,8 +7,8 @@ include dbus-send.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER}/wayland-* | 11 | blacklist ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile index c1231c6cf..0c221850a 100644 --- a/etc/profile-a-l/dconf-editor.profile +++ b/etc/profile-a-l/dconf-editor.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow ${HOME}/.local/share/glib-2.0 | 18 | whitelist ${HOME}/.local/share/glib-2.0 |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile index b9d385adf..be7514cbf 100644 --- a/etc/profile-a-l/dconf.profile +++ b/etc/profile-a-l/dconf.profile | |||
@@ -6,7 +6,7 @@ include dconf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | allow ${HOME}/.local/share/glib-2.0 | 19 | whitelist ${HOME}/.local/share/glib-2.0 |
20 | # dconf paths are whitelisted by the following | 20 | # dconf paths are whitelisted by the following |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile index 09fa7a07a..5b95b74be 100644 --- a/etc/profile-a-l/ddgtk.profile +++ b/etc/profile-a-l/ddgtk.profile | |||
@@ -18,8 +18,8 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | allow ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
22 | allow /usr/share/ddgtk | 22 | whitelist /usr/share/ddgtk |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/deadbeef.profile b/etc/profile-a-l/deadbeef.profile index 25fa944a1..a221ebbd7 100644 --- a/etc/profile-a-l/deadbeef.profile +++ b/etc/profile-a-l/deadbeef.profile | |||
@@ -6,8 +6,8 @@ include deadbeef.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/deadbeef | 9 | noblacklist ${HOME}/.config/deadbeef |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile index d41a4a023..ad7aa6ed5 100644 --- a/etc/profile-a-l/deluge.profile +++ b/etc/profile-a-l/deluge.profile | |||
@@ -6,7 +6,7 @@ include deluge.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/deluge | 9 | noblacklist ${HOME}/.config/deluge |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.config/deluge | 22 | mkdir ${HOME}/.config/deluge |
23 | allow ${DOWNLOADS} | 23 | whitelist ${DOWNLOADS} |
24 | allow ${HOME}/.config/deluge | 24 | whitelist ${HOME}/.config/deluge |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/desktopeditors.profile b/etc/profile-a-l/desktopeditors.profile index aed4355d5..212cdab60 100644 --- a/etc/profile-a-l/desktopeditors.profile +++ b/etc/profile-a-l/desktopeditors.profile | |||
@@ -6,9 +6,9 @@ include desktopeditors.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/onlyoffice | 9 | noblacklist ${HOME}/.config/onlyoffice |
10 | nodeny ${HOME}/.local/share/onlyoffice | 10 | noblacklist ${HOME}/.local/share/onlyoffice |
11 | nodeny ${HOME}/.pki | 11 | noblacklist ${HOME}/.pki |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile index dc0f290fb..5007f8e74 100644 --- a/etc/profile-a-l/devhelp.profile +++ b/etc/profile-a-l/devhelp.profile | |||
@@ -16,9 +16,9 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | allow /usr/share/devhelp | 19 | whitelist /usr/share/devhelp |
20 | allow /usr/share/doc | 20 | whitelist /usr/share/doc |
21 | allow /usr/share/gtk-doc/html | 21 | whitelist /usr/share/gtk-doc/html |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile index 631f15f93..6267b5709 100644 --- a/etc/profile-a-l/devilspie.profile +++ b/etc/profile-a-l/devilspie.profile | |||
@@ -6,9 +6,9 @@ include devilspie.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | nodeny ${HOME}/.devilspie | 11 | noblacklist ${HOME}/.devilspie |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.devilspie | 21 | mkdir ${HOME}/.devilspie |
22 | allow ${HOME}/.devilspie | 22 | whitelist ${HOME}/.devilspie |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/devilspie2.profile b/etc/profile-a-l/devilspie2.profile index 140c9da0f..9eab3f536 100644 --- a/etc/profile-a-l/devilspie2.profile +++ b/etc/profile-a-l/devilspie2.profile | |||
@@ -6,17 +6,17 @@ include devilspie2.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | deny ${HOME}/.devilspie | 9 | blacklist ${HOME}/.devilspie |
10 | 10 | ||
11 | deny ${RUNUSER}/wayland-* | 11 | blacklist ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | nodeny ${HOME}/.config/devilspie2 | 13 | noblacklist ${HOME}/.config/devilspie2 |
14 | 14 | ||
15 | # Allow lua (blacklisted by disable-interpreters.inc) | 15 | # Allow lua (blacklisted by disable-interpreters.inc) |
16 | include allow-lua.inc | 16 | include allow-lua.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/devilspie2 | 18 | mkdir ${HOME}/.config/devilspie2 |
19 | allow ${HOME}/.config/devilspie2 | 19 | whitelist ${HOME}/.config/devilspie2 |
20 | 20 | ||
21 | private-bin devilspie2 | 21 | private-bin devilspie2 |
22 | 22 | ||
diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile index 2a808238b..531734b7d 100644 --- a/etc/profile-a-l/dia.profile +++ b/etc/profile-a-l/dia.profile | |||
@@ -6,8 +6,8 @@ include dia.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.dia | 9 | noblacklist ${HOME}/.dia |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -25,7 +25,7 @@ include disable-xdg.inc | |||
25 | #whitelist ${HOME}/.dia | 25 | #whitelist ${HOME}/.dia |
26 | #whitelist ${DOCUMENTS} | 26 | #whitelist ${DOCUMENTS} |
27 | #include whitelist-common.inc | 27 | #include whitelist-common.inc |
28 | allow /usr/share/dia | 28 | whitelist /usr/share/dia |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile index 2d683b811..247159a8a 100644 --- a/etc/profile-a-l/dig.profile +++ b/etc/profile-a-l/dig.profile | |||
@@ -7,11 +7,11 @@ include dig.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.digrc | 10 | noblacklist ${HOME}/.digrc |
11 | nodeny ${PATH}/dig | 11 | noblacklist ${PATH}/dig |
12 | 12 | ||
13 | deny /tmp/.X11-unix | 13 | blacklist /tmp/.X11-unix |
14 | deny ${RUNUSER} | 14 | blacklist ${RUNUSER} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | # include disable-devel.inc | 17 | # include disable-devel.inc |
@@ -22,7 +22,7 @@ include disable-programs.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | #mkfile ${HOME}/.digrc - see #903 | 24 | #mkfile ${HOME}/.digrc - see #903 |
25 | allow ${HOME}/.digrc | 25 | whitelist ${HOME}/.digrc |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile index 124b50952..2ca7bd400 100644 --- a/etc/profile-a-l/digikam.profile +++ b/etc/profile-a-l/digikam.profile | |||
@@ -6,12 +6,12 @@ include digikam.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/digikam | 9 | noblacklist ${HOME}/.config/digikam |
10 | nodeny ${HOME}/.config/digikamrc | 10 | noblacklist ${HOME}/.config/digikamrc |
11 | nodeny ${HOME}/.kde/share/apps/digikam | 11 | noblacklist ${HOME}/.kde/share/apps/digikam |
12 | nodeny ${HOME}/.kde4/share/apps/digikam | 12 | noblacklist ${HOME}/.kde4/share/apps/digikam |
13 | nodeny ${HOME}/.local/share/kxmlgui5/digikam | 13 | noblacklist ${HOME}/.local/share/kxmlgui5/digikam |
14 | nodeny ${PICTURES} | 14 | noblacklist ${PICTURES} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dillo.profile b/etc/profile-a-l/dillo.profile index 883466f4d..9871a6095 100644 --- a/etc/profile-a-l/dillo.profile +++ b/etc/profile-a-l/dillo.profile | |||
@@ -6,7 +6,7 @@ include dillo.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.dillo | 9 | noblacklist ${HOME}/.dillo |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-programs.inc | |||
16 | 16 | ||
17 | mkdir ${HOME}/.dillo | 17 | mkdir ${HOME}/.dillo |
18 | mkdir ${HOME}/.fltk | 18 | mkdir ${HOME}/.fltk |
19 | allow ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | allow ${HOME}/.dillo | 20 | whitelist ${HOME}/.dillo |
21 | allow ${HOME}/.fltk | 21 | whitelist ${HOME}/.fltk |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile index 3078bef71..c3174b35f 100644 --- a/etc/profile-a-l/dino.profile +++ b/etc/profile-a-l/dino.profile | |||
@@ -6,7 +6,7 @@ include dino.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/dino | 9 | noblacklist ${HOME}/.local/share/dino |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.local/share/dino | 19 | mkdir ${HOME}/.local/share/dino |
20 | allow ${HOME}/.local/share/dino | 20 | whitelist ${HOME}/.local/share/dino |
21 | allow ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/discord-canary.profile b/etc/profile-a-l/discord-canary.profile index 1c53cd211..43db95b8a 100644 --- a/etc/profile-a-l/discord-canary.profile +++ b/etc/profile-a-l/discord-canary.profile | |||
@@ -5,10 +5,10 @@ include discord-canary.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/discordcanary | 8 | noblacklist ${HOME}/.config/discordcanary |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discordcanary | 10 | mkdir ${HOME}/.config/discordcanary |
11 | allow ${HOME}/.config/discordcanary | 11 | whitelist ${HOME}/.config/discordcanary |
12 | 12 | ||
13 | private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9] | 13 | private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9] |
14 | private-opt discord-canary | 14 | private-opt discord-canary |
diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile index 6bee1901c..19e7bd9ab 100644 --- a/etc/profile-a-l/discord-common.profile +++ b/etc/profile-a-l/discord-common.profile | |||
@@ -20,8 +20,8 @@ ignore dbus-system none | |||
20 | ignore noexec ${HOME} | 20 | ignore noexec ${HOME} |
21 | ignore novideo | 21 | ignore novideo |
22 | 22 | ||
23 | allow ${HOME}/.config/BetterDiscord | 23 | whitelist ${HOME}/.config/BetterDiscord |
24 | allow ${HOME}/.local/share/betterdiscordctl | 24 | whitelist ${HOME}/.local/share/betterdiscordctl |
25 | 25 | ||
26 | private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh | 26 | private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh |
27 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl | 27 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl |
diff --git a/etc/profile-a-l/discord.profile b/etc/profile-a-l/discord.profile index 658d3fc83..8ef02a30f 100644 --- a/etc/profile-a-l/discord.profile +++ b/etc/profile-a-l/discord.profile | |||
@@ -5,10 +5,10 @@ include discord.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/discord | 8 | noblacklist ${HOME}/.config/discord |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discord | 10 | mkdir ${HOME}/.config/discord |
11 | allow ${HOME}/.config/discord | 11 | whitelist ${HOME}/.config/discord |
12 | 12 | ||
13 | private-bin discord | 13 | private-bin discord |
14 | private-opt discord | 14 | private-opt discord |
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile index 4474b97d2..11f3fd36e 100644 --- a/etc/profile-a-l/display.profile +++ b/etc/profile-a-l/display.profile | |||
@@ -5,7 +5,7 @@ include display.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${PICTURES} | 8 | noblacklist ${PICTURES} |
9 | 9 | ||
10 | # Allow python (blacklisted by disable-interpreters.inc) | 10 | # Allow python (blacklisted by disable-interpreters.inc) |
11 | include allow-python2.inc | 11 | include allow-python2.inc |
diff --git a/etc/profile-a-l/dnox.profile b/etc/profile-a-l/dnox.profile index 8c3d6211b..51ba6f8b7 100644 --- a/etc/profile-a-l/dnox.profile +++ b/etc/profile-a-l/dnox.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/dnox | 13 | noblacklist ${HOME}/.cache/dnox |
14 | nodeny ${HOME}/.config/dnox | 14 | noblacklist ${HOME}/.config/dnox |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/dnox | 16 | mkdir ${HOME}/.cache/dnox |
17 | mkdir ${HOME}/.config/dnox | 17 | mkdir ${HOME}/.config/dnox |
18 | allow ${HOME}/.cache/dnox | 18 | whitelist ${HOME}/.cache/dnox |
19 | allow ${HOME}/.config/dnox | 19 | whitelist ${HOME}/.config/dnox |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile index dbcef36f8..f8fb1a331 100644 --- a/etc/profile-a-l/dnscrypt-proxy.profile +++ b/etc/profile-a-l/dnscrypt-proxy.profile | |||
@@ -7,11 +7,11 @@ include dnscrypt-proxy.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER}/wayland-* | 11 | blacklist ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | nodeny /sbin | 13 | noblacklist /sbin |
14 | nodeny /usr/sbin | 14 | noblacklist /usr/sbin |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc | |||
21 | include disable-programs.inc | 21 | include disable-programs.inc |
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | allow /usr/share/dnscrypt-proxy | 24 | whitelist /usr/share/dnscrypt-proxy |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile index b1acbf392..01398c2b2 100644 --- a/etc/profile-a-l/dnsmasq.profile +++ b/etc/profile-a-l/dnsmasq.profile | |||
@@ -7,11 +7,11 @@ include dnsmasq.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny /sbin | 10 | noblacklist /sbin |
11 | nodeny /usr/sbin | 11 | noblacklist /usr/sbin |
12 | 12 | ||
13 | deny /tmp/.X11-unix | 13 | blacklist /tmp/.X11-unix |
14 | deny ${RUNUSER}/wayland-* | 14 | blacklist ${RUNUSER}/wayland-* |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile index 15b312ecb..49feec32e 100644 --- a/etc/profile-a-l/dolphin-emu.profile +++ b/etc/profile-a-l/dolphin-emu.profile | |||
@@ -8,9 +8,9 @@ include globals.local | |||
8 | 8 | ||
9 | # Note: you must whitelist your games folder in your dolphin-emu.local. | 9 | # Note: you must whitelist your games folder in your dolphin-emu.local. |
10 | 10 | ||
11 | nodeny ${HOME}/.cache/dolphin-emu | 11 | noblacklist ${HOME}/.cache/dolphin-emu |
12 | nodeny ${HOME}/.config/dolphin-emu | 12 | noblacklist ${HOME}/.config/dolphin-emu |
13 | nodeny ${HOME}/.local/share/dolphin-emu | 13 | noblacklist ${HOME}/.local/share/dolphin-emu |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -24,10 +24,10 @@ include disable-xdg.inc | |||
24 | mkdir ${HOME}/.cache/dolphin-emu | 24 | mkdir ${HOME}/.cache/dolphin-emu |
25 | mkdir ${HOME}/.config/dolphin-emu | 25 | mkdir ${HOME}/.config/dolphin-emu |
26 | mkdir ${HOME}/.local/share/dolphin-emu | 26 | mkdir ${HOME}/.local/share/dolphin-emu |
27 | allow ${HOME}/.cache/dolphin-emu | 27 | whitelist ${HOME}/.cache/dolphin-emu |
28 | allow ${HOME}/.config/dolphin-emu | 28 | whitelist ${HOME}/.config/dolphin-emu |
29 | allow ${HOME}/.local/share/dolphin-emu | 29 | whitelist ${HOME}/.local/share/dolphin-emu |
30 | allow /usr/share/dolphin-emu | 30 | whitelist /usr/share/dolphin-emu |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
33 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/dooble.profile b/etc/profile-a-l/dooble.profile index 3b0adcc36..37a4113cb 100644 --- a/etc/profile-a-l/dooble.profile +++ b/etc/profile-a-l/dooble.profile | |||
@@ -7,7 +7,7 @@ include dooble-qt4.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.dooble | 10 | noblacklist ${HOME}/.dooble |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.dooble | 19 | mkdir ${HOME}/.dooble |
20 | allow ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
21 | allow ${HOME}/.dooble | 21 | whitelist ${HOME}/.dooble |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile index 29e506764..988f66f28 100644 --- a/etc/profile-a-l/dosbox.profile +++ b/etc/profile-a-l/dosbox.profile | |||
@@ -6,8 +6,8 @@ include dosbox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.dosbox | 9 | noblacklist ${HOME}/.dosbox |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile index 90ca11774..8fa01d504 100644 --- a/etc/profile-a-l/dragon.profile +++ b/etc/profile-a-l/dragon.profile | |||
@@ -6,9 +6,9 @@ include dragon.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/dragonplayerrc | 9 | noblacklist ${HOME}/.config/dragonplayerrc |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | nodeny ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | allow /usr/share/dragonplayer | 22 | whitelist /usr/share/dragonplayer |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile index 84a77ce34..82d96e405 100644 --- a/etc/profile-a-l/drawio.profile +++ b/etc/profile-a-l/drawio.profile | |||
@@ -6,7 +6,7 @@ include drawio.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/draw.io | 9 | noblacklist ${HOME}/.config/draw.io |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/draw.io | 20 | mkdir ${HOME}/.config/draw.io |
21 | allow ${HOME}/.config/draw.io | 21 | whitelist ${HOME}/.config/draw.io |
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile index e177fd60e..068bd88d8 100644 --- a/etc/profile-a-l/drill.profile +++ b/etc/profile-a-l/drill.profile | |||
@@ -7,10 +7,10 @@ include drill.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${PATH}/drill | 10 | noblacklist ${PATH}/drill |
11 | 11 | ||
12 | deny /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
13 | deny ${RUNUSER} | 13 | blacklist ${RUNUSER} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | # include disable-devel.inc | 16 | # include disable-devel.inc |
diff --git a/etc/profile-a-l/dropbox.profile b/etc/profile-a-l/dropbox.profile index 274cdd478..b3b2aaf40 100644 --- a/etc/profile-a-l/dropbox.profile +++ b/etc/profile-a-l/dropbox.profile | |||
@@ -5,9 +5,9 @@ include dropbox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/autostart | 8 | noblacklist ${HOME}/.config/autostart |
9 | nodeny ${HOME}/.dropbox | 9 | noblacklist ${HOME}/.dropbox |
10 | nodeny ${HOME}/.dropbox-dist | 10 | noblacklist ${HOME}/.dropbox-dist |
11 | 11 | ||
12 | # Allow python3 (blacklisted by disable-interpreters.inc) | 12 | # Allow python3 (blacklisted by disable-interpreters.inc) |
13 | include allow-python3.inc | 13 | include allow-python3.inc |
@@ -22,10 +22,10 @@ mkdir ${HOME}/.dropbox | |||
22 | mkdir ${HOME}/.dropbox-dist | 22 | mkdir ${HOME}/.dropbox-dist |
23 | mkdir ${HOME}/Dropbox | 23 | mkdir ${HOME}/Dropbox |
24 | mkfile ${HOME}/.config/autostart/dropbox.desktop | 24 | mkfile ${HOME}/.config/autostart/dropbox.desktop |
25 | allow ${HOME}/.config/autostart/dropbox.desktop | 25 | whitelist ${HOME}/.config/autostart/dropbox.desktop |
26 | allow ${HOME}/.dropbox | 26 | whitelist ${HOME}/.dropbox |
27 | allow ${HOME}/.dropbox-dist | 27 | whitelist ${HOME}/.dropbox-dist |
28 | allow ${HOME}/Dropbox | 28 | whitelist ${HOME}/Dropbox |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | 30 | ||
31 | caps.drop all | 31 | caps.drop all |
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile index da54fec34..38e4b16f7 100644 --- a/etc/profile-a-l/easystroke.profile +++ b/etc/profile-a-l/easystroke.profile | |||
@@ -6,7 +6,7 @@ include easystroke.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.easystroke | 9 | noblacklist ${HOME}/.easystroke |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.easystroke | 19 | mkdir ${HOME}/.easystroke |
20 | allow ${HOME}/.easystroke | 20 | whitelist ${HOME}/.easystroke |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile index 10e57371e..278dd6cbd 100644 --- a/etc/profile-a-l/electron-mail.profile +++ b/etc/profile-a-l/electron-mail.profile | |||
@@ -6,7 +6,7 @@ include electron-mail.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/electron-mail | 9 | noblacklist ${HOME}/.config/electron-mail |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/electron-mail | 20 | mkdir ${HOME}/.config/electron-mail |
21 | allow ${HOME}/.config/electron-mail | 21 | whitelist ${HOME}/.config/electron-mail |
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | 23 | ||
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile index e8d8d35c4..493af79d4 100644 --- a/etc/profile-a-l/electron.profile +++ b/etc/profile-a-l/electron.profile | |||
@@ -12,7 +12,7 @@ include disable-passwdmgr.inc | |||
12 | include disable-programs.inc | 12 | include disable-programs.inc |
13 | include disable-xdg.inc | 13 | include disable-xdg.inc |
14 | 14 | ||
15 | allow ${DOWNLOADS} | 15 | whitelist ${DOWNLOADS} |
16 | include whitelist-common.inc | 16 | include whitelist-common.inc |
17 | include whitelist-runuser-common.inc | 17 | include whitelist-runuser-common.inc |
18 | include whitelist-usr-share-common.inc | 18 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile index f6691017c..ad636d71a 100644 --- a/etc/profile-a-l/electrum.profile +++ b/etc/profile-a-l/electrum.profile | |||
@@ -6,7 +6,7 @@ include electrum.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.electrum | 9 | noblacklist ${HOME}/.electrum |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,7 +22,7 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.electrum | 24 | mkdir ${HOME}/.electrum |
25 | allow ${HOME}/.electrum | 25 | whitelist ${HOME}/.electrum |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-a-l/element-desktop.profile b/etc/profile-a-l/element-desktop.profile index ec28866b8..48a826f2e 100644 --- a/etc/profile-a-l/element-desktop.profile +++ b/etc/profile-a-l/element-desktop.profile | |||
@@ -9,11 +9,11 @@ include element-desktop.local | |||
9 | 9 | ||
10 | ignore dbus-user none | 10 | ignore dbus-user none |
11 | 11 | ||
12 | nodeny ${HOME}/.config/Element | 12 | noblacklist ${HOME}/.config/Element |
13 | 13 | ||
14 | mkdir ${HOME}/.config/Element | 14 | mkdir ${HOME}/.config/Element |
15 | allow ${HOME}/.config/Element | 15 | whitelist ${HOME}/.config/Element |
16 | allow /opt/Element | 16 | whitelist /opt/Element |
17 | 17 | ||
18 | private-opt Element | 18 | private-opt Element |
19 | 19 | ||
diff --git a/etc/profile-a-l/elinks.profile b/etc/profile-a-l/elinks.profile index 30dca05cb..5a29eb24b 100644 --- a/etc/profile-a-l/elinks.profile +++ b/etc/profile-a-l/elinks.profile | |||
@@ -7,10 +7,10 @@ include elinks.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.elinks | 10 | noblacklist ${HOME}/.elinks |
11 | 11 | ||
12 | mkdir ${HOME}/.elinks | 12 | mkdir ${HOME}/.elinks |
13 | allow ${HOME}/.elinks | 13 | whitelist ${HOME}/.elinks |
14 | 14 | ||
15 | private-bin elinks | 15 | private-bin elinks |
16 | 16 | ||
diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile index f0e0e2830..55bf743ef 100644 --- a/etc/profile-a-l/emacs.profile +++ b/etc/profile-a-l/emacs.profile | |||
@@ -6,8 +6,8 @@ include emacs.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.emacs | 9 | noblacklist ${HOME}/.emacs |
10 | nodeny ${HOME}/.emacs.d | 10 | noblacklist ${HOME}/.emacs.d |
11 | # Add the next line to your emacs.local if you need gpg support. | 11 | # Add the next line to your emacs.local if you need gpg support. |
12 | #noblacklist ${HOME}/.gnupg | 12 | #noblacklist ${HOME}/.gnupg |
13 | 13 | ||
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 5fc72d340..6c9a8a6ea 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile | |||
@@ -7,14 +7,14 @@ include email-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | nodeny ${HOME}/.mozilla | 11 | noblacklist ${HOME}/.mozilla |
12 | nodeny ${HOME}/.signature | 12 | noblacklist ${HOME}/.signature |
13 | # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local | 13 | # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local |
14 | # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications | 14 | # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications |
15 | nodeny ${HOME}/Mail | 15 | noblacklist ${HOME}/Mail |
16 | 16 | ||
17 | nodeny ${DOCUMENTS} | 17 | noblacklist ${DOCUMENTS} |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
@@ -27,17 +27,17 @@ include disable-xdg.inc | |||
27 | mkdir ${HOME}/.gnupg | 27 | mkdir ${HOME}/.gnupg |
28 | mkfile ${HOME}/.config/mimeapps.list | 28 | mkfile ${HOME}/.config/mimeapps.list |
29 | mkfile ${HOME}/.signature | 29 | mkfile ${HOME}/.signature |
30 | allow ${HOME}/.config/mimeapps.list | 30 | whitelist ${HOME}/.config/mimeapps.list |
31 | allow ${HOME}/.mozilla/firefox/profiles.ini | 31 | whitelist ${HOME}/.mozilla/firefox/profiles.ini |
32 | allow ${HOME}/.gnupg | 32 | whitelist ${HOME}/.gnupg |
33 | allow ${HOME}/.signature | 33 | whitelist ${HOME}/.signature |
34 | allow ${DOCUMENTS} | 34 | whitelist ${DOCUMENTS} |
35 | allow ${DOWNLOADS} | 35 | whitelist ${DOWNLOADS} |
36 | # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local | 36 | # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local |
37 | allow ${HOME}/Mail | 37 | whitelist ${HOME}/Mail |
38 | allow ${RUNUSER}/gnupg | 38 | whitelist ${RUNUSER}/gnupg |
39 | allow /usr/share/gnupg | 39 | whitelist /usr/share/gnupg |
40 | allow /usr/share/gnupg2 | 40 | whitelist /usr/share/gnupg2 |
41 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-runuser-common.inc | 42 | include whitelist-runuser-common.inc |
43 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile index 36015b702..ac17b1726 100644 --- a/etc/profile-a-l/enchant.profile +++ b/etc/profile-a-l/enchant.profile | |||
@@ -6,9 +6,9 @@ include enchant.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | nodeny ${HOME}/.config/enchant | 11 | noblacklist ${HOME}/.config/enchant |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.config/enchant | 21 | mkdir ${HOME}/.config/enchant |
22 | allow ${HOME}/.config/enchant | 22 | whitelist ${HOME}/.config/enchant |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/enox.profile b/etc/profile-a-l/enox.profile index 9a1d89bba..d982433e2 100644 --- a/etc/profile-a-l/enox.profile +++ b/etc/profile-a-l/enox.profile | |||
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/Enox | 13 | noblacklist ${HOME}/.cache/Enox |
14 | nodeny ${HOME}/.config/Enox | 14 | noblacklist ${HOME}/.config/Enox |
15 | 15 | ||
16 | #mkdir ${HOME}/.cache/dnox | 16 | #mkdir ${HOME}/.cache/dnox |
17 | #mkdir ${HOME}/.config/dnox | 17 | #mkdir ${HOME}/.config/dnox |
18 | mkdir ${HOME}/.cache/Enox | 18 | mkdir ${HOME}/.cache/Enox |
19 | mkdir ${HOME}/.config/Enox | 19 | mkdir ${HOME}/.config/Enox |
20 | allow ${HOME}/.cache/Enox | 20 | whitelist ${HOME}/.cache/Enox |
21 | allow ${HOME}/.config/Enox | 21 | whitelist ${HOME}/.config/Enox |
22 | 22 | ||
23 | # Redirect | 23 | # Redirect |
24 | include chromium-common.profile | 24 | include chromium-common.profile |
diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile index 5d8f8a0b9..c4123b4c2 100644 --- a/etc/profile-a-l/enpass.profile +++ b/etc/profile-a-l/enpass.profile | |||
@@ -6,11 +6,11 @@ include enpass.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/Enpass | 9 | noblacklist ${HOME}/.cache/Enpass |
10 | nodeny ${HOME}/.config/sinew.in | 10 | noblacklist ${HOME}/.config/sinew.in |
11 | nodeny ${HOME}/.config/Sinew Software Systems | 11 | noblacklist ${HOME}/.config/Sinew Software Systems |
12 | nodeny ${HOME}/.local/share/Enpass | 12 | noblacklist ${HOME}/.local/share/Enpass |
13 | nodeny ${DOCUMENTS} | 13 | noblacklist ${DOCUMENTS} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -24,11 +24,11 @@ mkdir ${HOME}/.cache/Enpass | |||
24 | mkfile ${HOME}/.config/sinew.in | 24 | mkfile ${HOME}/.config/sinew.in |
25 | mkdir ${HOME}/.config/Sinew Software Systems | 25 | mkdir ${HOME}/.config/Sinew Software Systems |
26 | mkdir ${HOME}/.local/share/Enpass | 26 | mkdir ${HOME}/.local/share/Enpass |
27 | allow ${HOME}/.cache/Enpass | 27 | whitelist ${HOME}/.cache/Enpass |
28 | allow ${HOME}/.config/sinew.in | 28 | whitelist ${HOME}/.config/sinew.in |
29 | allow ${HOME}/.config/Sinew Software Systems | 29 | whitelist ${HOME}/.config/Sinew Software Systems |
30 | allow ${HOME}/.local/share/Enpass | 30 | whitelist ${HOME}/.local/share/Enpass |
31 | allow ${DOCUMENTS} | 31 | whitelist ${DOCUMENTS} |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile index ff7040e5c..fe7913e77 100644 --- a/etc/profile-a-l/eo-common.profile +++ b/etc/profile-a-l/eo-common.profile | |||
@@ -7,11 +7,11 @@ include eo-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
11 | nodeny ${HOME}/.Steam | 11 | noblacklist ${HOME}/.Steam |
12 | nodeny ${HOME}/.steam | 12 | noblacklist ${HOME}/.steam |
13 | 13 | ||
14 | deny /usr/libexec | 14 | blacklist /usr/libexec |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/eog.profile b/etc/profile-a-l/eog.profile index e8592c7df..5892374bd 100644 --- a/etc/profile-a-l/eog.profile +++ b/etc/profile-a-l/eog.profile | |||
@@ -6,9 +6,9 @@ include eog.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/eog | 9 | noblacklist ${HOME}/.config/eog |
10 | 10 | ||
11 | allow /usr/share/eog | 11 | whitelist /usr/share/eog |
12 | 12 | ||
13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. | 13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. |
14 | # Add the next lines to your eog.local if you need that functionality. | 14 | # Add the next lines to your eog.local if you need that functionality. |
diff --git a/etc/profile-a-l/eom.profile b/etc/profile-a-l/eom.profile index 323f5ade2..7143a8e03 100644 --- a/etc/profile-a-l/eom.profile +++ b/etc/profile-a-l/eom.profile | |||
@@ -6,9 +6,9 @@ include eom.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/mate/eom | 9 | noblacklist ${HOME}/.config/mate/eom |
10 | 10 | ||
11 | allow /usr/share/eom | 11 | whitelist /usr/share/eom |
12 | 12 | ||
13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. | 13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. |
14 | # Add the next lines to your eom.local if you need that functionality. | 14 | # Add the next lines to your eom.local if you need that functionality. |
diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile index 3657742b9..131d68951 100644 --- a/etc/profile-a-l/ephemeral.profile +++ b/etc/profile-a-l/ephemeral.profile | |||
@@ -9,8 +9,8 @@ include globals.local | |||
9 | # enforce private-cache | 9 | # enforce private-cache |
10 | #noblacklist ${HOME}/.cache/ephemeral | 10 | #noblacklist ${HOME}/.cache/ephemeral |
11 | 11 | ||
12 | nodeny ${HOME}/.pki | 12 | noblacklist ${HOME}/.pki |
13 | nodeny ${HOME}/.local/share/pki | 13 | noblacklist ${HOME}/.local/share/pki |
14 | 14 | ||
15 | # noexec ${HOME} breaks DRM binaries. | 15 | # noexec ${HOME} breaks DRM binaries. |
16 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 16 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
@@ -27,9 +27,9 @@ mkdir ${HOME}/.pki | |||
27 | mkdir ${HOME}/.local/share/pki | 27 | mkdir ${HOME}/.local/share/pki |
28 | # enforce private-cache | 28 | # enforce private-cache |
29 | #whitelist ${HOME}/.cache/ephemeral | 29 | #whitelist ${HOME}/.cache/ephemeral |
30 | allow ${HOME}/.pki | 30 | whitelist ${HOME}/.pki |
31 | allow ${HOME}/.local/share/pki | 31 | whitelist ${HOME}/.local/share/pki |
32 | allow ${DOWNLOADS} | 32 | whitelist ${DOWNLOADS} |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/epiphany.profile b/etc/profile-a-l/epiphany.profile index daedb2193..225811226 100644 --- a/etc/profile-a-l/epiphany.profile +++ b/etc/profile-a-l/epiphany.profile | |||
@@ -9,9 +9,9 @@ include globals.local | |||
9 | # Note: Epiphany use bwrap since 3.34 and can not be firejailed any more. | 9 | # Note: Epiphany use bwrap since 3.34 and can not be firejailed any more. |
10 | # See https://github.com/netblue30/firejail/issues/2995 | 10 | # See https://github.com/netblue30/firejail/issues/2995 |
11 | 11 | ||
12 | nodeny ${HOME}/.cache/epiphany | 12 | noblacklist ${HOME}/.cache/epiphany |
13 | nodeny ${HOME}/.config/epiphany | 13 | noblacklist ${HOME}/.config/epiphany |
14 | nodeny ${HOME}/.local/share/epiphany | 14 | noblacklist ${HOME}/.local/share/epiphany |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -21,10 +21,10 @@ include disable-programs.inc | |||
21 | mkdir ${HOME}/.cache/epiphany | 21 | mkdir ${HOME}/.cache/epiphany |
22 | mkdir ${HOME}/.config/epiphany | 22 | mkdir ${HOME}/.config/epiphany |
23 | mkdir ${HOME}/.local/share/epiphany | 23 | mkdir ${HOME}/.local/share/epiphany |
24 | allow ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | allow ${HOME}/.cache/epiphany | 25 | whitelist ${HOME}/.cache/epiphany |
26 | allow ${HOME}/.config/epiphany | 26 | whitelist ${HOME}/.config/epiphany |
27 | allow ${HOME}/.local/share/epiphany | 27 | whitelist ${HOME}/.local/share/epiphany |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | 29 | ||
30 | caps.drop all | 30 | caps.drop all |
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile index ac957870c..964d3b7ca 100644 --- a/etc/profile-a-l/equalx.profile +++ b/etc/profile-a-l/equalx.profile | |||
@@ -6,8 +6,8 @@ include equalx.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/equalx | 9 | noblacklist ${HOME}/.config/equalx |
10 | nodeny ${HOME}/.equalx | 10 | noblacklist ${HOME}/.equalx |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,13 +20,13 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.config/equalx | 21 | mkdir ${HOME}/.config/equalx |
22 | mkdir ${HOME}/.equalx | 22 | mkdir ${HOME}/.equalx |
23 | allow ${HOME}/.config/equalx | 23 | whitelist ${HOME}/.config/equalx |
24 | allow ${HOME}/.equalx | 24 | whitelist ${HOME}/.equalx |
25 | allow /usr/share/poppler | 25 | whitelist /usr/share/poppler |
26 | allow /usr/share/ghostscript | 26 | whitelist /usr/share/ghostscript |
27 | allow /usr/share/texlive | 27 | whitelist /usr/share/texlive |
28 | allow /usr/share/equalx | 28 | whitelist /usr/share/equalx |
29 | allow /var/lib/texmf | 29 | whitelist /var/lib/texmf |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile index a2f46b757..fdff1e4b5 100644 --- a/etc/profile-a-l/etr.profile +++ b/etc/profile-a-l/etr.profile | |||
@@ -6,9 +6,9 @@ include etr.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.etr | 9 | noblacklist ${HOME}/.etr |
10 | 10 | ||
11 | deny /usr/libexec | 11 | blacklist /usr/libexec |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,10 +20,10 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.etr | 22 | mkdir ${HOME}/.etr |
23 | allow ${HOME}/.etr | 23 | whitelist ${HOME}/.etr |
24 | allow /usr/share/etr | 24 | whitelist /usr/share/etr |
25 | # Debian version | 25 | # Debian version |
26 | allow /usr/share/games/etr | 26 | whitelist /usr/share/games/etr |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile index ce2617ad6..a9e39b15c 100644 --- a/etc/profile-a-l/evince.profile +++ b/etc/profile-a-l/evince.profile | |||
@@ -10,10 +10,10 @@ include globals.local | |||
10 | # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below). | 10 | # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below). |
11 | #noblacklist ${HOME}/.local/share/gvfs-metadata | 11 | #noblacklist ${HOME}/.local/share/gvfs-metadata |
12 | 12 | ||
13 | nodeny ${HOME}/.config/evince | 13 | noblacklist ${HOME}/.config/evince |
14 | nodeny ${DOCUMENTS} | 14 | noblacklist ${DOCUMENTS} |
15 | 15 | ||
16 | deny /usr/libexec | 16 | blacklist /usr/libexec |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -24,10 +24,10 @@ include disable-programs.inc | |||
24 | include disable-shell.inc | 24 | include disable-shell.inc |
25 | include disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | allow /usr/share/doc | 27 | whitelist /usr/share/doc |
28 | allow /usr/share/evince | 28 | whitelist /usr/share/evince |
29 | allow /usr/share/poppler | 29 | whitelist /usr/share/poppler |
30 | allow /usr/share/tracker | 30 | whitelist /usr/share/tracker |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile index 142498a28..7222493ac 100644 --- a/etc/profile-a-l/evolution.profile +++ b/etc/profile-a-l/evolution.profile | |||
@@ -6,15 +6,15 @@ include evolution.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny /var/mail | 9 | noblacklist /var/mail |
10 | nodeny /var/spool/mail | 10 | noblacklist /var/spool/mail |
11 | nodeny ${HOME}/.bogofilter | 11 | noblacklist ${HOME}/.bogofilter |
12 | nodeny ${HOME}/.cache/evolution | 12 | noblacklist ${HOME}/.cache/evolution |
13 | nodeny ${HOME}/.config/evolution | 13 | noblacklist ${HOME}/.config/evolution |
14 | nodeny ${HOME}/.gnupg | 14 | noblacklist ${HOME}/.gnupg |
15 | nodeny ${HOME}/.local/share/evolution | 15 | noblacklist ${HOME}/.local/share/evolution |
16 | nodeny ${HOME}/.pki | 16 | noblacklist ${HOME}/.pki |
17 | nodeny ${HOME}/.local/share/pki | 17 | noblacklist ${HOME}/.local/share/pki |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile index 216814989..7b09a2c64 100644 --- a/etc/profile-a-l/exiftool.profile +++ b/etc/profile-a-l/exiftool.profile | |||
@@ -6,7 +6,7 @@ include exiftool.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
12 | include allow-perl.inc | 12 | include allow-perl.inc |
@@ -18,7 +18,7 @@ include disable-interpreters.inc | |||
18 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | allow /usr/share/perl-image-exiftool | 21 | whitelist /usr/share/perl-image-exiftool |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile index 9bb42945b..b2061db79 100644 --- a/etc/profile-a-l/falkon.profile +++ b/etc/profile-a-l/falkon.profile | |||
@@ -6,8 +6,8 @@ include falkon.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/falkon | 9 | noblacklist ${HOME}/.cache/falkon |
10 | nodeny ${HOME}/.config/falkon | 10 | noblacklist ${HOME}/.config/falkon |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,10 +19,10 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.cache/falkon | 20 | mkdir ${HOME}/.cache/falkon |
21 | mkdir ${HOME}/.config/falkon | 21 | mkdir ${HOME}/.config/falkon |
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | allow ${HOME}/.cache/falkon | 23 | whitelist ${HOME}/.cache/falkon |
24 | allow ${HOME}/.config/falkon | 24 | whitelist ${HOME}/.config/falkon |
25 | allow /usr/share/falkon | 25 | whitelist /usr/share/falkon |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile index d141c6ed5..8e81000fd 100644 --- a/etc/profile-a-l/fbreader.profile +++ b/etc/profile-a-l/fbreader.profile | |||
@@ -6,8 +6,8 @@ include fbreader.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.FBReader | 9 | noblacklist ${HOME}/.FBReader |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile index 17a365053..31cb1776c 100644 --- a/etc/profile-a-l/fdns.profile +++ b/etc/profile-a-l/fdns.profile | |||
@@ -5,11 +5,11 @@ include fdns.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny /sbin | 8 | noblacklist /sbin |
9 | nodeny /usr/sbin | 9 | noblacklist /usr/sbin |
10 | 10 | ||
11 | deny /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
12 | deny ${RUNUSER}/wayland-* | 12 | blacklist ${RUNUSER}/wayland-* |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile index 359be083e..664ec2da6 100644 --- a/etc/profile-a-l/feedreader.profile +++ b/etc/profile-a-l/feedreader.profile | |||
@@ -6,8 +6,8 @@ include feedreader.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/feedreader | 9 | noblacklist ${HOME}/.cache/feedreader |
10 | nodeny ${HOME}/.local/share/feedreader | 10 | noblacklist ${HOME}/.local/share/feedreader |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.cache/feedreader | 21 | mkdir ${HOME}/.cache/feedreader |
22 | mkdir ${HOME}/.local/share/feedreader | 22 | mkdir ${HOME}/.local/share/feedreader |
23 | allow ${HOME}/.cache/feedreader | 23 | whitelist ${HOME}/.cache/feedreader |
24 | allow ${HOME}/.local/share/feedreader | 24 | whitelist ${HOME}/.local/share/feedreader |
25 | allow /usr/share/feedreader | 25 | whitelist /usr/share/feedreader |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/ferdi.profile b/etc/profile-a-l/ferdi.profile index f60055f37..a2372ec8a 100644 --- a/etc/profile-a-l/ferdi.profile +++ b/etc/profile-a-l/ferdi.profile | |||
@@ -7,10 +7,10 @@ include globals.local | |||
7 | 7 | ||
8 | ignore noexec /tmp | 8 | ignore noexec /tmp |
9 | 9 | ||
10 | nodeny ${HOME}/.cache/Ferdi | 10 | noblacklist ${HOME}/.cache/Ferdi |
11 | nodeny ${HOME}/.config/Ferdi | 11 | noblacklist ${HOME}/.config/Ferdi |
12 | nodeny ${HOME}/.pki | 12 | noblacklist ${HOME}/.pki |
13 | nodeny ${HOME}/.local/share/pki | 13 | noblacklist ${HOME}/.local/share/pki |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Ferdi | |||
22 | mkdir ${HOME}/.config/Ferdi | 22 | mkdir ${HOME}/.config/Ferdi |
23 | mkdir ${HOME}/.pki | 23 | mkdir ${HOME}/.pki |
24 | mkdir ${HOME}/.local/share/pki | 24 | mkdir ${HOME}/.local/share/pki |
25 | allow ${DOWNLOADS} | 25 | whitelist ${DOWNLOADS} |
26 | allow ${HOME}/.cache/Ferdi | 26 | whitelist ${HOME}/.cache/Ferdi |
27 | allow ${HOME}/.config/Ferdi | 27 | whitelist ${HOME}/.config/Ferdi |
28 | allow ${HOME}/.pki | 28 | whitelist ${HOME}/.pki |
29 | allow ${HOME}/.local/share/pki | 29 | whitelist ${HOME}/.local/share/pki |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | 31 | ||
32 | caps.drop all | 32 | caps.drop all |
diff --git a/etc/profile-a-l/fetchmail.profile b/etc/profile-a-l/fetchmail.profile index 1e06ec29a..7358ed5c7 100644 --- a/etc/profile-a-l/fetchmail.profile +++ b/etc/profile-a-l/fetchmail.profile | |||
@@ -6,8 +6,8 @@ include fetchmail.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.fetchmailrc | 9 | noblacklist ${HOME}/.fetchmailrc |
10 | nodeny ${HOME}/.netrc | 10 | noblacklist ${HOME}/.netrc |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile index 1a64183ab..13ef1beb9 100644 --- a/etc/profile-a-l/ffmpeg.profile +++ b/etc/profile-a-l/ffmpeg.profile | |||
@@ -7,8 +7,8 @@ include ffmpeg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | nodeny ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | allow /usr/share/devedeng | 22 | whitelist /usr/share/devedeng |
23 | allow /usr/share/ffmpeg | 23 | whitelist /usr/share/ffmpeg |
24 | allow /usr/share/qtchooser | 24 | whitelist /usr/share/qtchooser |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile index f7a938f24..4eeceeee8 100644 --- a/etc/profile-a-l/file-roller.profile +++ b/etc/profile-a-l/file-roller.profile | |||
@@ -13,9 +13,9 @@ include disable-interpreters.inc | |||
13 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | allow /usr/libexec/file-roller | 16 | whitelist /usr/libexec/file-roller |
17 | allow /usr/libexec/p7zip | 17 | whitelist /usr/libexec/p7zip |
18 | allow /usr/share/file-roller | 18 | whitelist /usr/share/file-roller |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/file.profile b/etc/profile-a-l/file.profile index 426d1e72d..5c7583605 100644 --- a/etc/profile-a-l/file.profile +++ b/etc/profile-a-l/file.profile | |||
@@ -7,7 +7,7 @@ include file.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER} | 10 | blacklist ${RUNUSER} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile index d9e0e9da0..dc5def54f 100644 --- a/etc/profile-a-l/filezilla.profile +++ b/etc/profile-a-l/filezilla.profile | |||
@@ -6,8 +6,8 @@ include filezilla.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/filezilla | 9 | noblacklist ${HOME}/.config/filezilla |
10 | nodeny ${HOME}/.filezilla | 10 | noblacklist ${HOME}/.filezilla |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/firedragon.profile b/etc/profile-a-l/firedragon.profile index e22424794..77487161e 100644 --- a/etc/profile-a-l/firedragon.profile +++ b/etc/profile-a-l/firedragon.profile | |||
@@ -6,13 +6,13 @@ include firedragon.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/firedragon | 9 | noblacklist ${HOME}/.cache/firedragon |
10 | nodeny ${HOME}/.firedragon | 10 | noblacklist ${HOME}/.firedragon |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/firedragon | 12 | mkdir ${HOME}/.cache/firedragon |
13 | mkdir ${HOME}/.firedragon | 13 | mkdir ${HOME}/.firedragon |
14 | allow ${HOME}/.cache/firedragon | 14 | whitelist ${HOME}/.cache/firedragon |
15 | allow ${HOME}/.firedragon | 15 | whitelist ${HOME}/.firedragon |
16 | 16 | ||
17 | # Add the next lines to your firedragon.local if you want to use the migration wizard. | 17 | # Add the next lines to your firedragon.local if you want to use the migration wizard. |
18 | #noblacklist ${HOME}/.mozilla | 18 | #noblacklist ${HOME}/.mozilla |
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile index 7e2e8760d..d282f9a60 100644 --- a/etc/profile-a-l/firefox-common-addons.profile +++ b/etc/profile-a-l/firefox-common-addons.profile | |||
@@ -5,74 +5,74 @@ include firefox-common-addons.local | |||
5 | ignore include whitelist-runuser-common.inc | 5 | ignore include whitelist-runuser-common.inc |
6 | ignore private-cache | 6 | ignore private-cache |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/youtube-dl | 8 | noblacklist ${HOME}/.cache/youtube-dl |
9 | nodeny ${HOME}/.config/kgetrc | 9 | noblacklist ${HOME}/.config/kgetrc |
10 | nodeny ${HOME}/.config/mpv | 10 | noblacklist ${HOME}/.config/mpv |
11 | nodeny ${HOME}/.config/okularpartrc | 11 | noblacklist ${HOME}/.config/okularpartrc |
12 | nodeny ${HOME}/.config/okularrc | 12 | noblacklist ${HOME}/.config/okularrc |
13 | nodeny ${HOME}/.config/qpdfview | 13 | noblacklist ${HOME}/.config/qpdfview |
14 | nodeny ${HOME}/.config/youtube-dl | 14 | noblacklist ${HOME}/.config/youtube-dl |
15 | nodeny ${HOME}/.kde/share/apps/kget | 15 | noblacklist ${HOME}/.kde/share/apps/kget |
16 | nodeny ${HOME}/.kde/share/apps/okular | 16 | noblacklist ${HOME}/.kde/share/apps/okular |
17 | nodeny ${HOME}/.kde/share/config/kgetrc | 17 | noblacklist ${HOME}/.kde/share/config/kgetrc |
18 | nodeny ${HOME}/.kde/share/config/okularpartrc | 18 | noblacklist ${HOME}/.kde/share/config/okularpartrc |
19 | nodeny ${HOME}/.kde/share/config/okularrc | 19 | noblacklist ${HOME}/.kde/share/config/okularrc |
20 | nodeny ${HOME}/.kde4/share/apps/kget | 20 | noblacklist ${HOME}/.kde4/share/apps/kget |
21 | nodeny ${HOME}/.kde4/share/apps/okular | 21 | noblacklist ${HOME}/.kde4/share/apps/okular |
22 | nodeny ${HOME}/.kde4/share/config/kgetrc | 22 | noblacklist ${HOME}/.kde4/share/config/kgetrc |
23 | nodeny ${HOME}/.kde4/share/config/okularpartrc | 23 | noblacklist ${HOME}/.kde4/share/config/okularpartrc |
24 | nodeny ${HOME}/.kde4/share/config/okularrc | 24 | noblacklist ${HOME}/.kde4/share/config/okularrc |
25 | nodeny ${HOME}/.local/share/kget | 25 | noblacklist ${HOME}/.local/share/kget |
26 | nodeny ${HOME}/.local/share/kxmlgui5/okular | 26 | noblacklist ${HOME}/.local/share/kxmlgui5/okular |
27 | nodeny ${HOME}/.local/share/okular | 27 | noblacklist ${HOME}/.local/share/okular |
28 | nodeny ${HOME}/.local/share/qpdfview | 28 | noblacklist ${HOME}/.local/share/qpdfview |
29 | nodeny ${HOME}/.netrc | 29 | noblacklist ${HOME}/.netrc |
30 | 30 | ||
31 | allow ${HOME}/.cache/gnome-mplayer/plugin | 31 | whitelist ${HOME}/.cache/gnome-mplayer/plugin |
32 | allow ${HOME}/.cache/youtube-dl/youtube-sigfuncs | 32 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs |
33 | allow ${HOME}/.config/gnome-mplayer | 33 | whitelist ${HOME}/.config/gnome-mplayer |
34 | allow ${HOME}/.config/kgetrc | 34 | whitelist ${HOME}/.config/kgetrc |
35 | allow ${HOME}/.config/mpv | 35 | whitelist ${HOME}/.config/mpv |
36 | allow ${HOME}/.config/okularpartrc | 36 | whitelist ${HOME}/.config/okularpartrc |
37 | allow ${HOME}/.config/okularrc | 37 | whitelist ${HOME}/.config/okularrc |
38 | allow ${HOME}/.config/pipelight-silverlight5.1 | 38 | whitelist ${HOME}/.config/pipelight-silverlight5.1 |
39 | allow ${HOME}/.config/pipelight-widevine | 39 | whitelist ${HOME}/.config/pipelight-widevine |
40 | allow ${HOME}/.config/qpdfview | 40 | whitelist ${HOME}/.config/qpdfview |
41 | allow ${HOME}/.config/youtube-dl | 41 | whitelist ${HOME}/.config/youtube-dl |
42 | allow ${HOME}/.kde/share/apps/kget | 42 | whitelist ${HOME}/.kde/share/apps/kget |
43 | allow ${HOME}/.kde/share/apps/okular | 43 | whitelist ${HOME}/.kde/share/apps/okular |
44 | allow ${HOME}/.kde/share/config/kgetrc | 44 | whitelist ${HOME}/.kde/share/config/kgetrc |
45 | allow ${HOME}/.kde/share/config/okularpartrc | 45 | whitelist ${HOME}/.kde/share/config/okularpartrc |
46 | allow ${HOME}/.kde/share/config/okularrc | 46 | whitelist ${HOME}/.kde/share/config/okularrc |
47 | allow ${HOME}/.kde4/share/apps/kget | 47 | whitelist ${HOME}/.kde4/share/apps/kget |
48 | allow ${HOME}/.kde4/share/apps/okular | 48 | whitelist ${HOME}/.kde4/share/apps/okular |
49 | allow ${HOME}/.kde4/share/config/kgetrc | 49 | whitelist ${HOME}/.kde4/share/config/kgetrc |
50 | allow ${HOME}/.kde4/share/config/okularpartrc | 50 | whitelist ${HOME}/.kde4/share/config/okularpartrc |
51 | allow ${HOME}/.kde4/share/config/okularrc | 51 | whitelist ${HOME}/.kde4/share/config/okularrc |
52 | allow ${HOME}/.keysnail.js | 52 | whitelist ${HOME}/.keysnail.js |
53 | allow ${HOME}/.lastpass | 53 | whitelist ${HOME}/.lastpass |
54 | allow ${HOME}/.local/share/kget | 54 | whitelist ${HOME}/.local/share/kget |
55 | allow ${HOME}/.local/share/kxmlgui5/okular | 55 | whitelist ${HOME}/.local/share/kxmlgui5/okular |
56 | allow ${HOME}/.local/share/okular | 56 | whitelist ${HOME}/.local/share/okular |
57 | allow ${HOME}/.local/share/qpdfview | 57 | whitelist ${HOME}/.local/share/qpdfview |
58 | allow ${HOME}/.local/share/tridactyl | 58 | whitelist ${HOME}/.local/share/tridactyl |
59 | allow ${HOME}/.netrc | 59 | whitelist ${HOME}/.netrc |
60 | allow ${HOME}/.pentadactyl | 60 | whitelist ${HOME}/.pentadactyl |
61 | allow ${HOME}/.pentadactylrc | 61 | whitelist ${HOME}/.pentadactylrc |
62 | allow ${HOME}/.tridactylrc | 62 | whitelist ${HOME}/.tridactylrc |
63 | allow ${HOME}/.vimperator | 63 | whitelist ${HOME}/.vimperator |
64 | allow ${HOME}/.vimperatorrc | 64 | whitelist ${HOME}/.vimperatorrc |
65 | allow ${HOME}/.wine-pipelight | 65 | whitelist ${HOME}/.wine-pipelight |
66 | allow ${HOME}/.wine-pipelight64 | 66 | whitelist ${HOME}/.wine-pipelight64 |
67 | allow ${HOME}/.zotero | 67 | whitelist ${HOME}/.zotero |
68 | allow ${HOME}/dwhelper | 68 | whitelist ${HOME}/dwhelper |
69 | allow /usr/share/lua | 69 | whitelist /usr/share/lua |
70 | allow /usr/share/lua* | 70 | whitelist /usr/share/lua* |
71 | allow /usr/share/vulkan | 71 | whitelist /usr/share/vulkan |
72 | 72 | ||
73 | # GNOME Shell integration (chrome-gnome-shell) needs dbus and python | 73 | # GNOME Shell integration (chrome-gnome-shell) needs dbus and python |
74 | nodeny ${HOME}/.local/share/gnome-shell | 74 | noblacklist ${HOME}/.local/share/gnome-shell |
75 | allow ${HOME}/.local/share/gnome-shell | 75 | whitelist ${HOME}/.local/share/gnome-shell |
76 | dbus-user.talk ca.desrt.dconf | 76 | dbus-user.talk ca.desrt.dconf |
77 | dbus-user.talk org.gnome.ChromeGnomeShell | 77 | dbus-user.talk org.gnome.ChromeGnomeShell |
78 | dbus-user.talk org.gnome.Shell | 78 | dbus-user.talk org.gnome.Shell |
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index cb0fae5dc..8b74ed979 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile | |||
@@ -12,8 +12,8 @@ include firefox-common.local | |||
12 | # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins. | 12 | # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins. |
13 | #include firefox-common-addons.profile | 13 | #include firefox-common-addons.profile |
14 | 14 | ||
15 | nodeny ${HOME}/.pki | 15 | noblacklist ${HOME}/.pki |
16 | nodeny ${HOME}/.local/share/pki | 16 | noblacklist ${HOME}/.local/share/pki |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -23,9 +23,9 @@ include disable-programs.inc | |||
23 | 23 | ||
24 | mkdir ${HOME}/.pki | 24 | mkdir ${HOME}/.pki |
25 | mkdir ${HOME}/.local/share/pki | 25 | mkdir ${HOME}/.local/share/pki |
26 | allow ${DOWNLOADS} | 26 | whitelist ${DOWNLOADS} |
27 | allow ${HOME}/.pki | 27 | whitelist ${HOME}/.pki |
28 | allow ${HOME}/.local/share/pki | 28 | whitelist ${HOME}/.local/share/pki |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/firefox-esr.profile b/etc/profile-a-l/firefox-esr.profile index 4fd315fdf..5e69fdb51 100644 --- a/etc/profile-a-l/firefox-esr.profile +++ b/etc/profile-a-l/firefox-esr.profile | |||
@@ -6,7 +6,7 @@ include firefox-esr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | allow /usr/share/firefox-esr | 9 | whitelist /usr/share/firefox-esr |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include firefox.profile | 12 | include firefox.profile |
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile index 93d32d141..ff2a499dc 100644 --- a/etc/profile-a-l/firefox.profile +++ b/etc/profile-a-l/firefox.profile | |||
@@ -14,29 +14,29 @@ include globals.local | |||
14 | # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox | 14 | # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox |
15 | # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968 | 15 | # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968 |
16 | 16 | ||
17 | nodeny ${HOME}/.cache/mozilla | 17 | noblacklist ${HOME}/.cache/mozilla |
18 | nodeny ${HOME}/.mozilla | 18 | noblacklist ${HOME}/.mozilla |
19 | nodeny ${RUNUSER}/*firefox* # location of profiles if profile-sync-daemon is used | 19 | noblacklist ${RUNUSER}/*firefox* |
20 | 20 | ||
21 | deny /usr/libexec | 21 | blacklist /usr/libexec |
22 | 22 | ||
23 | mkdir ${HOME}/.cache/mozilla/firefox | 23 | mkdir ${HOME}/.cache/mozilla/firefox |
24 | mkdir ${HOME}/.mozilla | 24 | mkdir ${HOME}/.mozilla |
25 | allow ${HOME}/.cache/mozilla/firefox | 25 | whitelist ${HOME}/.cache/mozilla/firefox |
26 | allow ${HOME}/.mozilla | 26 | whitelist ${HOME}/.mozilla |
27 | 27 | ||
28 | # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support. | 28 | # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support. |
29 | # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them. | 29 | # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them. |
30 | #whitelist ${RUNUSER}/kpxc_server | 30 | #whitelist ${RUNUSER}/kpxc_server |
31 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | 31 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer |
32 | 32 | ||
33 | allow /usr/share/doc | 33 | whitelist /usr/share/doc |
34 | allow /usr/share/firefox | 34 | whitelist /usr/share/firefox |
35 | allow /usr/share/gnome-shell/search-providers/firefox-search-provider.ini | 35 | whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini |
36 | allow /usr/share/gtk-doc/html | 36 | whitelist /usr/share/gtk-doc/html |
37 | allow /usr/share/mozilla | 37 | whitelist /usr/share/mozilla |
38 | allow /usr/share/webext | 38 | whitelist /usr/share/webext |
39 | allow ${RUNUSER}/*firefox* | 39 | whitelist ${RUNUSER}/*firefox* |
40 | include whitelist-usr-share-common.inc | 40 | include whitelist-usr-share-common.inc |
41 | 41 | ||
42 | # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin. | 42 | # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin. |
diff --git a/etc/profile-a-l/five-or-more.profile b/etc/profile-a-l/five-or-more.profile index bd1becaf0..2c86d3ac7 100644 --- a/etc/profile-a-l/five-or-more.profile +++ b/etc/profile-a-l/five-or-more.profile | |||
@@ -6,12 +6,12 @@ include five-or-more.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/five-or-more | 9 | noblacklist ${HOME}/.local/share/five-or-more |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/five-or-more | 11 | mkdir ${HOME}/.local/share/five-or-more |
12 | allow ${HOME}/.local/share/five-or-more | 12 | whitelist ${HOME}/.local/share/five-or-more |
13 | 13 | ||
14 | allow /usr/share/five-or-more | 14 | whitelist /usr/share/five-or-more |
15 | 15 | ||
16 | private-bin five-or-more | 16 | private-bin five-or-more |
17 | 17 | ||
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile index f16a65536..55af96c84 100644 --- a/etc/profile-a-l/flameshot.profile +++ b/etc/profile-a-l/flameshot.profile | |||
@@ -7,9 +7,9 @@ include flameshot.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${PICTURES} | 10 | noblacklist ${PICTURES} |
11 | nodeny ${HOME}/.config/Dharkael | 11 | noblacklist ${HOME}/.config/Dharkael |
12 | nodeny ${HOME}/.config/flameshot | 12 | noblacklist ${HOME}/.config/flameshot |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -25,7 +25,7 @@ include disable-xdg.inc | |||
25 | #whitelist ${PICTURES} | 25 | #whitelist ${PICTURES} |
26 | #whitelist ${HOME}/.config/Dharkael | 26 | #whitelist ${HOME}/.config/Dharkael |
27 | #whitelist ${HOME}/.config/flameshot | 27 | #whitelist ${HOME}/.config/flameshot |
28 | allow /usr/share/flameshot | 28 | whitelist /usr/share/flameshot |
29 | #include whitelist-common.inc | 29 | #include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/flashpeak-slimjet.profile b/etc/profile-a-l/flashpeak-slimjet.profile index af114e129..310fb378f 100644 --- a/etc/profile-a-l/flashpeak-slimjet.profile +++ b/etc/profile-a-l/flashpeak-slimjet.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/slimjet | 13 | noblacklist ${HOME}/.cache/slimjet |
14 | nodeny ${HOME}/.config/slimjet | 14 | noblacklist ${HOME}/.config/slimjet |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/slimjet | 16 | mkdir ${HOME}/.cache/slimjet |
17 | mkdir ${HOME}/.config/slimjet | 17 | mkdir ${HOME}/.config/slimjet |
18 | allow ${HOME}/.cache/slimjet | 18 | whitelist ${HOME}/.cache/slimjet |
19 | allow ${HOME}/.config/slimjet | 19 | whitelist ${HOME}/.config/slimjet |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/flowblade.profile b/etc/profile-a-l/flowblade.profile index 505763fb9..a4421e3ce 100644 --- a/etc/profile-a-l/flowblade.profile +++ b/etc/profile-a-l/flowblade.profile | |||
@@ -6,8 +6,8 @@ include flowblade.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/flowblade | 9 | noblacklist ${HOME}/.config/flowblade |
10 | nodeny ${HOME}/.flowblade | 10 | noblacklist ${HOME}/.flowblade |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/fluxbox.profile b/etc/profile-a-l/fluxbox.profile index a22c0e103..1210f365c 100644 --- a/etc/profile-a-l/fluxbox.profile +++ b/etc/profile-a-l/fluxbox.profile | |||
@@ -7,7 +7,7 @@ include fluxbox.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in fluxbox will run in this profile | 9 | # all applications started in fluxbox will run in this profile |
10 | nodeny ${HOME}/.fluxbox | 10 | noblacklist ${HOME}/.fluxbox |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile index ff9167c1a..cd0129436 100644 --- a/etc/profile-a-l/font-manager.profile +++ b/etc/profile-a-l/font-manager.profile | |||
@@ -6,8 +6,8 @@ include font-manager.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/font-manager | 9 | noblacklist ${HOME}/.cache/font-manager |
10 | nodeny ${HOME}/.config/font-manager | 10 | noblacklist ${HOME}/.config/font-manager |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -24,9 +24,9 @@ include disable-xdg.inc | |||
24 | 24 | ||
25 | mkdir ${HOME}/.cache/font-manager | 25 | mkdir ${HOME}/.cache/font-manager |
26 | mkdir ${HOME}/.config/font-manager | 26 | mkdir ${HOME}/.config/font-manager |
27 | allow ${HOME}/.cache/font-manager | 27 | whitelist ${HOME}/.cache/font-manager |
28 | allow ${HOME}/.config/font-manager | 28 | whitelist ${HOME}/.config/font-manager |
29 | allow /usr/share/font-manager | 29 | whitelist /usr/share/font-manager |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
32 | include whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/fontforge.profile b/etc/profile-a-l/fontforge.profile index 64c7655e2..bd1495877 100644 --- a/etc/profile-a-l/fontforge.profile +++ b/etc/profile-a-l/fontforge.profile | |||
@@ -6,8 +6,8 @@ include fontforge.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.FontForge | 9 | noblacklist ${HOME}/.FontForge |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/fossamail.profile b/etc/profile-a-l/fossamail.profile index 5e5a12794..2d700d336 100644 --- a/etc/profile-a-l/fossamail.profile +++ b/etc/profile-a-l/fossamail.profile | |||
@@ -6,16 +6,16 @@ include fossamail.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/fossamail | 9 | noblacklist ${HOME}/.cache/fossamail |
10 | nodeny ${HOME}/.fossamail | 10 | noblacklist ${HOME}/.fossamail |
11 | nodeny ${HOME}/.gnupg | 11 | noblacklist ${HOME}/.gnupg |
12 | 12 | ||
13 | mkdir ${HOME}/.cache/fossamail | 13 | mkdir ${HOME}/.cache/fossamail |
14 | mkdir ${HOME}/.fossamail | 14 | mkdir ${HOME}/.fossamail |
15 | mkdir ${HOME}/.gnupg | 15 | mkdir ${HOME}/.gnupg |
16 | allow ${HOME}/.cache/fossamail | 16 | whitelist ${HOME}/.cache/fossamail |
17 | allow ${HOME}/.fossamail | 17 | whitelist ${HOME}/.fossamail |
18 | allow ${HOME}/.gnupg | 18 | whitelist ${HOME}/.gnupg |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | # allow browsers | 21 | # allow browsers |
diff --git a/etc/profile-a-l/four-in-a-row.profile b/etc/profile-a-l/four-in-a-row.profile index 97fd4a626..eb0c43ca5 100644 --- a/etc/profile-a-l/four-in-a-row.profile +++ b/etc/profile-a-l/four-in-a-row.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | allow /usr/share/four-in-a-row | 12 | whitelist /usr/share/four-in-a-row |
13 | 13 | ||
14 | private-bin four-in-a-row | 14 | private-bin four-in-a-row |
15 | 15 | ||
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile index 8edc9b02d..1b1d031b4 100644 --- a/etc/profile-a-l/fractal.profile +++ b/etc/profile-a-l/fractal.profile | |||
@@ -6,7 +6,7 @@ include fractal.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/fractal | 9 | noblacklist ${HOME}/.cache/fractal |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,8 +22,8 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.cache/fractal | 24 | mkdir ${HOME}/.cache/fractal |
25 | allow ${HOME}/.cache/fractal | 25 | whitelist ${HOME}/.cache/fractal |
26 | allow ${DOWNLOADS} | 26 | whitelist ${DOWNLOADS} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/franz.profile b/etc/profile-a-l/franz.profile index 1a8ec8f99..9b780a572 100644 --- a/etc/profile-a-l/franz.profile +++ b/etc/profile-a-l/franz.profile | |||
@@ -7,10 +7,10 @@ include globals.local | |||
7 | 7 | ||
8 | ignore noexec /tmp | 8 | ignore noexec /tmp |
9 | 9 | ||
10 | nodeny ${HOME}/.cache/Franz | 10 | noblacklist ${HOME}/.cache/Franz |
11 | nodeny ${HOME}/.config/Franz | 11 | noblacklist ${HOME}/.config/Franz |
12 | nodeny ${HOME}/.pki | 12 | noblacklist ${HOME}/.pki |
13 | nodeny ${HOME}/.local/share/pki | 13 | noblacklist ${HOME}/.local/share/pki |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Franz | |||
22 | mkdir ${HOME}/.config/Franz | 22 | mkdir ${HOME}/.config/Franz |
23 | mkdir ${HOME}/.pki | 23 | mkdir ${HOME}/.pki |
24 | mkdir ${HOME}/.local/share/pki | 24 | mkdir ${HOME}/.local/share/pki |
25 | allow ${DOWNLOADS} | 25 | whitelist ${DOWNLOADS} |
26 | allow ${HOME}/.cache/Franz | 26 | whitelist ${HOME}/.cache/Franz |
27 | allow ${HOME}/.config/Franz | 27 | whitelist ${HOME}/.config/Franz |
28 | allow ${HOME}/.pki | 28 | whitelist ${HOME}/.pki |
29 | allow ${HOME}/.local/share/pki | 29 | whitelist ${HOME}/.local/share/pki |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | 31 | ||
32 | caps.drop all | 32 | caps.drop all |
diff --git a/etc/profile-a-l/freecad.profile b/etc/profile-a-l/freecad.profile index a45ad4c7a..8043d0530 100644 --- a/etc/profile-a-l/freecad.profile +++ b/etc/profile-a-l/freecad.profile | |||
@@ -6,8 +6,8 @@ include freecad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/FreeCAD | 9 | noblacklist ${HOME}/.config/FreeCAD |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/freeciv.profile b/etc/profile-a-l/freeciv.profile index 20abd4056..23c19682c 100644 --- a/etc/profile-a-l/freeciv.profile +++ b/etc/profile-a-l/freeciv.profile | |||
@@ -6,7 +6,7 @@ include freeciv.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.freeciv | 9 | noblacklist ${HOME}/.freeciv |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.freeciv | 19 | mkdir ${HOME}/.freeciv |
20 | allow ${HOME}/.freeciv | 20 | whitelist ${HOME}/.freeciv |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-a-l/freecol.profile b/etc/profile-a-l/freecol.profile index 79ccf4101..93fa7da03 100644 --- a/etc/profile-a-l/freecol.profile +++ b/etc/profile-a-l/freecol.profile | |||
@@ -6,10 +6,10 @@ include freecol.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.freecol | 9 | noblacklist ${HOME}/.freecol |
10 | nodeny ${HOME}/.cache/freecol | 10 | noblacklist ${HOME}/.cache/freecol |
11 | nodeny ${HOME}/.config/freecol | 11 | noblacklist ${HOME}/.config/freecol |
12 | nodeny ${HOME}/.local/share/freecol | 12 | noblacklist ${HOME}/.local/share/freecol |
13 | 13 | ||
14 | # Allow java (blacklisted by disable-devel.inc) | 14 | # Allow java (blacklisted by disable-devel.inc) |
15 | include allow-java.inc | 15 | include allow-java.inc |
@@ -26,11 +26,11 @@ mkdir ${HOME}/.java | |||
26 | mkdir ${HOME}/.cache/freecol | 26 | mkdir ${HOME}/.cache/freecol |
27 | mkdir ${HOME}/.config/freecol | 27 | mkdir ${HOME}/.config/freecol |
28 | mkdir ${HOME}/.local/share/freecol | 28 | mkdir ${HOME}/.local/share/freecol |
29 | allow ${HOME}/.freecol | 29 | whitelist ${HOME}/.freecol |
30 | allow ${HOME}/.java | 30 | whitelist ${HOME}/.java |
31 | allow ${HOME}/.cache/freecol | 31 | whitelist ${HOME}/.cache/freecol |
32 | allow ${HOME}/.config/freecol | 32 | whitelist ${HOME}/.config/freecol |
33 | allow ${HOME}/.local/share/freecol | 33 | whitelist ${HOME}/.local/share/freecol |
34 | include whitelist-common.inc | 34 | include whitelist-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
36 | 36 | ||
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile index ba52dd208..699177039 100644 --- a/etc/profile-a-l/freemind.profile +++ b/etc/profile-a-l/freemind.profile | |||
@@ -6,8 +6,8 @@ include freemind.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | nodeny ${HOME}/.freemind | 10 | noblacklist ${HOME}/.freemind |
11 | 11 | ||
12 | # Allow java (blacklisted by disable-devel.inc) | 12 | # Allow java (blacklisted by disable-devel.inc) |
13 | include allow-java.inc | 13 | include allow-java.inc |
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile index 4c321322c..e6aff533d 100644 --- a/etc/profile-a-l/freetube.profile +++ b/etc/profile-a-l/freetube.profile | |||
@@ -6,12 +6,12 @@ include freetube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/FreeTube | 9 | noblacklist ${HOME}/.config/FreeTube |
10 | 10 | ||
11 | include disable-shell.inc | 11 | include disable-shell.inc |
12 | 12 | ||
13 | mkdir ${HOME}/.config/FreeTube | 13 | mkdir ${HOME}/.config/FreeTube |
14 | allow ${HOME}/.config/FreeTube | 14 | whitelist ${HOME}/.config/FreeTube |
15 | 15 | ||
16 | private-bin freetube | 16 | private-bin freetube |
17 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg | 17 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg |
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile index 3a6dfcfd6..b4ad81046 100644 --- a/etc/profile-a-l/frogatto.profile +++ b/etc/profile-a-l/frogatto.profile | |||
@@ -6,7 +6,7 @@ include frogatto.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.frogatto | 9 | noblacklist ${HOME}/.frogatto |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.frogatto | 19 | mkdir ${HOME}/.frogatto |
20 | allow ${HOME}/.frogatto | 20 | whitelist ${HOME}/.frogatto |
21 | allow /usr/libexec/frogatto | 21 | whitelist /usr/libexec/frogatto |
22 | allow /usr/share/frogatto | 22 | whitelist /usr/share/frogatto |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile index 12eca8eb0..76352e41e 100644 --- a/etc/profile-a-l/frozen-bubble.profile +++ b/etc/profile-a-l/frozen-bubble.profile | |||
@@ -6,7 +6,7 @@ include frozen-bubble.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.frozen-bubble | 9 | noblacklist ${HOME}/.frozen-bubble |
10 | 10 | ||
11 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
12 | include allow-perl.inc | 12 | include allow-perl.inc |
@@ -20,7 +20,7 @@ include disable-programs.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.frozen-bubble | 22 | mkdir ${HOME}/.frozen-bubble |
23 | allow ${HOME}/.frozen-bubble | 23 | whitelist ${HOME}/.frozen-bubble |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile index 07030df4b..8852925b1 100644 --- a/etc/profile-a-l/funnyboat.profile +++ b/etc/profile-a-l/funnyboat.profile | |||
@@ -5,7 +5,7 @@ include funnyboat.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.funnyboat | 8 | noblacklist ${HOME}/.funnyboat |
9 | 9 | ||
10 | ignore noexec /dev/shm | 10 | ignore noexec /dev/shm |
11 | include allow-python2.inc | 11 | include allow-python2.inc |
@@ -21,12 +21,12 @@ include disable-programs.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.funnyboat | 23 | mkdir ${HOME}/.funnyboat |
24 | allow ${HOME}/.funnyboat | 24 | whitelist ${HOME}/.funnyboat |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | allow /usr/share/funnyboat | 27 | whitelist /usr/share/funnyboat |
28 | # Debian: | 28 | # Debian: |
29 | allow /usr/share/games/funnyboat | 29 | whitelist /usr/share/games/funnyboat |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile index 4cd2cb1e6..ed3f0357d 100644 --- a/etc/profile-a-l/gajim.profile +++ b/etc/profile-a-l/gajim.profile | |||
@@ -6,10 +6,10 @@ include gajim.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.gnupg | 9 | noblacklist ${HOME}/.gnupg |
10 | nodeny ${HOME}/.cache/gajim | 10 | noblacklist ${HOME}/.cache/gajim |
11 | nodeny ${HOME}/.config/gajim | 11 | noblacklist ${HOME}/.config/gajim |
12 | nodeny ${HOME}/.local/share/gajim | 12 | noblacklist ${HOME}/.local/share/gajim |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | #include allow-python2.inc | 15 | #include allow-python2.inc |
@@ -28,14 +28,14 @@ mkdir ${HOME}/.gnupg | |||
28 | mkdir ${HOME}/.cache/gajim | 28 | mkdir ${HOME}/.cache/gajim |
29 | mkdir ${HOME}/.config/gajim | 29 | mkdir ${HOME}/.config/gajim |
30 | mkdir ${HOME}/.local/share/gajim | 30 | mkdir ${HOME}/.local/share/gajim |
31 | allow ${HOME}/.gnupg | 31 | whitelist ${HOME}/.gnupg |
32 | allow ${HOME}/.cache/gajim | 32 | whitelist ${HOME}/.cache/gajim |
33 | allow ${HOME}/.config/gajim | 33 | whitelist ${HOME}/.config/gajim |
34 | allow ${HOME}/.local/share/gajim | 34 | whitelist ${HOME}/.local/share/gajim |
35 | allow ${DOWNLOADS} | 35 | whitelist ${DOWNLOADS} |
36 | allow ${RUNUSER}/gnupg | 36 | whitelist ${RUNUSER}/gnupg |
37 | allow /usr/share/gnupg | 37 | whitelist /usr/share/gnupg |
38 | allow /usr/share/gnupg2 | 38 | whitelist /usr/share/gnupg2 |
39 | include whitelist-common.inc | 39 | include whitelist-common.inc |
40 | include whitelist-runuser-common.inc | 40 | include whitelist-runuser-common.inc |
41 | include whitelist-usr-share-common.inc | 41 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile index 0b1b595a6..550b3808b 100644 --- a/etc/profile-a-l/galculator.profile +++ b/etc/profile-a-l/galculator.profile | |||
@@ -6,7 +6,7 @@ include galculator.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/galculator | 9 | noblacklist ${HOME}/.config/galculator |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/galculator | 20 | mkdir ${HOME}/.config/galculator |
21 | allow ${HOME}/.config/galculator | 21 | whitelist ${HOME}/.config/galculator |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile index 00b830234..3a8c055f2 100644 --- a/etc/profile-a-l/gapplication.profile +++ b/etc/profile-a-l/gapplication.profile | |||
@@ -6,8 +6,8 @@ include gapplication.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | deny /usr/libexec | 10 | blacklist /usr/libexec |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile index 896a100fc..388f4c0df 100644 --- a/etc/profile-a-l/gcloud.profile +++ b/etc/profile-a-l/gcloud.profile | |||
@@ -8,9 +8,9 @@ include globals.local | |||
8 | # noexec ${HOME} will break user-local installs of gcloud tooling | 8 | # noexec ${HOME} will break user-local installs of gcloud tooling |
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | nodeny ${HOME}/.boto | 11 | noblacklist ${HOME}/.boto |
12 | nodeny ${HOME}/.config/gcloud | 12 | noblacklist ${HOME}/.config/gcloud |
13 | nodeny /var/run/docker.sock | 13 | noblacklist /var/run/docker.sock |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gconf-editor.profile b/etc/profile-a-l/gconf-editor.profile index 8f72f0b34..cb39174e5 100644 --- a/etc/profile-a-l/gconf-editor.profile +++ b/etc/profile-a-l/gconf-editor.profile | |||
@@ -7,9 +7,9 @@ include gconf-editor.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | 11 | ||
12 | allow /usr/share/gconf-editor | 12 | whitelist /usr/share/gconf-editor |
13 | 13 | ||
14 | ignore x11 none | 14 | ignore x11 none |
15 | 15 | ||
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile index 8c7013574..fec1a555a 100644 --- a/etc/profile-a-l/gconf.profile +++ b/etc/profile-a-l/gconf.profile | |||
@@ -6,9 +6,9 @@ include gconf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | nodeny ${HOME}/.config/gconf | 11 | noblacklist ${HOME}/.config/gconf |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -23,9 +23,9 @@ include disable-programs.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.config/gconf | 25 | mkdir ${HOME}/.config/gconf |
26 | allow ${HOME}/.config/gconf | 26 | whitelist ${HOME}/.config/gconf |
27 | allow /usr/share/GConf | 27 | whitelist /usr/share/GConf |
28 | allow /usr/share/gconf | 28 | whitelist /usr/share/gconf |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/geany.profile b/etc/profile-a-l/geany.profile index 706a85c75..6fdb9b37a 100644 --- a/etc/profile-a-l/geany.profile +++ b/etc/profile-a-l/geany.profile | |||
@@ -6,7 +6,7 @@ include geany.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/geany | 9 | noblacklist ${HOME}/.config/geany |
10 | 10 | ||
11 | # Allows files commonly used by IDEs | 11 | # Allows files commonly used by IDEs |
12 | include allow-common-devel.inc | 12 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index 512fc1e59..74e135a7c 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile | |||
@@ -6,14 +6,14 @@ include geary.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/evolution | 9 | noblacklist ${HOME}/.cache/evolution |
10 | nodeny ${HOME}/.cache/folks | 10 | noblacklist ${HOME}/.cache/folks |
11 | nodeny ${HOME}/.cache/geary | 11 | noblacklist ${HOME}/.cache/geary |
12 | nodeny ${HOME}/.config/evolution | 12 | noblacklist ${HOME}/.config/evolution |
13 | nodeny ${HOME}/.config/geary | 13 | noblacklist ${HOME}/.config/geary |
14 | nodeny ${HOME}/.local/share/evolution | 14 | noblacklist ${HOME}/.local/share/evolution |
15 | nodeny ${HOME}/.local/share/geary | 15 | noblacklist ${HOME}/.local/share/geary |
16 | nodeny ${HOME}/.mozilla | 16 | noblacklist ${HOME}/.mozilla |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -31,16 +31,16 @@ mkdir ${HOME}/.config/evolution | |||
31 | mkdir ${HOME}/.config/geary | 31 | mkdir ${HOME}/.config/geary |
32 | mkdir ${HOME}/.local/share/evolution | 32 | mkdir ${HOME}/.local/share/evolution |
33 | mkdir ${HOME}/.local/share/geary | 33 | mkdir ${HOME}/.local/share/geary |
34 | allow ${DOWNLOADS} | 34 | whitelist ${DOWNLOADS} |
35 | allow ${HOME}/.cache/evolution | 35 | whitelist ${HOME}/.cache/evolution |
36 | allow ${HOME}/.cache/folks | 36 | whitelist ${HOME}/.cache/folks |
37 | allow ${HOME}/.cache/geary | 37 | whitelist ${HOME}/.cache/geary |
38 | allow ${HOME}/.config/evolution | 38 | whitelist ${HOME}/.config/evolution |
39 | allow ${HOME}/.config/geary | 39 | whitelist ${HOME}/.config/geary |
40 | allow ${HOME}/.local/share/evolution | 40 | whitelist ${HOME}/.local/share/evolution |
41 | allow ${HOME}/.local/share/geary | 41 | whitelist ${HOME}/.local/share/geary |
42 | allow ${HOME}/.mozilla/firefox/profiles.ini | 42 | whitelist ${HOME}/.mozilla/firefox/profiles.ini |
43 | allow /usr/share/geary | 43 | whitelist /usr/share/geary |
44 | include whitelist-common.inc | 44 | include whitelist-common.inc |
45 | include whitelist-runuser-common.inc | 45 | include whitelist-runuser-common.inc |
46 | include whitelist-usr-share-common.inc | 46 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gedit.profile b/etc/profile-a-l/gedit.profile index f11540374..108b7041d 100644 --- a/etc/profile-a-l/gedit.profile +++ b/etc/profile-a-l/gedit.profile | |||
@@ -6,8 +6,8 @@ include gedit.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/enchant | 9 | noblacklist ${HOME}/.config/enchant |
10 | nodeny ${HOME}/.config/gedit | 10 | noblacklist ${HOME}/.config/gedit |
11 | 11 | ||
12 | # Allows files commonly used by IDEs | 12 | # Allows files commonly used by IDEs |
13 | include allow-common-devel.inc | 13 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/geeqie.profile b/etc/profile-a-l/geeqie.profile index 8ec3bbaf9..dd33b3fb5 100644 --- a/etc/profile-a-l/geeqie.profile +++ b/etc/profile-a-l/geeqie.profile | |||
@@ -6,9 +6,9 @@ include geeqie.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/geeqie | 9 | noblacklist ${HOME}/.cache/geeqie |
10 | nodeny ${HOME}/.config/geeqie | 10 | noblacklist ${HOME}/.config/geeqie |
11 | nodeny ${HOME}/.local/share/geeqie | 11 | noblacklist ${HOME}/.local/share/geeqie |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile index 1661da639..f894a42ca 100644 --- a/etc/profile-a-l/gfeeds.profile +++ b/etc/profile-a-l/gfeeds.profile | |||
@@ -6,10 +6,10 @@ include gfeeds.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/gfeeds | 9 | noblacklist ${HOME}/.cache/gfeeds |
10 | nodeny ${HOME}/.cache/org.gabmus.gfeeds | 10 | noblacklist ${HOME}/.cache/org.gabmus.gfeeds |
11 | nodeny ${HOME}/.config/org.gabmus.gfeeds.json | 11 | noblacklist ${HOME}/.config/org.gabmus.gfeeds.json |
12 | nodeny ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 12 | noblacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python3.inc | 15 | include allow-python3.inc |
@@ -27,12 +27,12 @@ mkdir ${HOME}/.cache/gfeeds | |||
27 | mkdir ${HOME}/.cache/org.gabmus.gfeeds | 27 | mkdir ${HOME}/.cache/org.gabmus.gfeeds |
28 | mkfile ${HOME}/.config/org.gabmus.gfeeds.json | 28 | mkfile ${HOME}/.config/org.gabmus.gfeeds.json |
29 | mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 29 | mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
30 | allow ${HOME}/.cache/gfeeds | 30 | whitelist ${HOME}/.cache/gfeeds |
31 | allow ${HOME}/.cache/org.gabmus.gfeeds | 31 | whitelist ${HOME}/.cache/org.gabmus.gfeeds |
32 | allow ${HOME}/.config/org.gabmus.gfeeds.json | 32 | whitelist ${HOME}/.config/org.gabmus.gfeeds.json |
33 | allow ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 33 | whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
34 | allow /usr/libexec/webkit2gtk-4.0 | 34 | whitelist /usr/libexec/webkit2gtk-4.0 |
35 | allow /usr/share/gfeeds | 35 | whitelist /usr/share/gfeeds |
36 | include whitelist-common.inc | 36 | include whitelist-common.inc |
37 | include whitelist-runuser-common.inc | 37 | include whitelist-runuser-common.inc |
38 | include whitelist-usr-share-common.inc | 38 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile index 06929dbe3..d9c5a0d9a 100644 --- a/etc/profile-a-l/gget.profile +++ b/etc/profile-a-l/gget.profile | |||
@@ -7,8 +7,8 @@ include gget.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER} | 11 | blacklist ${RUNUSER} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile index 0577fe24f..276ab76df 100644 --- a/etc/profile-a-l/ghostwriter.profile +++ b/etc/profile-a-l/ghostwriter.profile | |||
@@ -6,10 +6,10 @@ include ghostwriter.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/ghostwriter | 9 | noblacklist ${HOME}/.config/ghostwriter |
10 | nodeny ${HOME}/.local/share/ghostwriter | 10 | noblacklist ${HOME}/.local/share/ghostwriter |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | nodeny ${PICTURES} | 12 | noblacklist ${PICTURES} |
13 | 13 | ||
14 | include allow-lua.inc | 14 | include allow-lua.inc |
15 | 15 | ||
@@ -22,10 +22,10 @@ include disable-programs.inc | |||
22 | include disable-shell.inc | 22 | include disable-shell.inc |
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | allow /usr/share/ghostwriter | 25 | whitelist /usr/share/ghostwriter |
26 | allow /usr/share/mozilla-dicts | 26 | whitelist /usr/share/mozilla-dicts |
27 | allow /usr/share/texlive | 27 | whitelist /usr/share/texlive |
28 | allow /usr/share/pandoc* | 28 | whitelist /usr/share/pandoc* |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index de9db8d0f..dfc1304d1 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile | |||
@@ -18,13 +18,13 @@ include globals.local | |||
18 | # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local. | 18 | # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local. |
19 | ignore noexec ${HOME} | 19 | ignore noexec ${HOME} |
20 | 20 | ||
21 | nodeny ${HOME}/.cache/babl | 21 | noblacklist ${HOME}/.cache/babl |
22 | nodeny ${HOME}/.cache/gegl-0.4 | 22 | noblacklist ${HOME}/.cache/gegl-0.4 |
23 | nodeny ${HOME}/.cache/gimp | 23 | noblacklist ${HOME}/.cache/gimp |
24 | nodeny ${HOME}/.config/GIMP | 24 | noblacklist ${HOME}/.config/GIMP |
25 | nodeny ${HOME}/.gimp* | 25 | noblacklist ${HOME}/.gimp* |
26 | nodeny ${DOCUMENTS} | 26 | noblacklist ${DOCUMENTS} |
27 | nodeny ${PICTURES} | 27 | noblacklist ${PICTURES} |
28 | 28 | ||
29 | include disable-common.inc | 29 | include disable-common.inc |
30 | include disable-exec.inc | 30 | include disable-exec.inc |
@@ -33,10 +33,10 @@ include disable-passwdmgr.inc | |||
33 | include disable-programs.inc | 33 | include disable-programs.inc |
34 | include disable-xdg.inc | 34 | include disable-xdg.inc |
35 | 35 | ||
36 | allow /usr/share/gegl-0.4 | 36 | whitelist /usr/share/gegl-0.4 |
37 | allow /usr/share/gimp | 37 | whitelist /usr/share/gimp |
38 | allow /usr/share/mypaint-data | 38 | whitelist /usr/share/mypaint-data |
39 | allow /usr/share/lensfun | 39 | whitelist /usr/share/lensfun |
40 | include whitelist-usr-share-common.inc | 40 | include whitelist-usr-share-common.inc |
41 | include whitelist-var-common.inc | 41 | include whitelist-var-common.inc |
42 | 42 | ||
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile index e601d3ab0..661c3a375 100644 --- a/etc/profile-a-l/gist.profile +++ b/etc/profile-a-l/gist.profile | |||
@@ -7,10 +7,10 @@ include gist.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER}/wayland-* | 11 | blacklist ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | nodeny ${HOME}/.gist | 13 | noblacklist ${HOME}/.gist |
14 | 14 | ||
15 | # Allow ruby (blacklisted by disable-interpreters.inc) | 15 | # Allow ruby (blacklisted by disable-interpreters.inc) |
16 | include allow-ruby.inc | 16 | include allow-ruby.inc |
@@ -24,8 +24,8 @@ include disable-programs.inc | |||
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | mkdir ${HOME}/.gist | 26 | mkdir ${HOME}/.gist |
27 | allow ${HOME}/.gist | 27 | whitelist ${HOME}/.gist |
28 | allow ${DOWNLOADS} | 28 | whitelist ${DOWNLOADS} |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index 74b7506cf..5e4249376 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile | |||
@@ -8,12 +8,12 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | nodeny ${HOME}/.gitconfig | 11 | noblacklist ${HOME}/.gitconfig |
12 | nodeny ${HOME}/.git-credentials | 12 | noblacklist ${HOME}/.git-credentials |
13 | nodeny ${HOME}/.gnupg | 13 | noblacklist ${HOME}/.gnupg |
14 | nodeny ${HOME}/.subversion | 14 | noblacklist ${HOME}/.subversion |
15 | nodeny ${HOME}/.config/git | 15 | noblacklist ${HOME}/.config/git |
16 | nodeny ${HOME}/.config/git-cola | 16 | noblacklist ${HOME}/.config/git-cola |
17 | # Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings. | 17 | # Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings. |
18 | #noblacklist ${HOME}/ | 18 | #noblacklist ${HOME}/ |
19 | 19 | ||
@@ -32,17 +32,17 @@ include disable-passwdmgr.inc | |||
32 | include disable-programs.inc | 32 | include disable-programs.inc |
33 | include disable-xdg.inc | 33 | include disable-xdg.inc |
34 | 34 | ||
35 | allow ${RUNUSER}/gnupg | 35 | whitelist ${RUNUSER}/gnupg |
36 | allow ${RUNUSER}/keyring | 36 | whitelist ${RUNUSER}/keyring |
37 | # Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer. | 37 | # Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer. |
38 | allow /usr/share/git | 38 | whitelist /usr/share/git |
39 | allow /usr/share/git-cola | 39 | whitelist /usr/share/git-cola |
40 | allow /usr/share/git-core | 40 | whitelist /usr/share/git-core |
41 | allow /usr/share/git-gui | 41 | whitelist /usr/share/git-gui |
42 | allow /usr/share/gitk | 42 | whitelist /usr/share/gitk |
43 | allow /usr/share/gitweb | 43 | whitelist /usr/share/gitweb |
44 | allow /usr/share/gnupg | 44 | whitelist /usr/share/gnupg |
45 | allow /usr/share/gnupg2 | 45 | whitelist /usr/share/gnupg2 |
46 | include whitelist-runuser-common.inc | 46 | include whitelist-runuser-common.inc |
47 | include whitelist-usr-share-common.inc | 47 | include whitelist-usr-share-common.inc |
48 | include whitelist-var-common.inc | 48 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile index 680e91085..bfa0081c6 100644 --- a/etc/profile-a-l/git.profile +++ b/etc/profile-a-l/git.profile | |||
@@ -7,33 +7,33 @@ include git.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.config/git | 10 | noblacklist ${HOME}/.config/git |
11 | nodeny ${HOME}/.config/nano | 11 | noblacklist ${HOME}/.config/nano |
12 | nodeny ${HOME}/.emacs | 12 | noblacklist ${HOME}/.emacs |
13 | nodeny ${HOME}/.emacs.d | 13 | noblacklist ${HOME}/.emacs.d |
14 | nodeny ${HOME}/.gitconfig | 14 | noblacklist ${HOME}/.gitconfig |
15 | nodeny ${HOME}/.git-credentials | 15 | noblacklist ${HOME}/.git-credentials |
16 | nodeny ${HOME}/.gnupg | 16 | noblacklist ${HOME}/.gnupg |
17 | nodeny ${HOME}/.nanorc | 17 | noblacklist ${HOME}/.nanorc |
18 | nodeny ${HOME}/.vim | 18 | noblacklist ${HOME}/.vim |
19 | nodeny ${HOME}/.viminfo | 19 | noblacklist ${HOME}/.viminfo |
20 | 20 | ||
21 | # Allow ssh (blacklisted by disable-common.inc) | 21 | # Allow ssh (blacklisted by disable-common.inc) |
22 | include allow-ssh.inc | 22 | include allow-ssh.inc |
23 | 23 | ||
24 | deny /tmp/.X11-unix | 24 | blacklist /tmp/.X11-unix |
25 | deny ${RUNUSER}/wayland-* | 25 | blacklist ${RUNUSER}/wayland-* |
26 | 26 | ||
27 | include disable-common.inc | 27 | include disable-common.inc |
28 | include disable-exec.inc | 28 | include disable-exec.inc |
29 | include disable-passwdmgr.inc | 29 | include disable-passwdmgr.inc |
30 | include disable-programs.inc | 30 | include disable-programs.inc |
31 | 31 | ||
32 | allow /usr/share/git | 32 | whitelist /usr/share/git |
33 | allow /usr/share/git-core | 33 | whitelist /usr/share/git-core |
34 | allow /usr/share/gitgui | 34 | whitelist /usr/share/gitgui |
35 | allow /usr/share/gitweb | 35 | whitelist /usr/share/gitweb |
36 | allow /usr/share/nano | 36 | whitelist /usr/share/nano |
37 | include whitelist-usr-share-common.inc | 37 | include whitelist-usr-share-common.inc |
38 | include whitelist-var-common.inc | 38 | include whitelist-var-common.inc |
39 | 39 | ||
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile index d313b5022..05d7dffa9 100644 --- a/etc/profile-a-l/gitg.profile +++ b/etc/profile-a-l/gitg.profile | |||
@@ -6,10 +6,10 @@ include gitg.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/git | 9 | noblacklist ${HOME}/.config/git |
10 | nodeny ${HOME}/.gitconfig | 10 | noblacklist ${HOME}/.gitconfig |
11 | nodeny ${HOME}/.git-credentials | 11 | noblacklist ${HOME}/.git-credentials |
12 | nodeny ${HOME}/.local/share/gitg | 12 | noblacklist ${HOME}/.local/share/gitg |
13 | 13 | ||
14 | # Allow ssh (blacklisted by disable-common.inc) | 14 | # Allow ssh (blacklisted by disable-common.inc) |
15 | include allow-ssh.inc | 15 | include allow-ssh.inc |
@@ -29,7 +29,7 @@ include disable-programs.inc | |||
29 | #whitelist ${HOME}/.ssh | 29 | #whitelist ${HOME}/.ssh |
30 | #include whitelist-common.inc | 30 | #include whitelist-common.inc |
31 | 31 | ||
32 | allow /usr/share/gitg | 32 | whitelist /usr/share/gitg |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/github-desktop.profile b/etc/profile-a-l/github-desktop.profile index 81b534a74..325c54ced 100644 --- a/etc/profile-a-l/github-desktop.profile +++ b/etc/profile-a-l/github-desktop.profile | |||
@@ -22,10 +22,10 @@ ignore apparmor | |||
22 | ignore dbus-user none | 22 | ignore dbus-user none |
23 | ignore dbus-system none | 23 | ignore dbus-system none |
24 | 24 | ||
25 | nodeny ${HOME}/.config/GitHub Desktop | 25 | noblacklist ${HOME}/.config/GitHub Desktop |
26 | nodeny ${HOME}/.config/git | 26 | noblacklist ${HOME}/.config/git |
27 | nodeny ${HOME}/.gitconfig | 27 | noblacklist ${HOME}/.gitconfig |
28 | nodeny ${HOME}/.git-credentials | 28 | noblacklist ${HOME}/.git-credentials |
29 | 29 | ||
30 | # no3d | 30 | # no3d |
31 | nosound | 31 | nosound |
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile index 2d1694ef7..460e2b990 100644 --- a/etc/profile-a-l/gitter.profile +++ b/etc/profile-a-l/gitter.profile | |||
@@ -5,8 +5,8 @@ include gitter.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/autostart | 8 | noblacklist ${HOME}/.config/autostart |
9 | nodeny ${HOME}/.config/Gitter | 9 | noblacklist ${HOME}/.config/Gitter |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/Gitter | 18 | mkdir ${HOME}/.config/Gitter |
19 | allow ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | allow ${HOME}/.config/autostart | 20 | whitelist ${HOME}/.config/autostart |
21 | allow ${HOME}/.config/Gitter | 21 | whitelist ${HOME}/.config/Gitter |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-a-l/gjs.profile b/etc/profile-a-l/gjs.profile index e00bb1dbf..ed68b3c2d 100644 --- a/etc/profile-a-l/gjs.profile +++ b/etc/profile-a-l/gjs.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | nodeny ${HOME}/.cache/libgweather | 11 | noblacklist ${HOME}/.cache/libgweather |
12 | nodeny ${HOME}/.cache/org.gnome.Books | 12 | noblacklist ${HOME}/.cache/org.gnome.Books |
13 | nodeny ${HOME}/.config/libreoffice | 13 | noblacklist ${HOME}/.config/libreoffice |
14 | nodeny ${HOME}/.local/share/gnome-photos | 14 | noblacklist ${HOME}/.local/share/gnome-photos |
15 | 15 | ||
16 | # Allow gjs (blacklisted by disable-interpreters.inc) | 16 | # Allow gjs (blacklisted by disable-interpreters.inc) |
17 | include allow-gjs.inc | 17 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile index a3236c2be..c8cefc67e 100644 --- a/etc/profile-a-l/gl-117.profile +++ b/etc/profile-a-l/gl-117.profile | |||
@@ -6,7 +6,7 @@ include gl-117.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.gl-117 | 9 | noblacklist ${HOME}/.gl-117 |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.gl-117 | 20 | mkdir ${HOME}/.gl-117 |
21 | allow ${HOME}/.gl-117 | 21 | whitelist ${HOME}/.gl-117 |
22 | allow /usr/share/gl-117 | 22 | whitelist /usr/share/gl-117 |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile index ec894a5f3..ee7af0546 100644 --- a/etc/profile-a-l/glaxium.profile +++ b/etc/profile-a-l/glaxium.profile | |||
@@ -6,7 +6,7 @@ include glaxium.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.glaxiumrc | 9 | noblacklist ${HOME}/.glaxiumrc |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/.glaxiumrc | 20 | mkfile ${HOME}/.glaxiumrc |
21 | allow ${HOME}/.glaxiumrc | 21 | whitelist ${HOME}/.glaxiumrc |
22 | allow /usr/share/glaxium | 22 | whitelist /usr/share/glaxium |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/globaltime.profile b/etc/profile-a-l/globaltime.profile index e091b811f..14b3ef811 100644 --- a/etc/profile-a-l/globaltime.profile +++ b/etc/profile-a-l/globaltime.profile | |||
@@ -5,7 +5,7 @@ include globaltime.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/globaltime | 8 | noblacklist ${HOME}/.config/globaltime |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile index 79397d28f..b3aad8b2c 100644 --- a/etc/profile-a-l/gmpc.profile +++ b/etc/profile-a-l/gmpc.profile | |||
@@ -6,8 +6,8 @@ include gmpc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/gmpc | 9 | noblacklist ${HOME}/.config/gmpc |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-programs.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/gmpc | 20 | mkdir ${HOME}/.config/gmpc |
21 | allow ${HOME}/.config/gmpc | 21 | whitelist ${HOME}/.config/gmpc |
22 | allow ${MUSIC} | 22 | whitelist ${MUSIC} |
23 | allow /usr/share/gmpc | 23 | whitelist /usr/share/gmpc |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-2048.profile b/etc/profile-a-l/gnome-2048.profile index c723f6e46..777c81dbe 100644 --- a/etc/profile-a-l/gnome-2048.profile +++ b/etc/profile-a-l/gnome-2048.profile | |||
@@ -6,10 +6,10 @@ include gnome-2048.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/gnome-2048 | 9 | noblacklist ${HOME}/.local/share/gnome-2048 |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-2048 | 11 | mkdir ${HOME}/.local/share/gnome-2048 |
12 | allow ${HOME}/.local/share/gnome-2048 | 12 | whitelist ${HOME}/.local/share/gnome-2048 |
13 | 13 | ||
14 | private-bin gnome-2048 | 14 | private-bin gnome-2048 |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-books.profile b/etc/profile-a-l/gnome-books.profile index 2ed5fa76b..34a7f557c 100644 --- a/etc/profile-a-l/gnome-books.profile +++ b/etc/profile-a-l/gnome-books.profile | |||
@@ -7,8 +7,8 @@ include globals.local | |||
7 | 7 | ||
8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
9 | 9 | ||
10 | nodeny ${HOME}/.cache/org.gnome.Books | 10 | noblacklist ${HOME}/.cache/org.gnome.Books |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | 13 | # Allow gjs (blacklisted by disable-interpreters.inc) |
14 | include allow-gjs.inc | 14 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnome-builder.profile b/etc/profile-a-l/gnome-builder.profile index 7dd1c6e22..37ca5aeff 100644 --- a/etc/profile-a-l/gnome-builder.profile +++ b/etc/profile-a-l/gnome-builder.profile | |||
@@ -6,11 +6,11 @@ include gnome-builder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.bash_history | 9 | noblacklist ${HOME}/.bash_history |
10 | 10 | ||
11 | nodeny ${HOME}/.cache/gnome-builder | 11 | noblacklist ${HOME}/.cache/gnome-builder |
12 | nodeny ${HOME}/.config/gnome-builder | 12 | noblacklist ${HOME}/.config/gnome-builder |
13 | nodeny ${HOME}/.local/share/gnome-builder | 13 | noblacklist ${HOME}/.local/share/gnome-builder |
14 | 14 | ||
15 | # Allows files commonly used by IDEs | 15 | # Allows files commonly used by IDEs |
16 | include allow-common-devel.inc | 16 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile index d91fbaa4b..03acd66aa 100644 --- a/etc/profile-a-l/gnome-calendar.profile +++ b/etc/profile-a-l/gnome-calendar.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow /usr/share/libgweather | 18 | whitelist /usr/share/libgweather |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile index 806d7e571..741fe9bf7 100644 --- a/etc/profile-a-l/gnome-characters.profile +++ b/etc/profile-a-l/gnome-characters.profile | |||
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | allow /usr/share/org.gnome.Characters | 21 | whitelist /usr/share/org.gnome.Characters |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile index 095210565..bd39f625c 100644 --- a/etc/profile-a-l/gnome-chess.profile +++ b/etc/profile-a-l/gnome-chess.profile | |||
@@ -6,8 +6,8 @@ include gnome-chess.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/gnome-chess | 9 | noblacklist ${HOME}/.config/gnome-chess |
10 | nodeny ${HOME}/.local/share/gnome-chess | 10 | noblacklist ${HOME}/.local/share/gnome-chess |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | #whitelist ${HOME}/.local/share/gnome-chess | 22 | #whitelist ${HOME}/.local/share/gnome-chess |
23 | #include whitelist-common.inc | 23 | #include whitelist-common.inc |
24 | 24 | ||
25 | allow /usr/share/gnuchess | 25 | whitelist /usr/share/gnuchess |
26 | allow /usr/share/gnome-chess | 26 | whitelist /usr/share/gnome-chess |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile index 7e2d458fd..1e7c70b84 100644 --- a/etc/profile-a-l/gnome-clocks.profile +++ b/etc/profile-a-l/gnome-clocks.profile | |||
@@ -15,8 +15,8 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow /usr/share/gnome-clocks | 18 | whitelist /usr/share/gnome-clocks |
19 | allow /usr/share/libgweather | 19 | whitelist /usr/share/libgweather |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-contacts.profile b/etc/profile-a-l/gnome-contacts.profile index 7902fa169..dcc6163b6 100644 --- a/etc/profile-a-l/gnome-contacts.profile +++ b/etc/profile-a-l/gnome-contacts.profile | |||
@@ -6,7 +6,7 @@ include gnome-contacts.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-documents.profile b/etc/profile-a-l/gnome-documents.profile index 0f601149f..29ad67af8 100644 --- a/etc/profile-a-l/gnome-documents.profile +++ b/etc/profile-a-l/gnome-documents.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | nodeny ${HOME}/.config/libreoffice | 11 | noblacklist ${HOME}/.config/libreoffice |
12 | nodeny ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | 13 | ||
14 | # Allow gjs (blacklisted by disable-interpreters.inc) | 14 | # Allow gjs (blacklisted by disable-interpreters.inc) |
15 | include allow-gjs.inc | 15 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile index 50c3e2c6f..2db956faf 100644 --- a/etc/profile-a-l/gnome-hexgl.profile +++ b/etc/profile-a-l/gnome-hexgl.profile | |||
@@ -16,7 +16,7 @@ include disable-shell.inc | |||
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/mesa_shader_cache | 18 | mkdir ${HOME}/.cache/mesa_shader_cache |
19 | allow /usr/share/gnome-hexgl | 19 | whitelist /usr/share/gnome-hexgl |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-keyring.profile b/etc/profile-a-l/gnome-keyring.profile index 62a5a34ea..25b4c47de 100644 --- a/etc/profile-a-l/gnome-keyring.profile +++ b/etc/profile-a-l/gnome-keyring.profile | |||
@@ -7,7 +7,7 @@ include gnome-keyring.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,12 +18,12 @@ include disable-programs.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.gnupg | 20 | mkdir ${HOME}/.gnupg |
21 | allow ${HOME}/.gnupg | 21 | whitelist ${HOME}/.gnupg |
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | allow ${RUNUSER}/gnupg | 23 | whitelist ${RUNUSER}/gnupg |
24 | allow ${RUNUSER}/keyring | 24 | whitelist ${RUNUSER}/keyring |
25 | allow /usr/share/gnupg | 25 | whitelist /usr/share/gnupg |
26 | allow /usr/share/gnupg2 | 26 | whitelist /usr/share/gnupg2 |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-klotski.profile b/etc/profile-a-l/gnome-klotski.profile index ed074f944..c67a5c0da 100644 --- a/etc/profile-a-l/gnome-klotski.profile +++ b/etc/profile-a-l/gnome-klotski.profile | |||
@@ -6,10 +6,10 @@ include gnome-klotski.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/gnome-klotski | 9 | noblacklist ${HOME}/.local/share/gnome-klotski |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-klotski | 11 | mkdir ${HOME}/.local/share/gnome-klotski |
12 | allow ${HOME}/.local/share/gnome-klotski | 12 | whitelist ${HOME}/.local/share/gnome-klotski |
13 | 13 | ||
14 | private-bin gnome-klotski | 14 | private-bin gnome-klotski |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile index 4a03a7ff5..1a7eafeca 100644 --- a/etc/profile-a-l/gnome-latex.profile +++ b/etc/profile-a-l/gnome-latex.profile | |||
@@ -6,8 +6,8 @@ include gnome-latex.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/gnome-latex | 9 | noblacklist ${HOME}/.config/gnome-latex |
10 | nodeny ${HOME}/.local/share/gnome-latex | 10 | noblacklist ${HOME}/.local/share/gnome-latex |
11 | 11 | ||
12 | # Allow perl (blacklisted by disable-interpreters.inc) | 12 | # Allow perl (blacklisted by disable-interpreters.inc) |
13 | include allow-perl.inc | 13 | include allow-perl.inc |
@@ -19,8 +19,8 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | allow /usr/share/gnome-latex | 22 | whitelist /usr/share/gnome-latex |
23 | allow /usr/share/texlive | 23 | whitelist /usr/share/texlive |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | # May cause issues. | 26 | # May cause issues. |
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile index fcc02dc76..9d2ea7b7b 100644 --- a/etc/profile-a-l/gnome-logs.profile +++ b/etc/profile-a-l/gnome-logs.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow /var/log/journal | 18 | whitelist /var/log/journal |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-mahjongg.profile b/etc/profile-a-l/gnome-mahjongg.profile index e21f03efe..42409dce8 100644 --- a/etc/profile-a-l/gnome-mahjongg.profile +++ b/etc/profile-a-l/gnome-mahjongg.profile | |||
@@ -6,7 +6,7 @@ include gnome-mahjongg.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | allow /usr/share/gnome-mahjongg | 9 | whitelist /usr/share/gnome-mahjongg |
10 | 10 | ||
11 | private-bin gnome-mahjongg | 11 | private-bin gnome-mahjongg |
12 | 12 | ||
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile index cf4eceee3..23aab343f 100644 --- a/etc/profile-a-l/gnome-maps.profile +++ b/etc/profile-a-l/gnome-maps.profile | |||
@@ -11,14 +11,14 @@ include globals.local | |||
11 | 11 | ||
12 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 12 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
13 | 13 | ||
14 | nodeny ${HOME}/.cache/champlain | 14 | noblacklist ${HOME}/.cache/champlain |
15 | nodeny ${HOME}/.cache/org.gnome.Maps | 15 | noblacklist ${HOME}/.cache/org.gnome.Maps |
16 | nodeny ${HOME}/.local/share/maps-places.json | 16 | noblacklist ${HOME}/.local/share/maps-places.json |
17 | 17 | ||
18 | # Allow gjs (blacklisted by disable-interpreters.inc) | 18 | # Allow gjs (blacklisted by disable-interpreters.inc) |
19 | include allow-gjs.inc | 19 | include allow-gjs.inc |
20 | 20 | ||
21 | deny /usr/libexec | 21 | blacklist /usr/libexec |
22 | 22 | ||
23 | include disable-common.inc | 23 | include disable-common.inc |
24 | include disable-devel.inc | 24 | include disable-devel.inc |
@@ -31,12 +31,12 @@ include disable-xdg.inc | |||
31 | 31 | ||
32 | mkdir ${HOME}/.cache/champlain | 32 | mkdir ${HOME}/.cache/champlain |
33 | mkfile ${HOME}/.local/share/maps-places.json | 33 | mkfile ${HOME}/.local/share/maps-places.json |
34 | allow ${HOME}/.cache/champlain | 34 | whitelist ${HOME}/.cache/champlain |
35 | allow ${HOME}/.local/share/maps-places.json | 35 | whitelist ${HOME}/.local/share/maps-places.json |
36 | allow ${DOWNLOADS} | 36 | whitelist ${DOWNLOADS} |
37 | allow ${PICTURES} | 37 | whitelist ${PICTURES} |
38 | allow /usr/share/gnome-maps | 38 | whitelist /usr/share/gnome-maps |
39 | allow /usr/share/libgweather | 39 | whitelist /usr/share/libgweather |
40 | include whitelist-common.inc | 40 | include whitelist-common.inc |
41 | include whitelist-runuser-common.inc | 41 | include whitelist-runuser-common.inc |
42 | include whitelist-usr-share-common.inc | 42 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-mines.profile b/etc/profile-a-l/gnome-mines.profile index 1b2949bc5..4fe8986c2 100644 --- a/etc/profile-a-l/gnome-mines.profile +++ b/etc/profile-a-l/gnome-mines.profile | |||
@@ -6,11 +6,11 @@ include gnome-mines.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/gnome-mines | 9 | noblacklist ${HOME}/.local/share/gnome-mines |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-mines | 11 | mkdir ${HOME}/.local/share/gnome-mines |
12 | allow ${HOME}/.local/share/gnome-mines | 12 | whitelist ${HOME}/.local/share/gnome-mines |
13 | allow /usr/share/gnome-mines | 13 | whitelist /usr/share/gnome-mines |
14 | 14 | ||
15 | private-bin gnome-mines | 15 | private-bin gnome-mines |
16 | 16 | ||
diff --git a/etc/profile-a-l/gnome-mplayer.profile b/etc/profile-a-l/gnome-mplayer.profile index c1cbc796a..43fe71f5e 100644 --- a/etc/profile-a-l/gnome-mplayer.profile +++ b/etc/profile-a-l/gnome-mplayer.profile | |||
@@ -6,9 +6,9 @@ include gnome-mplayer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/gnome-mplayer | 9 | noblacklist ${HOME}/.config/gnome-mplayer |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | nodeny ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile index 8fd0826c4..2fcbe9910 100644 --- a/etc/profile-a-l/gnome-music.profile +++ b/etc/profile-a-l/gnome-music.profile | |||
@@ -6,8 +6,8 @@ include gnome-music.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/gnome-music | 9 | noblacklist ${HOME}/.local/share/gnome-music |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/gnome-nettool.profile b/etc/profile-a-l/gnome-nettool.profile index a929582f8..814751db3 100644 --- a/etc/profile-a-l/gnome-nettool.profile +++ b/etc/profile-a-l/gnome-nettool.profile | |||
@@ -14,7 +14,7 @@ include disable-passwdmgr.inc | |||
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | include disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | allow /usr/share/gnome-nettool | 17 | whitelist /usr/share/gnome-nettool |
18 | #include whitelist-common.inc -- see #903 | 18 | #include whitelist-common.inc -- see #903 |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-nibbles.profile b/etc/profile-a-l/gnome-nibbles.profile index d4c037a41..b22810d34 100644 --- a/etc/profile-a-l/gnome-nibbles.profile +++ b/etc/profile-a-l/gnome-nibbles.profile | |||
@@ -9,11 +9,11 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | nodeny ${HOME}/.local/share/gnome-nibbles | 12 | noblacklist ${HOME}/.local/share/gnome-nibbles |
13 | 13 | ||
14 | mkdir ${HOME}/.local/share/gnome-nibbles | 14 | mkdir ${HOME}/.local/share/gnome-nibbles |
15 | allow ${HOME}/.local/share/gnome-nibbles | 15 | whitelist ${HOME}/.local/share/gnome-nibbles |
16 | allow /usr/share/gnome-nibbles | 16 | whitelist /usr/share/gnome-nibbles |
17 | 17 | ||
18 | private-bin gnome-nibbles | 18 | private-bin gnome-nibbles |
19 | 19 | ||
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile index d2cf828cc..fee5f88b9 100644 --- a/etc/profile-a-l/gnome-passwordsafe.profile +++ b/etc/profile-a-l/gnome-passwordsafe.profile | |||
@@ -6,14 +6,14 @@ include gnome-passwordsafe.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | nodeny ${HOME}/*.kdb | 10 | noblacklist ${HOME}/*.kdb |
11 | nodeny ${HOME}/*.kdbx | 11 | noblacklist ${HOME}/*.kdbx |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python3.inc | 14 | include allow-python3.inc |
15 | 15 | ||
16 | deny /usr/libexec | 16 | blacklist /usr/libexec |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -24,8 +24,8 @@ include disable-programs.inc | |||
24 | include disable-shell.inc | 24 | include disable-shell.inc |
25 | include disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | allow /usr/share/cracklib | 27 | whitelist /usr/share/cracklib |
28 | allow /usr/share/passwordsafe | 28 | whitelist /usr/share/passwordsafe |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-photos.profile b/etc/profile-a-l/gnome-photos.profile index 3702da2c7..58bf3f349 100644 --- a/etc/profile-a-l/gnome-photos.profile +++ b/etc/profile-a-l/gnome-photos.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | nodeny ${HOME}/.local/share/gnome-photos | 11 | noblacklist ${HOME}/.local/share/gnome-photos |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile index e9ae2bcb0..41903b136 100644 --- a/etc/profile-a-l/gnome-pie.profile +++ b/etc/profile-a-l/gnome-pie.profile | |||
@@ -6,7 +6,7 @@ include gnome-pie.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/gnome-pie | 9 | noblacklist ${HOME}/.config/gnome-pie |
10 | 10 | ||
11 | #include disable-common.inc | 11 | #include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile index bec23910c..c2ba7556d 100644 --- a/etc/profile-a-l/gnome-pomodoro.profile +++ b/etc/profile-a-l/gnome-pomodoro.profile | |||
@@ -6,7 +6,7 @@ include gnome-pomodoro.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/gnome-pomodoro | 9 | noblacklist ${HOME}/.local/share/gnome-pomodoro |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.local/share/gnome-pomodoro | 19 | mkdir ${HOME}/.local/share/gnome-pomodoro |
20 | allow ${HOME}/.local/share/gnome-pomodoro | 20 | whitelist ${HOME}/.local/share/gnome-pomodoro |
21 | allow /usr/share/gnome-pomodoro | 21 | whitelist /usr/share/gnome-pomodoro |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile index 5ef33fdd8..48c98ebe0 100644 --- a/etc/profile-a-l/gnome-recipes.profile +++ b/etc/profile-a-l/gnome-recipes.profile | |||
@@ -7,8 +7,8 @@ include gnome-recipes.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | nodeny ${HOME}/.cache/gnome-recipes | 10 | noblacklist ${HOME}/.cache/gnome-recipes |
11 | nodeny ${HOME}/.local/share/gnome-recipes | 11 | noblacklist ${HOME}/.local/share/gnome-recipes |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-shell.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.cache/gnome-recipes | 21 | mkdir ${HOME}/.cache/gnome-recipes |
22 | mkdir ${HOME}/.local/share/gnome-recipes | 22 | mkdir ${HOME}/.local/share/gnome-recipes |
23 | allow ${HOME}/.cache/gnome-recipes | 23 | whitelist ${HOME}/.cache/gnome-recipes |
24 | allow ${HOME}/.local/share/gnome-recipes | 24 | whitelist ${HOME}/.local/share/gnome-recipes |
25 | allow /usr/share/gnome-recipes | 25 | whitelist /usr/share/gnome-recipes |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-ring.profile b/etc/profile-a-l/gnome-ring.profile index b34d264f4..78ceb9c4f 100644 --- a/etc/profile-a-l/gnome-ring.profile +++ b/etc/profile-a-l/gnome-ring.profile | |||
@@ -5,7 +5,7 @@ include gnome-ring.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.local/share/gnome-ring | 8 | noblacklist ${HOME}/.local/share/gnome-ring |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-robots.profile b/etc/profile-a-l/gnome-robots.profile index 836d4e2b2..8835f2b93 100644 --- a/etc/profile-a-l/gnome-robots.profile +++ b/etc/profile-a-l/gnome-robots.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | allow /usr/share/gnome-robots | 12 | whitelist /usr/share/gnome-robots |
13 | 13 | ||
14 | private-bin gnome-robots | 14 | private-bin gnome-robots |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-schedule.profile b/etc/profile-a-l/gnome-schedule.profile index 146f8bc4e..69c90b33d 100644 --- a/etc/profile-a-l/gnome-schedule.profile +++ b/etc/profile-a-l/gnome-schedule.profile | |||
@@ -6,17 +6,17 @@ include gnome-schedule.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.gnome/gnome-schedule | 9 | noblacklist ${HOME}/.gnome/gnome-schedule |
10 | 10 | ||
11 | # Needs at and crontab to read/write user cron | 11 | # Needs at and crontab to read/write user cron |
12 | nodeny ${PATH}/at | 12 | noblacklist ${PATH}/at |
13 | nodeny ${PATH}/crontab | 13 | noblacklist ${PATH}/crontab |
14 | 14 | ||
15 | # Needs access to these files/dirs | 15 | # Needs access to these files/dirs |
16 | nodeny /etc/cron.allow | 16 | noblacklist /etc/cron.allow |
17 | nodeny /etc/cron.deny | 17 | noblacklist /etc/cron.deny |
18 | nodeny /etc/shadow | 18 | noblacklist /etc/shadow |
19 | nodeny /var/spool/cron | 19 | noblacklist /var/spool/cron |
20 | 20 | ||
21 | # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc) | 21 | # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc) |
22 | # add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality | 22 | # add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality |
@@ -34,10 +34,10 @@ include disable-programs.inc | |||
34 | include disable-xdg.inc | 34 | include disable-xdg.inc |
35 | 35 | ||
36 | mkfile ${HOME}/.gnome/gnome-schedule | 36 | mkfile ${HOME}/.gnome/gnome-schedule |
37 | allow ${HOME}/.gnome/gnome-schedule | 37 | whitelist ${HOME}/.gnome/gnome-schedule |
38 | allow /usr/share/gnome-schedule | 38 | whitelist /usr/share/gnome-schedule |
39 | allow /var/spool/atd | 39 | whitelist /var/spool/atd |
40 | allow /var/spool/cron | 40 | whitelist /var/spool/cron |
41 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-runuser-common.inc | 42 | include whitelist-runuser-common.inc |
43 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile index 175549e99..b683b6f6c 100644 --- a/etc/profile-a-l/gnome-screenshot.profile +++ b/etc/profile-a-l/gnome-screenshot.profile | |||
@@ -6,8 +6,8 @@ include gnome-screenshot.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | nodeny ${HOME}/.cache/gnome-screenshot | 10 | noblacklist ${HOME}/.cache/gnome-screenshot |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile index c2fb14fa4..34f5fdeff 100644 --- a/etc/profile-a-l/gnome-sound-recorder.profile +++ b/etc/profile-a-l/gnome-sound-recorder.profile | |||
@@ -6,8 +6,8 @@ include gnome-sound-recorder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | nodeny ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
11 | 11 | ||
12 | # Allow gjs (blacklisted by disable-interpreters.inc) | 12 | # Allow gjs (blacklisted by disable-interpreters.inc) |
13 | include allow-gjs.inc | 13 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnome-sudoku.profile b/etc/profile-a-l/gnome-sudoku.profile index 3b7835e52..12fd48a86 100644 --- a/etc/profile-a-l/gnome-sudoku.profile +++ b/etc/profile-a-l/gnome-sudoku.profile | |||
@@ -6,10 +6,10 @@ include gnome-sudoku.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/gnome-sudoku | 9 | noblacklist ${HOME}/.local/share/gnome-sudoku |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-sudoku | 11 | mkdir ${HOME}/.local/share/gnome-sudoku |
12 | allow ${HOME}/.local/share/gnome-sudoku | 12 | whitelist ${HOME}/.local/share/gnome-sudoku |
13 | 13 | ||
14 | private-bin gnome-sudoku | 14 | private-bin gnome-sudoku |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile index 6978f7cab..8a818695d 100644 --- a/etc/profile-a-l/gnome-system-log.profile +++ b/etc/profile-a-l/gnome-system-log.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow /var/log | 18 | whitelist /var/log |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-taquin.profile b/etc/profile-a-l/gnome-taquin.profile index ac87cf70f..2341334f7 100644 --- a/etc/profile-a-l/gnome-taquin.profile +++ b/etc/profile-a-l/gnome-taquin.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | allow /usr/share/gnome-taquin | 12 | whitelist /usr/share/gnome-taquin |
13 | 13 | ||
14 | private-bin gnome-taquin | 14 | private-bin gnome-taquin |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile index 092fd58a3..3b147cd48 100644 --- a/etc/profile-a-l/gnome-todo.profile +++ b/etc/profile-a-l/gnome-todo.profile | |||
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | allow /usr/share/gnome-todo | 21 | whitelist /usr/share/gnome-todo |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/gnome-twitch.profile b/etc/profile-a-l/gnome-twitch.profile index d76872ea6..b8ec195d3 100644 --- a/etc/profile-a-l/gnome-twitch.profile +++ b/etc/profile-a-l/gnome-twitch.profile | |||
@@ -6,8 +6,8 @@ include gnome-twitch.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/gnome-twitch | 9 | noblacklist ${HOME}/.cache/gnome-twitch |
10 | nodeny ${HOME}/.local/share/gnome-twitch | 10 | noblacklist ${HOME}/.local/share/gnome-twitch |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.cache/gnome-twitch | 19 | mkdir ${HOME}/.cache/gnome-twitch |
20 | mkdir ${HOME}/.local/share/gnome-twitch | 20 | mkdir ${HOME}/.local/share/gnome-twitch |
21 | allow ${HOME}/.cache/gnome-twitch | 21 | whitelist ${HOME}/.cache/gnome-twitch |
22 | allow ${HOME}/.local/share/gnome-twitch | 22 | whitelist ${HOME}/.local/share/gnome-twitch |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-a-l/gnome-weather.profile b/etc/profile-a-l/gnome-weather.profile index 6f557ff8d..2e08fa41d 100644 --- a/etc/profile-a-l/gnome-weather.profile +++ b/etc/profile-a-l/gnome-weather.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | nodeny ${HOME}/.cache/libgweather | 11 | noblacklist ${HOME}/.cache/libgweather |
12 | 12 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | 13 | # Allow gjs (blacklisted by disable-interpreters.inc) |
14 | include allow-gjs.inc | 14 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile index 261efefac..c3014a288 100644 --- a/etc/profile-a-l/gnote.profile +++ b/etc/profile-a-l/gnote.profile | |||
@@ -6,8 +6,8 @@ include gnote.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/gnote | 9 | noblacklist ${HOME}/.config/gnote |
10 | nodeny ${HOME}/.local/share/gnote | 10 | noblacklist ${HOME}/.local/share/gnote |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.config/gnote | 21 | mkdir ${HOME}/.config/gnote |
22 | mkdir ${HOME}/.local/share/gnote | 22 | mkdir ${HOME}/.local/share/gnote |
23 | allow ${HOME}/.config/gnote | 23 | whitelist ${HOME}/.config/gnote |
24 | allow ${HOME}/.local/share/gnote | 24 | whitelist ${HOME}/.local/share/gnote |
25 | allow /usr/share/gnote | 25 | whitelist /usr/share/gnote |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile index e6fbca26f..22851ce9f 100644 --- a/etc/profile-a-l/gnubik.profile +++ b/etc/profile-a-l/gnubik.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow /usr/share/gnubik | 18 | whitelist /usr/share/gnubik |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile index f35a53ca4..09ca17caa 100644 --- a/etc/profile-a-l/godot.profile +++ b/etc/profile-a-l/godot.profile | |||
@@ -6,9 +6,9 @@ include godot.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/godot | 9 | noblacklist ${HOME}/.cache/godot |
10 | nodeny ${HOME}/.config/godot | 10 | noblacklist ${HOME}/.config/godot |
11 | nodeny ${HOME}/.local/share/godot | 11 | noblacklist ${HOME}/.local/share/godot |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/goobox.profile b/etc/profile-a-l/goobox.profile index 95dd41c2a..8399d77c4 100644 --- a/etc/profile-a-l/goobox.profile +++ b/etc/profile-a-l/goobox.profile | |||
@@ -6,7 +6,7 @@ include goobox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/google-chrome-beta.profile b/etc/profile-a-l/google-chrome-beta.profile index 07f0e587d..ebe5e870b 100644 --- a/etc/profile-a-l/google-chrome-beta.profile +++ b/etc/profile-a-l/google-chrome-beta.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/google-chrome-beta | 13 | noblacklist ${HOME}/.cache/google-chrome-beta |
14 | nodeny ${HOME}/.config/google-chrome-beta | 14 | noblacklist ${HOME}/.config/google-chrome-beta |
15 | 15 | ||
16 | nodeny ${HOME}/.config/chrome-beta-flags.conf | 16 | noblacklist ${HOME}/.config/chrome-beta-flags.conf |
17 | nodeny ${HOME}/.config/chrome-beta-flags.config | 17 | noblacklist ${HOME}/.config/chrome-beta-flags.config |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/google-chrome-beta | 19 | mkdir ${HOME}/.cache/google-chrome-beta |
20 | mkdir ${HOME}/.config/google-chrome-beta | 20 | mkdir ${HOME}/.config/google-chrome-beta |
21 | allow ${HOME}/.cache/google-chrome-beta | 21 | whitelist ${HOME}/.cache/google-chrome-beta |
22 | allow ${HOME}/.config/google-chrome-beta | 22 | whitelist ${HOME}/.config/google-chrome-beta |
23 | 23 | ||
24 | allow ${HOME}/.config/chrome-beta-flags.conf | 24 | whitelist ${HOME}/.config/chrome-beta-flags.conf |
25 | allow ${HOME}/.config/chrome-beta-flags.config | 25 | whitelist ${HOME}/.config/chrome-beta-flags.config |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-a-l/google-chrome-unstable.profile b/etc/profile-a-l/google-chrome-unstable.profile index 229904411..4d303f71b 100644 --- a/etc/profile-a-l/google-chrome-unstable.profile +++ b/etc/profile-a-l/google-chrome-unstable.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/google-chrome-unstable | 13 | noblacklist ${HOME}/.cache/google-chrome-unstable |
14 | nodeny ${HOME}/.config/google-chrome-unstable | 14 | noblacklist ${HOME}/.config/google-chrome-unstable |
15 | 15 | ||
16 | nodeny ${HOME}/.config/chrome-unstable-flags.conf | 16 | noblacklist ${HOME}/.config/chrome-unstable-flags.conf |
17 | nodeny ${HOME}/.config/chrome-unstable-flags.config | 17 | noblacklist ${HOME}/.config/chrome-unstable-flags.config |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/google-chrome-unstable | 19 | mkdir ${HOME}/.cache/google-chrome-unstable |
20 | mkdir ${HOME}/.config/google-chrome-unstable | 20 | mkdir ${HOME}/.config/google-chrome-unstable |
21 | allow ${HOME}/.cache/google-chrome-unstable | 21 | whitelist ${HOME}/.cache/google-chrome-unstable |
22 | allow ${HOME}/.config/google-chrome-unstable | 22 | whitelist ${HOME}/.config/google-chrome-unstable |
23 | 23 | ||
24 | allow ${HOME}/.config/chrome-unstable-flags.conf | 24 | whitelist ${HOME}/.config/chrome-unstable-flags.conf |
25 | allow ${HOME}/.config/chrome-unstable-flags.config | 25 | whitelist ${HOME}/.config/chrome-unstable-flags.config |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-a-l/google-chrome.profile b/etc/profile-a-l/google-chrome.profile index f61642f17..ed2595f72 100644 --- a/etc/profile-a-l/google-chrome.profile +++ b/etc/profile-a-l/google-chrome.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/google-chrome | 13 | noblacklist ${HOME}/.cache/google-chrome |
14 | nodeny ${HOME}/.config/google-chrome | 14 | noblacklist ${HOME}/.config/google-chrome |
15 | 15 | ||
16 | nodeny ${HOME}/.config/chrome-flags.conf | 16 | noblacklist ${HOME}/.config/chrome-flags.conf |
17 | nodeny ${HOME}/.config/chrome-flags.config | 17 | noblacklist ${HOME}/.config/chrome-flags.config |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/google-chrome | 19 | mkdir ${HOME}/.cache/google-chrome |
20 | mkdir ${HOME}/.config/google-chrome | 20 | mkdir ${HOME}/.config/google-chrome |
21 | allow ${HOME}/.cache/google-chrome | 21 | whitelist ${HOME}/.cache/google-chrome |
22 | allow ${HOME}/.config/google-chrome | 22 | whitelist ${HOME}/.config/google-chrome |
23 | 23 | ||
24 | allow ${HOME}/.config/chrome-flags.conf | 24 | whitelist ${HOME}/.config/chrome-flags.conf |
25 | allow ${HOME}/.config/chrome-flags.config | 25 | whitelist ${HOME}/.config/chrome-flags.config |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-a-l/google-earth.profile b/etc/profile-a-l/google-earth.profile index 6039f7cbd..65ac04771 100644 --- a/etc/profile-a-l/google-earth.profile +++ b/etc/profile-a-l/google-earth.profile | |||
@@ -5,8 +5,8 @@ include google-earth.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/Google | 8 | noblacklist ${HOME}/.config/Google |
9 | nodeny ${HOME}/.googleearth | 9 | noblacklist ${HOME}/.googleearth |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | 17 | ||
18 | mkdir ${HOME}/.config/Google | 18 | mkdir ${HOME}/.config/Google |
19 | mkdir ${HOME}/.googleearth | 19 | mkdir ${HOME}/.googleearth |
20 | allow ${HOME}/.config/Google | 20 | whitelist ${HOME}/.config/Google |
21 | allow ${HOME}/.googleearth | 21 | whitelist ${HOME}/.googleearth |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-a-l/google-play-music-desktop-player.profile b/etc/profile-a-l/google-play-music-desktop-player.profile index fdb65b93c..a7aabe105 100644 --- a/etc/profile-a-l/google-play-music-desktop-player.profile +++ b/etc/profile-a-l/google-play-music-desktop-player.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | # noexec /tmp breaks mpris support | 8 | # noexec /tmp breaks mpris support |
9 | ignore noexec /tmp | 9 | ignore noexec /tmp |
10 | 10 | ||
11 | nodeny ${HOME}/.config/Google Play Music Desktop Player | 11 | noblacklist ${HOME}/.config/Google Play Music Desktop Player |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,7 +20,7 @@ include disable-programs.inc | |||
20 | mkdir ${HOME}/.config/Google Play Music Desktop Player | 20 | mkdir ${HOME}/.config/Google Play Music Desktop Player |
21 | # whitelist ${HOME}/.config/pulse | 21 | # whitelist ${HOME}/.config/pulse |
22 | # whitelist ${HOME}/.pulse | 22 | # whitelist ${HOME}/.pulse |
23 | allow ${HOME}/.config/Google Play Music Desktop Player | 23 | whitelist ${HOME}/.config/Google Play Music Desktop Player |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile index 952c9c1d4..2d0bce52b 100644 --- a/etc/profile-a-l/googler-common.profile +++ b/etc/profile-a-l/googler-common.profile | |||
@@ -7,10 +7,10 @@ include googler-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER} | 11 | blacklist ${RUNUSER} |
12 | 12 | ||
13 | nodeny ${HOME}/.w3m | 13 | noblacklist ${HOME}/.w3m |
14 | 14 | ||
15 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 15 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
16 | include allow-bin-sh.inc | 16 | include allow-bin-sh.inc |
@@ -26,7 +26,7 @@ include disable-programs.inc | |||
26 | include disable-shell.inc | 26 | include disable-shell.inc |
27 | include disable-xdg.inc | 27 | include disable-xdg.inc |
28 | 28 | ||
29 | allow ${HOME}/.w3m | 29 | whitelist ${HOME}/.w3m |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
diff --git a/etc/profile-a-l/gpa.profile b/etc/profile-a-l/gpa.profile index 9b8da361b..37b4f0b1c 100644 --- a/etc/profile-a-l/gpa.profile +++ b/etc/profile-a-l/gpa.profile | |||
@@ -6,7 +6,7 @@ include gpa.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.gnupg | 9 | noblacklist ${HOME}/.gnupg |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile index 5fa66bb55..7f0b614b1 100644 --- a/etc/profile-a-l/gpg-agent.profile +++ b/etc/profile-a-l/gpg-agent.profile | |||
@@ -7,10 +7,10 @@ include gpg-agent.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | 11 | ||
12 | deny /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
13 | deny ${RUNUSER}/wayland-* | 13 | blacklist ${RUNUSER}/wayland-* |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -20,11 +20,11 @@ include disable-programs.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.gnupg | 22 | mkdir ${HOME}/.gnupg |
23 | allow ${HOME}/.gnupg | 23 | whitelist ${HOME}/.gnupg |
24 | allow ${RUNUSER}/gnupg | 24 | whitelist ${RUNUSER}/gnupg |
25 | allow ${RUNUSER}/keyring | 25 | whitelist ${RUNUSER}/keyring |
26 | allow /usr/share/gnupg | 26 | whitelist /usr/share/gnupg |
27 | allow /usr/share/gnupg2 | 27 | whitelist /usr/share/gnupg2 |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile index 2ad896abe..4a4d6527c 100644 --- a/etc/profile-a-l/gpg.profile +++ b/etc/profile-a-l/gpg.profile | |||
@@ -7,10 +7,10 @@ include gpg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | 11 | ||
12 | deny /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
13 | deny ${RUNUSER}/wayland-* | 13 | blacklist ${RUNUSER}/wayland-* |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -18,11 +18,11 @@ include disable-interpreters.inc | |||
18 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | allow ${RUNUSER}/gnupg | 21 | whitelist ${RUNUSER}/gnupg |
22 | allow ${RUNUSER}/keyring | 22 | whitelist ${RUNUSER}/keyring |
23 | allow /usr/share/gnupg | 23 | whitelist /usr/share/gnupg |
24 | allow /usr/share/gnupg2 | 24 | whitelist /usr/share/gnupg2 |
25 | allow /usr/share/pacman/keyrings | 25 | whitelist /usr/share/pacman/keyrings |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile index 0552dc3d7..fa53c26c8 100644 --- a/etc/profile-a-l/gpicview.profile +++ b/etc/profile-a-l/gpicview.profile | |||
@@ -6,7 +6,7 @@ include gpicview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/gpicview | 9 | noblacklist ${HOME}/.config/gpicview |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | allow /usr/share/gpicview | 19 | whitelist /usr/share/gpicview |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile index c9e62a73f..253d644f1 100644 --- a/etc/profile-a-l/gpredict.profile +++ b/etc/profile-a-l/gpredict.profile | |||
@@ -6,7 +6,7 @@ include gpredict.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Gpredict | 9 | noblacklist ${HOME}/.config/Gpredict |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.config/Gpredict | 19 | mkdir ${HOME}/.config/Gpredict |
20 | allow ${HOME}/.config/Gpredict | 20 | whitelist ${HOME}/.config/Gpredict |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile index 2aebe2338..2b4c536d2 100644 --- a/etc/profile-a-l/gradio.profile +++ b/etc/profile-a-l/gradio.profile | |||
@@ -5,8 +5,8 @@ include gradio.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/gradio | 8 | noblacklist ${HOME}/.cache/gradio |
9 | nodeny ${HOME}/.local/share/gradio | 9 | noblacklist ${HOME}/.local/share/gradio |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-xdg.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.cache/gradio | 19 | mkdir ${HOME}/.cache/gradio |
20 | mkdir ${HOME}/.local/share/gradio | 20 | mkdir ${HOME}/.local/share/gradio |
21 | allow ${HOME}/.cache/gradio | 21 | whitelist ${HOME}/.cache/gradio |
22 | allow ${HOME}/.local/share/gradio | 22 | whitelist ${HOME}/.local/share/gradio |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile index 53f0baccb..c7e0c2977 100644 --- a/etc/profile-a-l/gramps.profile +++ b/etc/profile-a-l/gramps.profile | |||
@@ -6,7 +6,7 @@ include gramps.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.gramps | 9 | noblacklist ${HOME}/.gramps |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | #include allow-python2.inc | 12 | #include allow-python2.inc |
@@ -21,7 +21,7 @@ include disable-programs.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.gramps | 23 | mkdir ${HOME}/.gramps |
24 | allow ${HOME}/.gramps | 24 | whitelist ${HOME}/.gramps |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile index ecc871c2e..890ba2560 100644 --- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile +++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow /usr/share/gravity-beams-and-evaporating-stars | 18 | whitelist /usr/share/gravity-beams-and-evaporating-stars |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile index 9a4f7b4fb..5927e8c4d 100644 --- a/etc/profile-a-l/gthumb.profile +++ b/etc/profile-a-l/gthumb.profile | |||
@@ -6,9 +6,9 @@ include gthumb.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/gthumb | 9 | noblacklist ${HOME}/.config/gthumb |
10 | nodeny ${HOME}/.Steam | 10 | noblacklist ${HOME}/.Steam |
11 | nodeny ${HOME}/.steam | 11 | noblacklist ${HOME}/.steam |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile index d6bb9902a..c8addae75 100644 --- a/etc/profile-a-l/gtk-update-icon-cache.profile +++ b/etc/profile-a-l/gtk-update-icon-cache.profile | |||
@@ -7,7 +7,7 @@ include gtk-update-icon-cache.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gtk2-youtube-viewer.profile b/etc/profile-a-l/gtk2-youtube-viewer.profile index 8241de43a..787c7bd90 100644 --- a/etc/profile-a-l/gtk2-youtube-viewer.profile +++ b/etc/profile-a-l/gtk2-youtube-viewer.profile | |||
@@ -8,8 +8,8 @@ include gtk2-youtube-viewer.local | |||
8 | 8 | ||
9 | ignore quiet | 9 | ignore quiet |
10 | 10 | ||
11 | nodeny /tmp/.X11-unix | 11 | noblacklist /tmp/.X11-unix |
12 | nodeny ${RUNUSER} | 12 | noblacklist ${RUNUSER} |
13 | 13 | ||
14 | include whitelist-runuser-common.inc | 14 | include whitelist-runuser-common.inc |
15 | 15 | ||
diff --git a/etc/profile-a-l/gtk3-youtube-viewer.profile b/etc/profile-a-l/gtk3-youtube-viewer.profile index 6ea4ebbdc..988882622 100644 --- a/etc/profile-a-l/gtk3-youtube-viewer.profile +++ b/etc/profile-a-l/gtk3-youtube-viewer.profile | |||
@@ -8,8 +8,8 @@ include gtk3-youtube-viewer.local | |||
8 | 8 | ||
9 | ignore quiet | 9 | ignore quiet |
10 | 10 | ||
11 | nodeny /tmp/.X11-unix | 11 | noblacklist /tmp/.X11-unix |
12 | nodeny ${RUNUSER} | 12 | noblacklist ${RUNUSER} |
13 | 13 | ||
14 | include whitelist-runuser-common.inc | 14 | include whitelist-runuser-common.inc |
15 | 15 | ||
diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile index 731bcad1d..3d2b71e9d 100644 --- a/etc/profile-a-l/guayadeque.profile +++ b/etc/profile-a-l/guayadeque.profile | |||
@@ -5,8 +5,8 @@ include guayadeque.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.guayadeque | 8 | noblacklist ${HOME}/.guayadeque |
9 | nodeny ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gummi.profile b/etc/profile-a-l/gummi.profile index 5cdc2cc18..2223c37a1 100644 --- a/etc/profile-a-l/gummi.profile +++ b/etc/profile-a-l/gummi.profile | |||
@@ -5,8 +5,8 @@ include gummi.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/gummi | 8 | noblacklist ${HOME}/.cache/gummi |
9 | nodeny ${HOME}/.config/gummi | 9 | noblacklist ${HOME}/.config/gummi |
10 | 10 | ||
11 | # Allow lua (blacklisted by disable-interpreters.inc) | 11 | # Allow lua (blacklisted by disable-interpreters.inc) |
12 | include allow-lua.inc | 12 | include allow-lua.inc |
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile index 3404f5177..9221ca31c 100644 --- a/etc/profile-a-l/guvcview.profile +++ b/etc/profile-a-l/guvcview.profile | |||
@@ -6,10 +6,10 @@ include guvcview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/guvcview2 | 9 | noblacklist ${HOME}/.config/guvcview2 |
10 | 10 | ||
11 | nodeny ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | nodeny ${VIDEOS} | 12 | noblacklist ${VIDEOS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -21,9 +21,9 @@ include disable-shell.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.config/guvcview2 | 23 | mkdir ${HOME}/.config/guvcview2 |
24 | allow ${HOME}/.config/guvcview2 | 24 | whitelist ${HOME}/.config/guvcview2 |
25 | allow ${PICTURES} | 25 | whitelist ${PICTURES} |
26 | allow ${VIDEOS} | 26 | whitelist ${VIDEOS} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile index 132b5a2e2..d33e2a673 100644 --- a/etc/profile-a-l/gwenview.profile +++ b/etc/profile-a-l/gwenview.profile | |||
@@ -6,17 +6,17 @@ include gwenview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/GIMP | 9 | noblacklist ${HOME}/.config/GIMP |
10 | nodeny ${HOME}/.config/gwenviewrc | 10 | noblacklist ${HOME}/.config/gwenviewrc |
11 | nodeny ${HOME}/.config/org.kde.gwenviewrc | 11 | noblacklist ${HOME}/.config/org.kde.gwenviewrc |
12 | nodeny ${HOME}/.gimp* | 12 | noblacklist ${HOME}/.gimp* |
13 | nodeny ${HOME}/.kde/share/apps/gwenview | 13 | noblacklist ${HOME}/.kde/share/apps/gwenview |
14 | nodeny ${HOME}/.kde/share/config/gwenviewrc | 14 | noblacklist ${HOME}/.kde/share/config/gwenviewrc |
15 | nodeny ${HOME}/.kde4/share/apps/gwenview | 15 | noblacklist ${HOME}/.kde4/share/apps/gwenview |
16 | nodeny ${HOME}/.kde4/share/config/gwenviewrc | 16 | noblacklist ${HOME}/.kde4/share/config/gwenviewrc |
17 | nodeny ${HOME}/.local/share/gwenview | 17 | noblacklist ${HOME}/.local/share/gwenview |
18 | nodeny ${HOME}/.local/share/kxmlgui5/gwenview | 18 | noblacklist ${HOME}/.local/share/kxmlgui5/gwenview |
19 | nodeny ${HOME}/.local/share/org.kde.gwenview | 19 | noblacklist ${HOME}/.local/share/org.kde.gwenview |
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-devel.inc | 22 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gzip.profile b/etc/profile-a-l/gzip.profile index 46c98bdc2..b261c16f4 100644 --- a/etc/profile-a-l/gzip.profile +++ b/etc/profile-a-l/gzip.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | 9 | ||
10 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop | 10 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop |
11 | # all capabilities this is automatically read-only. | 11 | # all capabilities this is automatically read-only. |
12 | nodeny /var/lib/pacman | 12 | noblacklist /var/lib/pacman |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include archiver-common.profile | 15 | include archiver-common.profile |
diff --git a/etc/profile-a-l/handbrake.profile b/etc/profile-a-l/handbrake.profile index c102ac4cb..847e1ec1e 100644 --- a/etc/profile-a-l/handbrake.profile +++ b/etc/profile-a-l/handbrake.profile | |||
@@ -6,9 +6,9 @@ include handbrake.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/ghb | 9 | noblacklist ${HOME}/.config/ghb |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | nodeny ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile index d98a1b554..aab4b0c21 100644 --- a/etc/profile-a-l/hashcat.profile +++ b/etc/profile-a-l/hashcat.profile | |||
@@ -7,11 +7,11 @@ include hashcat.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | nodeny ${HOME}/.hashcat | 12 | noblacklist ${HOME}/.hashcat |
13 | nodeny /usr/include | 13 | noblacklist /usr/include |
14 | nodeny ${DOCUMENTS} | 14 | noblacklist ${DOCUMENTS} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile index 1c2a44e06..44584f26b 100644 --- a/etc/profile-a-l/hasher-common.profile +++ b/etc/profile-a-l/hasher-common.profile | |||
@@ -4,7 +4,7 @@ include hasher-common.local | |||
4 | 4 | ||
5 | # common profile for hasher/checksum tools | 5 | # common profile for hasher/checksum tools |
6 | 6 | ||
7 | deny ${RUNUSER} | 7 | blacklist ${RUNUSER} |
8 | 8 | ||
9 | # Comment/uncomment the relevant include file(s) in your hasher-common.local | 9 | # Comment/uncomment the relevant include file(s) in your hasher-common.local |
10 | # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher** | 10 | # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher** |
diff --git a/etc/profile-a-l/hedgewars.profile b/etc/profile-a-l/hedgewars.profile index 90833af91..c0675d8ec 100644 --- a/etc/profile-a-l/hedgewars.profile +++ b/etc/profile-a-l/hedgewars.profile | |||
@@ -6,7 +6,7 @@ include hedgewars.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.hedgewars | 9 | noblacklist ${HOME}/.hedgewars |
10 | 10 | ||
11 | include allow-lua.inc | 11 | include allow-lua.inc |
12 | 12 | ||
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.hedgewars | 19 | mkdir ${HOME}/.hedgewars |
20 | allow ${HOME}/.hedgewars | 20 | whitelist ${HOME}/.hedgewars |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile index 993efb591..b887de147 100644 --- a/etc/profile-a-l/hexchat.profile +++ b/etc/profile-a-l/hexchat.profile | |||
@@ -6,7 +6,7 @@ include hexchat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/hexchat | 9 | noblacklist ${HOME}/.config/hexchat |
10 | 10 | ||
11 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 11 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
12 | include allow-bin-sh.inc | 12 | include allow-bin-sh.inc |
@@ -28,7 +28,7 @@ include disable-shell.inc | |||
28 | include disable-xdg.inc | 28 | include disable-xdg.inc |
29 | 29 | ||
30 | mkdir ${HOME}/.config/hexchat | 30 | mkdir ${HOME}/.config/hexchat |
31 | allow ${HOME}/.config/hexchat | 31 | whitelist ${HOME}/.config/hexchat |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile index 53db642dc..643736ac7 100644 --- a/etc/profile-a-l/highlight.profile +++ b/etc/profile-a-l/highlight.profile | |||
@@ -6,7 +6,7 @@ include highlight.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER} | 9 | blacklist ${RUNUSER} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile index ef259cc00..199b1a5e5 100644 --- a/etc/profile-a-l/homebank.profile +++ b/etc/profile-a-l/homebank.profile | |||
@@ -6,7 +6,7 @@ include homebank.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/homebank | 9 | noblacklist ${HOME}/.config/homebank |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/homebank | 20 | mkdir ${HOME}/.config/homebank |
21 | allow ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
22 | allow ${HOME}/.config/homebank | 22 | whitelist ${HOME}/.config/homebank |
23 | allow /usr/share/homebank | 23 | whitelist /usr/share/homebank |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile index 63e1be259..00d9f7a76 100644 --- a/etc/profile-a-l/host.profile +++ b/etc/profile-a-l/host.profile | |||
@@ -7,8 +7,8 @@ include host.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER} | 10 | blacklist ${RUNUSER} |
11 | nodeny ${PATH}/host | 11 | noblacklist ${PATH}/host |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile index db5cd29cc..267712c87 100644 --- a/etc/profile-a-l/hugin.profile +++ b/etc/profile-a-l/hugin.profile | |||
@@ -6,9 +6,9 @@ include hugin.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.hugin | 9 | noblacklist ${HOME}/.hugin |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | nodeny ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile index 1fb33ceb8..e66ffd7e1 100644 --- a/etc/profile-a-l/hyperrogue.profile +++ b/etc/profile-a-l/hyperrogue.profile | |||
@@ -6,7 +6,7 @@ include hyperrogue.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/hyperrogue.ini | 9 | noblacklist ${HOME}/hyperrogue.ini |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/hyperrogue.ini | 20 | mkfile ${HOME}/hyperrogue.ini |
21 | allow ${HOME}/hyperrogue.ini | 21 | whitelist ${HOME}/hyperrogue.ini |
22 | allow /usr/share/hyperrogue | 22 | whitelist /usr/share/hyperrogue |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile index c8a2e8a04..47c984175 100644 --- a/etc/profile-a-l/i2prouter.profile +++ b/etc/profile-a-l/i2prouter.profile | |||
@@ -14,12 +14,12 @@ include globals.local | |||
14 | # Only needed when i2prouter binary resides in home directory (official I2P java installer does so). | 14 | # Only needed when i2prouter binary resides in home directory (official I2P java installer does so). |
15 | ignore noexec ${HOME} | 15 | ignore noexec ${HOME} |
16 | 16 | ||
17 | nodeny ${HOME}/.config/i2p | 17 | noblacklist ${HOME}/.config/i2p |
18 | nodeny ${HOME}/.i2p | 18 | noblacklist ${HOME}/.i2p |
19 | nodeny ${HOME}/.local/share/i2p | 19 | noblacklist ${HOME}/.local/share/i2p |
20 | nodeny ${HOME}/i2p | 20 | noblacklist ${HOME}/i2p |
21 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). | 21 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). |
22 | nodeny /usr/sbin | 22 | noblacklist /usr/sbin |
23 | 23 | ||
24 | # Allow java (blacklisted by disable-devel.inc) | 24 | # Allow java (blacklisted by disable-devel.inc) |
25 | include allow-java.inc | 25 | include allow-java.inc |
@@ -36,12 +36,12 @@ mkdir ${HOME}/.config/i2p | |||
36 | mkdir ${HOME}/.i2p | 36 | mkdir ${HOME}/.i2p |
37 | mkdir ${HOME}/.local/share/i2p | 37 | mkdir ${HOME}/.local/share/i2p |
38 | mkdir ${HOME}/i2p | 38 | mkdir ${HOME}/i2p |
39 | allow ${HOME}/.config/i2p | 39 | whitelist ${HOME}/.config/i2p |
40 | allow ${HOME}/.i2p | 40 | whitelist ${HOME}/.i2p |
41 | allow ${HOME}/.local/share/i2p | 41 | whitelist ${HOME}/.local/share/i2p |
42 | allow ${HOME}/i2p | 42 | whitelist ${HOME}/i2p |
43 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). | 43 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). |
44 | allow /usr/sbin/wrapper* | 44 | whitelist /usr/sbin/wrapper* |
45 | 45 | ||
46 | include whitelist-common.inc | 46 | include whitelist-common.inc |
47 | 47 | ||
diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile index 95ddad221..e96b1843c 100644 --- a/etc/profile-a-l/i3.profile +++ b/etc/profile-a-l/i3.profile | |||
@@ -7,7 +7,7 @@ include i3.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in i3 will run in this profile | 9 | # all applications started in i3 will run in this profile |
10 | nodeny ${HOME}/.config/i3 | 10 | noblacklist ${HOME}/.config/i3 |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/icecat.profile b/etc/profile-a-l/icecat.profile index 0de2f658b..660343a29 100644 --- a/etc/profile-a-l/icecat.profile +++ b/etc/profile-a-l/icecat.profile | |||
@@ -5,13 +5,13 @@ include icecat.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/mozilla | 8 | noblacklist ${HOME}/.cache/mozilla |
9 | nodeny ${HOME}/.mozilla | 9 | noblacklist ${HOME}/.mozilla |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/mozilla/icecat | 11 | mkdir ${HOME}/.cache/mozilla/icecat |
12 | mkdir ${HOME}/.mozilla | 12 | mkdir ${HOME}/.mozilla |
13 | allow ${HOME}/.cache/mozilla/icecat | 13 | whitelist ${HOME}/.cache/mozilla/icecat |
14 | allow ${HOME}/.mozilla | 14 | whitelist ${HOME}/.mozilla |
15 | 15 | ||
16 | # private-etc must first be enabled in firefox-common.profile | 16 | # private-etc must first be enabled in firefox-common.profile |
17 | #private-etc icecat | 17 | #private-etc icecat |
diff --git a/etc/profile-a-l/icedove.profile b/etc/profile-a-l/icedove.profile index 0c22d87d0..19690cd5a 100644 --- a/etc/profile-a-l/icedove.profile +++ b/etc/profile-a-l/icedove.profile | |||
@@ -9,16 +9,16 @@ include icedove.local | |||
9 | # Users have icedove set to open a browser by clicking a link in an email | 9 | # Users have icedove set to open a browser by clicking a link in an email |
10 | # We are not allowed to blacklist browser-specific directories | 10 | # We are not allowed to blacklist browser-specific directories |
11 | 11 | ||
12 | nodeny ${HOME}/.cache/icedove | 12 | noblacklist ${HOME}/.cache/icedove |
13 | nodeny ${HOME}/.gnupg | 13 | noblacklist ${HOME}/.gnupg |
14 | nodeny ${HOME}/.icedove | 14 | noblacklist ${HOME}/.icedove |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/icedove | 16 | mkdir ${HOME}/.cache/icedove |
17 | mkdir ${HOME}/.gnupg | 17 | mkdir ${HOME}/.gnupg |
18 | mkdir ${HOME}/.icedove | 18 | mkdir ${HOME}/.icedove |
19 | allow ${HOME}/.cache/icedove | 19 | whitelist ${HOME}/.cache/icedove |
20 | allow ${HOME}/.gnupg | 20 | whitelist ${HOME}/.gnupg |
21 | allow ${HOME}/.icedove | 21 | whitelist ${HOME}/.icedove |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | ignore private-tmp | 24 | ignore private-tmp |
diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile index 180b62ec2..680b8e777 100644 --- a/etc/profile-a-l/idea.sh.profile +++ b/etc/profile-a-l/idea.sh.profile | |||
@@ -5,12 +5,12 @@ include idea.sh.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.IdeaIC* | 8 | noblacklist ${HOME}/.IdeaIC* |
9 | nodeny ${HOME}/.android | 9 | noblacklist ${HOME}/.android |
10 | nodeny ${HOME}/.jack-server | 10 | noblacklist ${HOME}/.jack-server |
11 | nodeny ${HOME}/.jack-settings | 11 | noblacklist ${HOME}/.jack-settings |
12 | nodeny ${HOME}/.local/share/JetBrains | 12 | noblacklist ${HOME}/.local/share/JetBrains |
13 | nodeny ${HOME}/.tooling | 13 | noblacklist ${HOME}/.tooling |
14 | 14 | ||
15 | # Allows files commonly used by IDEs | 15 | # Allows files commonly used by IDEs |
16 | include allow-common-devel.inc | 16 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/imagej.profile b/etc/profile-a-l/imagej.profile index 5d28e7aca..12ce7976b 100644 --- a/etc/profile-a-l/imagej.profile +++ b/etc/profile-a-l/imagej.profile | |||
@@ -6,7 +6,7 @@ include imagej.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.imagej | 9 | noblacklist ${HOME}/.imagej |
10 | 10 | ||
11 | # Allow java (blacklisted by disable-devel.inc) | 11 | # Allow java (blacklisted by disable-devel.inc) |
12 | include allow-java.inc | 12 | include allow-java.inc |
diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile index 70d56a7dc..c26958d06 100644 --- a/etc/profile-a-l/img2txt.profile +++ b/etc/profile-a-l/img2txt.profile | |||
@@ -5,10 +5,10 @@ include img2txt.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | deny ${RUNUSER}/wayland-* | 8 | blacklist ${RUNUSER}/wayland-* |
9 | 9 | ||
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | nodeny ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | allow /usr/share/imlib2 | 21 | whitelist /usr/share/imlib2 |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/impressive.profile b/etc/profile-a-l/impressive.profile index 4914cd9d0..c152be01c 100644 --- a/etc/profile-a-l/impressive.profile +++ b/etc/profile-a-l/impressive.profile | |||
@@ -6,9 +6,9 @@ include impressive.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | nodeny /sbin | 10 | noblacklist /sbin |
11 | nodeny /usr/sbin | 11 | noblacklist /usr/sbin |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | #include allow-python2.inc | 14 | #include allow-python2.inc |
@@ -23,8 +23,8 @@ include disable-programs.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.cache/mesa_shader_cache | 25 | mkdir ${HOME}/.cache/mesa_shader_cache |
26 | allow /usr/share/opengl-games-utils | 26 | whitelist /usr/share/opengl-games-utils |
27 | allow /usr/share/zenity | 27 | whitelist /usr/share/zenity |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile index 1a949b300..35dd86b32 100644 --- a/etc/profile-a-l/inkscape.profile +++ b/etc/profile-a-l/inkscape.profile | |||
@@ -6,14 +6,14 @@ include inkscape.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/inkscape | 9 | noblacklist ${HOME}/.cache/inkscape |
10 | nodeny ${HOME}/.config/inkscape | 10 | noblacklist ${HOME}/.config/inkscape |
11 | nodeny ${HOME}/.inkscape | 11 | noblacklist ${HOME}/.inkscape |
12 | nodeny ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | nodeny ${PICTURES} | 13 | noblacklist ${PICTURES} |
14 | # Allow exporting .xcf files | 14 | # Allow exporting .xcf files |
15 | nodeny ${HOME}/.config/GIMP | 15 | noblacklist ${HOME}/.config/GIMP |
16 | nodeny ${HOME}/.gimp* | 16 | noblacklist ${HOME}/.gimp* |
17 | 17 | ||
18 | 18 | ||
19 | # Allow python (blacklisted by disable-interpreters.inc) | 19 | # Allow python (blacklisted by disable-interpreters.inc) |
@@ -28,7 +28,7 @@ include disable-passwdmgr.inc | |||
28 | include disable-programs.inc | 28 | include disable-programs.inc |
29 | include disable-xdg.inc | 29 | include disable-xdg.inc |
30 | 30 | ||
31 | allow /usr/share/inkscape | 31 | whitelist /usr/share/inkscape |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-a-l/inox.profile b/etc/profile-a-l/inox.profile index 1591ed7ea..a5cac12f2 100644 --- a/etc/profile-a-l/inox.profile +++ b/etc/profile-a-l/inox.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/inox | 13 | noblacklist ${HOME}/.cache/inox |
14 | nodeny ${HOME}/.config/inox | 14 | noblacklist ${HOME}/.config/inox |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/inox | 16 | mkdir ${HOME}/.cache/inox |
17 | mkdir ${HOME}/.config/inox | 17 | mkdir ${HOME}/.config/inox |
18 | allow ${HOME}/.cache/inox | 18 | whitelist ${HOME}/.cache/inox |
19 | allow ${HOME}/.config/inox | 19 | whitelist ${HOME}/.config/inox |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/iridium.profile b/etc/profile-a-l/iridium.profile index f361fd663..3037d00e9 100644 --- a/etc/profile-a-l/iridium.profile +++ b/etc/profile-a-l/iridium.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/iridium | 13 | noblacklist ${HOME}/.cache/iridium |
14 | nodeny ${HOME}/.config/iridium | 14 | noblacklist ${HOME}/.config/iridium |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/iridium | 16 | mkdir ${HOME}/.cache/iridium |
17 | mkdir ${HOME}/.config/iridium | 17 | mkdir ${HOME}/.config/iridium |
18 | allow ${HOME}/.cache/iridium | 18 | whitelist ${HOME}/.cache/iridium |
19 | allow ${HOME}/.config/iridium | 19 | whitelist ${HOME}/.config/iridium |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/itch.profile b/etc/profile-a-l/itch.profile index fa0bcf986..e02dcbdb1 100644 --- a/etc/profile-a-l/itch.profile +++ b/etc/profile-a-l/itch.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | # itch.io has native firejail/sandboxing support bundled in | 8 | # itch.io has native firejail/sandboxing support bundled in |
9 | # See https://itch.io/docs/itch/using/sandbox/linux.html | 9 | # See https://itch.io/docs/itch/using/sandbox/linux.html |
10 | 10 | ||
11 | nodeny ${HOME}/.itch | 11 | noblacklist ${HOME}/.itch |
12 | nodeny ${HOME}/.config/itch | 12 | noblacklist ${HOME}/.config/itch |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-programs.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.itch | 20 | mkdir ${HOME}/.itch |
21 | mkdir ${HOME}/.config/itch | 21 | mkdir ${HOME}/.config/itch |
22 | allow ${HOME}/.itch | 22 | whitelist ${HOME}/.itch |
23 | allow ${HOME}/.config/itch | 23 | whitelist ${HOME}/.config/itch |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile index e4be574df..3e9abf369 100644 --- a/etc/profile-a-l/jami-gnome.profile +++ b/etc/profile-a-l/jami-gnome.profile | |||
@@ -6,8 +6,8 @@ include jami-gnome.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/jami | 9 | noblacklist ${HOME}/.config/jami |
10 | nodeny ${HOME}/.local/share/jami | 10 | noblacklist ${HOME}/.local/share/jami |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.config/jami | 19 | mkdir ${HOME}/.config/jami |
20 | mkdir ${HOME}/.local/share/jami | 20 | mkdir ${HOME}/.local/share/jami |
21 | allow ${HOME}/.config/jami | 21 | whitelist ${HOME}/.config/jami |
22 | allow ${HOME}/.local/share/jami | 22 | whitelist ${HOME}/.local/share/jami |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-a-l/jd-gui.profile b/etc/profile-a-l/jd-gui.profile index bfea84c69..7d29f1068 100644 --- a/etc/profile-a-l/jd-gui.profile +++ b/etc/profile-a-l/jd-gui.profile | |||
@@ -5,7 +5,7 @@ include jd-gui.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/jd-gui.cfg | 8 | noblacklist ${HOME}/.config/jd-gui.cfg |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile index c41027618..85b1f2120 100644 --- a/etc/profile-a-l/jerry.profile +++ b/etc/profile-a-l/jerry.profile | |||
@@ -6,7 +6,7 @@ include jerry.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/dkl | 9 | noblacklist ${HOME}/.config/dkl |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/jitsi-meet-desktop.profile b/etc/profile-a-l/jitsi-meet-desktop.profile index 9ca30c36d..edb7ed840 100644 --- a/etc/profile-a-l/jitsi-meet-desktop.profile +++ b/etc/profile-a-l/jitsi-meet-desktop.profile | |||
@@ -13,12 +13,12 @@ ignore shell none | |||
13 | 13 | ||
14 | ignore noexec /tmp | 14 | ignore noexec /tmp |
15 | 15 | ||
16 | nodeny ${HOME}/.config/Jitsi Meet | 16 | noblacklist ${HOME}/.config/Jitsi Meet |
17 | 17 | ||
18 | noallow ${DOWNLOADS} | 18 | nowhitelist ${DOWNLOADS} |
19 | 19 | ||
20 | mkdir ${HOME}/.config/Jitsi Meet | 20 | mkdir ${HOME}/.config/Jitsi Meet |
21 | allow ${HOME}/.config/Jitsi Meet | 21 | whitelist ${HOME}/.config/Jitsi Meet |
22 | 22 | ||
23 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh | 23 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh |
24 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg | 24 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg |
diff --git a/etc/profile-a-l/jitsi.profile b/etc/profile-a-l/jitsi.profile index f53e6ca32..223c360b8 100644 --- a/etc/profile-a-l/jitsi.profile +++ b/etc/profile-a-l/jitsi.profile | |||
@@ -5,7 +5,7 @@ include jitsi.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.jitsi | 8 | noblacklist ${HOME}/.jitsi |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile index c0a78ecc0..9954b8aea 100644 --- a/etc/profile-a-l/jumpnbump.profile +++ b/etc/profile-a-l/jumpnbump.profile | |||
@@ -6,7 +6,7 @@ include jumpnbump.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.jumpnbump | 9 | noblacklist ${HOME}/.jumpnbump |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.jumpnbump | 19 | mkdir ${HOME}/.jumpnbump |
20 | allow ${HOME}/.jumpnbump | 20 | whitelist ${HOME}/.jumpnbump |
21 | allow /usr/share/jumpnbump | 21 | whitelist /usr/share/jumpnbump |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile index 73ce8670f..5ae90dff6 100644 --- a/etc/profile-a-l/k3b.profile +++ b/etc/profile-a-l/k3b.profile | |||
@@ -6,11 +6,11 @@ include k3b.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/k3brc | 9 | noblacklist ${HOME}/.config/k3brc |
10 | nodeny ${HOME}/.kde/share/config/k3brc | 10 | noblacklist ${HOME}/.kde/share/config/k3brc |
11 | nodeny ${HOME}/.kde4/share/config/k3brc | 11 | noblacklist ${HOME}/.kde4/share/config/k3brc |
12 | nodeny ${HOME}/.local/share/kxmlgui5/k3b | 12 | noblacklist ${HOME}/.local/share/kxmlgui5/k3b |
13 | nodeny ${MUSIC} | 13 | noblacklist ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile index e6a00e350..d55fd22cb 100644 --- a/etc/profile-a-l/kaffeine.profile +++ b/etc/profile-a-l/kaffeine.profile | |||
@@ -6,14 +6,14 @@ include kaffeine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/kaffeinerc | 9 | noblacklist ${HOME}/.config/kaffeinerc |
10 | nodeny ${HOME}/.kde/share/apps/kaffeine | 10 | noblacklist ${HOME}/.kde/share/apps/kaffeine |
11 | nodeny ${HOME}/.kde/share/config/kaffeinerc | 11 | noblacklist ${HOME}/.kde/share/config/kaffeinerc |
12 | nodeny ${HOME}/.kde4/share/apps/kaffeine | 12 | noblacklist ${HOME}/.kde4/share/apps/kaffeine |
13 | nodeny ${HOME}/.kde4/share/config/kaffeinerc | 13 | noblacklist ${HOME}/.kde4/share/config/kaffeinerc |
14 | nodeny ${HOME}/.local/share/kaffeine | 14 | noblacklist ${HOME}/.local/share/kaffeine |
15 | nodeny ${MUSIC} | 15 | noblacklist ${MUSIC} |
16 | nodeny ${VIDEOS} | 16 | noblacklist ${VIDEOS} |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile index 98b04353e..503dac4b6 100644 --- a/etc/profile-a-l/kalgebra.profile +++ b/etc/profile-a-l/kalgebra.profile | |||
@@ -6,8 +6,8 @@ include kalgebra.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/kalgebrarc | 9 | noblacklist ${HOME}/.config/kalgebrarc |
10 | nodeny ${HOME}/.local/share/kalgebra | 10 | noblacklist ${HOME}/.local/share/kalgebra |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | allow /usr/share/kalgebramobile | 20 | whitelist /usr/share/kalgebramobile |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-a-l/karbon.profile b/etc/profile-a-l/karbon.profile index db5394550..231299a2f 100644 --- a/etc/profile-a-l/karbon.profile +++ b/etc/profile-a-l/karbon.profile | |||
@@ -6,7 +6,7 @@ include karbon.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kxmlgui5/karbon | 9 | noblacklist ${HOME}/.local/share/kxmlgui5/karbon |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include krita.profile | 12 | include krita.profile |
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile index d2b180492..27b87e7c3 100644 --- a/etc/profile-a-l/kate.profile +++ b/etc/profile-a-l/kate.profile | |||
@@ -8,20 +8,20 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | nodeny ${HOME}/.config/katemetainfos | 11 | noblacklist ${HOME}/.config/katemetainfos |
12 | nodeny ${HOME}/.config/katepartrc | 12 | noblacklist ${HOME}/.config/katepartrc |
13 | nodeny ${HOME}/.config/katerc | 13 | noblacklist ${HOME}/.config/katerc |
14 | nodeny ${HOME}/.config/kateschemarc | 14 | noblacklist ${HOME}/.config/kateschemarc |
15 | nodeny ${HOME}/.config/katesyntaxhighlightingrc | 15 | noblacklist ${HOME}/.config/katesyntaxhighlightingrc |
16 | nodeny ${HOME}/.config/katevirc | 16 | noblacklist ${HOME}/.config/katevirc |
17 | nodeny ${HOME}/.local/share/kate | 17 | noblacklist ${HOME}/.local/share/kate |
18 | nodeny ${HOME}/.local/share/kxmlgui5/kate | 18 | noblacklist ${HOME}/.local/share/kxmlgui5/kate |
19 | nodeny ${HOME}/.local/share/kxmlgui5/katefiletree | 19 | noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree |
20 | nodeny ${HOME}/.local/share/kxmlgui5/katekonsole | 20 | noblacklist ${HOME}/.local/share/kxmlgui5/katekonsole |
21 | nodeny ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin | 21 | noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin |
22 | nodeny ${HOME}/.local/share/kxmlgui5/katepart | 22 | noblacklist ${HOME}/.local/share/kxmlgui5/katepart |
23 | nodeny ${HOME}/.local/share/kxmlgui5/kateproject | 23 | noblacklist ${HOME}/.local/share/kxmlgui5/kateproject |
24 | nodeny ${HOME}/.local/share/kxmlgui5/katesearch | 24 | noblacklist ${HOME}/.local/share/kxmlgui5/katesearch |
25 | 25 | ||
26 | include disable-common.inc | 26 | include disable-common.inc |
27 | # include disable-devel.inc | 27 | # include disable-devel.inc |
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile index a4e2e64f4..9795cf168 100644 --- a/etc/profile-a-l/kazam.profile +++ b/etc/profile-a-l/kazam.profile | |||
@@ -8,9 +8,9 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | nodeny ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | nodeny ${VIDEOS} | 12 | noblacklist ${VIDEOS} |
13 | nodeny ${HOME}/.config/kazam | 13 | noblacklist ${HOME}/.config/kazam |
14 | 14 | ||
15 | # Allow python (blacklisted by disable-interpreters.inc) | 15 | # Allow python (blacklisted by disable-interpreters.inc) |
16 | include allow-python2.inc | 16 | include allow-python2.inc |
@@ -25,7 +25,7 @@ include disable-passwdmgr.inc | |||
25 | include disable-shell.inc | 25 | include disable-shell.inc |
26 | include disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | allow /usr/share/kazam | 28 | whitelist /usr/share/kazam |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile index fcb168d4d..e36ee5ed2 100644 --- a/etc/profile-a-l/kcalc.profile +++ b/etc/profile-a-l/kcalc.profile | |||
@@ -6,7 +6,7 @@ include kcalc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kxmlgui5/kcalc | 9 | noblacklist ${HOME}/.local/share/kxmlgui5/kcalc |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -21,13 +21,13 @@ mkdir ${HOME}/.local/share/kxmlgui5/kcalc | |||
21 | mkfile ${HOME}/.config/kcalcrc | 21 | mkfile ${HOME}/.config/kcalcrc |
22 | mkfile ${HOME}/.kde/share/config/kcalcrc | 22 | mkfile ${HOME}/.kde/share/config/kcalcrc |
23 | mkfile ${HOME}/.kde4/share/config/kcalcrc | 23 | mkfile ${HOME}/.kde4/share/config/kcalcrc |
24 | allow ${HOME}/.config/kcalcrc | 24 | whitelist ${HOME}/.config/kcalcrc |
25 | allow ${HOME}/.kde/share/config/kcalcrc | 25 | whitelist ${HOME}/.kde/share/config/kcalcrc |
26 | allow ${HOME}/.kde4/share/config/kcalcrc | 26 | whitelist ${HOME}/.kde4/share/config/kcalcrc |
27 | allow ${HOME}/.local/share/kxmlgui5/kcalc | 27 | whitelist ${HOME}/.local/share/kxmlgui5/kcalc |
28 | allow /usr/share/config.kcfg/kcalc.kcfg | 28 | whitelist /usr/share/config.kcfg/kcalc.kcfg |
29 | allow /usr/share/kcalc | 29 | whitelist /usr/share/kcalc |
30 | allow /usr/share/kconf_update/kcalcrc.upd | 30 | whitelist /usr/share/kconf_update/kcalcrc.upd |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
33 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile index 4acafbf2a..d2a08a269 100644 --- a/etc/profile-a-l/kdenlive.profile +++ b/etc/profile-a-l/kdenlive.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | nodeny ${HOME}/.cache/kdenlive | 11 | noblacklist ${HOME}/.cache/kdenlive |
12 | nodeny ${HOME}/.config/kdenliverc | 12 | noblacklist ${HOME}/.config/kdenliverc |
13 | nodeny ${HOME}/.local/share/kdenlive | 13 | noblacklist ${HOME}/.local/share/kdenlive |
14 | nodeny ${HOME}/.local/share/kxmlgui5/kdenlive | 14 | noblacklist ${HOME}/.local/share/kxmlgui5/kdenlive |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile index 0c37f7968..7c1cb2294 100644 --- a/etc/profile-a-l/kdiff3.profile +++ b/etc/profile-a-l/kdiff3.profile | |||
@@ -6,14 +6,14 @@ include kdiff3.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/kdiff3fileitemactionrc | 9 | noblacklist ${HOME}/.config/kdiff3fileitemactionrc |
10 | nodeny ${HOME}/.config/kdiff3rc | 10 | noblacklist ${HOME}/.config/kdiff3rc |
11 | 11 | ||
12 | # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc. | 12 | # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc. |
13 | # By default we deny access only to .ssh and .gnupg. | 13 | # By default we deny access only to .ssh and .gnupg. |
14 | #include disable-common.inc | 14 | #include disable-common.inc |
15 | deny ${HOME}/.ssh | 15 | blacklist ${HOME}/.ssh |
16 | deny ${HOME}/.gnupg | 16 | blacklist ${HOME}/.gnupg |
17 | 17 | ||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile index 9c06962bc..ae8971ab4 100644 --- a/etc/profile-a-l/keepass.profile +++ b/etc/profile-a-l/keepass.profile | |||
@@ -6,14 +6,14 @@ include keepass.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/*.kdb | 9 | noblacklist ${HOME}/*.kdb |
10 | nodeny ${HOME}/*.kdbx | 10 | noblacklist ${HOME}/*.kdbx |
11 | nodeny ${HOME}/.config/KeePass | 11 | noblacklist ${HOME}/.config/KeePass |
12 | nodeny ${HOME}/.config/keepass | 12 | noblacklist ${HOME}/.config/keepass |
13 | nodeny ${HOME}/.keepass | 13 | noblacklist ${HOME}/.keepass |
14 | nodeny ${HOME}/.local/share/KeePass | 14 | noblacklist ${HOME}/.local/share/KeePass |
15 | nodeny ${HOME}/.local/share/keepass | 15 | noblacklist ${HOME}/.local/share/keepass |
16 | nodeny ${DOCUMENTS} | 16 | noblacklist ${DOCUMENTS} |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile index 2772fa8bf..ac364986d 100644 --- a/etc/profile-a-l/keepassx.profile +++ b/etc/profile-a-l/keepassx.profile | |||
@@ -6,11 +6,11 @@ include keepassx.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/*.kdb | 9 | noblacklist ${HOME}/*.kdb |
10 | nodeny ${HOME}/*.kdbx | 10 | noblacklist ${HOME}/*.kdbx |
11 | nodeny ${HOME}/.config/keepassx | 11 | noblacklist ${HOME}/.config/keepassx |
12 | nodeny ${HOME}/.keepassx | 12 | noblacklist ${HOME}/.keepassx |
13 | nodeny ${DOCUMENTS} | 13 | noblacklist ${DOCUMENTS} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile index 9c530b20d..f71dcf82b 100644 --- a/etc/profile-a-l/keepassxc.profile +++ b/etc/profile-a-l/keepassxc.profile | |||
@@ -6,23 +6,23 @@ include keepassxc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/*.kdb | 9 | noblacklist ${HOME}/*.kdb |
10 | nodeny ${HOME}/*.kdbx | 10 | noblacklist ${HOME}/*.kdbx |
11 | nodeny ${HOME}/.cache/keepassxc | 11 | noblacklist ${HOME}/.cache/keepassxc |
12 | nodeny ${HOME}/.config/keepassxc | 12 | noblacklist ${HOME}/.config/keepassxc |
13 | nodeny ${HOME}/.config/KeePassXCrc | 13 | noblacklist ${HOME}/.config/KeePassXCrc |
14 | nodeny ${HOME}/.keepassxc | 14 | noblacklist ${HOME}/.keepassxc |
15 | nodeny ${DOCUMENTS} | 15 | noblacklist ${DOCUMENTS} |
16 | 16 | ||
17 | # Allow browser profiles, required for browser integration. | 17 | # Allow browser profiles, required for browser integration. |
18 | nodeny ${HOME}/.config/BraveSoftware | 18 | noblacklist ${HOME}/.config/BraveSoftware |
19 | nodeny ${HOME}/.config/chromium | 19 | noblacklist ${HOME}/.config/chromium |
20 | nodeny ${HOME}/.config/google-chrome | 20 | noblacklist ${HOME}/.config/google-chrome |
21 | nodeny ${HOME}/.config/vivaldi | 21 | noblacklist ${HOME}/.config/vivaldi |
22 | nodeny ${HOME}/.local/share/torbrowser | 22 | noblacklist ${HOME}/.local/share/torbrowser |
23 | nodeny ${HOME}/.mozilla | 23 | noblacklist ${HOME}/.mozilla |
24 | 24 | ||
25 | deny /usr/libexec | 25 | blacklist /usr/libexec |
26 | 26 | ||
27 | include disable-common.inc | 27 | include disable-common.inc |
28 | include disable-devel.inc | 28 | include disable-devel.inc |
@@ -57,7 +57,7 @@ include disable-xdg.inc | |||
57 | #whitelist ${HOME}/.config/KeePassXCrc | 57 | #whitelist ${HOME}/.config/KeePassXCrc |
58 | #include whitelist-common.inc | 58 | #include whitelist-common.inc |
59 | 59 | ||
60 | allow /usr/share/keepassxc | 60 | whitelist /usr/share/keepassxc |
61 | include whitelist-usr-share-common.inc | 61 | include whitelist-usr-share-common.inc |
62 | include whitelist-var-common.inc | 62 | include whitelist-var-common.inc |
63 | 63 | ||
diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile index 30c041cbc..2c684504b 100644 --- a/etc/profile-a-l/kget.profile +++ b/etc/profile-a-l/kget.profile | |||
@@ -6,13 +6,13 @@ include kget.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/kgetrc | 9 | noblacklist ${HOME}/.config/kgetrc |
10 | nodeny ${HOME}/.kde/share/apps/kget | 10 | noblacklist ${HOME}/.kde/share/apps/kget |
11 | nodeny ${HOME}/.kde/share/config/kgetrc | 11 | noblacklist ${HOME}/.kde/share/config/kgetrc |
12 | nodeny ${HOME}/.kde4/share/apps/kget | 12 | noblacklist ${HOME}/.kde4/share/apps/kget |
13 | nodeny ${HOME}/.kde4/share/config/kgetrc | 13 | noblacklist ${HOME}/.kde4/share/config/kgetrc |
14 | nodeny ${HOME}/.local/share/kget | 14 | noblacklist ${HOME}/.local/share/kget |
15 | nodeny ${HOME}/.local/share/kxmlgui5/kget | 15 | noblacklist ${HOME}/.local/share/kxmlgui5/kget |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kid3-qt.profile b/etc/profile-a-l/kid3-qt.profile index 84d135fc3..9bcede077 100644 --- a/etc/profile-a-l/kid3-qt.profile +++ b/etc/profile-a-l/kid3-qt.profile | |||
@@ -2,7 +2,7 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | include kid3-qt.local | 3 | include kid3-qt.local |
4 | 4 | ||
5 | nodeny ${HOME}/.config/Kid3 | 5 | noblacklist ${HOME}/.config/Kid3 |
6 | 6 | ||
7 | # Redirect | 7 | # Redirect |
8 | include kid3.profile | 8 | include kid3.profile |
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile index 0ef2a7845..e18292e99 100644 --- a/etc/profile-a-l/kid3.profile +++ b/etc/profile-a-l/kid3.profile | |||
@@ -6,9 +6,9 @@ include kid3.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | nodeny ${HOME}/.config/kid3rc | 10 | noblacklist ${HOME}/.config/kid3rc |
11 | nodeny ${HOME}/.local/share/kxmlgui5/kid3 | 11 | noblacklist ${HOME}/.local/share/kxmlgui5/kid3 |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kino.profile b/etc/profile-a-l/kino.profile index 833c1d22a..74014ffe6 100644 --- a/etc/profile-a-l/kino.profile +++ b/etc/profile-a-l/kino.profile | |||
@@ -6,8 +6,8 @@ include kino.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.kino-history | 9 | noblacklist ${HOME}/.kino-history |
10 | nodeny ${HOME}/.kinorc | 10 | noblacklist ${HOME}/.kinorc |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile index b188ba0e3..40ee0bbc7 100644 --- a/etc/profile-a-l/kiwix-desktop.profile +++ b/etc/profile-a-l/kiwix-desktop.profile | |||
@@ -6,8 +6,8 @@ include kiwix-desktop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/kiwix | 9 | noblacklist ${HOME}/.local/share/kiwix |
10 | nodeny ${HOME}/.local/share/kiwix-desktop | 10 | noblacklist ${HOME}/.local/share/kiwix-desktop |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/kiwix | 20 | mkdir ${HOME}/.local/share/kiwix |
21 | mkdir ${HOME}/.local/share/kiwix-desktop | 21 | mkdir ${HOME}/.local/share/kiwix-desktop |
22 | allow ${HOME}/.local/share/kiwix | 22 | whitelist ${HOME}/.local/share/kiwix |
23 | allow ${HOME}/.local/share/kiwix-desktop | 23 | whitelist ${HOME}/.local/share/kiwix-desktop |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/klatexformula.profile b/etc/profile-a-l/klatexformula.profile index e087e4973..c6a9023f1 100644 --- a/etc/profile-a-l/klatexformula.profile +++ b/etc/profile-a-l/klatexformula.profile | |||
@@ -6,8 +6,8 @@ include klatexformula.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.kde/share/apps/klatexformula | 9 | noblacklist ${HOME}/.kde/share/apps/klatexformula |
10 | nodeny ${HOME}/.klatexformula | 10 | noblacklist ${HOME}/.klatexformula |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile index ec3912419..f5cd3a48c 100644 --- a/etc/profile-a-l/klavaro.profile +++ b/etc/profile-a-l/klavaro.profile | |||
@@ -6,8 +6,8 @@ include klavaro.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/klavaro | 9 | noblacklist ${HOME}/.config/klavaro |
10 | nodeny ${HOME}/.local/share/klavaro | 10 | noblacklist ${HOME}/.local/share/klavaro |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/klavaro | 20 | mkdir ${HOME}/.local/share/klavaro |
21 | mkdir ${HOME}/.config/klavaro | 21 | mkdir ${HOME}/.config/klavaro |
22 | allow ${HOME}/.local/share/klavaro | 22 | whitelist ${HOME}/.local/share/klavaro |
23 | allow ${HOME}/.config/klavaro | 23 | whitelist ${HOME}/.config/klavaro |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile index 3c582c08c..95ae98e53 100644 --- a/etc/profile-a-l/kmail.profile +++ b/etc/profile-a-l/kmail.profile | |||
@@ -9,27 +9,27 @@ include globals.local | |||
9 | # kmail has problems launching akonadi in debian and ubuntu. | 9 | # kmail has problems launching akonadi in debian and ubuntu. |
10 | # one solution is to have akonadi already running when kmail is started | 10 | # one solution is to have akonadi already running when kmail is started |
11 | 11 | ||
12 | nodeny ${HOME}/.cache/akonadi* | 12 | noblacklist ${HOME}/.cache/akonadi* |
13 | nodeny ${HOME}/.cache/kmail2 | 13 | noblacklist ${HOME}/.cache/kmail2 |
14 | nodeny ${HOME}/.config/akonadi* | 14 | noblacklist ${HOME}/.config/akonadi* |
15 | nodeny ${HOME}/.config/baloorc | 15 | noblacklist ${HOME}/.config/baloorc |
16 | nodeny ${HOME}/.config/emaildefaults | 16 | noblacklist ${HOME}/.config/emaildefaults |
17 | nodeny ${HOME}/.config/emailidentities | 17 | noblacklist ${HOME}/.config/emailidentities |
18 | nodeny ${HOME}/.config/kmail2rc | 18 | noblacklist ${HOME}/.config/kmail2rc |
19 | nodeny ${HOME}/.config/kmailsearchindexingrc | 19 | noblacklist ${HOME}/.config/kmailsearchindexingrc |
20 | nodeny ${HOME}/.config/mailtransports | 20 | noblacklist ${HOME}/.config/mailtransports |
21 | nodeny ${HOME}/.config/specialmailcollectionsrc | 21 | noblacklist ${HOME}/.config/specialmailcollectionsrc |
22 | nodeny ${HOME}/.gnupg | 22 | noblacklist ${HOME}/.gnupg |
23 | nodeny ${HOME}/.local/share/akonadi* | 23 | noblacklist ${HOME}/.local/share/akonadi* |
24 | nodeny ${HOME}/.local/share/apps/korganizer | 24 | noblacklist ${HOME}/.local/share/apps/korganizer |
25 | nodeny ${HOME}/.local/share/contacts | 25 | noblacklist ${HOME}/.local/share/contacts |
26 | nodeny ${HOME}/.local/share/emailidentities | 26 | noblacklist ${HOME}/.local/share/emailidentities |
27 | nodeny ${HOME}/.local/share/kmail2 | 27 | noblacklist ${HOME}/.local/share/kmail2 |
28 | nodeny ${HOME}/.local/share/kxmlgui5/kmail | 28 | noblacklist ${HOME}/.local/share/kxmlgui5/kmail |
29 | nodeny ${HOME}/.local/share/kxmlgui5/kmail2 | 29 | noblacklist ${HOME}/.local/share/kxmlgui5/kmail2 |
30 | nodeny ${HOME}/.local/share/local-mail | 30 | noblacklist ${HOME}/.local/share/local-mail |
31 | nodeny ${HOME}/.local/share/notes | 31 | noblacklist ${HOME}/.local/share/notes |
32 | nodeny /tmp/akonadi-* | 32 | noblacklist /tmp/akonadi-* |
33 | 33 | ||
34 | include disable-common.inc | 34 | include disable-common.inc |
35 | include disable-devel.inc | 35 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kmplayer.profile b/etc/profile-a-l/kmplayer.profile index d2ce14ab6..e88b53499 100644 --- a/etc/profile-a-l/kmplayer.profile +++ b/etc/profile-a-l/kmplayer.profile | |||
@@ -6,11 +6,11 @@ include kmplayer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/kmplayerrc | 9 | noblacklist ${HOME}/.config/kmplayerrc |
10 | nodeny ${HOME}/.kde/share/config/kmplayerrc | 10 | noblacklist ${HOME}/.kde/share/config/kmplayerrc |
11 | nodeny ${HOME}/.local/share/kmplayer | 11 | noblacklist ${HOME}/.local/share/kmplayer |
12 | nodeny ${MUSIC} | 12 | noblacklist ${MUSIC} |
13 | nodeny ${VIDEOS} | 13 | noblacklist ${VIDEOS} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/knotes.profile b/etc/profile-a-l/knotes.profile index 5a9ac34da..f155d0ad6 100644 --- a/etc/profile-a-l/knotes.profile +++ b/etc/profile-a-l/knotes.profile | |||
@@ -10,9 +10,9 @@ include knotes.local | |||
10 | # knotes has problems launching akonadi in debian and ubuntu. | 10 | # knotes has problems launching akonadi in debian and ubuntu. |
11 | # one solution is to have akonadi already running when knotes is started | 11 | # one solution is to have akonadi already running when knotes is started |
12 | 12 | ||
13 | nodeny ${HOME}/.config/knotesrc | 13 | noblacklist ${HOME}/.config/knotesrc |
14 | nodeny ${HOME}/.local/share/knotes | 14 | noblacklist ${HOME}/.local/share/knotes |
15 | nodeny ${HOME}/.local/share/kxmlgui5/knotes | 15 | noblacklist ${HOME}/.local/share/kxmlgui5/knotes |
16 | 16 | ||
17 | # Redirect | 17 | # Redirect |
18 | include kmail.profile | 18 | include kmail.profile |
diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile index 2725c87be..f909728a5 100644 --- a/etc/profile-a-l/kodi.profile +++ b/etc/profile-a-l/kodi.profile | |||
@@ -12,11 +12,17 @@ ignore noexec ${HOME} | |||
12 | #ignore nogroups | 12 | #ignore nogroups |
13 | #ignore noroot | 13 | #ignore noroot |
14 | #ignore private-dev | 14 | #ignore private-dev |
15 | # Add the following to your kodi.local if you use the Lutris Kodi Addon | ||
16 | #noblacklist /sbin | ||
17 | #noblacklist /usr/sbin | ||
18 | #noblacklist ${HOME}/.cache/lutris | ||
19 | #noblacklist ${HOME}/.config/lutris | ||
20 | #noblacklist ${HOME}/.local/share/lutris | ||
15 | 21 | ||
16 | nodeny ${HOME}/.kodi | 22 | noblacklist ${HOME}/.kodi |
17 | nodeny ${MUSIC} | 23 | noblacklist ${MUSIC} |
18 | nodeny ${PICTURES} | 24 | noblacklist ${PICTURES} |
19 | nodeny ${VIDEOS} | 25 | noblacklist ${VIDEOS} |
20 | 26 | ||
21 | # Allow python (blacklisted by disable-interpreters.inc) | 27 | # Allow python (blacklisted by disable-interpreters.inc) |
22 | include allow-python2.inc | 28 | include allow-python2.inc |
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile index d8ce33838..5b5ed6e24 100644 --- a/etc/profile-a-l/konversation.profile +++ b/etc/profile-a-l/konversation.profile | |||
@@ -6,11 +6,11 @@ include konversation.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/konversationrc | 9 | noblacklist ${HOME}/.config/konversationrc |
10 | nodeny ${HOME}/.config/konversation.notifyrc | 10 | noblacklist ${HOME}/.config/konversation.notifyrc |
11 | nodeny ${HOME}/.kde/share/config/konversationrc | 11 | noblacklist ${HOME}/.kde/share/config/konversationrc |
12 | nodeny ${HOME}/.kde4/share/config/konversationrc | 12 | noblacklist ${HOME}/.kde4/share/config/konversationrc |
13 | nodeny ${HOME}/.local/share/kxmlgui5/konversation | 13 | noblacklist ${HOME}/.local/share/kxmlgui5/konversation |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile index 749591f32..88f47d1bf 100644 --- a/etc/profile-a-l/kopete.profile +++ b/etc/profile-a-l/kopete.profile | |||
@@ -6,11 +6,11 @@ include kopete.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.kde/share/apps/kopete | 9 | noblacklist ${HOME}/.kde/share/apps/kopete |
10 | nodeny ${HOME}/.kde/share/config/kopeterc | 10 | noblacklist ${HOME}/.kde/share/config/kopeterc |
11 | nodeny ${HOME}/.kde4/share/apps/kopete | 11 | noblacklist ${HOME}/.kde4/share/apps/kopete |
12 | nodeny ${HOME}/.kde4/share/config/kopeterc | 12 | noblacklist ${HOME}/.kde4/share/config/kopeterc |
13 | nodeny ${HOME}/.local/share/kxmlgui5/kopete | 13 | noblacklist ${HOME}/.local/share/kxmlgui5/kopete |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | allow /var/lib/winpopup | 22 | whitelist /var/lib/winpopup |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-a-l/krita.profile b/etc/profile-a-l/krita.profile index 950341def..8604e63d0 100644 --- a/etc/profile-a-l/krita.profile +++ b/etc/profile-a-l/krita.profile | |||
@@ -9,10 +9,10 @@ include globals.local | |||
9 | # noexec ${HOME} may break krita, see issue #1953 | 9 | # noexec ${HOME} may break krita, see issue #1953 |
10 | ignore noexec ${HOME} | 10 | ignore noexec ${HOME} |
11 | 11 | ||
12 | nodeny ${HOME}/.config/kritarc | 12 | noblacklist ${HOME}/.config/kritarc |
13 | nodeny ${HOME}/.local/share/krita | 13 | noblacklist ${HOME}/.local/share/krita |
14 | nodeny ${DOCUMENTS} | 14 | noblacklist ${DOCUMENTS} |
15 | nodeny ${PICTURES} | 15 | noblacklist ${PICTURES} |
16 | 16 | ||
17 | # Allow python (blacklisted by disable-interpreters.inc) | 17 | # Allow python (blacklisted by disable-interpreters.inc) |
18 | include allow-python2.inc | 18 | include allow-python2.inc |
diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile index 7b325d273..9cb5eff87 100644 --- a/etc/profile-a-l/krunner.profile +++ b/etc/profile-a-l/krunner.profile | |||
@@ -13,9 +13,9 @@ include globals.local | |||
13 | # noblacklist ${HOME}/.cache/krunner | 13 | # noblacklist ${HOME}/.cache/krunner |
14 | # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* | 14 | # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* |
15 | # noblacklist ${HOME}/.config/chromium | 15 | # noblacklist ${HOME}/.config/chromium |
16 | nodeny ${HOME}/.config/krunnerrc | 16 | noblacklist ${HOME}/.config/krunnerrc |
17 | nodeny ${HOME}/.kde/share/config/krunnerrc | 17 | noblacklist ${HOME}/.kde/share/config/krunnerrc |
18 | nodeny ${HOME}/.kde4/share/config/krunnerrc | 18 | noblacklist ${HOME}/.kde4/share/config/krunnerrc |
19 | # noblacklist ${HOME}/.local/share/baloo | 19 | # noblacklist ${HOME}/.local/share/baloo |
20 | # noblacklist ${HOME}/.mozilla | 20 | # noblacklist ${HOME}/.mozilla |
21 | 21 | ||
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile index ac9fee585..5a85194e0 100644 --- a/etc/profile-a-l/ktorrent.profile +++ b/etc/profile-a-l/ktorrent.profile | |||
@@ -6,13 +6,13 @@ include ktorrent.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/ktorrentrc | 9 | noblacklist ${HOME}/.config/ktorrentrc |
10 | nodeny ${HOME}/.kde/share/apps/ktorrent | 10 | noblacklist ${HOME}/.kde/share/apps/ktorrent |
11 | nodeny ${HOME}/.kde/share/config/ktorrentrc | 11 | noblacklist ${HOME}/.kde/share/config/ktorrentrc |
12 | nodeny ${HOME}/.kde4/share/apps/ktorrent | 12 | noblacklist ${HOME}/.kde4/share/apps/ktorrent |
13 | nodeny ${HOME}/.kde4/share/config/ktorrentrc | 13 | noblacklist ${HOME}/.kde4/share/config/ktorrentrc |
14 | nodeny ${HOME}/.local/share/ktorrent | 14 | noblacklist ${HOME}/.local/share/ktorrent |
15 | nodeny ${HOME}/.local/share/kxmlgui5/ktorrent | 15 | noblacklist ${HOME}/.local/share/kxmlgui5/ktorrent |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -29,14 +29,14 @@ mkdir ${HOME}/.local/share/kxmlgui5/ktorrent | |||
29 | mkfile ${HOME}/.config/ktorrentrc | 29 | mkfile ${HOME}/.config/ktorrentrc |
30 | mkfile ${HOME}/.kde/share/config/ktorrentrc | 30 | mkfile ${HOME}/.kde/share/config/ktorrentrc |
31 | mkfile ${HOME}/.kde4/share/config/ktorrentrc | 31 | mkfile ${HOME}/.kde4/share/config/ktorrentrc |
32 | allow ${DOWNLOADS} | 32 | whitelist ${DOWNLOADS} |
33 | allow ${HOME}/.config/ktorrentrc | 33 | whitelist ${HOME}/.config/ktorrentrc |
34 | allow ${HOME}/.kde/share/apps/ktorrent | 34 | whitelist ${HOME}/.kde/share/apps/ktorrent |
35 | allow ${HOME}/.kde/share/config/ktorrentrc | 35 | whitelist ${HOME}/.kde/share/config/ktorrentrc |
36 | allow ${HOME}/.kde4/share/apps/ktorrent | 36 | whitelist ${HOME}/.kde4/share/apps/ktorrent |
37 | allow ${HOME}/.kde4/share/config/ktorrentrc | 37 | whitelist ${HOME}/.kde4/share/config/ktorrentrc |
38 | allow ${HOME}/.local/share/ktorrent | 38 | whitelist ${HOME}/.local/share/ktorrent |
39 | allow ${HOME}/.local/share/kxmlgui5/ktorrent | 39 | whitelist ${HOME}/.local/share/kxmlgui5/ktorrent |
40 | include whitelist-common.inc | 40 | include whitelist-common.inc |
41 | include whitelist-var-common.inc | 41 | include whitelist-var-common.inc |
42 | 42 | ||
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile index 71f8e4977..4cf72b74c 100644 --- a/etc/profile-a-l/ktouch.profile +++ b/etc/profile-a-l/ktouch.profile | |||
@@ -6,8 +6,8 @@ include ktouch.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/ktouch2rc | 9 | noblacklist ${HOME}/.config/ktouch2rc |
10 | nodeny ${HOME}/.local/share/ktouch | 10 | noblacklist ${HOME}/.local/share/ktouch |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,8 +20,8 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkfile ${HOME}/.config/ktouch2rc | 21 | mkfile ${HOME}/.config/ktouch2rc |
22 | mkdir ${HOME}/.local/share/ktouch | 22 | mkdir ${HOME}/.local/share/ktouch |
23 | allow ${HOME}/.config/ktouch2rc | 23 | whitelist ${HOME}/.config/ktouch2rc |
24 | allow ${HOME}/.local/share/ktouch | 24 | whitelist ${HOME}/.local/share/ktouch |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile index 74ffd1162..4e9a12e5f 100644 --- a/etc/profile-a-l/kube.profile +++ b/etc/profile-a-l/kube.profile | |||
@@ -6,13 +6,13 @@ include kube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.gnupg | 9 | noblacklist ${HOME}/.gnupg |
10 | nodeny ${HOME}/.mozilla | 10 | noblacklist ${HOME}/.mozilla |
11 | nodeny ${HOME}/.cache/kube | 11 | noblacklist ${HOME}/.cache/kube |
12 | nodeny ${HOME}/.config/kube | 12 | noblacklist ${HOME}/.config/kube |
13 | nodeny ${HOME}/.config/sink | 13 | noblacklist ${HOME}/.config/sink |
14 | nodeny ${HOME}/.local/share/kube | 14 | noblacklist ${HOME}/.local/share/kube |
15 | nodeny ${HOME}/.local/share/sink | 15 | noblacklist ${HOME}/.local/share/sink |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -29,17 +29,17 @@ mkdir ${HOME}/.config/kube | |||
29 | mkdir ${HOME}/.config/sink | 29 | mkdir ${HOME}/.config/sink |
30 | mkdir ${HOME}/.local/share/kube | 30 | mkdir ${HOME}/.local/share/kube |
31 | mkdir ${HOME}/.local/share/sink | 31 | mkdir ${HOME}/.local/share/sink |
32 | allow ${HOME}/.gnupg | 32 | whitelist ${HOME}/.gnupg |
33 | allow ${HOME}/.mozilla/firefox/profiles.ini | 33 | whitelist ${HOME}/.mozilla/firefox/profiles.ini |
34 | allow ${HOME}/.cache/kube | 34 | whitelist ${HOME}/.cache/kube |
35 | allow ${HOME}/.config/kube | 35 | whitelist ${HOME}/.config/kube |
36 | allow ${HOME}/.config/sink | 36 | whitelist ${HOME}/.config/sink |
37 | allow ${HOME}/.local/share/kube | 37 | whitelist ${HOME}/.local/share/kube |
38 | allow ${HOME}/.local/share/sink | 38 | whitelist ${HOME}/.local/share/sink |
39 | allow ${RUNUSER}/gnupg | 39 | whitelist ${RUNUSER}/gnupg |
40 | allow /usr/share/kube | 40 | whitelist /usr/share/kube |
41 | allow /usr/share/gnupg | 41 | whitelist /usr/share/gnupg |
42 | allow /usr/share/gnupg2 | 42 | whitelist /usr/share/gnupg2 |
43 | include whitelist-common.inc | 43 | include whitelist-common.inc |
44 | include whitelist-runuser-common.inc | 44 | include whitelist-runuser-common.inc |
45 | include whitelist-usr-share-common.inc | 45 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile index 580f93736..15e7ceb17 100644 --- a/etc/profile-a-l/kwin_x11.profile +++ b/etc/profile-a-l/kwin_x11.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | # fix automatical kwin_x11 sandboxing: | 8 | # fix automatical kwin_x11 sandboxing: |
9 | # echo KDEWM=kwin_x11 >> ~/.pam_environment | 9 | # echo KDEWM=kwin_x11 >> ~/.pam_environment |
10 | 10 | ||
11 | nodeny ${HOME}/.cache/kwin | 11 | noblacklist ${HOME}/.cache/kwin |
12 | nodeny ${HOME}/.config/kwinrc | 12 | noblacklist ${HOME}/.config/kwinrc |
13 | nodeny ${HOME}/.config/kwinrulesrc | 13 | noblacklist ${HOME}/.config/kwinrulesrc |
14 | nodeny ${HOME}/.local/share/kwin | 14 | noblacklist ${HOME}/.local/share/kwin |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile index 08b0e0224..804ffafeb 100644 --- a/etc/profile-a-l/kwrite.profile +++ b/etc/profile-a-l/kwrite.profile | |||
@@ -6,15 +6,15 @@ include kwrite.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/katepartrc | 9 | noblacklist ${HOME}/.config/katepartrc |
10 | nodeny ${HOME}/.config/katerc | 10 | noblacklist ${HOME}/.config/katerc |
11 | nodeny ${HOME}/.config/kateschemarc | 11 | noblacklist ${HOME}/.config/kateschemarc |
12 | nodeny ${HOME}/.config/katesyntaxhighlightingrc | 12 | noblacklist ${HOME}/.config/katesyntaxhighlightingrc |
13 | nodeny ${HOME}/.config/katevirc | 13 | noblacklist ${HOME}/.config/katevirc |
14 | nodeny ${HOME}/.config/kwriterc | 14 | noblacklist ${HOME}/.config/kwriterc |
15 | nodeny ${HOME}/.local/share/kwrite | 15 | noblacklist ${HOME}/.local/share/kwrite |
16 | nodeny ${HOME}/.local/share/kxmlgui5/kwrite | 16 | noblacklist ${HOME}/.local/share/kxmlgui5/kwrite |
17 | nodeny ${DOCUMENTS} | 17 | noblacklist ${DOCUMENTS} |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/profile-a-l/latex-common.profile b/etc/profile-a-l/latex-common.profile index 91693bfc1..ac1b8785d 100644 --- a/etc/profile-a-l/latex-common.profile +++ b/etc/profile-a-l/latex-common.profile | |||
@@ -13,7 +13,7 @@ include disable-interpreters.inc | |||
13 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | allow /var/lib | 16 | whitelist /var/lib |
17 | include whitelist-runuser-common.inc | 17 | include whitelist-runuser-common.inc |
18 | include whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile index e154708eb..4bbb0a86d 100644 --- a/etc/profile-a-l/leafpad.profile +++ b/etc/profile-a-l/leafpad.profile | |||
@@ -6,7 +6,7 @@ include leafpad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/leafpad | 9 | noblacklist ${HOME}/.config/leafpad |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile index abee392de..8eb5ad0c2 100644 --- a/etc/profile-a-l/less.profile +++ b/etc/profile-a-l/less.profile | |||
@@ -7,9 +7,9 @@ include less.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER} | 10 | blacklist ${RUNUSER} |
11 | 11 | ||
12 | nodeny ${HOME}/.lesshst | 12 | noblacklist ${HOME}/.lesshst |
13 | 13 | ||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile index 8ec41eee3..c57eae73d 100644 --- a/etc/profile-a-l/librecad.profile +++ b/etc/profile-a-l/librecad.profile | |||
@@ -4,8 +4,8 @@ include librecad.local | |||
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include globals.local | 5 | include globals.local |
6 | 6 | ||
7 | nodeny ${HOME}/.config/LibreCAD | 7 | noblacklist ${HOME}/.config/LibreCAD |
8 | nodeny ${HOME}/.local/share/LibreCAD | 8 | noblacklist ${HOME}/.local/share/LibreCAD |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | allow /usr/share/librecad | 19 | whitelist /usr/share/librecad |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile index ae01d39b8..b1a24888c 100644 --- a/etc/profile-a-l/libreoffice.profile +++ b/etc/profile-a-l/libreoffice.profile | |||
@@ -6,15 +6,15 @@ include libreoffice.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny /usr/local/sbin | 9 | noblacklist /usr/local/sbin |
10 | nodeny ${HOME}/.config/libreoffice | 10 | noblacklist ${HOME}/.config/libreoffice |
11 | 11 | ||
12 | # libreoffice uses java for some functionality. | 12 | # libreoffice uses java for some functionality. |
13 | # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality. | 13 | # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality. |
14 | # Allow java (blacklisted by disable-devel.inc) | 14 | # Allow java (blacklisted by disable-devel.inc) |
15 | include allow-java.inc | 15 | include allow-java.inc |
16 | 16 | ||
17 | deny /usr/libexec | 17 | blacklist /usr/libexec |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index 5c614ab8e..da047357a 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile | |||
@@ -6,13 +6,13 @@ include librewolf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/librewolf | 9 | noblacklist ${HOME}/.cache/librewolf |
10 | nodeny ${HOME}/.librewolf | 10 | noblacklist ${HOME}/.librewolf |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/librewolf | 12 | mkdir ${HOME}/.cache/librewolf |
13 | mkdir ${HOME}/.librewolf | 13 | mkdir ${HOME}/.librewolf |
14 | allow ${HOME}/.cache/librewolf | 14 | whitelist ${HOME}/.cache/librewolf |
15 | allow ${HOME}/.librewolf | 15 | whitelist ${HOME}/.librewolf |
16 | 16 | ||
17 | # Add the next lines to your librewolf.local if you want to use the migration wizard. | 17 | # Add the next lines to your librewolf.local if you want to use the migration wizard. |
18 | #noblacklist ${HOME}/.mozilla | 18 | #noblacklist ${HOME}/.mozilla |
@@ -23,10 +23,10 @@ allow ${HOME}/.librewolf | |||
23 | #whitelist ${RUNUSER}/kpxc_server | 23 | #whitelist ${RUNUSER}/kpxc_server |
24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | 24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer |
25 | 25 | ||
26 | allow /usr/share/doc | 26 | whitelist /usr/share/doc |
27 | allow /usr/share/gtk-doc/html | 27 | whitelist /usr/share/gtk-doc/html |
28 | allow /usr/share/mozilla | 28 | whitelist /usr/share/mozilla |
29 | allow /usr/share/webext | 29 | whitelist /usr/share/webext |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | 31 | ||
32 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). | 32 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). |
diff --git a/etc/profile-a-l/lifeograph.profile b/etc/profile-a-l/lifeograph.profile new file mode 100644 index 000000000..b9ed0de8e --- /dev/null +++ b/etc/profile-a-l/lifeograph.profile | |||
@@ -0,0 +1,58 @@ | |||
1 | # Firejail profile for lifeograph | ||
2 | # Description: Lifeograph is a diary program to take personal notes | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include lifeograph.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | nodeny ${DOCUMENTS} | ||
10 | |||
11 | deny /usr/libexec | ||
12 | |||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | include disable-shell.inc | ||
20 | include disable-xdg.inc | ||
21 | |||
22 | allow ${DOCUMENTS} | ||
23 | allow /usr/share/lifeograph | ||
24 | include whitelist-common.inc | ||
25 | include whitelist-runuser-common.inc | ||
26 | include whitelist-usr-share-common.inc | ||
27 | include whitelist-var-common.inc | ||
28 | |||
29 | apparmor | ||
30 | caps.drop all | ||
31 | machine-id | ||
32 | net none | ||
33 | no3d | ||
34 | nodvd | ||
35 | nogroups | ||
36 | noinput | ||
37 | nonewprivs | ||
38 | noroot | ||
39 | nosound | ||
40 | notv | ||
41 | nou2f | ||
42 | novideo | ||
43 | protocol unix | ||
44 | seccomp | ||
45 | seccomp.block-secondary | ||
46 | shell none | ||
47 | tracelog | ||
48 | |||
49 | disable-mnt | ||
50 | private-bin lifeograph | ||
51 | private-cache | ||
52 | private-dev | ||
53 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | ||
54 | private-tmp | ||
55 | |||
56 | dbus-user filter | ||
57 | dbus-user.talk ca.desrt.dconf | ||
58 | dbus-system none | ||
diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile index 595ecc257..7afca1d5f 100644 --- a/etc/profile-a-l/liferea.profile +++ b/etc/profile-a-l/liferea.profile | |||
@@ -6,9 +6,9 @@ include liferea.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/liferea | 9 | noblacklist ${HOME}/.cache/liferea |
10 | nodeny ${HOME}/.config/liferea | 10 | noblacklist ${HOME}/.config/liferea |
11 | nodeny ${HOME}/.local/share/liferea | 11 | noblacklist ${HOME}/.local/share/liferea |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -24,10 +24,10 @@ include disable-programs.inc | |||
24 | mkdir ${HOME}/.cache/liferea | 24 | mkdir ${HOME}/.cache/liferea |
25 | mkdir ${HOME}/.config/liferea | 25 | mkdir ${HOME}/.config/liferea |
26 | mkdir ${HOME}/.local/share/liferea | 26 | mkdir ${HOME}/.local/share/liferea |
27 | allow ${HOME}/.cache/liferea | 27 | whitelist ${HOME}/.cache/liferea |
28 | allow ${HOME}/.config/liferea | 28 | whitelist ${HOME}/.config/liferea |
29 | allow ${HOME}/.local/share/liferea | 29 | whitelist ${HOME}/.local/share/liferea |
30 | allow /usr/share/liferea | 30 | whitelist /usr/share/liferea |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/lightsoff.profile b/etc/profile-a-l/lightsoff.profile index 58d5bcd6d..c065c44a9 100644 --- a/etc/profile-a-l/lightsoff.profile +++ b/etc/profile-a-l/lightsoff.profile | |||
@@ -6,7 +6,7 @@ include lightsoff.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | allow /usr/share/lightsoff | 9 | whitelist /usr/share/lightsoff |
10 | 10 | ||
11 | private-bin lightsoff | 11 | private-bin lightsoff |
12 | 12 | ||
diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile index e14c50d77..4254b7f33 100644 --- a/etc/profile-a-l/lincity-ng.profile +++ b/etc/profile-a-l/lincity-ng.profile | |||
@@ -6,7 +6,7 @@ include lincity-ng.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.lincity-ng | 9 | noblacklist ${HOME}/.lincity-ng |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.lincity-ng | 20 | mkdir ${HOME}/.lincity-ng |
21 | allow ${HOME}/.lincity-ng | 21 | whitelist ${HOME}/.lincity-ng |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile index 51e3d5b94..cd885b1d4 100644 --- a/etc/profile-a-l/links-common.profile +++ b/etc/profile-a-l/links-common.profile | |||
@@ -4,8 +4,8 @@ include links-common.local | |||
4 | 4 | ||
5 | # common profile for links browsers | 5 | # common profile for links browsers |
6 | 6 | ||
7 | deny /tmp/.X11-unix | 7 | blacklist /tmp/.X11-unix |
8 | deny ${RUNUSER}/wayland-* | 8 | blacklist ${RUNUSER}/wayland-* |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | allow ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/links.profile b/etc/profile-a-l/links.profile index ae57601ca..8ce39cc7f 100644 --- a/etc/profile-a-l/links.profile +++ b/etc/profile-a-l/links.profile | |||
@@ -7,10 +7,10 @@ include links.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.links | 10 | noblacklist ${HOME}/.links |
11 | 11 | ||
12 | mkdir ${HOME}/.links | 12 | mkdir ${HOME}/.links |
13 | allow ${HOME}/.links | 13 | whitelist ${HOME}/.links |
14 | 14 | ||
15 | private-bin links | 15 | private-bin links |
16 | 16 | ||
diff --git a/etc/profile-a-l/links2.profile b/etc/profile-a-l/links2.profile index eb349c73a..5f91dfcd2 100644 --- a/etc/profile-a-l/links2.profile +++ b/etc/profile-a-l/links2.profile | |||
@@ -7,10 +7,10 @@ include links2.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.links2 | 10 | noblacklist ${HOME}/.links2 |
11 | 11 | ||
12 | mkdir ${HOME}/.links2 | 12 | mkdir ${HOME}/.links2 |
13 | allow ${HOME}/.links2 | 13 | whitelist ${HOME}/.links2 |
14 | 14 | ||
15 | private-bin links2 | 15 | private-bin links2 |
16 | 16 | ||
diff --git a/etc/profile-a-l/linphone.profile b/etc/profile-a-l/linphone.profile index dd1dac05b..7ebdbef4c 100644 --- a/etc/profile-a-l/linphone.profile +++ b/etc/profile-a-l/linphone.profile | |||
@@ -6,10 +6,10 @@ include linphone.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/linphone | 9 | noblacklist ${HOME}/.config/linphone |
10 | nodeny ${HOME}/.linphone-history.db | 10 | noblacklist ${HOME}/.linphone-history.db |
11 | nodeny ${HOME}/.linphonerc | 11 | noblacklist ${HOME}/.linphonerc |
12 | nodeny ${HOME}/.local/share/linphone | 12 | noblacklist ${HOME}/.local/share/linphone |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -23,11 +23,11 @@ include disable-programs.inc | |||
23 | # ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile. | 23 | # ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile. |
24 | mkdir ${HOME}/.config/linphone | 24 | mkdir ${HOME}/.config/linphone |
25 | mkdir ${HOME}/.local/share/linphone | 25 | mkdir ${HOME}/.local/share/linphone |
26 | allow ${HOME}/.config/linphone | 26 | whitelist ${HOME}/.config/linphone |
27 | allow ${HOME}/.linphone-history.db | 27 | whitelist ${HOME}/.linphone-history.db |
28 | allow ${HOME}/.linphonerc | 28 | whitelist ${HOME}/.linphonerc |
29 | allow ${HOME}/.local/share/linphone | 29 | whitelist ${HOME}/.local/share/linphone |
30 | allow ${DOWNLOADS} | 30 | whitelist ${DOWNLOADS} |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | 32 | ||
33 | caps.drop all | 33 | caps.drop all |
diff --git a/etc/profile-a-l/lmms.profile b/etc/profile-a-l/lmms.profile index b22110fdc..48b0e14dc 100644 --- a/etc/profile-a-l/lmms.profile +++ b/etc/profile-a-l/lmms.profile | |||
@@ -6,9 +6,9 @@ include lmms.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.lmmsrc.xml | 9 | noblacklist ${HOME}/.lmmsrc.xml |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | nodeny ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile index 0a7ce86e8..f2676fec5 100644 --- a/etc/profile-a-l/lollypop.profile +++ b/etc/profile-a-l/lollypop.profile | |||
@@ -6,8 +6,8 @@ include lollypop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/lollypop | 9 | noblacklist ${HOME}/.local/share/lollypop |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile index 30802b3b7..174c65a65 100644 --- a/etc/profile-a-l/lugaru.profile +++ b/etc/profile-a-l/lugaru.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | # note: crashes after entering | 9 | # note: crashes after entering |
10 | 10 | ||
11 | nodeny ${HOME}/.config/lugaru | 11 | noblacklist ${HOME}/.config/lugaru |
12 | nodeny ${HOME}/.local/share/lugaru | 12 | noblacklist ${HOME}/.local/share/lugaru |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | mkdir ${HOME}/.config/lugaru | 23 | mkdir ${HOME}/.config/lugaru |
24 | mkdir ${HOME}/.local/share/lugaru | 24 | mkdir ${HOME}/.local/share/lugaru |
25 | allow ${HOME}/.config/lugaru | 25 | whitelist ${HOME}/.config/lugaru |
26 | allow ${HOME}/.local/share/lugaru | 26 | whitelist ${HOME}/.local/share/lugaru |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
diff --git a/etc/profile-a-l/luminance-hdr.profile b/etc/profile-a-l/luminance-hdr.profile index 73400dbd6..31067034e 100644 --- a/etc/profile-a-l/luminance-hdr.profile +++ b/etc/profile-a-l/luminance-hdr.profile | |||
@@ -6,8 +6,8 @@ include luminance-hdr.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Luminance | 9 | noblacklist ${HOME}/.config/Luminance |
10 | nodeny ${PICTURES} | 10 | noblacklist ${PICTURES} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile index 9d5169b80..80a3aba86 100644 --- a/etc/profile-a-l/lutris.profile +++ b/etc/profile-a-l/lutris.profile | |||
@@ -6,18 +6,18 @@ include lutris.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${PATH}/llvm* | 9 | noblacklist ${PATH}/llvm* |
10 | nodeny ${HOME}/Games | 10 | noblacklist ${HOME}/Games |
11 | nodeny ${HOME}/.cache/lutris | 11 | noblacklist ${HOME}/.cache/lutris |
12 | nodeny ${HOME}/.cache/winetricks | 12 | noblacklist ${HOME}/.cache/winetricks |
13 | nodeny ${HOME}/.config/lutris | 13 | noblacklist ${HOME}/.config/lutris |
14 | nodeny ${HOME}/.local/share/lutris | 14 | noblacklist ${HOME}/.local/share/lutris |
15 | # noblacklist ${HOME}/.wine | 15 | # noblacklist ${HOME}/.wine |
16 | nodeny /tmp/.wine-* | 16 | noblacklist /tmp/.wine-* |
17 | # Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise | 17 | # Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise |
18 | # Lutris won't even start. | 18 | # Lutris won't even start. |
19 | nodeny /sbin | 19 | noblacklist /sbin |
20 | nodeny /usr/sbin | 20 | noblacklist /usr/sbin |
21 | 21 | ||
22 | ignore noexec ${HOME} | 22 | ignore noexec ${HOME} |
23 | 23 | ||
@@ -39,15 +39,15 @@ mkdir ${HOME}/.cache/winetricks | |||
39 | mkdir ${HOME}/.config/lutris | 39 | mkdir ${HOME}/.config/lutris |
40 | mkdir ${HOME}/.local/share/lutris | 40 | mkdir ${HOME}/.local/share/lutris |
41 | # mkdir ${HOME}/.wine | 41 | # mkdir ${HOME}/.wine |
42 | allow ${DOWNLOADS} | 42 | whitelist ${DOWNLOADS} |
43 | allow ${HOME}/Games | 43 | whitelist ${HOME}/Games |
44 | allow ${HOME}/.cache/lutris | 44 | whitelist ${HOME}/.cache/lutris |
45 | allow ${HOME}/.cache/winetricks | 45 | whitelist ${HOME}/.cache/winetricks |
46 | allow ${HOME}/.config/lutris | 46 | whitelist ${HOME}/.config/lutris |
47 | allow ${HOME}/.local/share/lutris | 47 | whitelist ${HOME}/.local/share/lutris |
48 | # whitelist ${HOME}/.wine | 48 | # whitelist ${HOME}/.wine |
49 | allow /usr/share/lutris | 49 | whitelist /usr/share/lutris |
50 | allow /usr/share/wine | 50 | whitelist /usr/share/wine |
51 | include whitelist-common.inc | 51 | include whitelist-common.inc |
52 | include whitelist-usr-share-common.inc | 52 | include whitelist-usr-share-common.inc |
53 | include whitelist-runuser-common.inc | 53 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/lximage-qt.profile b/etc/profile-a-l/lximage-qt.profile index 43147211b..b2a56012e 100644 --- a/etc/profile-a-l/lximage-qt.profile +++ b/etc/profile-a-l/lximage-qt.profile | |||
@@ -6,7 +6,7 @@ include lximage-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/lximage-qt | 9 | noblacklist ${HOME}/.config/lximage-qt |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lxmusic.profile b/etc/profile-a-l/lxmusic.profile index c849f2ad2..cc4b95551 100644 --- a/etc/profile-a-l/lxmusic.profile +++ b/etc/profile-a-l/lxmusic.profile | |||
@@ -6,9 +6,9 @@ include lxmusic.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/xmms2 | 9 | noblacklist ${HOME}/.cache/xmms2 |
10 | nodeny ${HOME}/.config/xmms2 | 10 | noblacklist ${HOME}/.config/xmms2 |
11 | nodeny ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile index 15c8f1faa..a919e924b 100644 --- a/etc/profile-a-l/lynx.profile +++ b/etc/profile-a-l/lynx.profile | |||
@@ -7,8 +7,8 @@ include lynx.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER}/wayland-* | 11 | blacklist ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile index 358dbf2f2..fa69463d1 100644 --- a/etc/profile-a-l/lyx.profile +++ b/etc/profile-a-l/lyx.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | ignore private-tmp | 9 | ignore private-tmp |
10 | 10 | ||
11 | nodeny ${HOME}/.config/LyX | 11 | noblacklist ${HOME}/.config/LyX |
12 | nodeny ${HOME}/.lyx | 12 | noblacklist ${HOME}/.lyx |
13 | 13 | ||
14 | # Allow lua (blacklisted by disable-interpreters.inc) | 14 | # Allow lua (blacklisted by disable-interpreters.inc) |
15 | include allow-lua.inc | 15 | include allow-lua.inc |
@@ -21,11 +21,11 @@ include allow-perl.inc | |||
21 | include allow-python2.inc | 21 | include allow-python2.inc |
22 | include allow-python3.inc | 22 | include allow-python3.inc |
23 | 23 | ||
24 | allow /usr/share/lyx | 24 | whitelist /usr/share/lyx |
25 | allow /usr/share/texinfo | 25 | whitelist /usr/share/texinfo |
26 | allow /usr/share/texlive | 26 | whitelist /usr/share/texlive |
27 | allow /usr/share/texmf-dist | 27 | whitelist /usr/share/texmf-dist |
28 | allow /usr/share/tlpkg | 28 | whitelist /usr/share/tlpkg |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
30 | 30 | ||
31 | apparmor | 31 | apparmor |
diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile index 3a4edcf69..4637419bf 100644 --- a/etc/profile-a-l/sway.profile +++ b/etc/profile-a-l/sway.profile | |||
@@ -7,9 +7,9 @@ include sway.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in sway will run in this profile | 9 | # all applications started in sway will run in this profile |
10 | nodeny ${HOME}/.config/sway | 10 | noblacklist ${HOME}/.config/sway |
11 | # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway | 11 | # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway |
12 | nodeny ${HOME}/.config/i3 | 12 | noblacklist ${HOME}/.config/i3 |
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
diff --git a/etc/profile-m-z/Maelstrom.profile b/etc/profile-m-z/Maelstrom.profile index e6c43007d..62d0a8b3a 100644 --- a/etc/profile-m-z/Maelstrom.profile +++ b/etc/profile-m-z/Maelstrom.profile | |||
@@ -6,7 +6,7 @@ include Maelstrom.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny /var/lib/games/Maelstrom-Scores | 9 | noblacklist /var/lib/games/Maelstrom-Scores |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | allow /var/lib/games | 20 | whitelist /var/lib/games |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/Mathematica.profile b/etc/profile-m-z/Mathematica.profile index bd929d21a..c2734b1c1 100644 --- a/etc/profile-m-z/Mathematica.profile +++ b/etc/profile-m-z/Mathematica.profile | |||
@@ -5,8 +5,8 @@ include Mathematica.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.Mathematica | 8 | noblacklist ${HOME}/.Mathematica |
9 | nodeny ${HOME}/.Wolfram Research | 9 | noblacklist ${HOME}/.Wolfram Research |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-programs.inc | |||
17 | mkdir ${HOME}/.Mathematica | 17 | mkdir ${HOME}/.Mathematica |
18 | mkdir ${HOME}/.Wolfram Research | 18 | mkdir ${HOME}/.Wolfram Research |
19 | mkdir ${HOME}/Documents/Wolfram Mathematica | 19 | mkdir ${HOME}/Documents/Wolfram Mathematica |
20 | allow ${HOME}/.Mathematica | 20 | whitelist ${HOME}/.Mathematica |
21 | allow ${HOME}/.Wolfram Research | 21 | whitelist ${HOME}/.Wolfram Research |
22 | allow ${HOME}/Documents/Wolfram Mathematica | 22 | whitelist ${HOME}/Documents/Wolfram Mathematica |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile index f833b9446..e678b7204 100644 --- a/etc/profile-m-z/PCSX2.profile +++ b/etc/profile-m-z/PCSX2.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # Note: you must whitelist your games folder in your PCSX2.local. | 9 | # Note: you must whitelist your games folder in your PCSX2.local. |
10 | 10 | ||
11 | nodeny ${HOME}/.config/PCSX2 | 11 | noblacklist ${HOME}/.config/PCSX2 |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,7 +21,7 @@ include disable-write-mnt.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.config/PCSX2 | 23 | mkdir ${HOME}/.config/PCSX2 |
24 | allow ${HOME}/.config/PCSX2 | 24 | whitelist ${HOME}/.config/PCSX2 |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/QMediathekView.profile b/etc/profile-m-z/QMediathekView.profile index d7b01fe06..86120587b 100644 --- a/etc/profile-m-z/QMediathekView.profile +++ b/etc/profile-m-z/QMediathekView.profile | |||
@@ -6,18 +6,18 @@ include QMediathekView.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/QMediathekView | 9 | noblacklist ${HOME}/.config/QMediathekView |
10 | nodeny ${HOME}/.local/share/QMediathekView | 10 | noblacklist ${HOME}/.local/share/QMediathekView |
11 | 11 | ||
12 | nodeny ${HOME}/.config/mpv | 12 | noblacklist ${HOME}/.config/mpv |
13 | nodeny ${HOME}/.config/smplayer | 13 | noblacklist ${HOME}/.config/smplayer |
14 | nodeny ${HOME}/.config/totem | 14 | noblacklist ${HOME}/.config/totem |
15 | nodeny ${HOME}/.config/vlc | 15 | noblacklist ${HOME}/.config/vlc |
16 | nodeny ${HOME}/.config/xplayer | 16 | noblacklist ${HOME}/.config/xplayer |
17 | nodeny ${HOME}/.local/share/totem | 17 | noblacklist ${HOME}/.local/share/totem |
18 | nodeny ${HOME}/.local/share/xplayer | 18 | noblacklist ${HOME}/.local/share/xplayer |
19 | nodeny ${HOME}/.mplayer | 19 | noblacklist ${HOME}/.mplayer |
20 | nodeny ${VIDEOS} | 20 | noblacklist ${VIDEOS} |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
@@ -28,7 +28,7 @@ include disable-programs.inc | |||
28 | include disable-shell.inc | 28 | include disable-shell.inc |
29 | include disable-xdg.inc | 29 | include disable-xdg.inc |
30 | 30 | ||
31 | allow /usr/share/qtchooser | 31 | whitelist /usr/share/qtchooser |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-m-z/QOwnNotes.profile b/etc/profile-m-z/QOwnNotes.profile index 4ca42730a..660378089 100644 --- a/etc/profile-m-z/QOwnNotes.profile +++ b/etc/profile-m-z/QOwnNotes.profile | |||
@@ -6,10 +6,10 @@ include QOwnNotes.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | nodeny ${HOME}/Nextcloud/Notes | 10 | noblacklist ${HOME}/Nextcloud/Notes |
11 | nodeny ${HOME}/.config/PBE | 11 | noblacklist ${HOME}/.config/PBE |
12 | nodeny ${HOME}/.local/share/PBE | 12 | noblacklist ${HOME}/.local/share/PBE |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -23,10 +23,10 @@ include disable-xdg.inc | |||
23 | mkdir ${HOME}/Nextcloud/Notes | 23 | mkdir ${HOME}/Nextcloud/Notes |
24 | mkdir ${HOME}/.config/PBE | 24 | mkdir ${HOME}/.config/PBE |
25 | mkdir ${HOME}/.local/share/PBE | 25 | mkdir ${HOME}/.local/share/PBE |
26 | allow ${DOCUMENTS} | 26 | whitelist ${DOCUMENTS} |
27 | allow ${HOME}/Nextcloud/Notes | 27 | whitelist ${HOME}/Nextcloud/Notes |
28 | allow ${HOME}/.config/PBE | 28 | whitelist ${HOME}/.config/PBE |
29 | allow ${HOME}/.local/share/PBE | 29 | whitelist ${HOME}/.local/share/PBE |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
diff --git a/etc/profile-m-z/Viber.profile b/etc/profile-m-z/Viber.profile index b98847d3a..3195e39fa 100644 --- a/etc/profile-m-z/Viber.profile +++ b/etc/profile-m-z/Viber.profile | |||
@@ -5,8 +5,8 @@ include Viber.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.ViberPC | 8 | noblacklist ${HOME}/.ViberPC |
9 | nodeny ${PATH}/dig | 9 | noblacklist ${PATH}/dig |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.ViberPC | 18 | mkdir ${HOME}/.ViberPC |
19 | allow ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | allow ${HOME}/.ViberPC | 20 | whitelist ${HOME}/.ViberPC |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-m-z/XMind.profile b/etc/profile-m-z/XMind.profile index c9cf7adf7..d78e04595 100644 --- a/etc/profile-m-z/XMind.profile +++ b/etc/profile-m-z/XMind.profile | |||
@@ -5,7 +5,7 @@ include XMind.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.xmind | 8 | noblacklist ${HOME}/.xmind |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -15,8 +15,8 @@ include disable-passwdmgr.inc | |||
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.xmind | 17 | mkdir ${HOME}/.xmind |
18 | allow ${HOME}/.xmind | 18 | whitelist ${HOME}/.xmind |
19 | allow ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/profile-m-z/Xephyr.profile b/etc/profile-m-z/Xephyr.profile index 7ba1cdac9..5cf5161ce 100644 --- a/etc/profile-m-z/Xephyr.profile +++ b/etc/profile-m-z/Xephyr.profile | |||
@@ -15,7 +15,7 @@ include globals.local | |||
15 | # or run "sudo firecfg" | 15 | # or run "sudo firecfg" |
16 | # | 16 | # |
17 | 17 | ||
18 | allow /var/lib/xkb | 18 | whitelist /var/lib/xkb |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/profile-m-z/Xvfb.profile b/etc/profile-m-z/Xvfb.profile index a246ccb23..1acd43023 100644 --- a/etc/profile-m-z/Xvfb.profile +++ b/etc/profile-m-z/Xvfb.profile | |||
@@ -18,7 +18,7 @@ include globals.local | |||
18 | # some Linux distributions. Also, older versions of Xpra use Xvfb. | 18 | # some Linux distributions. Also, older versions of Xpra use Xvfb. |
19 | # | 19 | # |
20 | 20 | ||
21 | allow /var/lib/xkb | 21 | whitelist /var/lib/xkb |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-m-z/ZeGrapher.profile b/etc/profile-m-z/ZeGrapher.profile index 4f65ad7d1..7686c3442 100644 --- a/etc/profile-m-z/ZeGrapher.profile +++ b/etc/profile-m-z/ZeGrapher.profile | |||
@@ -6,7 +6,7 @@ include ZeGrapher.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/ZeGrapher Project | 9 | noblacklist ${HOME}/.config/ZeGrapher Project |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | allow /usr/share/ZeGrapher | 19 | whitelist /usr/share/ZeGrapher |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/io.github.lainsce.Notejot.profile b/etc/profile-m-z/io.github.lainsce.Notejot.profile new file mode 100644 index 000000000..a8029db72 --- /dev/null +++ b/etc/profile-m-z/io.github.lainsce.Notejot.profile | |||
@@ -0,0 +1,61 @@ | |||
1 | # Firejail profile for notejot | ||
2 | # Description: Jot your ideas | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include io.github.lainsce.Notejot.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | nodeny ${HOME}/.cache/io.github.lainsce.Notejot | ||
10 | nodeny ${HOME}/.local/share/io.github.lainsce.Notejot | ||
11 | |||
12 | include disable-common.inc | ||
13 | include disable-devel.inc | ||
14 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | ||
18 | include disable-shell.inc | ||
19 | include disable-xdg.inc | ||
20 | |||
21 | mkdir ${HOME}/.cache/io.github.lainsce.Notejot | ||
22 | mkdir ${HOME}/.local/share/io.github.lainsce.Notejot | ||
23 | allow ${HOME}/.cache/io.github.lainsce.Notejot | ||
24 | allow ${HOME}/.local/share/io.github.lainsce.Notejot | ||
25 | allow /usr/libexec/webkit2gtk-4.0 | ||
26 | include whitelist-common.inc | ||
27 | include whitelist-runuser-common.inc | ||
28 | include whitelist-usr-share-common.inc | ||
29 | include whitelist-var-common.inc | ||
30 | |||
31 | apparmor | ||
32 | caps.drop all | ||
33 | machine-id | ||
34 | net none | ||
35 | no3d | ||
36 | nodvd | ||
37 | nogroups | ||
38 | noinput | ||
39 | nonewprivs | ||
40 | noroot | ||
41 | nosound | ||
42 | notv | ||
43 | nou2f | ||
44 | novideo | ||
45 | protocol unix | ||
46 | seccomp | ||
47 | seccomp.block-secondary | ||
48 | shell none | ||
49 | tracelog | ||
50 | |||
51 | disable-mnt | ||
52 | private-bin io.github.lainsce.Notejot | ||
53 | private-cache | ||
54 | private-dev | ||
55 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | ||
56 | private-tmp | ||
57 | |||
58 | dbus-user filter | ||
59 | dbus-user.own io.github.lainsce.Notejot | ||
60 | dbus-user.talk ca.desrt.dconf | ||
61 | dbus-system none | ||
diff --git a/etc/profile-m-z/macrofusion.profile b/etc/profile-m-z/macrofusion.profile index 763d475bb..d1dcb6fe0 100644 --- a/etc/profile-m-z/macrofusion.profile +++ b/etc/profile-m-z/macrofusion.profile | |||
@@ -5,8 +5,8 @@ include macrofusion.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/mfusion | 8 | noblacklist ${HOME}/.config/mfusion |
9 | nodeny ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
diff --git a/etc/profile-m-z/magicor.profile b/etc/profile-m-z/magicor.profile index d561a5095..8a27b2626 100644 --- a/etc/profile-m-z/magicor.profile +++ b/etc/profile-m-z/magicor.profile | |||
@@ -6,7 +6,7 @@ include magicor.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.magicor | 9 | noblacklist ${HOME}/.magicor |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -21,8 +21,8 @@ include disable-shell.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.magicor | 23 | mkdir ${HOME}/.magicor |
24 | allow ${HOME}/.magicor | 24 | whitelist ${HOME}/.magicor |
25 | allow /usr/share/magicor | 25 | whitelist /usr/share/magicor |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile index a7c486c9f..513fcae55 100644 --- a/etc/profile-m-z/makepkg.profile +++ b/etc/profile-m-z/makepkg.profile | |||
@@ -6,8 +6,8 @@ include makepkg.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | deny ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 | 12 | # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 |
13 | # for potential issues and their solutions when Firejailing makepkg | 13 | # for potential issues and their solutions when Firejailing makepkg |
@@ -17,18 +17,18 @@ deny ${RUNUSER}/wayland-* | |||
17 | # whitelist ${HOME}/.gnupg | 17 | # whitelist ${HOME}/.gnupg |
18 | 18 | ||
19 | # Enable severely restricted access to ${HOME}/.gnupg | 19 | # Enable severely restricted access to ${HOME}/.gnupg |
20 | nodeny ${HOME}/.gnupg | 20 | noblacklist ${HOME}/.gnupg |
21 | read-only ${HOME}/.gnupg/gpg.conf | 21 | read-only ${HOME}/.gnupg/gpg.conf |
22 | read-only ${HOME}/.gnupg/trustdb.gpg | 22 | read-only ${HOME}/.gnupg/trustdb.gpg |
23 | read-only ${HOME}/.gnupg/pubring.kbx | 23 | read-only ${HOME}/.gnupg/pubring.kbx |
24 | deny ${HOME}/.gnupg/random_seed | 24 | blacklist ${HOME}/.gnupg/random_seed |
25 | deny ${HOME}/.gnupg/pubring.kbx~ | 25 | blacklist ${HOME}/.gnupg/pubring.kbx~ |
26 | deny ${HOME}/.gnupg/private-keys-v1.d | 26 | blacklist ${HOME}/.gnupg/private-keys-v1.d |
27 | deny ${HOME}/.gnupg/crls.d | 27 | blacklist ${HOME}/.gnupg/crls.d |
28 | deny ${HOME}/.gnupg/openpgp-revocs.d | 28 | blacklist ${HOME}/.gnupg/openpgp-revocs.d |
29 | 29 | ||
30 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. | 30 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. |
31 | nodeny /var/lib/pacman | 31 | noblacklist /var/lib/pacman |
32 | 32 | ||
33 | include disable-common.inc | 33 | include disable-common.inc |
34 | include disable-exec.inc | 34 | include disable-exec.inc |
diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile index 383eeeeb7..bd510fcac 100644 --- a/etc/profile-m-z/man.profile +++ b/etc/profile-m-z/man.profile | |||
@@ -7,10 +7,10 @@ include man.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER} | 10 | blacklist ${RUNUSER} |
11 | 11 | ||
12 | nodeny ${HOME}/.local/share/man | 12 | noblacklist ${HOME}/.local/share/man |
13 | nodeny ${HOME}/.rustup | 13 | noblacklist ${HOME}/.rustup |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -23,12 +23,12 @@ include disable-xdg.inc | |||
23 | #mkdir ${HOME}/.local/share/man | 23 | #mkdir ${HOME}/.local/share/man |
24 | #whitelist ${HOME}/.local/share/man | 24 | #whitelist ${HOME}/.local/share/man |
25 | #whitelist ${HOME}/.manpath | 25 | #whitelist ${HOME}/.manpath |
26 | allow /usr/share/groff | 26 | whitelist /usr/share/groff |
27 | allow /usr/share/info | 27 | whitelist /usr/share/info |
28 | allow /usr/share/lintian | 28 | whitelist /usr/share/lintian |
29 | allow /usr/share/locale | 29 | whitelist /usr/share/locale |
30 | allow /usr/share/man | 30 | whitelist /usr/share/man |
31 | allow /var/cache/man | 31 | whitelist /var/cache/man |
32 | #include whitelist-common.inc | 32 | #include whitelist-common.inc |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/manaplus.profile b/etc/profile-m-z/manaplus.profile index 67ee783a6..f59a56ac6 100644 --- a/etc/profile-m-z/manaplus.profile +++ b/etc/profile-m-z/manaplus.profile | |||
@@ -6,8 +6,8 @@ include manaplus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/mana | 9 | noblacklist ${HOME}/.config/mana |
10 | nodeny ${HOME}/.local/share/mana | 10 | noblacklist ${HOME}/.local/share/mana |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -21,8 +21,8 @@ include disable-xdg.inc | |||
21 | mkdir ${HOME}/.config/mana | 21 | mkdir ${HOME}/.config/mana |
22 | mkdir ${HOME}/.config/mana/mana | 22 | mkdir ${HOME}/.config/mana/mana |
23 | mkdir ${HOME}/.local/share/mana | 23 | mkdir ${HOME}/.local/share/mana |
24 | allow ${HOME}/.config/mana | 24 | whitelist ${HOME}/.config/mana |
25 | allow ${HOME}/.local/share/mana | 25 | whitelist ${HOME}/.local/share/mana |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile index 7645ad335..bd56a8221 100644 --- a/etc/profile-m-z/marker.profile +++ b/etc/profile-m-z/marker.profile | |||
@@ -11,8 +11,8 @@ include globals.local | |||
11 | #protocol unix,inet,inet6 | 11 | #protocol unix,inet,inet6 |
12 | #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf | 12 | #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf |
13 | 13 | ||
14 | nodeny ${HOME}/.cache/marker | 14 | noblacklist ${HOME}/.cache/marker |
15 | nodeny ${DOCUMENTS} | 15 | noblacklist ${DOCUMENTS} |
16 | 16 | ||
17 | include allow-python3.inc | 17 | include allow-python3.inc |
18 | 18 | ||
@@ -25,8 +25,8 @@ include disable-programs.inc | |||
25 | include disable-shell.inc | 25 | include disable-shell.inc |
26 | include disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | allow /usr/libexec/webkit2gtk-4.0 | 28 | whitelist /usr/libexec/webkit2gtk-4.0 |
29 | allow /usr/share/com.github.fabiocolacio.marker | 29 | whitelist /usr/share/com.github.fabiocolacio.marker |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
32 | include whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/masterpdfeditor.profile b/etc/profile-m-z/masterpdfeditor.profile index d8b215b7f..de1135071 100644 --- a/etc/profile-m-z/masterpdfeditor.profile +++ b/etc/profile-m-z/masterpdfeditor.profile | |||
@@ -6,8 +6,8 @@ include masterpdfeditor.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Code Industry | 9 | noblacklist ${HOME}/.config/Code Industry |
10 | nodeny ${HOME}/.masterpdfeditor | 10 | noblacklist ${HOME}/.masterpdfeditor |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mate-calc.profile b/etc/profile-m-z/mate-calc.profile index 92832783e..39ee7439d 100644 --- a/etc/profile-m-z/mate-calc.profile +++ b/etc/profile-m-z/mate-calc.profile | |||
@@ -6,7 +6,7 @@ include mate-calc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/mate-calc | 9 | noblacklist ${HOME}/.config/mate-calc |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-programs.inc | |||
18 | mkdir ${HOME}/.cache/mate-calc | 18 | mkdir ${HOME}/.cache/mate-calc |
19 | mkdir ${HOME}/.config/caja | 19 | mkdir ${HOME}/.config/caja |
20 | mkdir ${HOME}/.config/mate-menu | 20 | mkdir ${HOME}/.config/mate-menu |
21 | allow ${HOME}/.cache/mate-calc | 21 | whitelist ${HOME}/.cache/mate-calc |
22 | allow ${HOME}/.config/caja | 22 | whitelist ${HOME}/.config/caja |
23 | allow ${HOME}/.config/mate-menu | 23 | whitelist ${HOME}/.config/mate-menu |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/mate-dictionary.profile b/etc/profile-m-z/mate-dictionary.profile index 90c9d0993..ae1fcbf62 100644 --- a/etc/profile-m-z/mate-dictionary.profile +++ b/etc/profile-m-z/mate-dictionary.profile | |||
@@ -5,7 +5,7 @@ include mate-dictionary.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/mate/mate-dictionary | 8 | noblacklist ${HOME}/.config/mate/mate-dictionary |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/mate/mate-dictionary | 18 | mkdir ${HOME}/.config/mate/mate-dictionary |
19 | allow ${HOME}/.config/mate/mate-dictionary | 19 | whitelist ${HOME}/.config/mate/mate-dictionary |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | 21 | ||
22 | apparmor | 22 | apparmor |
diff --git a/etc/profile-m-z/matrix-mirage.profile b/etc/profile-m-z/matrix-mirage.profile index 8ee470a50..b3080df88 100644 --- a/etc/profile-m-z/matrix-mirage.profile +++ b/etc/profile-m-z/matrix-mirage.profile | |||
@@ -7,16 +7,16 @@ include matrix-mirage.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.cache/matrix-mirage | 10 | noblacklist ${HOME}/.cache/matrix-mirage |
11 | nodeny ${HOME}/.config/matrix-mirage | 11 | noblacklist ${HOME}/.config/matrix-mirage |
12 | nodeny ${HOME}/.local/share/matrix-mirage | 12 | noblacklist ${HOME}/.local/share/matrix-mirage |
13 | 13 | ||
14 | mkdir ${HOME}/.cache/matrix-mirage | 14 | mkdir ${HOME}/.cache/matrix-mirage |
15 | mkdir ${HOME}/.config/matrix-mirage | 15 | mkdir ${HOME}/.config/matrix-mirage |
16 | mkdir ${HOME}/.local/share/matrix-mirage | 16 | mkdir ${HOME}/.local/share/matrix-mirage |
17 | allow ${HOME}/.cache/matrix-mirage | 17 | whitelist ${HOME}/.cache/matrix-mirage |
18 | allow ${HOME}/.config/matrix-mirage | 18 | whitelist ${HOME}/.config/matrix-mirage |
19 | allow ${HOME}/.local/share/matrix-mirage | 19 | whitelist ${HOME}/.local/share/matrix-mirage |
20 | 20 | ||
21 | private-bin matrix-mirage | 21 | private-bin matrix-mirage |
22 | 22 | ||
diff --git a/etc/profile-m-z/mattermost-desktop.profile b/etc/profile-m-z/mattermost-desktop.profile index 01076a90a..3c2bf4fa3 100644 --- a/etc/profile-m-z/mattermost-desktop.profile +++ b/etc/profile-m-z/mattermost-desktop.profile | |||
@@ -10,12 +10,12 @@ ignore apparmor | |||
10 | ignore dbus-user none | 10 | ignore dbus-user none |
11 | ignore dbus-system none | 11 | ignore dbus-system none |
12 | 12 | ||
13 | nodeny ${HOME}/.config/Mattermost | 13 | noblacklist ${HOME}/.config/Mattermost |
14 | 14 | ||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.config/Mattermost | 17 | mkdir ${HOME}/.config/Mattermost |
18 | allow ${HOME}/.config/Mattermost | 18 | whitelist ${HOME}/.config/Mattermost |
19 | 19 | ||
20 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 20 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl |
21 | 21 | ||
diff --git a/etc/profile-m-z/mcabber.profile b/etc/profile-m-z/mcabber.profile index ae749114a..38d2d8d63 100644 --- a/etc/profile-m-z/mcabber.profile +++ b/etc/profile-m-z/mcabber.profile | |||
@@ -6,8 +6,8 @@ include mcabber.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.mcabber | 9 | noblacklist ${HOME}/.mcabber |
10 | nodeny ${HOME}/.mcabberrc | 10 | noblacklist ${HOME}/.mcabberrc |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile index d9e12fb5d..fcd1e24e5 100644 --- a/etc/profile-m-z/mcomix.profile +++ b/etc/profile-m-z/mcomix.profile | |||
@@ -6,9 +6,9 @@ include mcomix.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/mcomix | 9 | noblacklist ${HOME}/.config/mcomix |
10 | nodeny ${HOME}/.local/share/mcomix | 10 | noblacklist ${HOME}/.local/share/mcomix |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 13 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
14 | include allow-bin-sh.inc | 14 | include allow-bin-sh.inc |
@@ -30,7 +30,7 @@ include disable-xdg.inc | |||
30 | 30 | ||
31 | mkdir ${HOME}/.config/mcomix | 31 | mkdir ${HOME}/.config/mcomix |
32 | mkdir ${HOME}/.local/share/mcomix | 32 | mkdir ${HOME}/.local/share/mcomix |
33 | allow /usr/share/mcomix | 33 | whitelist /usr/share/mcomix |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
36 | include whitelist-runuser-common.inc | 36 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/mdr.profile b/etc/profile-m-z/mdr.profile index 9e8656290..5d3f8dc41 100644 --- a/etc/profile-m-z/mdr.profile +++ b/etc/profile-m-z/mdr.profile | |||
@@ -5,7 +5,7 @@ include mdr.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | deny ${RUNUSER}/wayland-* | 8 | blacklist ${RUNUSER}/wayland-* |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | allow ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-m-z/mediainfo.profile b/etc/profile-m-z/mediainfo.profile index ae34ea321..17363624f 100644 --- a/etc/profile-m-z/mediainfo.profile +++ b/etc/profile-m-z/mediainfo.profile | |||
@@ -6,7 +6,7 @@ include mediainfo.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mediathekview.profile b/etc/profile-m-z/mediathekview.profile index 3459ad4cf..0063badd8 100644 --- a/etc/profile-m-z/mediathekview.profile +++ b/etc/profile-m-z/mediathekview.profile | |||
@@ -6,16 +6,16 @@ include mediathekview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/mpv | 9 | noblacklist ${HOME}/.config/mpv |
10 | nodeny ${HOME}/.config/smplayer | 10 | noblacklist ${HOME}/.config/smplayer |
11 | nodeny ${HOME}/.config/totem | 11 | noblacklist ${HOME}/.config/totem |
12 | nodeny ${HOME}/.config/vlc | 12 | noblacklist ${HOME}/.config/vlc |
13 | nodeny ${HOME}/.config/xplayer | 13 | noblacklist ${HOME}/.config/xplayer |
14 | nodeny ${HOME}/.local/share/totem | 14 | noblacklist ${HOME}/.local/share/totem |
15 | nodeny ${HOME}/.local/share/xplayer | 15 | noblacklist ${HOME}/.local/share/xplayer |
16 | nodeny ${HOME}/.mediathek3 | 16 | noblacklist ${HOME}/.mediathek3 |
17 | nodeny ${HOME}/.mplayer | 17 | noblacklist ${HOME}/.mplayer |
18 | nodeny ${VIDEOS} | 18 | noblacklist ${VIDEOS} |
19 | 19 | ||
20 | # Allow java (blacklisted by disable-devel.inc) | 20 | # Allow java (blacklisted by disable-devel.inc) |
21 | include allow-java.inc | 21 | include allow-java.inc |
diff --git a/etc/profile-m-z/megaglest.profile b/etc/profile-m-z/megaglest.profile index ad9094ddf..f07b9166a 100644 --- a/etc/profile-m-z/megaglest.profile +++ b/etc/profile-m-z/megaglest.profile | |||
@@ -6,7 +6,7 @@ include megaglest.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.megaglest | 9 | noblacklist ${HOME}/.megaglest |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.megaglest | 20 | mkdir ${HOME}/.megaglest |
21 | allow ${HOME}/.megaglest | 21 | whitelist ${HOME}/.megaglest |
22 | allow /usr/share/megaglest | 22 | whitelist /usr/share/megaglest |
23 | allow /usr/share/games/megaglest # Debian version | 23 | whitelist /usr/share/games/megaglest # Debian version |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/meld.profile b/etc/profile-m-z/meld.profile index 06ee572c9..2a8bb3acf 100644 --- a/etc/profile-m-z/meld.profile +++ b/etc/profile-m-z/meld.profile | |||
@@ -13,12 +13,12 @@ include globals.local | |||
13 | # Calling it by its absolute path (example for git mergetool): | 13 | # Calling it by its absolute path (example for git mergetool): |
14 | # $ git config --global mergetool.meld.cmd /usr/bin/meld | 14 | # $ git config --global mergetool.meld.cmd /usr/bin/meld |
15 | 15 | ||
16 | nodeny ${HOME}/.config/meld | 16 | noblacklist ${HOME}/.config/meld |
17 | nodeny ${HOME}/.config/git | 17 | noblacklist ${HOME}/.config/git |
18 | nodeny ${HOME}/.gitconfig | 18 | noblacklist ${HOME}/.gitconfig |
19 | nodeny ${HOME}/.git-credentials | 19 | noblacklist ${HOME}/.git-credentials |
20 | nodeny ${HOME}/.local/share/meld | 20 | noblacklist ${HOME}/.local/share/meld |
21 | nodeny ${HOME}/.subversion | 21 | noblacklist ${HOME}/.subversion |
22 | 22 | ||
23 | # Allow python (blacklisted by disable-interpreters.inc) | 23 | # Allow python (blacklisted by disable-interpreters.inc) |
24 | # Python 2 is EOL (see #3164). Add the next line to your meld.local if you understand the risks | 24 | # Python 2 is EOL (see #3164). Add the next line to your meld.local if you understand the risks |
@@ -29,7 +29,7 @@ include allow-python3.inc | |||
29 | # Allow ssh (blacklisted by disable-common.inc) | 29 | # Allow ssh (blacklisted by disable-common.inc) |
30 | include allow-ssh.inc | 30 | include allow-ssh.inc |
31 | 31 | ||
32 | deny /usr/libexec | 32 | blacklist /usr/libexec |
33 | 33 | ||
34 | # Add the next line to your meld.local if you don't need to compare files in disable-common.inc. | 34 | # Add the next line to your meld.local if you don't need to compare files in disable-common.inc. |
35 | #include disable-common.inc | 35 | #include disable-common.inc |
diff --git a/etc/profile-m-z/mendeleydesktop.profile b/etc/profile-m-z/mendeleydesktop.profile index e33d6c157..c0bdbb230 100644 --- a/etc/profile-m-z/mendeleydesktop.profile +++ b/etc/profile-m-z/mendeleydesktop.profile | |||
@@ -6,13 +6,13 @@ include mendeleydesktop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | nodeny ${HOME}/.cache/Mendeley Ltd. | 10 | noblacklist ${HOME}/.cache/Mendeley Ltd. |
11 | nodeny ${HOME}/.config/Mendeley Ltd. | 11 | noblacklist ${HOME}/.config/Mendeley Ltd. |
12 | nodeny ${HOME}/.local/share/Mendeley Ltd. | 12 | noblacklist ${HOME}/.local/share/Mendeley Ltd. |
13 | nodeny ${HOME}/.local/share/data/Mendeley Ltd. | 13 | noblacklist ${HOME}/.local/share/data/Mendeley Ltd. |
14 | nodeny ${HOME}/.pki | 14 | noblacklist ${HOME}/.pki |
15 | nodeny ${HOME}/.local/share/pki | 15 | noblacklist ${HOME}/.local/share/pki |
16 | 16 | ||
17 | # Allow python (blacklisted by disable-interpreters.inc) | 17 | # Allow python (blacklisted by disable-interpreters.inc) |
18 | include allow-python2.inc | 18 | include allow-python2.inc |
diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile index 52808a5b5..2081b8c96 100644 --- a/etc/profile-m-z/menulibre.profile +++ b/etc/profile-m-z/menulibre.profile | |||
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | # Whitelist your system icon directory,varies by distro | 21 | # Whitelist your system icon directory,varies by distro |
22 | allow /usr/share/app-info | 22 | whitelist /usr/share/app-info |
23 | allow /usr/share/desktop-directories | 23 | whitelist /usr/share/desktop-directories |
24 | allow /usr/share/icons | 24 | whitelist /usr/share/icons |
25 | allow /usr/share/menulibre | 25 | whitelist /usr/share/menulibre |
26 | allow /var/lib/app-info/icons | 26 | whitelist /var/lib/app-info/icons |
27 | allow /var/lib/flatpak/exports/share/applications | 27 | whitelist /var/lib/flatpak/exports/share/applications |
28 | allow /var/lib/flatpak/exports/share/icons | 28 | whitelist /var/lib/flatpak/exports/share/icons |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/meteo-qt.profile b/etc/profile-m-z/meteo-qt.profile index 48f936632..85ed7bc74 100644 --- a/etc/profile-m-z/meteo-qt.profile +++ b/etc/profile-m-z/meteo-qt.profile | |||
@@ -6,8 +6,8 @@ include meteo-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/autostart | 9 | noblacklist ${HOME}/.config/autostart |
10 | nodeny ${HOME}/.config/meteo-qt | 10 | noblacklist ${HOME}/.config/meteo-qt |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python3.inc | 13 | include allow-python3.inc |
@@ -22,8 +22,8 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.config/meteo-qt | 24 | mkdir ${HOME}/.config/meteo-qt |
25 | allow ${HOME}/.config/autostart | 25 | whitelist ${HOME}/.config/autostart |
26 | allow ${HOME}/.config/meteo-qt | 26 | whitelist ${HOME}/.config/meteo-qt |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
diff --git a/etc/profile-m-z/microsoft-edge-beta.profile b/etc/profile-m-z/microsoft-edge-beta.profile new file mode 100644 index 000000000..34d9f470a --- /dev/null +++ b/etc/profile-m-z/microsoft-edge-beta.profile | |||
@@ -0,0 +1,20 @@ | |||
1 | # Firejail profile for Microsoft Edge Beta | ||
2 | # Description: Web browser from Microsoft,beta channel | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include microsoft-edge-beta.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.cache/microsoft-edge-beta | ||
10 | noblacklist ${HOME}/.config/microsoft-edge-beta | ||
11 | |||
12 | mkdir ${HOME}/.cache/microsoft-edge-beta | ||
13 | mkdir ${HOME}/.config/microsoft-edge-beta | ||
14 | whitelist ${HOME}/.cache/microsoft-edge-beta | ||
15 | whitelist ${HOME}/.config/microsoft-edge-beta | ||
16 | |||
17 | private-opt microsoft | ||
18 | |||
19 | # Redirect | ||
20 | include chromium-common.profile \ No newline at end of file | ||
diff --git a/etc/profile-m-z/microsoft-edge-dev.profile b/etc/profile-m-z/microsoft-edge-dev.profile index 96465866c..039cd36a8 100644 --- a/etc/profile-m-z/microsoft-edge-dev.profile +++ b/etc/profile-m-z/microsoft-edge-dev.profile | |||
@@ -6,13 +6,13 @@ include microsoft-edge-dev.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/microsoft-edge-dev | 9 | noblacklist ${HOME}/.cache/microsoft-edge-dev |
10 | nodeny ${HOME}/.config/microsoft-edge-dev | 10 | noblacklist ${HOME}/.config/microsoft-edge-dev |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/microsoft-edge-dev | 12 | mkdir ${HOME}/.cache/microsoft-edge-dev |
13 | mkdir ${HOME}/.config/microsoft-edge-dev | 13 | mkdir ${HOME}/.config/microsoft-edge-dev |
14 | allow ${HOME}/.cache/microsoft-edge-dev | 14 | whitelist ${HOME}/.cache/microsoft-edge-dev |
15 | allow ${HOME}/.config/microsoft-edge-dev | 15 | whitelist ${HOME}/.config/microsoft-edge-dev |
16 | 16 | ||
17 | private-opt microsoft | 17 | private-opt microsoft |
18 | 18 | ||
diff --git a/etc/profile-m-z/midori.profile b/etc/profile-m-z/midori.profile index c4a444e0d..e15259608 100644 --- a/etc/profile-m-z/midori.profile +++ b/etc/profile-m-z/midori.profile | |||
@@ -9,17 +9,17 @@ include globals.local | |||
9 | # noexec ${HOME} breaks DRM binaries. | 9 | # noexec ${HOME} breaks DRM binaries. |
10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
11 | 11 | ||
12 | nodeny ${HOME}/.cache/midori | 12 | noblacklist ${HOME}/.cache/midori |
13 | nodeny ${HOME}/.config/midori | 13 | noblacklist ${HOME}/.config/midori |
14 | nodeny ${HOME}/.local/share/midori | 14 | noblacklist ${HOME}/.local/share/midori |
15 | # noblacklist ${HOME}/.local/share/webkit | 15 | # noblacklist ${HOME}/.local/share/webkit |
16 | # noblacklist ${HOME}/.local/share/webkitgtk | 16 | # noblacklist ${HOME}/.local/share/webkitgtk |
17 | nodeny ${HOME}/.pki | 17 | noblacklist ${HOME}/.pki |
18 | nodeny ${HOME}/.local/share/pki | 18 | noblacklist ${HOME}/.local/share/pki |
19 | 19 | ||
20 | nodeny ${HOME}/.cache/gnome-mplayer | 20 | noblacklist ${HOME}/.cache/gnome-mplayer |
21 | nodeny ${HOME}/.config/gnome-mplayer | 21 | noblacklist ${HOME}/.config/gnome-mplayer |
22 | nodeny ${HOME}/.lastpass | 22 | noblacklist ${HOME}/.lastpass |
23 | 23 | ||
24 | include disable-common.inc | 24 | include disable-common.inc |
25 | include disable-devel.inc | 25 | include disable-devel.inc |
@@ -36,17 +36,17 @@ mkdir ${HOME}/.local/share/webkit | |||
36 | mkdir ${HOME}/.local/share/webkitgtk | 36 | mkdir ${HOME}/.local/share/webkitgtk |
37 | mkdir ${HOME}/.pki | 37 | mkdir ${HOME}/.pki |
38 | mkdir ${HOME}/.local/share/pki | 38 | mkdir ${HOME}/.local/share/pki |
39 | allow ${DOWNLOADS} | 39 | whitelist ${DOWNLOADS} |
40 | allow ${HOME}/.cache/gnome-mplayer/plugin | 40 | whitelist ${HOME}/.cache/gnome-mplayer/plugin |
41 | allow ${HOME}/.cache/midori | 41 | whitelist ${HOME}/.cache/midori |
42 | allow ${HOME}/.config/gnome-mplayer | 42 | whitelist ${HOME}/.config/gnome-mplayer |
43 | allow ${HOME}/.config/midori | 43 | whitelist ${HOME}/.config/midori |
44 | allow ${HOME}/.lastpass | 44 | whitelist ${HOME}/.lastpass |
45 | allow ${HOME}/.local/share/midori | 45 | whitelist ${HOME}/.local/share/midori |
46 | allow ${HOME}/.local/share/webkit | 46 | whitelist ${HOME}/.local/share/webkit |
47 | allow ${HOME}/.local/share/webkitgtk | 47 | whitelist ${HOME}/.local/share/webkitgtk |
48 | allow ${HOME}/.pki | 48 | whitelist ${HOME}/.pki |
49 | allow ${HOME}/.local/share/pki | 49 | whitelist ${HOME}/.local/share/pki |
50 | include whitelist-common.inc | 50 | include whitelist-common.inc |
51 | include whitelist-var-common.inc | 51 | include whitelist-var-common.inc |
52 | 52 | ||
diff --git a/etc/profile-m-z/min.profile b/etc/profile-m-z/min.profile index 214332184..7f3aeab44 100644 --- a/etc/profile-m-z/min.profile +++ b/etc/profile-m-z/min.profile | |||
@@ -6,10 +6,10 @@ include min.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Min | 9 | noblacklist ${HOME}/.config/Min |
10 | 10 | ||
11 | mkdir ${HOME}/.config/Min | 11 | mkdir ${HOME}/.config/Min |
12 | allow ${HOME}/.config/Min | 12 | whitelist ${HOME}/.config/Min |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include chromium-common.profile | 15 | include chromium-common.profile |
diff --git a/etc/profile-m-z/mindless.profile b/etc/profile-m-z/mindless.profile index ee8402b87..fbf6b58e8 100644 --- a/etc/profile-m-z/mindless.profile +++ b/etc/profile-m-z/mindless.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow /usr/share/mindless | 18 | whitelist /usr/share/mindless |
19 | include whitelist-usr-share-common.inc | 19 | include whitelist-usr-share-common.inc |
20 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile index 595313851..1028e374a 100644 --- a/etc/profile-m-z/minecraft-launcher.profile +++ b/etc/profile-m-z/minecraft-launcher.profile | |||
@@ -11,7 +11,7 @@ include globals.local | |||
11 | 11 | ||
12 | ignore noexec ${HOME} | 12 | ignore noexec ${HOME} |
13 | 13 | ||
14 | nodeny ${HOME}/.minecraft | 14 | noblacklist ${HOME}/.minecraft |
15 | 15 | ||
16 | include allow-java.inc | 16 | include allow-java.inc |
17 | 17 | ||
@@ -25,7 +25,7 @@ include disable-shell.inc | |||
25 | include disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | mkdir ${HOME}/.minecraft | 27 | mkdir ${HOME}/.minecraft |
28 | allow ${HOME}/.minecraft | 28 | whitelist ${HOME}/.minecraft |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/minetest.profile b/etc/profile-m-z/minetest.profile index 11d0859b7..cad1adbda 100644 --- a/etc/profile-m-z/minetest.profile +++ b/etc/profile-m-z/minetest.profile | |||
@@ -9,8 +9,8 @@ include globals.local | |||
9 | # In order to save in-game screenshots to a persistent location edit ~/.minetest/minetest.conf: | 9 | # In order to save in-game screenshots to a persistent location edit ~/.minetest/minetest.conf: |
10 | # screenshot_path = /home/<USER>/.minetest/screenshots | 10 | # screenshot_path = /home/<USER>/.minetest/screenshots |
11 | 11 | ||
12 | nodeny ${HOME}/.cache/minetest | 12 | noblacklist ${HOME}/.cache/minetest |
13 | nodeny ${HOME}/.minetest | 13 | noblacklist ${HOME}/.minetest |
14 | 14 | ||
15 | # Allow lua (blacklisted by disable-interpreters.inc) | 15 | # Allow lua (blacklisted by disable-interpreters.inc) |
16 | include allow-lua.inc | 16 | include allow-lua.inc |
@@ -26,10 +26,10 @@ include disable-xdg.inc | |||
26 | 26 | ||
27 | mkdir ${HOME}/.cache/minetest | 27 | mkdir ${HOME}/.cache/minetest |
28 | mkdir ${HOME}/.minetest | 28 | mkdir ${HOME}/.minetest |
29 | allow ${HOME}/.cache/minetest | 29 | whitelist ${HOME}/.cache/minetest |
30 | allow ${HOME}/.minetest | 30 | whitelist ${HOME}/.minetest |
31 | allow /usr/share/games/minetest | 31 | whitelist /usr/share/games/minetest |
32 | allow /usr/share/minetest | 32 | whitelist /usr/share/minetest |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-runuser-common.inc | 34 | include whitelist-runuser-common.inc |
35 | include whitelist-usr-share-common.inc | 35 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile index 192913dbf..b8a551b6c 100644 --- a/etc/profile-m-z/minitube.profile +++ b/etc/profile-m-z/minitube.profile | |||
@@ -6,10 +6,10 @@ include minitube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | nodeny ${HOME}/.cache/Flavio Tordini | 10 | noblacklist ${HOME}/.cache/Flavio Tordini |
11 | nodeny ${HOME}/.config/Flavio Tordini | 11 | noblacklist ${HOME}/.config/Flavio Tordini |
12 | nodeny ${HOME}/.local/share/Flavio Tordini | 12 | noblacklist ${HOME}/.local/share/Flavio Tordini |
13 | 13 | ||
14 | include allow-lua.inc | 14 | include allow-lua.inc |
15 | 15 | ||
@@ -25,11 +25,11 @@ include disable-xdg.inc | |||
25 | mkdir ${HOME}/.cache/Flavio Tordini | 25 | mkdir ${HOME}/.cache/Flavio Tordini |
26 | mkdir ${HOME}/.config/Flavio Tordini | 26 | mkdir ${HOME}/.config/Flavio Tordini |
27 | mkdir ${HOME}/.local/share/Flavio Tordini | 27 | mkdir ${HOME}/.local/share/Flavio Tordini |
28 | allow ${PICTURES} | 28 | whitelist ${PICTURES} |
29 | allow ${HOME}/.cache/Flavio Tordini | 29 | whitelist ${HOME}/.cache/Flavio Tordini |
30 | allow ${HOME}/.config/Flavio Tordini | 30 | whitelist ${HOME}/.config/Flavio Tordini |
31 | allow ${HOME}/.local/share/Flavio Tordini | 31 | whitelist ${HOME}/.local/share/Flavio Tordini |
32 | allow /usr/share/minitube | 32 | whitelist /usr/share/minitube |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-runuser-common.inc | 34 | include whitelist-runuser-common.inc |
35 | include whitelist-usr-share-common.inc | 35 | include whitelist-usr-share-common.inc |
@@ -47,7 +47,7 @@ notv | |||
47 | nou2f | 47 | nou2f |
48 | novideo | 48 | novideo |
49 | protocol unix,inet,inet6,netlink | 49 | protocol unix,inet,inet6,netlink |
50 | seccomp !kcmp | 50 | seccomp |
51 | shell none | 51 | shell none |
52 | tracelog | 52 | tracelog |
53 | 53 | ||
diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile index b2f2cc5b1..505009283 100644 --- a/etc/profile-m-z/mirage.profile +++ b/etc/profile-m-z/mirage.profile | |||
@@ -6,10 +6,10 @@ include mirage.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/mirage | 9 | noblacklist ${HOME}/.cache/mirage |
10 | nodeny ${HOME}/.config/mirage | 10 | noblacklist ${HOME}/.config/mirage |
11 | nodeny ${HOME}/.local/share/mirage | 11 | noblacklist ${HOME}/.local/share/mirage |
12 | nodeny /sbin | 12 | noblacklist /sbin |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
@@ -27,10 +27,10 @@ include disable-xdg.inc | |||
27 | mkdir ${HOME}/.cache/mirage | 27 | mkdir ${HOME}/.cache/mirage |
28 | mkdir ${HOME}/.config/mirage | 28 | mkdir ${HOME}/.config/mirage |
29 | mkdir ${HOME}/.local/share/mirage | 29 | mkdir ${HOME}/.local/share/mirage |
30 | allow ${HOME}/.cache/mirage | 30 | whitelist ${HOME}/.cache/mirage |
31 | allow ${HOME}/.config/mirage | 31 | whitelist ${HOME}/.config/mirage |
32 | allow ${HOME}/.local/share/mirage | 32 | whitelist ${HOME}/.local/share/mirage |
33 | allow ${DOWNLOADS} | 33 | whitelist ${DOWNLOADS} |
34 | include whitelist-common.inc | 34 | include whitelist-common.inc |
35 | include whitelist-runuser-common.inc | 35 | include whitelist-runuser-common.inc |
36 | include whitelist-usr-share-common.inc | 36 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/mirrormagic.profile b/etc/profile-m-z/mirrormagic.profile index d5ebfd4b0..58dfd56f5 100644 --- a/etc/profile-m-z/mirrormagic.profile +++ b/etc/profile-m-z/mirrormagic.profile | |||
@@ -6,7 +6,7 @@ include mirrormagic.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.mirrormagic | 9 | noblacklist ${HOME}/.mirrormagic |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.mirrormagic | 20 | mkdir ${HOME}/.mirrormagic |
21 | allow ${HOME}/.mirrormagic | 21 | whitelist ${HOME}/.mirrormagic |
22 | allow /usr/share/mirrormagic | 22 | whitelist /usr/share/mirrormagic |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile index b734bd7c0..e71ba4569 100644 --- a/etc/profile-m-z/mocp.profile +++ b/etc/profile-m-z/mocp.profile | |||
@@ -7,8 +7,8 @@ include mocp.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.moc | 10 | noblacklist ${HOME}/.moc |
11 | nodeny ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mousepad.profile b/etc/profile-m-z/mousepad.profile index a02b29b61..98063fa7c 100644 --- a/etc/profile-m-z/mousepad.profile +++ b/etc/profile-m-z/mousepad.profile | |||
@@ -6,7 +6,7 @@ include mousepad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Mousepad | 9 | noblacklist ${HOME}/.config/Mousepad |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mp3splt-gtk.profile b/etc/profile-m-z/mp3splt-gtk.profile index f47384753..37ce60e04 100644 --- a/etc/profile-m-z/mp3splt-gtk.profile +++ b/etc/profile-m-z/mp3splt-gtk.profile | |||
@@ -6,7 +6,7 @@ include mp3splt-gtk.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.mp3splt-gtk | 9 | noblacklist ${HOME}/.mp3splt-gtk |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mp3splt.profile b/etc/profile-m-z/mp3splt.profile index 8a2ab15bd..070de8451 100644 --- a/etc/profile-m-z/mp3splt.profile +++ b/etc/profile-m-z/mp3splt.profile | |||
@@ -6,9 +6,9 @@ include mp3splt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | nodeny ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mpDris2.profile b/etc/profile-m-z/mpDris2.profile index 6994b0429..55a0b5897 100644 --- a/etc/profile-m-z/mpDris2.profile +++ b/etc/profile-m-z/mpDris2.profile | |||
@@ -6,13 +6,13 @@ include mpDris2.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/mpDris2 | 9 | noblacklist ${HOME}/.config/mpDris2 |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
13 | include allow-python3.inc | 13 | include allow-python3.inc |
14 | 14 | ||
15 | nodeny ${MUSIC} | 15 | noblacklist ${MUSIC} |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -23,10 +23,10 @@ include disable-programs.inc | |||
23 | include disable-shell.inc | 23 | include disable-shell.inc |
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | allow ${MUSIC} | 26 | whitelist ${MUSIC} |
27 | 27 | ||
28 | mkdir ${HOME}/.config/mpDris2 | 28 | mkdir ${HOME}/.config/mpDris2 |
29 | allow ${HOME}/.config/mpDris2 | 29 | whitelist ${HOME}/.config/mpDris2 |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
diff --git a/etc/profile-m-z/mpd.profile b/etc/profile-m-z/mpd.profile index 8b3350ac8..b517d4ab2 100644 --- a/etc/profile-m-z/mpd.profile +++ b/etc/profile-m-z/mpd.profile | |||
@@ -6,10 +6,10 @@ include mpd.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/mpd | 9 | noblacklist ${HOME}/.config/mpd |
10 | nodeny ${HOME}/.mpd | 10 | noblacklist ${HOME}/.mpd |
11 | nodeny ${HOME}/.mpdconf | 11 | noblacklist ${HOME}/.mpdconf |
12 | nodeny ${MUSIC} | 12 | noblacklist ${MUSIC} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mpg123.profile b/etc/profile-m-z/mpg123.profile index 03bd44daa..25187e894 100644 --- a/etc/profile-m-z/mpg123.profile +++ b/etc/profile-m-z/mpg123.profile | |||
@@ -7,7 +7,7 @@ include mpg123.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mplayer.profile b/etc/profile-m-z/mplayer.profile index 84754aeb2..5d023b7f1 100644 --- a/etc/profile-m-z/mplayer.profile +++ b/etc/profile-m-z/mplayer.profile | |||
@@ -6,7 +6,7 @@ include mplayer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.mplayer | 9 | noblacklist ${HOME}/.mplayer |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | 17 | ||
18 | read-only ${DESKTOP} | 18 | read-only ${DESKTOP} |
19 | mkdir ${HOME}/.mplayer | 19 | mkdir ${HOME}/.mplayer |
20 | allow ${HOME}/.mplayer | 20 | whitelist ${HOME}/.mplayer |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-player-common.inc | 22 | include whitelist-player-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile index d35519103..bfe57a132 100644 --- a/etc/profile-m-z/mpsyt.profile +++ b/etc/profile-m-z/mpsyt.profile | |||
@@ -6,12 +6,12 @@ include mpsyt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/mps-youtube | 9 | noblacklist ${HOME}/.config/mps-youtube |
10 | nodeny ${HOME}/.config/mpv | 10 | noblacklist ${HOME}/.config/mpv |
11 | nodeny ${HOME}/.config/youtube-dl | 11 | noblacklist ${HOME}/.config/youtube-dl |
12 | nodeny ${HOME}/.mplayer | 12 | noblacklist ${HOME}/.mplayer |
13 | nodeny ${HOME}/.netrc | 13 | noblacklist ${HOME}/.netrc |
14 | nodeny ${HOME}/mps | 14 | noblacklist ${HOME}/mps |
15 | 15 | ||
16 | # Allow lua (blacklisted by disable-interpreters.inc) | 16 | # Allow lua (blacklisted by disable-interpreters.inc) |
17 | include allow-lua.inc | 17 | include allow-lua.inc |
@@ -20,8 +20,8 @@ include allow-lua.inc | |||
20 | include allow-python2.inc | 20 | include allow-python2.inc |
21 | include allow-python3.inc | 21 | include allow-python3.inc |
22 | 22 | ||
23 | nodeny ${MUSIC} | 23 | noblacklist ${MUSIC} |
24 | nodeny ${VIDEOS} | 24 | noblacklist ${VIDEOS} |
25 | 25 | ||
26 | include disable-common.inc | 26 | include disable-common.inc |
27 | include disable-devel.inc | 27 | include disable-devel.inc |
@@ -37,12 +37,12 @@ mkdir ${HOME}/.config/mpv | |||
37 | mkdir ${HOME}/.config/youtube-dl | 37 | mkdir ${HOME}/.config/youtube-dl |
38 | mkdir ${HOME}/.mplayer | 38 | mkdir ${HOME}/.mplayer |
39 | mkdir ${HOME}/mps | 39 | mkdir ${HOME}/mps |
40 | allow ${HOME}/.config/mps-youtube | 40 | whitelist ${HOME}/.config/mps-youtube |
41 | allow ${HOME}/.config/mpv | 41 | whitelist ${HOME}/.config/mpv |
42 | allow ${HOME}/.config/youtube-dl | 42 | whitelist ${HOME}/.config/youtube-dl |
43 | allow ${HOME}/.mplayer | 43 | whitelist ${HOME}/.mplayer |
44 | allow ${HOME}/.netrc | 44 | whitelist ${HOME}/.netrc |
45 | allow ${HOME}/mps | 45 | whitelist ${HOME}/mps |
46 | include whitelist-common.inc | 46 | include whitelist-common.inc |
47 | include whitelist-player-common.inc | 47 | include whitelist-player-common.inc |
48 | include whitelist-var-common.inc | 48 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile index 4ea2dd348..af5c214f7 100644 --- a/etc/profile-m-z/mpv.profile +++ b/etc/profile-m-z/mpv.profile | |||
@@ -24,9 +24,9 @@ include globals.local | |||
24 | #include allow-bin-sh.inc | 24 | #include allow-bin-sh.inc |
25 | #private-bin sh | 25 | #private-bin sh |
26 | 26 | ||
27 | nodeny ${HOME}/.config/mpv | 27 | noblacklist ${HOME}/.config/mpv |
28 | nodeny ${HOME}/.config/youtube-dl | 28 | noblacklist ${HOME}/.config/youtube-dl |
29 | nodeny ${HOME}/.netrc | 29 | noblacklist ${HOME}/.netrc |
30 | 30 | ||
31 | # Allow lua (blacklisted by disable-interpreters.inc) | 31 | # Allow lua (blacklisted by disable-interpreters.inc) |
32 | include allow-lua.inc | 32 | include allow-lua.inc |
@@ -35,7 +35,7 @@ include allow-lua.inc | |||
35 | include allow-python2.inc | 35 | include allow-python2.inc |
36 | include allow-python3.inc | 36 | include allow-python3.inc |
37 | 37 | ||
38 | deny /usr/libexec | 38 | blacklist /usr/libexec |
39 | 39 | ||
40 | include disable-common.inc | 40 | include disable-common.inc |
41 | include disable-devel.inc | 41 | include disable-devel.inc |
@@ -49,14 +49,14 @@ read-only ${DESKTOP} | |||
49 | mkdir ${HOME}/.config/mpv | 49 | mkdir ${HOME}/.config/mpv |
50 | mkdir ${HOME}/.config/youtube-dl | 50 | mkdir ${HOME}/.config/youtube-dl |
51 | mkfile ${HOME}/.netrc | 51 | mkfile ${HOME}/.netrc |
52 | allow ${HOME}/.config/mpv | 52 | whitelist ${HOME}/.config/mpv |
53 | allow ${HOME}/.config/youtube-dl | 53 | whitelist ${HOME}/.config/youtube-dl |
54 | allow ${HOME}/.netrc | 54 | whitelist ${HOME}/.netrc |
55 | include whitelist-common.inc | 55 | include whitelist-common.inc |
56 | include whitelist-player-common.inc | 56 | include whitelist-player-common.inc |
57 | allow /usr/share/lua | 57 | whitelist /usr/share/lua |
58 | allow /usr/share/lua* | 58 | whitelist /usr/share/lua* |
59 | allow /usr/share/vulkan | 59 | whitelist /usr/share/vulkan |
60 | include whitelist-usr-share-common.inc | 60 | include whitelist-usr-share-common.inc |
61 | include whitelist-var-common.inc | 61 | include whitelist-var-common.inc |
62 | 62 | ||
diff --git a/etc/profile-m-z/mrrescue.profile b/etc/profile-m-z/mrrescue.profile index a8c49a690..e3ceb3bd4 100644 --- a/etc/profile-m-z/mrrescue.profile +++ b/etc/profile-m-z/mrrescue.profile | |||
@@ -6,7 +6,7 @@ include mrrescue.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/love | 9 | noblacklist ${HOME}/.local/share/love |
10 | 10 | ||
11 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 11 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
12 | include allow-bin-sh.inc | 12 | include allow-bin-sh.inc |
@@ -14,7 +14,7 @@ include allow-bin-sh.inc | |||
14 | # Allow lua (blacklisted by disable-interpreters.inc) | 14 | # Allow lua (blacklisted by disable-interpreters.inc) |
15 | include allow-lua.inc | 15 | include allow-lua.inc |
16 | 16 | ||
17 | deny /usr/libexec | 17 | blacklist /usr/libexec |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
@@ -26,8 +26,8 @@ include disable-shell.inc | |||
26 | include disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | mkdir ${HOME}/.local/share/love | 28 | mkdir ${HOME}/.local/share/love |
29 | allow ${HOME}/.local/share/love | 29 | whitelist ${HOME}/.local/share/love |
30 | allow /usr/share/mrrescue | 30 | whitelist /usr/share/mrrescue |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
33 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/ms-excel.profile b/etc/profile-m-z/ms-excel.profile index 5fea86ae7..db24e8f9b 100644 --- a/etc/profile-m-z/ms-excel.profile +++ b/etc/profile-m-z/ms-excel.profile | |||
@@ -6,7 +6,7 @@ include ms-excel.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/ms-excel-online | 9 | noblacklist ${HOME}/.cache/ms-excel-online |
10 | private-bin ms-excel | 10 | private-bin ms-excel |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
diff --git a/etc/profile-m-z/ms-office.profile b/etc/profile-m-z/ms-office.profile index 4033627f7..38fc84ecc 100644 --- a/etc/profile-m-z/ms-office.profile +++ b/etc/profile-m-z/ms-office.profile | |||
@@ -5,8 +5,8 @@ include ms-office.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/ms-office-online | 8 | noblacklist ${HOME}/.cache/ms-office-online |
9 | nodeny ${HOME}/.jak | 9 | noblacklist ${HOME}/.jak |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
diff --git a/etc/profile-m-z/ms-onenote.profile b/etc/profile-m-z/ms-onenote.profile index 805de5102..9ea0637bd 100644 --- a/etc/profile-m-z/ms-onenote.profile +++ b/etc/profile-m-z/ms-onenote.profile | |||
@@ -6,7 +6,7 @@ include ms-onenote.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/ms-onenote-online | 9 | noblacklist ${HOME}/.cache/ms-onenote-online |
10 | private-bin ms-onenote | 10 | private-bin ms-onenote |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
diff --git a/etc/profile-m-z/ms-outlook.profile b/etc/profile-m-z/ms-outlook.profile index bd14fb7d3..fc3e7c009 100644 --- a/etc/profile-m-z/ms-outlook.profile +++ b/etc/profile-m-z/ms-outlook.profile | |||
@@ -6,7 +6,7 @@ include ms-outlook.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/ms-outlook-online | 9 | noblacklist ${HOME}/.cache/ms-outlook-online |
10 | private-bin ms-outlook | 10 | private-bin ms-outlook |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
diff --git a/etc/profile-m-z/ms-powerpoint.profile b/etc/profile-m-z/ms-powerpoint.profile index 02a7424e2..dadcd5b1e 100644 --- a/etc/profile-m-z/ms-powerpoint.profile +++ b/etc/profile-m-z/ms-powerpoint.profile | |||
@@ -6,7 +6,7 @@ include ms-powerpoint.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/ms-powerpoint-online | 9 | noblacklist ${HOME}/.cache/ms-powerpoint-online |
10 | private-bin ms-powerpoint | 10 | private-bin ms-powerpoint |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
diff --git a/etc/profile-m-z/ms-skype.profile b/etc/profile-m-z/ms-skype.profile index 01729f9a2..df1618361 100644 --- a/etc/profile-m-z/ms-skype.profile +++ b/etc/profile-m-z/ms-skype.profile | |||
@@ -8,7 +8,7 @@ include ms-skype.local | |||
8 | 8 | ||
9 | ignore novideo | 9 | ignore novideo |
10 | 10 | ||
11 | nodeny ${HOME}/.cache/ms-skype-online | 11 | noblacklist ${HOME}/.cache/ms-skype-online |
12 | 12 | ||
13 | private-bin ms-skype | 13 | private-bin ms-skype |
14 | 14 | ||
diff --git a/etc/profile-m-z/ms-word.profile b/etc/profile-m-z/ms-word.profile index 34cf02128..5a617a893 100644 --- a/etc/profile-m-z/ms-word.profile +++ b/etc/profile-m-z/ms-word.profile | |||
@@ -6,7 +6,7 @@ include ms-word.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/ms-word-online | 9 | noblacklist ${HOME}/.cache/ms-word-online |
10 | private-bin ms-word | 10 | private-bin ms-word |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
diff --git a/etc/profile-m-z/mtpaint.profile b/etc/profile-m-z/mtpaint.profile index ec7cd5d04..85c3ee9f2 100644 --- a/etc/profile-m-z/mtpaint.profile +++ b/etc/profile-m-z/mtpaint.profile | |||
@@ -6,7 +6,7 @@ include mtpaint.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/multimc5.profile b/etc/profile-m-z/multimc5.profile index 447e7753f..6df681df1 100644 --- a/etc/profile-m-z/multimc5.profile +++ b/etc/profile-m-z/multimc5.profile | |||
@@ -5,9 +5,9 @@ include multimc5.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.local/share/multimc | 8 | noblacklist ${HOME}/.local/share/multimc |
9 | nodeny ${HOME}/.local/share/multimc5 | 9 | noblacklist ${HOME}/.local/share/multimc5 |
10 | nodeny ${HOME}/.multimc5 | 10 | noblacklist ${HOME}/.multimc5 |
11 | 11 | ||
12 | # Allow java (blacklisted by disable-devel.inc) | 12 | # Allow java (blacklisted by disable-devel.inc) |
13 | include allow-java.inc | 13 | include allow-java.inc |
@@ -22,9 +22,9 @@ include disable-programs.inc | |||
22 | mkdir ${HOME}/.local/share/multimc | 22 | mkdir ${HOME}/.local/share/multimc |
23 | mkdir ${HOME}/.local/share/multimc5 | 23 | mkdir ${HOME}/.local/share/multimc5 |
24 | mkdir ${HOME}/.multimc5 | 24 | mkdir ${HOME}/.multimc5 |
25 | allow ${HOME}/.local/share/multimc | 25 | whitelist ${HOME}/.local/share/multimc |
26 | allow ${HOME}/.local/share/multimc5 | 26 | whitelist ${HOME}/.local/share/multimc5 |
27 | allow ${HOME}/.multimc5 | 27 | whitelist ${HOME}/.multimc5 |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | 29 | ||
30 | caps.drop all | 30 | caps.drop all |
diff --git a/etc/profile-m-z/mumble.profile b/etc/profile-m-z/mumble.profile index 1d72e07b8..c7f59c5ee 100644 --- a/etc/profile-m-z/mumble.profile +++ b/etc/profile-m-z/mumble.profile | |||
@@ -6,9 +6,9 @@ include mumble.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Mumble | 9 | noblacklist ${HOME}/.config/Mumble |
10 | nodeny ${HOME}/.local/share/data/Mumble | 10 | noblacklist ${HOME}/.local/share/data/Mumble |
11 | nodeny ${HOME}/.local/share/Mumble | 11 | noblacklist ${HOME}/.local/share/Mumble |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,9 +21,9 @@ include disable-shell.inc | |||
21 | mkdir ${HOME}/.config/Mumble | 21 | mkdir ${HOME}/.config/Mumble |
22 | mkdir ${HOME}/.local/share/data/Mumble | 22 | mkdir ${HOME}/.local/share/data/Mumble |
23 | mkdir ${HOME}/.local/share/Mumble | 23 | mkdir ${HOME}/.local/share/Mumble |
24 | allow ${HOME}/.config/Mumble | 24 | whitelist ${HOME}/.config/Mumble |
25 | allow ${HOME}/.local/share/data/Mumble | 25 | whitelist ${HOME}/.local/share/data/Mumble |
26 | allow ${HOME}/.local/share/Mumble | 26 | whitelist ${HOME}/.local/share/Mumble |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
diff --git a/etc/profile-m-z/mupdf-gl.profile b/etc/profile-m-z/mupdf-gl.profile index c208a5e54..be94a9083 100644 --- a/etc/profile-m-z/mupdf-gl.profile +++ b/etc/profile-m-z/mupdf-gl.profile | |||
@@ -7,7 +7,7 @@ include mupdf-gl.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.mupdf.history | 10 | noblacklist ${HOME}/.mupdf.history |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
13 | include mupdf.profile | 13 | include mupdf.profile |
diff --git a/etc/profile-m-z/mupdf.profile b/etc/profile-m-z/mupdf.profile index e602b1429..9e4609c48 100644 --- a/etc/profile-m-z/mupdf.profile +++ b/etc/profile-m-z/mupdf.profile | |||
@@ -6,7 +6,7 @@ include mupdf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mupen64plus.profile b/etc/profile-m-z/mupen64plus.profile index ecc7e2957..00983a8f3 100644 --- a/etc/profile-m-z/mupen64plus.profile +++ b/etc/profile-m-z/mupen64plus.profile | |||
@@ -6,8 +6,8 @@ include mupen64plus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/mupen64plus | 9 | noblacklist ${HOME}/.config/mupen64plus |
10 | nodeny ${HOME}/.local/share/mupen64plus | 10 | noblacklist ${HOME}/.local/share/mupen64plus |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | # you'll need to manually whitelist ROM files | 18 | # you'll need to manually whitelist ROM files |
19 | mkdir ${HOME}/.config/mupen64plus | 19 | mkdir ${HOME}/.config/mupen64plus |
20 | mkdir ${HOME}/.local/share/mupen64plus | 20 | mkdir ${HOME}/.local/share/mupen64plus |
21 | allow ${HOME}/.config/mupen64plus | 21 | whitelist ${HOME}/.config/mupen64plus |
22 | allow ${HOME}/.local/share/mupen64plus | 22 | whitelist ${HOME}/.local/share/mupen64plus |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-m-z/musescore.profile b/etc/profile-m-z/musescore.profile index aa141f9c0..679e82ae8 100644 --- a/etc/profile-m-z/musescore.profile +++ b/etc/profile-m-z/musescore.profile | |||
@@ -6,12 +6,12 @@ include musescore.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/MusE | 9 | noblacklist ${HOME}/.config/MusE |
10 | nodeny ${HOME}/.config/MuseScore | 10 | noblacklist ${HOME}/.config/MuseScore |
11 | nodeny ${HOME}/.local/share/data/MusE | 11 | noblacklist ${HOME}/.local/share/data/MusE |
12 | nodeny ${HOME}/.local/share/data/MuseScore | 12 | noblacklist ${HOME}/.local/share/data/MuseScore |
13 | nodeny ${DOCUMENTS} | 13 | noblacklist ${DOCUMENTS} |
14 | nodeny ${MUSIC} | 14 | noblacklist ${MUSIC} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile index 5ab1303a2..04500ac6a 100644 --- a/etc/profile-m-z/musictube.profile +++ b/etc/profile-m-z/musictube.profile | |||
@@ -6,9 +6,9 @@ include musictube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/Flavio Tordini | 9 | noblacklist ${HOME}/.cache/Flavio Tordini |
10 | nodeny ${HOME}/.config/Flavio Tordini | 10 | noblacklist ${HOME}/.config/Flavio Tordini |
11 | nodeny ${HOME}/.local/share/Flavio Tordini | 11 | noblacklist ${HOME}/.local/share/Flavio Tordini |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,10 +22,10 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.cache/Flavio Tordini | 22 | mkdir ${HOME}/.cache/Flavio Tordini |
23 | mkdir ${HOME}/.config/Flavio Tordini | 23 | mkdir ${HOME}/.config/Flavio Tordini |
24 | mkdir ${HOME}/.local/share/Flavio Tordini | 24 | mkdir ${HOME}/.local/share/Flavio Tordini |
25 | allow ${HOME}/.cache/Flavio Tordini | 25 | whitelist ${HOME}/.cache/Flavio Tordini |
26 | allow ${HOME}/.config/Flavio Tordini | 26 | whitelist ${HOME}/.config/Flavio Tordini |
27 | allow ${HOME}/.local/share/Flavio Tordini | 27 | whitelist ${HOME}/.local/share/Flavio Tordini |
28 | allow /usr/share/musictube | 28 | whitelist /usr/share/musictube |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/musixmatch.profile b/etc/profile-m-z/musixmatch.profile index 9390f9dcf..74b3e9a5f 100644 --- a/etc/profile-m-z/musixmatch.profile +++ b/etc/profile-m-z/musixmatch.profile | |||
@@ -5,7 +5,7 @@ include musixmatch.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${MUSIC} | 8 | noblacklist ${MUSIC} |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 91606bdfa..debf81659 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile | |||
@@ -7,36 +7,36 @@ include mutt.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny /var/mail | 10 | noblacklist /var/mail |
11 | nodeny /var/spool/mail | 11 | noblacklist /var/spool/mail |
12 | nodeny ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | nodeny ${HOME}/.Mail | 13 | noblacklist ${HOME}/.Mail |
14 | nodeny ${HOME}/.bogofilter | 14 | noblacklist ${HOME}/.bogofilter |
15 | nodeny ${HOME}/.cache/mutt | 15 | noblacklist ${HOME}/.cache/mutt |
16 | nodeny ${HOME}/.config/mutt | 16 | noblacklist ${HOME}/.config/mutt |
17 | nodeny ${HOME}/.config/nano | 17 | noblacklist ${HOME}/.config/nano |
18 | nodeny ${HOME}/.elinks | 18 | noblacklist ${HOME}/.elinks |
19 | nodeny ${HOME}/.emacs | 19 | noblacklist ${HOME}/.emacs |
20 | nodeny ${HOME}/.emacs.d | 20 | noblacklist ${HOME}/.emacs.d |
21 | nodeny ${HOME}/.gnupg | 21 | noblacklist ${HOME}/.gnupg |
22 | nodeny ${HOME}/.mail | 22 | noblacklist ${HOME}/.mail |
23 | nodeny ${HOME}/.mailcap | 23 | noblacklist ${HOME}/.mailcap |
24 | nodeny ${HOME}/.msmtprc | 24 | noblacklist ${HOME}/.msmtprc |
25 | nodeny ${HOME}/.mutt | 25 | noblacklist ${HOME}/.mutt |
26 | nodeny ${HOME}/.muttrc | 26 | noblacklist ${HOME}/.muttrc |
27 | nodeny ${HOME}/.nanorc | 27 | noblacklist ${HOME}/.nanorc |
28 | nodeny ${HOME}/.signature | 28 | noblacklist ${HOME}/.signature |
29 | nodeny ${HOME}/.vim | 29 | noblacklist ${HOME}/.vim |
30 | nodeny ${HOME}/.viminfo | 30 | noblacklist ${HOME}/.viminfo |
31 | nodeny ${HOME}/.vimrc | 31 | noblacklist ${HOME}/.vimrc |
32 | nodeny ${HOME}/.w3m | 32 | noblacklist ${HOME}/.w3m |
33 | nodeny ${HOME}/Mail | 33 | noblacklist ${HOME}/Mail |
34 | nodeny ${HOME}/mail | 34 | noblacklist ${HOME}/mail |
35 | nodeny ${HOME}/postponed | 35 | noblacklist ${HOME}/postponed |
36 | nodeny ${HOME}/sent | 36 | noblacklist ${HOME}/sent |
37 | 37 | ||
38 | deny /tmp/.X11-unix | 38 | blacklist /tmp/.X11-unix |
39 | deny ${RUNUSER}/wayland-* | 39 | blacklist ${RUNUSER}/wayland-* |
40 | 40 | ||
41 | # Add the next lines to your mutt.local for oauth.py,S/MIME support. | 41 | # Add the next lines to your mutt.local for oauth.py,S/MIME support. |
42 | #include allow-perl.inc | 42 | #include allow-perl.inc |
@@ -75,37 +75,37 @@ mkfile ${HOME}/.nanorc | |||
75 | mkfile ${HOME}/.signature | 75 | mkfile ${HOME}/.signature |
76 | mkfile ${HOME}/.viminfo | 76 | mkfile ${HOME}/.viminfo |
77 | mkfile ${HOME}/.vimrc | 77 | mkfile ${HOME}/.vimrc |
78 | allow ${DOCUMENTS} | 78 | whitelist ${DOCUMENTS} |
79 | allow ${DOWNLOADS} | 79 | whitelist ${DOWNLOADS} |
80 | allow ${HOME}/.Mail | 80 | whitelist ${HOME}/.Mail |
81 | allow ${HOME}/.bogofilter | 81 | whitelist ${HOME}/.bogofilter |
82 | allow ${HOME}/.cache/mutt | 82 | whitelist ${HOME}/.cache/mutt |
83 | allow ${HOME}/.config/mutt | 83 | whitelist ${HOME}/.config/mutt |
84 | allow ${HOME}/.config/nano | 84 | whitelist ${HOME}/.config/nano |
85 | allow ${HOME}/.elinks | 85 | whitelist ${HOME}/.elinks |
86 | allow ${HOME}/.emacs | 86 | whitelist ${HOME}/.emacs |
87 | allow ${HOME}/.emacs.d | 87 | whitelist ${HOME}/.emacs.d |
88 | allow ${HOME}/.gnupg | 88 | whitelist ${HOME}/.gnupg |
89 | allow ${HOME}/.mail | 89 | whitelist ${HOME}/.mail |
90 | allow ${HOME}/.mailcap | 90 | whitelist ${HOME}/.mailcap |
91 | allow ${HOME}/.msmtprc | 91 | whitelist ${HOME}/.msmtprc |
92 | allow ${HOME}/.mutt | 92 | whitelist ${HOME}/.mutt |
93 | allow ${HOME}/.muttrc | 93 | whitelist ${HOME}/.muttrc |
94 | allow ${HOME}/.nanorc | 94 | whitelist ${HOME}/.nanorc |
95 | allow ${HOME}/.signature | 95 | whitelist ${HOME}/.signature |
96 | allow ${HOME}/.vim | 96 | whitelist ${HOME}/.vim |
97 | allow ${HOME}/.viminfo | 97 | whitelist ${HOME}/.viminfo |
98 | allow ${HOME}/.vimrc | 98 | whitelist ${HOME}/.vimrc |
99 | allow ${HOME}/.w3m | 99 | whitelist ${HOME}/.w3m |
100 | allow ${HOME}/Mail | 100 | whitelist ${HOME}/Mail |
101 | allow ${HOME}/mail | 101 | whitelist ${HOME}/mail |
102 | allow ${HOME}/postponed | 102 | whitelist ${HOME}/postponed |
103 | allow ${HOME}/sent | 103 | whitelist ${HOME}/sent |
104 | allow /usr/share/gnupg | 104 | whitelist /usr/share/gnupg |
105 | allow /usr/share/gnupg2 | 105 | whitelist /usr/share/gnupg2 |
106 | allow /usr/share/mutt | 106 | whitelist /usr/share/mutt |
107 | allow /var/mail | 107 | whitelist /var/mail |
108 | allow /var/spool/mail | 108 | whitelist /var/spool/mail |
109 | include whitelist-common.inc | 109 | include whitelist-common.inc |
110 | include whitelist-runuser-common.inc | 110 | include whitelist-runuser-common.inc |
111 | include whitelist-usr-share-common.inc | 111 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/mypaint.profile b/etc/profile-m-z/mypaint.profile index 19af47498..d8d487fe7 100644 --- a/etc/profile-m-z/mypaint.profile +++ b/etc/profile-m-z/mypaint.profile | |||
@@ -6,10 +6,10 @@ include mypaint.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/mypaint | 9 | noblacklist ${HOME}/.cache/mypaint |
10 | nodeny ${HOME}/.config/mypaint | 10 | noblacklist ${HOME}/.config/mypaint |
11 | nodeny ${HOME}/.local/share/mypaint | 11 | noblacklist ${HOME}/.local/share/mypaint |
12 | nodeny ${PICTURES} | 12 | noblacklist ${PICTURES} |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile index f0553bed5..4698c2287 100644 --- a/etc/profile-m-z/nano.profile +++ b/etc/profile-m-z/nano.profile | |||
@@ -7,10 +7,10 @@ include nano.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | nodeny ${HOME}/.config/nano | 12 | noblacklist ${HOME}/.config/nano |
13 | nodeny ${HOME}/.nanorc | 13 | noblacklist ${HOME}/.nanorc |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | allow /usr/share/nano | 22 | whitelist /usr/share/nano |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | 24 | ||
25 | apparmor | 25 | apparmor |
diff --git a/etc/profile-m-z/natron.profile b/etc/profile-m-z/natron.profile index 35d152748..5bf152f84 100644 --- a/etc/profile-m-z/natron.profile +++ b/etc/profile-m-z/natron.profile | |||
@@ -5,9 +5,9 @@ include natron.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.Natron | 8 | noblacklist ${HOME}/.Natron |
9 | nodeny ${HOME}/.cache/INRIA/Natron | 9 | noblacklist ${HOME}/.cache/INRIA/Natron |
10 | nodeny ${HOME}/.config/INRIA | 10 | noblacklist ${HOME}/.config/INRIA |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-m-z/ncdu.profile b/etc/profile-m-z/ncdu.profile index 38646dc90..063e30366 100644 --- a/etc/profile-m-z/ncdu.profile +++ b/etc/profile-m-z/ncdu.profile | |||
@@ -6,7 +6,7 @@ include ncdu.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | 12 | ||
diff --git a/etc/profile-m-z/ncdu2.profile b/etc/profile-m-z/ncdu2.profile new file mode 100644 index 000000000..5b6364c5d --- /dev/null +++ b/etc/profile-m-z/ncdu2.profile | |||
@@ -0,0 +1,11 @@ | |||
1 | # Firejail profile for ncdu2 | ||
2 | # Description: Ncurses disk usage viewer (zig rewrite) | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include ncdu2.local | ||
6 | # Persistent global definitions | ||
7 | # added by included profile | ||
8 | #include globals.local | ||
9 | |||
10 | # Redirect | ||
11 | include ncdu.profile | ||
diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile index ceb885908..9f00448c8 100644 --- a/etc/profile-m-z/neochat.profile +++ b/etc/profile-m-z/neochat.profile | |||
@@ -6,12 +6,12 @@ include neochat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/KDE/neochat | 9 | noblacklist ${HOME}/.cache/KDE/neochat |
10 | nodeny ${HOME}/.config/KDE | 10 | noblacklist ${HOME}/.config/KDE |
11 | nodeny ${HOME}/.config/KDE/neochat | 11 | noblacklist ${HOME}/.config/KDE/neochat |
12 | nodeny ${HOME}/.config/neochatrc | 12 | noblacklist ${HOME}/.config/neochatrc |
13 | nodeny ${HOME}/.config/neochat.notifyrc | 13 | noblacklist ${HOME}/.config/neochat.notifyrc |
14 | nodeny ${HOME}/.local/share/KDE/neochat | 14 | noblacklist ${HOME}/.local/share/KDE/neochat |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -24,9 +24,9 @@ include disable-xdg.inc | |||
24 | 24 | ||
25 | mkdir ${HOME}/.cache/KDE/neochat | 25 | mkdir ${HOME}/.cache/KDE/neochat |
26 | mkdir ${HOME}/.local/share/KDE/neochat | 26 | mkdir ${HOME}/.local/share/KDE/neochat |
27 | allow ${HOME}/.cache/KDE/neochat | 27 | whitelist ${HOME}/.cache/KDE/neochat |
28 | allow ${HOME}/.local/share/KDE/neochat | 28 | whitelist ${HOME}/.local/share/KDE/neochat |
29 | allow ${DOWNLOADS} | 29 | whitelist ${DOWNLOADS} |
30 | include whitelist-1793-workaround.inc | 30 | include whitelist-1793-workaround.inc |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index 939d6f111..fafa129e4 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile | |||
@@ -7,38 +7,38 @@ include neomutt.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | nodeny ${HOME}/.Mail | 11 | noblacklist ${HOME}/.Mail |
12 | nodeny ${HOME}/.bogofilter | 12 | noblacklist ${HOME}/.bogofilter |
13 | nodeny ${HOME}/.config/mutt | 13 | noblacklist ${HOME}/.config/mutt |
14 | nodeny ${HOME}/.config/nano | 14 | noblacklist ${HOME}/.config/nano |
15 | nodeny ${HOME}/.config/neomutt | 15 | noblacklist ${HOME}/.config/neomutt |
16 | nodeny ${HOME}/.elinks | 16 | noblacklist ${HOME}/.elinks |
17 | nodeny ${HOME}/.emacs | 17 | noblacklist ${HOME}/.emacs |
18 | nodeny ${HOME}/.emacs.d | 18 | noblacklist ${HOME}/.emacs.d |
19 | nodeny ${HOME}/.gnupg | 19 | noblacklist ${HOME}/.gnupg |
20 | nodeny ${HOME}/.mail | 20 | noblacklist ${HOME}/.mail |
21 | nodeny ${HOME}/.mailcap | 21 | noblacklist ${HOME}/.mailcap |
22 | nodeny ${HOME}/.msmtprc | 22 | noblacklist ${HOME}/.msmtprc |
23 | nodeny ${HOME}/.mutt | 23 | noblacklist ${HOME}/.mutt |
24 | nodeny ${HOME}/.muttrc | 24 | noblacklist ${HOME}/.muttrc |
25 | nodeny ${HOME}/.nanorc | 25 | noblacklist ${HOME}/.nanorc |
26 | nodeny ${HOME}/.neomutt | 26 | noblacklist ${HOME}/.neomutt |
27 | nodeny ${HOME}/.neomuttrc | 27 | noblacklist ${HOME}/.neomuttrc |
28 | nodeny ${HOME}/.signature | 28 | noblacklist ${HOME}/.signature |
29 | nodeny ${HOME}/.vim | 29 | noblacklist ${HOME}/.vim |
30 | nodeny ${HOME}/.viminfo | 30 | noblacklist ${HOME}/.viminfo |
31 | nodeny ${HOME}/.vimrc | 31 | noblacklist ${HOME}/.vimrc |
32 | nodeny ${HOME}/.w3m | 32 | noblacklist ${HOME}/.w3m |
33 | nodeny ${HOME}/Mail | 33 | noblacklist ${HOME}/Mail |
34 | nodeny ${HOME}/mail | 34 | noblacklist ${HOME}/mail |
35 | nodeny ${HOME}/postponed | 35 | noblacklist ${HOME}/postponed |
36 | nodeny ${HOME}/sent | 36 | noblacklist ${HOME}/sent |
37 | nodeny /var/mail | 37 | noblacklist /var/mail |
38 | nodeny /var/spool/mail | 38 | noblacklist /var/spool/mail |
39 | 39 | ||
40 | deny /tmp/.X11-unix | 40 | blacklist /tmp/.X11-unix |
41 | deny ${RUNUSER}/wayland-* | 41 | blacklist ${RUNUSER}/wayland-* |
42 | 42 | ||
43 | include allow-lua.inc | 43 | include allow-lua.inc |
44 | 44 | ||
@@ -76,39 +76,39 @@ mkfile ${HOME}/.neomuttrc | |||
76 | mkfile ${HOME}/.signature | 76 | mkfile ${HOME}/.signature |
77 | mkfile ${HOME}/.viminfo | 77 | mkfile ${HOME}/.viminfo |
78 | mkfile ${HOME}/.vimrc | 78 | mkfile ${HOME}/.vimrc |
79 | allow ${DOCUMENTS} | 79 | whitelist ${DOCUMENTS} |
80 | allow ${DOWNLOADS} | 80 | whitelist ${DOWNLOADS} |
81 | allow ${HOME}/.Mail | 81 | whitelist ${HOME}/.Mail |
82 | allow ${HOME}/.bogofilter | 82 | whitelist ${HOME}/.bogofilter |
83 | allow ${HOME}/.config/mutt | 83 | whitelist ${HOME}/.config/mutt |
84 | allow ${HOME}/.config/nano | 84 | whitelist ${HOME}/.config/nano |
85 | allow ${HOME}/.config/neomutt | 85 | whitelist ${HOME}/.config/neomutt |
86 | allow ${HOME}/.elinks | 86 | whitelist ${HOME}/.elinks |
87 | allow ${HOME}/.emacs | 87 | whitelist ${HOME}/.emacs |
88 | allow ${HOME}/.emacs.d | 88 | whitelist ${HOME}/.emacs.d |
89 | allow ${HOME}/.gnupg | 89 | whitelist ${HOME}/.gnupg |
90 | allow ${HOME}/.mail | 90 | whitelist ${HOME}/.mail |
91 | allow ${HOME}/.mailcap | 91 | whitelist ${HOME}/.mailcap |
92 | allow ${HOME}/.msmtprc | 92 | whitelist ${HOME}/.msmtprc |
93 | allow ${HOME}/.mutt | 93 | whitelist ${HOME}/.mutt |
94 | allow ${HOME}/.muttrc | 94 | whitelist ${HOME}/.muttrc |
95 | allow ${HOME}/.nanorc | 95 | whitelist ${HOME}/.nanorc |
96 | allow ${HOME}/.neomutt | 96 | whitelist ${HOME}/.neomutt |
97 | allow ${HOME}/.neomuttrc | 97 | whitelist ${HOME}/.neomuttrc |
98 | allow ${HOME}/.signature | 98 | whitelist ${HOME}/.signature |
99 | allow ${HOME}/.vim | 99 | whitelist ${HOME}/.vim |
100 | allow ${HOME}/.viminfo | 100 | whitelist ${HOME}/.viminfo |
101 | allow ${HOME}/.vimrc | 101 | whitelist ${HOME}/.vimrc |
102 | allow ${HOME}/.w3m | 102 | whitelist ${HOME}/.w3m |
103 | allow ${HOME}/Mail | 103 | whitelist ${HOME}/Mail |
104 | allow ${HOME}/mail | 104 | whitelist ${HOME}/mail |
105 | allow ${HOME}/postponed | 105 | whitelist ${HOME}/postponed |
106 | allow ${HOME}/sent | 106 | whitelist ${HOME}/sent |
107 | allow /usr/share/gnupg | 107 | whitelist /usr/share/gnupg |
108 | allow /usr/share/gnupg2 | 108 | whitelist /usr/share/gnupg2 |
109 | allow /usr/share/neomutt | 109 | whitelist /usr/share/neomutt |
110 | allow /var/mail | 110 | whitelist /var/mail |
111 | allow /var/spool/mail | 111 | whitelist /var/spool/mail |
112 | include whitelist-common.inc | 112 | include whitelist-common.inc |
113 | include whitelist-runuser-common.inc | 113 | include whitelist-runuser-common.inc |
114 | include whitelist-usr-share-common.inc | 114 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/netactview.profile b/etc/profile-m-z/netactview.profile index 68297c110..5d45dd7bc 100644 --- a/etc/profile-m-z/netactview.profile +++ b/etc/profile-m-z/netactview.profile | |||
@@ -6,7 +6,7 @@ include netactview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.netactview | 9 | noblacklist ${HOME}/.netactview |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/.netactview | 20 | mkfile ${HOME}/.netactview |
21 | allow ${HOME}/.netactview | 21 | whitelist ${HOME}/.netactview |
22 | allow /usr/share/netactview | 22 | whitelist /usr/share/netactview |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/nethack-vultures.profile b/etc/profile-m-z/nethack-vultures.profile index d5bf8a52a..c9a537370 100644 --- a/etc/profile-m-z/nethack-vultures.profile +++ b/etc/profile-m-z/nethack-vultures.profile | |||
@@ -6,7 +6,7 @@ include nethack.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.vultures | 9 | noblacklist ${HOME}/.vultures |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.vultures | 18 | mkdir ${HOME}/.vultures |
19 | allow ${HOME}/.vultures | 19 | whitelist ${HOME}/.vultures |
20 | allow /var/log/vultures | 20 | whitelist /var/log/vultures |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/nethack.profile b/etc/profile-m-z/nethack.profile index 23b57bb52..b57abe260 100644 --- a/etc/profile-m-z/nethack.profile +++ b/etc/profile-m-z/nethack.profile | |||
@@ -6,7 +6,7 @@ include nethack.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny /var/games/nethack | 9 | noblacklist /var/games/nethack |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -15,7 +15,7 @@ include disable-interpreters.inc | |||
15 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | allow /var/games/nethack | 18 | whitelist /var/games/nethack |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
diff --git a/etc/profile-m-z/netsurf.profile b/etc/profile-m-z/netsurf.profile index b099d6f0c..0ddb7bbbe 100644 --- a/etc/profile-m-z/netsurf.profile +++ b/etc/profile-m-z/netsurf.profile | |||
@@ -6,8 +6,8 @@ include netsurf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/netsurf | 9 | noblacklist ${HOME}/.cache/netsurf |
10 | nodeny ${HOME}/.config/netsurf | 10 | noblacklist ${HOME}/.config/netsurf |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-programs.inc | |||
16 | 16 | ||
17 | mkdir ${HOME}/.cache/netsurf | 17 | mkdir ${HOME}/.cache/netsurf |
18 | mkdir ${HOME}/.config/netsurf | 18 | mkdir ${HOME}/.config/netsurf |
19 | allow ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | allow ${HOME}/.cache/netsurf | 20 | whitelist ${HOME}/.cache/netsurf |
21 | allow ${HOME}/.config/netsurf | 21 | whitelist ${HOME}/.config/netsurf |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-m-z/neverball.profile b/etc/profile-m-z/neverball.profile index dad90a66c..ecfbb14e4 100644 --- a/etc/profile-m-z/neverball.profile +++ b/etc/profile-m-z/neverball.profile | |||
@@ -6,7 +6,7 @@ include neverball.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.neverball | 9 | noblacklist ${HOME}/.neverball |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.neverball | 20 | mkdir ${HOME}/.neverball |
21 | allow ${HOME}/.neverball | 21 | whitelist ${HOME}/.neverball |
22 | allow /usr/share/neverball | 22 | whitelist /usr/share/neverball |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/newsbeuter.profile b/etc/profile-m-z/newsbeuter.profile index c26ba4be0..6efb19502 100644 --- a/etc/profile-m-z/newsbeuter.profile +++ b/etc/profile-m-z/newsbeuter.profile | |||
@@ -11,15 +11,15 @@ ignore include newsboat.local | |||
11 | ignore mkdir ${HOME}/.config/newsboat | 11 | ignore mkdir ${HOME}/.config/newsboat |
12 | ignore mkdir ${HOME}/.local/share/newsboat | 12 | ignore mkdir ${HOME}/.local/share/newsboat |
13 | ignore mkdir ${HOME}/.newsboat | 13 | ignore mkdir ${HOME}/.newsboat |
14 | deny ${PATH}/newsboat | 14 | blacklist ${PATH}/newsboat |
15 | 15 | ||
16 | deny ${HOME}/.config/newsboat | 16 | blacklist ${HOME}/.config/newsboat |
17 | deny ${HOME}/.local/share/newsboat | 17 | blacklist ${HOME}/.local/share/newsboat |
18 | deny ${HOME}/.newsboat | 18 | blacklist ${HOME}/.newsboat |
19 | 19 | ||
20 | noallow ${HOME}/.config/newsboat | 20 | nowhitelist ${HOME}/.config/newsboat |
21 | noallow ${HOME}/.local/share/newsboat | 21 | nowhitelist ${HOME}/.local/share/newsboat |
22 | noallow ${HOME}/.newsboat | 22 | nowhitelist ${HOME}/.newsboat |
23 | 23 | ||
24 | mkdir ${HOME}/.config/newsbeuter | 24 | mkdir ${HOME}/.config/newsbeuter |
25 | mkdir ${HOME}/.local/share/newsbeuter | 25 | mkdir ${HOME}/.local/share/newsbeuter |
diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile index e34752b55..13bc3a615 100644 --- a/etc/profile-m-z/newsboat.profile +++ b/etc/profile-m-z/newsboat.profile | |||
@@ -6,12 +6,12 @@ include newsboat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/newsbeuter | 9 | noblacklist ${HOME}/.config/newsbeuter |
10 | nodeny ${HOME}/.config/newsboat | 10 | noblacklist ${HOME}/.config/newsboat |
11 | nodeny ${HOME}/.local/share/newsbeuter | 11 | noblacklist ${HOME}/.local/share/newsbeuter |
12 | nodeny ${HOME}/.local/share/newsboat | 12 | noblacklist ${HOME}/.local/share/newsboat |
13 | nodeny ${HOME}/.newsbeuter | 13 | noblacklist ${HOME}/.newsbeuter |
14 | nodeny ${HOME}/.newsboat | 14 | noblacklist ${HOME}/.newsboat |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -24,12 +24,12 @@ include disable-xdg.inc | |||
24 | mkdir ${HOME}/.config/newsboat | 24 | mkdir ${HOME}/.config/newsboat |
25 | mkdir ${HOME}/.local/share/newsboat | 25 | mkdir ${HOME}/.local/share/newsboat |
26 | mkdir ${HOME}/.newsboat | 26 | mkdir ${HOME}/.newsboat |
27 | allow ${HOME}/.config/newsbeuter | 27 | whitelist ${HOME}/.config/newsbeuter |
28 | allow ${HOME}/.config/newsboat | 28 | whitelist ${HOME}/.config/newsboat |
29 | allow ${HOME}/.local/share/newsbeuter | 29 | whitelist ${HOME}/.local/share/newsbeuter |
30 | allow ${HOME}/.local/share/newsboat | 30 | whitelist ${HOME}/.local/share/newsboat |
31 | allow ${HOME}/.newsbeuter | 31 | whitelist ${HOME}/.newsbeuter |
32 | allow ${HOME}/.newsboat | 32 | whitelist ${HOME}/.newsboat |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-runuser-common.inc | 34 | include whitelist-runuser-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/newsflash.profile b/etc/profile-m-z/newsflash.profile index 273628ea2..18d8c6ed4 100644 --- a/etc/profile-m-z/newsflash.profile +++ b/etc/profile-m-z/newsflash.profile | |||
@@ -6,9 +6,9 @@ include newsflash.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/NewsFlashGTK | 9 | noblacklist ${HOME}/.cache/NewsFlashGTK |
10 | nodeny ${HOME}/.config/news-flash | 10 | noblacklist ${HOME}/.config/news-flash |
11 | nodeny ${HOME}/.local/share/news-flash | 11 | noblacklist ${HOME}/.local/share/news-flash |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,9 +22,9 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.cache/NewsFlashGTK | 22 | mkdir ${HOME}/.cache/NewsFlashGTK |
23 | mkdir ${HOME}/.config/news-flash | 23 | mkdir ${HOME}/.config/news-flash |
24 | mkdir ${HOME}/.local/share/news-flash | 24 | mkdir ${HOME}/.local/share/news-flash |
25 | allow ${HOME}/.cache/NewsFlashGTK | 25 | whitelist ${HOME}/.cache/NewsFlashGTK |
26 | allow ${HOME}/.config/news-flash | 26 | whitelist ${HOME}/.config/news-flash |
27 | allow ${HOME}/.local/share/news-flash | 27 | whitelist ${HOME}/.local/share/news-flash |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile index 7ba46691d..9fd76fbe7 100644 --- a/etc/profile-m-z/nextcloud.profile +++ b/etc/profile-m-z/nextcloud.profile | |||
@@ -6,9 +6,9 @@ include nextcloud.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/Nextcloud | 9 | noblacklist ${HOME}/Nextcloud |
10 | nodeny ${HOME}/.config/Nextcloud | 10 | noblacklist ${HOME}/.config/Nextcloud |
11 | nodeny ${HOME}/.local/share/Nextcloud | 11 | noblacklist ${HOME}/.local/share/Nextcloud |
12 | # Add the next lines to your nextcloud.local to allow sync in more directories. | 12 | # Add the next lines to your nextcloud.local to allow sync in more directories. |
13 | #noblacklist ${DOCUMENTS} | 13 | #noblacklist ${DOCUMENTS} |
14 | #noblacklist ${MUSIC} | 14 | #noblacklist ${MUSIC} |
@@ -27,9 +27,9 @@ include disable-xdg.inc | |||
27 | mkdir ${HOME}/Nextcloud | 27 | mkdir ${HOME}/Nextcloud |
28 | mkdir ${HOME}/.config/Nextcloud | 28 | mkdir ${HOME}/.config/Nextcloud |
29 | mkdir ${HOME}/.local/share/Nextcloud | 29 | mkdir ${HOME}/.local/share/Nextcloud |
30 | allow ${HOME}/Nextcloud | 30 | whitelist ${HOME}/Nextcloud |
31 | allow ${HOME}/.config/Nextcloud | 31 | whitelist ${HOME}/.config/Nextcloud |
32 | allow ${HOME}/.local/share/Nextcloud | 32 | whitelist ${HOME}/.local/share/Nextcloud |
33 | # Add the next lines to your nextcloud.local to allow sync in more directories. | 33 | # Add the next lines to your nextcloud.local to allow sync in more directories. |
34 | #whitelist ${DOCUMENTS} | 34 | #whitelist ${DOCUMENTS} |
35 | #whitelist ${MUSIC} | 35 | #whitelist ${MUSIC} |
diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile index 0149e0737..f8062891c 100644 --- a/etc/profile-m-z/nheko.profile +++ b/etc/profile-m-z/nheko.profile | |||
@@ -6,9 +6,9 @@ include nheko.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/nheko | 9 | noblacklist ${HOME}/.cache/nheko |
10 | nodeny ${HOME}/.config/nheko | 10 | noblacklist ${HOME}/.config/nheko |
11 | nodeny ${HOME}/.local/share/nheko | 11 | noblacklist ${HOME}/.local/share/nheko |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,10 +22,10 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.cache/nheko | 22 | mkdir ${HOME}/.cache/nheko |
23 | mkdir ${HOME}/.config/nheko | 23 | mkdir ${HOME}/.config/nheko |
24 | mkdir ${HOME}/.local/share/nheko | 24 | mkdir ${HOME}/.local/share/nheko |
25 | allow ${HOME}/.cache/nheko | 25 | whitelist ${HOME}/.cache/nheko |
26 | allow ${HOME}/.config/nheko | 26 | whitelist ${HOME}/.config/nheko |
27 | allow ${HOME}/.local/share/nheko | 27 | whitelist ${HOME}/.local/share/nheko |
28 | allow ${DOWNLOADS} | 28 | whitelist ${DOWNLOADS} |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/nicotine.profile b/etc/profile-m-z/nicotine.profile index b31a7babf..1c7dbc009 100644 --- a/etc/profile-m-z/nicotine.profile +++ b/etc/profile-m-z/nicotine.profile | |||
@@ -6,7 +6,7 @@ include nicotine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.nicotine | 9 | noblacklist ${HOME}/.nicotine |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -21,9 +21,9 @@ include disable-shell.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.nicotine | 23 | mkdir ${HOME}/.nicotine |
24 | allow ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | allow ${HOME}/.nicotine | 25 | whitelist ${HOME}/.nicotine |
26 | allow /usr/share/GeoIP | 26 | whitelist /usr/share/GeoIP |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/nitroshare.profile b/etc/profile-m-z/nitroshare.profile index 70fffd5d4..8dba84f02 100644 --- a/etc/profile-m-z/nitroshare.profile +++ b/etc/profile-m-z/nitroshare.profile | |||
@@ -6,8 +6,8 @@ include nitroshare.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Nathan Osman | 9 | noblacklist ${HOME}/.config/Nathan Osman |
10 | nodeny ${HOME}/.config/NitroShare | 10 | noblacklist ${HOME}/.config/NitroShare |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile index 7981ba6ae..fa69f9214 100644 --- a/etc/profile-m-z/nodejs-common.profile +++ b/etc/profile-m-z/nodejs-common.profile | |||
@@ -7,22 +7,22 @@ include nodejs-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER} | 11 | blacklist ${RUNUSER} |
12 | 12 | ||
13 | ignore read-only ${HOME}/.npm-packages | 13 | ignore read-only ${HOME}/.npm-packages |
14 | ignore read-only ${HOME}/.npmrc | 14 | ignore read-only ${HOME}/.npmrc |
15 | ignore read-only ${HOME}/.nvm | 15 | ignore read-only ${HOME}/.nvm |
16 | ignore read-only ${HOME}/.yarnrc | 16 | ignore read-only ${HOME}/.yarnrc |
17 | 17 | ||
18 | nodeny ${HOME}/.node-gyp | 18 | noblacklist ${HOME}/.node-gyp |
19 | nodeny ${HOME}/.npm | 19 | noblacklist ${HOME}/.npm |
20 | nodeny ${HOME}/.npmrc | 20 | noblacklist ${HOME}/.npmrc |
21 | nodeny ${HOME}/.nvm | 21 | noblacklist ${HOME}/.nvm |
22 | nodeny ${HOME}/.yarn | 22 | noblacklist ${HOME}/.yarn |
23 | nodeny ${HOME}/.yarn-config | 23 | noblacklist ${HOME}/.yarn-config |
24 | nodeny ${HOME}/.yarncache | 24 | noblacklist ${HOME}/.yarncache |
25 | nodeny ${HOME}/.yarnrc | 25 | noblacklist ${HOME}/.yarnrc |
26 | 26 | ||
27 | ignore noexec ${HOME} | 27 | ignore noexec ${HOME} |
28 | 28 | ||
@@ -58,9 +58,9 @@ include disable-xdg.inc | |||
58 | #whitelist ${HOME}/Projects | 58 | #whitelist ${HOME}/Projects |
59 | #include whitelist-common.inc | 59 | #include whitelist-common.inc |
60 | 60 | ||
61 | allow /usr/share/doc/node | 61 | whitelist /usr/share/doc/node |
62 | allow /usr/share/nvm | 62 | whitelist /usr/share/nvm |
63 | allow /usr/share/systemtap/tapset/node.stp | 63 | whitelist /usr/share/systemtap/tapset/node.stp |
64 | include whitelist-runuser-common.inc | 64 | include whitelist-runuser-common.inc |
65 | include whitelist-usr-share-common.inc | 65 | include whitelist-usr-share-common.inc |
66 | include whitelist-var-common.inc | 66 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/nomacs.profile b/etc/profile-m-z/nomacs.profile index 80fbd0fcb..a36dee874 100644 --- a/etc/profile-m-z/nomacs.profile +++ b/etc/profile-m-z/nomacs.profile | |||
@@ -6,10 +6,10 @@ include nomacs.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/nomacs | 9 | noblacklist ${HOME}/.config/nomacs |
10 | nodeny ${HOME}/.local/share/nomacs | 10 | noblacklist ${HOME}/.local/share/nomacs |
11 | nodeny ${HOME}/.local/share/data/nomacs | 11 | noblacklist ${HOME}/.local/share/data/nomacs |
12 | nodeny ${PICTURES} | 12 | noblacklist ${PICTURES} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/notify-send.profile b/etc/profile-m-z/notify-send.profile index a3bcc040c..650118c98 100644 --- a/etc/profile-m-z/notify-send.profile +++ b/etc/profile-m-z/notify-send.profile | |||
@@ -7,7 +7,7 @@ include notify-send.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile index b3002ad0e..c7a131a2c 100644 --- a/etc/profile-m-z/nslookup.profile +++ b/etc/profile-m-z/nslookup.profile | |||
@@ -7,10 +7,10 @@ include nslookup.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER} | 11 | blacklist ${RUNUSER} |
12 | 12 | ||
13 | nodeny ${PATH}/nslookup | 13 | noblacklist ${PATH}/nslookup |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | allow ${HOME}/.nslookuprc | 23 | whitelist ${HOME}/.nslookuprc |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/nuclear.profile b/etc/profile-m-z/nuclear.profile index 67f54f9fc..886403b9e 100644 --- a/etc/profile-m-z/nuclear.profile +++ b/etc/profile-m-z/nuclear.profile | |||
@@ -8,12 +8,12 @@ include globals.local | |||
8 | 8 | ||
9 | ignore dbus-user | 9 | ignore dbus-user |
10 | 10 | ||
11 | nodeny ${HOME}/.config/nuclear | 11 | noblacklist ${HOME}/.config/nuclear |
12 | 12 | ||
13 | include disable-shell.inc | 13 | include disable-shell.inc |
14 | 14 | ||
15 | mkdir ${HOME}/.config/nuclear | 15 | mkdir ${HOME}/.config/nuclear |
16 | allow ${HOME}/.config/nuclear | 16 | whitelist ${HOME}/.config/nuclear |
17 | 17 | ||
18 | no3d | 18 | no3d |
19 | 19 | ||
diff --git a/etc/profile-m-z/nylas.profile b/etc/profile-m-z/nylas.profile index ee7710b9c..fe0c2116b 100644 --- a/etc/profile-m-z/nylas.profile +++ b/etc/profile-m-z/nylas.profile | |||
@@ -5,8 +5,8 @@ include nylas.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/Nylas Mail | 8 | noblacklist ${HOME}/.config/Nylas Mail |
9 | nodeny ${HOME}/.nylas-mail | 9 | noblacklist ${HOME}/.nylas-mail |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-programs.inc | |||
16 | 16 | ||
17 | mkdir ${HOME}/.config/Nylas Mail | 17 | mkdir ${HOME}/.config/Nylas Mail |
18 | mkdir ${HOME}/.nylas-mail | 18 | mkdir ${HOME}/.nylas-mail |
19 | allow ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | allow ${HOME}/.config/Nylas Mail | 20 | whitelist ${HOME}/.config/Nylas Mail |
21 | allow ${HOME}/.nylas-mail | 21 | whitelist ${HOME}/.nylas-mail |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-m-z/nyx.profile b/etc/profile-m-z/nyx.profile index 1d606f70c..d040d42af 100644 --- a/etc/profile-m-z/nyx.profile +++ b/etc/profile-m-z/nyx.profile | |||
@@ -10,7 +10,7 @@ include globals.local | |||
10 | include allow-python2.inc | 10 | include allow-python2.inc |
11 | include allow-python3.inc | 11 | include allow-python3.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.nyx | 13 | noblacklist ${HOME}/.nyx |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,7 +22,7 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.nyx | 24 | mkdir ${HOME}/.nyx |
25 | allow ${HOME}/.nyx | 25 | whitelist ${HOME}/.nyx |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-m-z/obs.profile b/etc/profile-m-z/obs.profile index f70bdc55a..9345cee4f 100644 --- a/etc/profile-m-z/obs.profile +++ b/etc/profile-m-z/obs.profile | |||
@@ -5,10 +5,10 @@ include obs.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/obs-studio | 8 | noblacklist ${HOME}/.config/obs-studio |
9 | nodeny ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | nodeny ${PICTURES} | 10 | noblacklist ${PICTURES} |
11 | nodeny ${VIDEOS} | 11 | noblacklist ${VIDEOS} |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-m-z/ocenaudio.profile b/etc/profile-m-z/ocenaudio.profile index 792c2ffc6..7be68a201 100644 --- a/etc/profile-m-z/ocenaudio.profile +++ b/etc/profile-m-z/ocenaudio.profile | |||
@@ -6,9 +6,9 @@ include ocenaudio.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/ocenaudio | 9 | noblacklist ${HOME}/.local/share/ocenaudio |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | nodeny ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/odt2txt.profile b/etc/profile-m-z/odt2txt.profile index 61b71ec10..6163d2e22 100644 --- a/etc/profile-m-z/odt2txt.profile +++ b/etc/profile-m-z/odt2txt.profile | |||
@@ -6,9 +6,9 @@ include odt2txt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile index feeed86cb..ab8ccf623 100644 --- a/etc/profile-m-z/okular.profile +++ b/etc/profile-m-z/okular.profile | |||
@@ -6,18 +6,18 @@ include okular.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/okular | 9 | noblacklist ${HOME}/.cache/okular |
10 | nodeny ${HOME}/.config/okularpartrc | 10 | noblacklist ${HOME}/.config/okularpartrc |
11 | nodeny ${HOME}/.config/okularrc | 11 | noblacklist ${HOME}/.config/okularrc |
12 | nodeny ${HOME}/.kde/share/apps/okular | 12 | noblacklist ${HOME}/.kde/share/apps/okular |
13 | nodeny ${HOME}/.kde/share/config/okularpartrc | 13 | noblacklist ${HOME}/.kde/share/config/okularpartrc |
14 | nodeny ${HOME}/.kde/share/config/okularrc | 14 | noblacklist ${HOME}/.kde/share/config/okularrc |
15 | nodeny ${HOME}/.kde4/share/apps/okular | 15 | noblacklist ${HOME}/.kde4/share/apps/okular |
16 | nodeny ${HOME}/.kde4/share/config/okularpartrc | 16 | noblacklist ${HOME}/.kde4/share/config/okularpartrc |
17 | nodeny ${HOME}/.kde4/share/config/okularrc | 17 | noblacklist ${HOME}/.kde4/share/config/okularrc |
18 | nodeny ${HOME}/.local/share/kxmlgui5/okular | 18 | noblacklist ${HOME}/.local/share/kxmlgui5/okular |
19 | nodeny ${HOME}/.local/share/okular | 19 | noblacklist ${HOME}/.local/share/okular |
20 | nodeny ${DOCUMENTS} | 20 | noblacklist ${DOCUMENTS} |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
@@ -28,15 +28,15 @@ include disable-programs.inc | |||
28 | include disable-shell.inc | 28 | include disable-shell.inc |
29 | include disable-xdg.inc | 29 | include disable-xdg.inc |
30 | 30 | ||
31 | allow /usr/share/config.kcfg/gssettings.kcfg | 31 | whitelist /usr/share/config.kcfg/gssettings.kcfg |
32 | allow /usr/share/config.kcfg/pdfsettings.kcfg | 32 | whitelist /usr/share/config.kcfg/pdfsettings.kcfg |
33 | allow /usr/share/config.kcfg/okular.kcfg | 33 | whitelist /usr/share/config.kcfg/okular.kcfg |
34 | allow /usr/share/config.kcfg/okular_core.kcfg | 34 | whitelist /usr/share/config.kcfg/okular_core.kcfg |
35 | allow /usr/share/ghostscript | 35 | whitelist /usr/share/ghostscript |
36 | allow /usr/share/kconf_update/okular.upd | 36 | whitelist /usr/share/kconf_update/okular.upd |
37 | allow /usr/share/kxmlgui5/okular | 37 | whitelist /usr/share/kxmlgui5/okular |
38 | allow /usr/share/okular | 38 | whitelist /usr/share/okular |
39 | allow /usr/share/poppler | 39 | whitelist /usr/share/poppler |
40 | include whitelist-runuser-common.inc | 40 | include whitelist-runuser-common.inc |
41 | include whitelist-usr-share-common.inc | 41 | include whitelist-usr-share-common.inc |
42 | include whitelist-var-common.inc | 42 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile index 748d17995..5b367b639 100644 --- a/etc/profile-m-z/onboard.profile +++ b/etc/profile-m-z/onboard.profile | |||
@@ -6,7 +6,7 @@ include onboard.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/onboard | 9 | noblacklist ${HOME}/.config/onboard |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,8 +22,8 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.config/onboard | 24 | mkdir ${HOME}/.config/onboard |
25 | allow ${HOME}/.config/onboard | 25 | whitelist ${HOME}/.config/onboard |
26 | allow /usr/share/onboard | 26 | whitelist /usr/share/onboard |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/onionshare-gui.profile b/etc/profile-m-z/onionshare-gui.profile index 188818a7f..960df9034 100644 --- a/etc/profile-m-z/onionshare-gui.profile +++ b/etc/profile-m-z/onionshare-gui.profile | |||
@@ -5,7 +5,7 @@ include onionshare-gui.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/onionshare | 8 | noblacklist ${HOME}/.config/onionshare |
9 | 9 | ||
10 | # Allow python (blacklisted by disable-interpreters.inc) | 10 | # Allow python (blacklisted by disable-interpreters.inc) |
11 | include allow-python3.inc | 11 | include allow-python3.inc |
diff --git a/etc/profile-m-z/open-invaders.profile b/etc/profile-m-z/open-invaders.profile index 6e2b31def..7a840d4a9 100644 --- a/etc/profile-m-z/open-invaders.profile +++ b/etc/profile-m-z/open-invaders.profile | |||
@@ -6,7 +6,7 @@ include open-invaders.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.openinvaders | 9 | noblacklist ${HOME}/.openinvaders |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.openinvaders | 19 | mkdir ${HOME}/.openinvaders |
20 | allow ${HOME}/.openinvaders | 20 | whitelist ${HOME}/.openinvaders |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/openarena.profile b/etc/profile-m-z/openarena.profile index dfc78e5a9..36ce0316f 100644 --- a/etc/profile-m-z/openarena.profile +++ b/etc/profile-m-z/openarena.profile | |||
@@ -6,7 +6,7 @@ include openarena.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.openarena | 9 | noblacklist ${HOME}/.openarena |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.openarena | 19 | mkdir ${HOME}/.openarena |
20 | allow ${HOME}/.openarena | 20 | whitelist ${HOME}/.openarena |
21 | allow /usr/share/openarena | 21 | whitelist /usr/share/openarena |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/openbox.profile b/etc/profile-m-z/openbox.profile index 5a6b378f0..b49fd9932 100644 --- a/etc/profile-m-z/openbox.profile +++ b/etc/profile-m-z/openbox.profile | |||
@@ -7,7 +7,7 @@ include openbox.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in openbox will run in this profile | 9 | # all applications started in openbox will run in this profile |
10 | nodeny ${HOME}/.config/openbox | 10 | noblacklist ${HOME}/.config/openbox |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-m-z/opencity.profile b/etc/profile-m-z/opencity.profile index 268e7cee3..a3d371e15 100644 --- a/etc/profile-m-z/opencity.profile +++ b/etc/profile-m-z/opencity.profile | |||
@@ -6,7 +6,7 @@ include opencity.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.opencity | 9 | noblacklist ${HOME}/.opencity |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.opencity | 20 | mkdir ${HOME}/.opencity |
21 | allow ${HOME}/.opencity | 21 | whitelist ${HOME}/.opencity |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/openclonk.profile b/etc/profile-m-z/openclonk.profile index 588191cb3..32b40df42 100644 --- a/etc/profile-m-z/openclonk.profile +++ b/etc/profile-m-z/openclonk.profile | |||
@@ -6,7 +6,7 @@ include openclonk.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.clonk | 9 | noblacklist ${HOME}/.clonk |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.clonk | 20 | mkdir ${HOME}/.clonk |
21 | allow ${HOME}/.clonk | 21 | whitelist ${HOME}/.clonk |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile index 95d507c98..d1fe67aed 100644 --- a/etc/profile-m-z/openmw.profile +++ b/etc/profile-m-z/openmw.profile | |||
@@ -6,8 +6,8 @@ include openmw.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/openmw | 9 | noblacklist ${HOME}/.config/openmw |
10 | nodeny ${HOME}/.local/share/openmw | 10 | noblacklist ${HOME}/.local/share/openmw |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -21,11 +21,11 @@ include disable-xdg.inc | |||
21 | 21 | ||
22 | mkdir ${HOME}/.config/openmw | 22 | mkdir ${HOME}/.config/openmw |
23 | mkdir ${HOME}/.local/share/openmw | 23 | mkdir ${HOME}/.local/share/openmw |
24 | allow ${HOME}/.config/openmw | 24 | whitelist ${HOME}/.config/openmw |
25 | # Copy Morrowind data files into ${HOME}/.local/share/openmw or load them from /mnt. | 25 | # Copy Morrowind data files into ${HOME}/.local/share/openmw or load them from /mnt. |
26 | # Alternatively you can whitelist custom paths in your openmw.local. | 26 | # Alternatively you can whitelist custom paths in your openmw.local. |
27 | allow ${HOME}/.local/share/openmw | 27 | whitelist ${HOME}/.local/share/openmw |
28 | allow /usr/share/openmw | 28 | whitelist /usr/share/openmw |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/openshot.profile b/etc/profile-m-z/openshot.profile index ebb536b3e..6118630c4 100644 --- a/etc/profile-m-z/openshot.profile +++ b/etc/profile-m-z/openshot.profile | |||
@@ -6,8 +6,8 @@ include openshot.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.openshot | 9 | noblacklist ${HOME}/.openshot |
10 | nodeny ${HOME}/.openshot_qt | 10 | noblacklist ${HOME}/.openshot_qt |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python3.inc | 13 | include allow-python3.inc |
@@ -19,8 +19,8 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | allow /usr/share/blender | 22 | whitelist /usr/share/blender |
23 | allow /usr/share/inkscape | 23 | whitelist /usr/share/inkscape |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/openttd.profile b/etc/profile-m-z/openttd.profile index 79c1f8ffa..546958bb7 100644 --- a/etc/profile-m-z/openttd.profile +++ b/etc/profile-m-z/openttd.profile | |||
@@ -6,7 +6,7 @@ include openttd.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.openttd | 9 | noblacklist ${HOME}/.openttd |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.openttd | 20 | mkdir ${HOME}/.openttd |
21 | allow ${HOME}/.openttd | 21 | whitelist ${HOME}/.openttd |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/opera-beta.profile b/etc/profile-m-z/opera-beta.profile index 548afc0b4..551f1aba4 100644 --- a/etc/profile-m-z/opera-beta.profile +++ b/etc/profile-m-z/opera-beta.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/opera | 13 | noblacklist ${HOME}/.cache/opera |
14 | nodeny ${HOME}/.config/opera-beta | 14 | noblacklist ${HOME}/.config/opera-beta |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/opera | 16 | mkdir ${HOME}/.cache/opera |
17 | mkdir ${HOME}/.config/opera-beta | 17 | mkdir ${HOME}/.config/opera-beta |
18 | allow ${HOME}/.cache/opera | 18 | whitelist ${HOME}/.cache/opera |
19 | allow ${HOME}/.config/opera-beta | 19 | whitelist ${HOME}/.config/opera-beta |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-m-z/opera.profile b/etc/profile-m-z/opera.profile index 5a3fe064e..2c7c5fc35 100644 --- a/etc/profile-m-z/opera.profile +++ b/etc/profile-m-z/opera.profile | |||
@@ -11,16 +11,16 @@ ignore whitelist /usr/share/chromium | |||
11 | ignore include whitelist-runuser-common.inc | 11 | ignore include whitelist-runuser-common.inc |
12 | ignore include whitelist-usr-share-common.inc | 12 | ignore include whitelist-usr-share-common.inc |
13 | 13 | ||
14 | nodeny ${HOME}/.cache/opera | 14 | noblacklist ${HOME}/.cache/opera |
15 | nodeny ${HOME}/.config/opera | 15 | noblacklist ${HOME}/.config/opera |
16 | nodeny ${HOME}/.opera | 16 | noblacklist ${HOME}/.opera |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/opera | 18 | mkdir ${HOME}/.cache/opera |
19 | mkdir ${HOME}/.config/opera | 19 | mkdir ${HOME}/.config/opera |
20 | mkdir ${HOME}/.opera | 20 | mkdir ${HOME}/.opera |
21 | allow ${HOME}/.cache/opera | 21 | whitelist ${HOME}/.cache/opera |
22 | allow ${HOME}/.config/opera | 22 | whitelist ${HOME}/.config/opera |
23 | allow ${HOME}/.opera | 23 | whitelist ${HOME}/.opera |
24 | 24 | ||
25 | # Redirect | 25 | # Redirect |
26 | include chromium-common.profile | 26 | include chromium-common.profile |
diff --git a/etc/profile-m-z/orage.profile b/etc/profile-m-z/orage.profile index a49cbdb91..4e4d8bea5 100644 --- a/etc/profile-m-z/orage.profile +++ b/etc/profile-m-z/orage.profile | |||
@@ -6,8 +6,8 @@ include orage.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/orage | 9 | noblacklist ${HOME}/.config/orage |
10 | nodeny ${HOME}/.local/share/orage | 10 | noblacklist ${HOME}/.local/share/orage |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/ostrichriders.profile b/etc/profile-m-z/ostrichriders.profile index ed881816e..310b90919 100644 --- a/etc/profile-m-z/ostrichriders.profile +++ b/etc/profile-m-z/ostrichriders.profile | |||
@@ -6,7 +6,7 @@ include ostrichriders.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.ostrichriders | 9 | noblacklist ${HOME}/.ostrichriders |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.ostrichriders | 20 | mkdir ${HOME}/.ostrichriders |
21 | allow ${HOME}/.ostrichriders | 21 | whitelist ${HOME}/.ostrichriders |
22 | allow /usr/share/ostrichriders | 22 | whitelist /usr/share/ostrichriders |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile index bc9e730a1..20a4e25ed 100644 --- a/etc/profile-m-z/otter-browser.profile +++ b/etc/profile-m-z/otter-browser.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | 8 | ||
9 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 9 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
10 | 10 | ||
11 | nodeny ${HOME}/.cache/Otter | 11 | noblacklist ${HOME}/.cache/Otter |
12 | nodeny ${HOME}/.config/otter | 12 | noblacklist ${HOME}/.config/otter |
13 | nodeny ${HOME}/.pki | 13 | noblacklist ${HOME}/.pki |
14 | nodeny ${HOME}/.local/share/pki | 14 | noblacklist ${HOME}/.local/share/pki |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -25,12 +25,12 @@ mkdir ${HOME}/.cache/Otter | |||
25 | mkdir ${HOME}/.config/otter | 25 | mkdir ${HOME}/.config/otter |
26 | mkdir ${HOME}/.pki | 26 | mkdir ${HOME}/.pki |
27 | mkdir ${HOME}/.local/share/pki | 27 | mkdir ${HOME}/.local/share/pki |
28 | allow ${DOWNLOADS} | 28 | whitelist ${DOWNLOADS} |
29 | allow ${HOME}/.cache/Otter | 29 | whitelist ${HOME}/.cache/Otter |
30 | allow ${HOME}/.config/otter | 30 | whitelist ${HOME}/.config/otter |
31 | allow ${HOME}/.pki | 31 | whitelist ${HOME}/.pki |
32 | allow ${HOME}/.local/share/pki | 32 | whitelist ${HOME}/.local/share/pki |
33 | allow /usr/share/otter-browser | 33 | whitelist /usr/share/otter-browser |
34 | include whitelist-common.inc | 34 | include whitelist-common.inc |
35 | include whitelist-runuser-common.inc | 35 | include whitelist-runuser-common.inc |
36 | include whitelist-usr-share-common.inc | 36 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/palemoon.profile b/etc/profile-m-z/palemoon.profile index 503c141d8..acb2ce176 100644 --- a/etc/profile-m-z/palemoon.profile +++ b/etc/profile-m-z/palemoon.profile | |||
@@ -5,13 +5,13 @@ include palemoon.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/moonchild productions/pale moon | 8 | noblacklist ${HOME}/.cache/moonchild productions/pale moon |
9 | nodeny ${HOME}/.moonchild productions/pale moon | 9 | noblacklist ${HOME}/.moonchild productions/pale moon |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/moonchild productions/pale moon | 11 | mkdir ${HOME}/.cache/moonchild productions/pale moon |
12 | mkdir ${HOME}/.moonchild productions | 12 | mkdir ${HOME}/.moonchild productions |
13 | allow ${HOME}/.cache/moonchild productions/pale moon | 13 | whitelist ${HOME}/.cache/moonchild productions/pale moon |
14 | allow ${HOME}/.moonchild productions | 14 | whitelist ${HOME}/.moonchild productions |
15 | 15 | ||
16 | # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60) | 16 | # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60) |
17 | seccomp | 17 | seccomp |
diff --git a/etc/profile-m-z/pandoc.profile b/etc/profile-m-z/pandoc.profile index a59f53298..513b4119e 100644 --- a/etc/profile-m-z/pandoc.profile +++ b/etc/profile-m-z/pandoc.profile | |||
@@ -7,9 +7,9 @@ include pandoc.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER} | 10 | blacklist ${RUNUSER} |
11 | 11 | ||
12 | nodeny ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/parole.profile b/etc/profile-m-z/parole.profile index a277d1cbc..0a4422a73 100644 --- a/etc/profile-m-z/parole.profile +++ b/etc/profile-m-z/parole.profile | |||
@@ -6,8 +6,8 @@ include parole.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | nodeny ${VIDEOS} | 10 | noblacklist ${VIDEOS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/patch.profile b/etc/profile-m-z/patch.profile index 156c3956d..0de968185 100644 --- a/etc/profile-m-z/patch.profile +++ b/etc/profile-m-z/patch.profile | |||
@@ -7,9 +7,9 @@ include patch.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER} | 10 | blacklist ${RUNUSER} |
11 | 11 | ||
12 | nodeny ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pavucontrol-qt.profile b/etc/profile-m-z/pavucontrol-qt.profile index dcd69cdd0..f96ba14d2 100644 --- a/etc/profile-m-z/pavucontrol-qt.profile +++ b/etc/profile-m-z/pavucontrol-qt.profile | |||
@@ -7,10 +7,10 @@ include pavucontrol-qt.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.config/pavucontrol-qt | 10 | noblacklist ${HOME}/.config/pavucontrol-qt |
11 | 11 | ||
12 | mkdir ${HOME}/.config/pavucontrol-qt | 12 | mkdir ${HOME}/.config/pavucontrol-qt |
13 | allow ${HOME}/.config/pavucontrol-qt | 13 | whitelist ${HOME}/.config/pavucontrol-qt |
14 | 14 | ||
15 | private-bin pavucontrol-qt | 15 | private-bin pavucontrol-qt |
16 | ignore private-lib | 16 | ignore private-lib |
diff --git a/etc/profile-m-z/pavucontrol.profile b/etc/profile-m-z/pavucontrol.profile index f44730c33..b46fb3026 100644 --- a/etc/profile-m-z/pavucontrol.profile +++ b/etc/profile-m-z/pavucontrol.profile | |||
@@ -6,7 +6,7 @@ include pavucontrol.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/pavucontrol.ini | 9 | noblacklist ${HOME}/.config/pavucontrol.ini |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | # whitelisting in ${HOME} is broken, see #3112 | 19 | # whitelisting in ${HOME} is broken, see #3112 |
20 | #mkfile ${HOME}/.config/pavucontrol.ini | 20 | #mkfile ${HOME}/.config/pavucontrol.ini |
21 | #whitelist ${HOME}/.config/pavucontrol.ini | 21 | #whitelist ${HOME}/.config/pavucontrol.ini |
22 | allow /usr/share/pavucontrol | 22 | whitelist /usr/share/pavucontrol |
23 | allow /usr/share/pavucontrol-qt | 23 | whitelist /usr/share/pavucontrol-qt |
24 | #include whitelist-common.inc | 24 | #include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile index 3f920ced8..a6dab2a9a 100644 --- a/etc/profile-m-z/pcsxr.profile +++ b/etc/profile-m-z/pcsxr.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # Note: you must whitelist your games folder in your pcsxr.local | 9 | # Note: you must whitelist your games folder in your pcsxr.local |
10 | 10 | ||
11 | nodeny ${HOME}/.pcsxr | 11 | noblacklist ${HOME}/.pcsxr |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,7 +21,7 @@ include disable-write-mnt.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.pcsxr | 23 | mkdir ${HOME}/.pcsxr |
24 | allow ${HOME}/.pcsxr | 24 | whitelist ${HOME}/.pcsxr |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/pdfchain.profile b/etc/profile-m-z/pdfchain.profile index 13a011072..d72417914 100644 --- a/etc/profile-m-z/pdfchain.profile +++ b/etc/profile-m-z/pdfchain.profile | |||
@@ -5,7 +5,7 @@ include pdfchain.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${DOCUMENTS} | 8 | noblacklist ${DOCUMENTS} |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pdfmod.profile b/etc/profile-m-z/pdfmod.profile index e49ce8073..a19826555 100644 --- a/etc/profile-m-z/pdfmod.profile +++ b/etc/profile-m-z/pdfmod.profile | |||
@@ -6,9 +6,9 @@ include pdfmod.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/pdfmod | 9 | noblacklist ${HOME}/.cache/pdfmod |
10 | nodeny ${HOME}/.config/pdfmod | 10 | noblacklist ${HOME}/.config/pdfmod |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pdfsam.profile b/etc/profile-m-z/pdfsam.profile index 67c14bbc3..e2808d4d2 100644 --- a/etc/profile-m-z/pdfsam.profile +++ b/etc/profile-m-z/pdfsam.profile | |||
@@ -6,7 +6,7 @@ include pdfsam.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | 10 | ||
11 | # Allow java (blacklisted by disable-devel.inc) | 11 | # Allow java (blacklisted by disable-devel.inc) |
12 | include allow-java.inc | 12 | include allow-java.inc |
diff --git a/etc/profile-m-z/pdftotext.profile b/etc/profile-m-z/pdftotext.profile index 1c7ebfad5..d3902a51c 100644 --- a/etc/profile-m-z/pdftotext.profile +++ b/etc/profile-m-z/pdftotext.profile | |||
@@ -6,9 +6,9 @@ include pdftotext.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER} | 9 | blacklist ${RUNUSER} |
10 | 10 | ||
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | allow ${DOCUMENTS} | 22 | whitelist ${DOCUMENTS} |
23 | allow ${DOWNLOADS} | 23 | whitelist ${DOWNLOADS} |
24 | allow /usr/share/poppler | 24 | whitelist /usr/share/poppler |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile index e809625ad..c33953687 100644 --- a/etc/profile-m-z/peek.profile +++ b/etc/profile-m-z/peek.profile | |||
@@ -5,9 +5,9 @@ include peek.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/peek | 8 | noblacklist ${HOME}/.cache/peek |
9 | nodeny ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | nodeny ${VIDEOS} | 10 | noblacklist ${VIDEOS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/penguin-command.profile b/etc/profile-m-z/penguin-command.profile index 5ebd7b462..f5ad0321d 100644 --- a/etc/profile-m-z/penguin-command.profile +++ b/etc/profile-m-z/penguin-command.profile | |||
@@ -6,7 +6,7 @@ include penguin-command.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.penguin-command | 9 | noblacklist ${HOME}/.penguin-command |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | allow ${HOME}/.penguin-command | 19 | whitelist ${HOME}/.penguin-command |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-m-z/photoflare.profile b/etc/profile-m-z/photoflare.profile index 8dd506850..40068ff78 100644 --- a/etc/profile-m-z/photoflare.profile +++ b/etc/profile-m-z/photoflare.profile | |||
@@ -6,7 +6,7 @@ include photoflare.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include photoflare.local | 7 | include photoflare.local |
8 | 8 | ||
9 | nodeny ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/picard.profile b/etc/profile-m-z/picard.profile index ac178ee6c..a5ea47088 100644 --- a/etc/profile-m-z/picard.profile +++ b/etc/profile-m-z/picard.profile | |||
@@ -6,9 +6,9 @@ include picard.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/MusicBrainz | 9 | noblacklist ${HOME}/.cache/MusicBrainz |
10 | nodeny ${HOME}/.config/MusicBrainz | 10 | noblacklist ${HOME}/.config/MusicBrainz |
11 | nodeny ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-m-z/pidgin.profile b/etc/profile-m-z/pidgin.profile index a65abeb2e..26872e9a1 100644 --- a/etc/profile-m-z/pidgin.profile +++ b/etc/profile-m-z/pidgin.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore noexec ${RUNUSER} | 9 | ignore noexec ${RUNUSER} |
10 | ignore noexec /dev/shm | 10 | ignore noexec /dev/shm |
11 | 11 | ||
12 | nodeny ${HOME}/.purple | 12 | noblacklist ${HOME}/.purple |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-programs.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.purple | 22 | mkdir ${HOME}/.purple |
23 | allow ${HOME}/.purple | 23 | whitelist ${HOME}/.purple |
24 | allow ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | allow ${PICTURES} | 25 | whitelist ${PICTURES} |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile index 41e4fb6c0..2e17be2ce 100644 --- a/etc/profile-m-z/pinball.profile +++ b/etc/profile-m-z/pinball.profile | |||
@@ -6,7 +6,7 @@ include pinball.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/emilia | 9 | noblacklist ${HOME}/.config/emilia |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,11 +18,11 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/emilia | 20 | mkdir ${HOME}/.config/emilia |
21 | allow ${HOME}/.config/emilia | 21 | whitelist ${HOME}/.config/emilia |
22 | 22 | ||
23 | allow /usr/share/pinball | 23 | whitelist /usr/share/pinball |
24 | # on debian games are stored under /usr/share/games | 24 | # on debian games are stored under /usr/share/games |
25 | allow /usr/share/games/pinball | 25 | whitelist /usr/share/games/pinball |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile index 65e77abfa..e914007c0 100644 --- a/etc/profile-m-z/ping.profile +++ b/etc/profile-m-z/ping.profile | |||
@@ -7,8 +7,8 @@ include ping.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER} | 11 | blacklist ${RUNUSER} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile index aa2cfe203..f1fdfcbad 100644 --- a/etc/profile-m-z/pingus.profile +++ b/etc/profile-m-z/pingus.profile | |||
@@ -6,12 +6,12 @@ include pingus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.pingus | 9 | noblacklist ${HOME}/.pingus |
10 | 10 | ||
11 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 11 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
12 | include allow-bin-sh.inc | 12 | include allow-bin-sh.inc |
13 | 13 | ||
14 | deny /usr/libexec | 14 | blacklist /usr/libexec |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -23,8 +23,8 @@ include disable-shell.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.pingus | 25 | mkdir ${HOME}/.pingus |
26 | allow ${HOME}/.pingus | 26 | whitelist ${HOME}/.pingus |
27 | allow /usr/share/pingus | 27 | whitelist /usr/share/pingus |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/pinta.profile b/etc/profile-m-z/pinta.profile index d0d4f1fce..19406c399 100644 --- a/etc/profile-m-z/pinta.profile +++ b/etc/profile-m-z/pinta.profile | |||
@@ -6,9 +6,9 @@ include pinta.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Pinta | 9 | noblacklist ${HOME}/.config/Pinta |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | nodeny ${PICTURES} | 11 | noblacklist ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pioneer.profile b/etc/profile-m-z/pioneer.profile index 6cfea28b6..721b3944a 100644 --- a/etc/profile-m-z/pioneer.profile +++ b/etc/profile-m-z/pioneer.profile | |||
@@ -6,7 +6,7 @@ include pioneer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.pioneer | 9 | noblacklist ${HOME}/.pioneer |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.pioneer | 20 | mkdir ${HOME}/.pioneer |
21 | allow ${HOME}/.pioneer | 21 | whitelist ${HOME}/.pioneer |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/pipe-viewer.profile b/etc/profile-m-z/pipe-viewer.profile index acd7eeaf2..3de064311 100644 --- a/etc/profile-m-z/pipe-viewer.profile +++ b/etc/profile-m-z/pipe-viewer.profile | |||
@@ -7,13 +7,13 @@ include pipe-viewer.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.cache/pipe-viewer | 10 | noblacklist ${HOME}/.cache/pipe-viewer |
11 | nodeny ${HOME}/.config/pipe-viewer | 11 | noblacklist ${HOME}/.config/pipe-viewer |
12 | 12 | ||
13 | mkdir ${HOME}/.config/pipe-viewer | 13 | mkdir ${HOME}/.config/pipe-viewer |
14 | mkdir ${HOME}/.cache/pipe-viewer | 14 | mkdir ${HOME}/.cache/pipe-viewer |
15 | allow ${HOME}/.cache/pipe-viewer | 15 | whitelist ${HOME}/.cache/pipe-viewer |
16 | allow ${HOME}/.config/pipe-viewer | 16 | whitelist ${HOME}/.config/pipe-viewer |
17 | 17 | ||
18 | private-bin gtk-pipe-viewer,pipe-viewer | 18 | private-bin gtk-pipe-viewer,pipe-viewer |
19 | 19 | ||
diff --git a/etc/profile-m-z/pitivi.profile b/etc/profile-m-z/pitivi.profile index abce4c911..a2dd809c4 100644 --- a/etc/profile-m-z/pitivi.profile +++ b/etc/profile-m-z/pitivi.profile | |||
@@ -6,7 +6,7 @@ include pitivi.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/pitivi | 9 | noblacklist ${HOME}/.config/pitivi |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
diff --git a/etc/profile-m-z/pix.profile b/etc/profile-m-z/pix.profile index 63451d352..81d3e9370 100644 --- a/etc/profile-m-z/pix.profile +++ b/etc/profile-m-z/pix.profile | |||
@@ -5,10 +5,10 @@ include pix.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/pix | 8 | noblacklist ${HOME}/.config/pix |
9 | nodeny ${HOME}/.local/share/pix | 9 | noblacklist ${HOME}/.local/share/pix |
10 | nodeny ${HOME}/.Steam | 10 | noblacklist ${HOME}/.Steam |
11 | nodeny ${HOME}/.steam | 11 | noblacklist ${HOME}/.steam |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile index 13d7db7f7..4eb41b3bd 100644 --- a/etc/profile-m-z/pkglog.profile +++ b/etc/profile-m-z/pkglog.profile | |||
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | allow /var/log/apt/history.log | 20 | whitelist /var/log/apt/history.log |
21 | allow /var/log/dnf.rpm.log | 21 | whitelist /var/log/dnf.rpm.log |
22 | allow /var/log/pacman.log | 22 | whitelist /var/log/pacman.log |
23 | 23 | ||
24 | apparmor | 24 | apparmor |
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-m-z/playonlinux.profile b/etc/profile-m-z/playonlinux.profile index 9c23841e2..8e98905b5 100644 --- a/etc/profile-m-z/playonlinux.profile +++ b/etc/profile-m-z/playonlinux.profile | |||
@@ -7,10 +7,10 @@ include playonlinux.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.PlayOnLinux | 10 | noblacklist ${HOME}/.PlayOnLinux |
11 | 11 | ||
12 | # nc is needed to run playonlinux | 12 | # nc is needed to run playonlinux |
13 | nodeny ${PATH}/nc | 13 | noblacklist ${PATH}/nc |
14 | 14 | ||
15 | # Allow perl (blacklisted by disable-interpreters.inc) | 15 | # Allow perl (blacklisted by disable-interpreters.inc) |
16 | include allow-perl.inc | 16 | include allow-perl.inc |
diff --git a/etc/profile-m-z/pluma.profile b/etc/profile-m-z/pluma.profile index ab7e0c64b..10e12e5b1 100644 --- a/etc/profile-m-z/pluma.profile +++ b/etc/profile-m-z/pluma.profile | |||
@@ -6,8 +6,8 @@ include pluma.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/enchant | 9 | noblacklist ${HOME}/.config/enchant |
10 | nodeny ${HOME}/.config/pluma | 10 | noblacklist ${HOME}/.config/pluma |
11 | 11 | ||
12 | # Allows files commonly used by IDEs | 12 | # Allows files commonly used by IDEs |
13 | include allow-common-devel.inc | 13 | include allow-common-devel.inc |
diff --git a/etc/profile-m-z/plv.profile b/etc/profile-m-z/plv.profile index 02cb83ef6..5201fd853 100644 --- a/etc/profile-m-z/plv.profile +++ b/etc/profile-m-z/plv.profile | |||
@@ -6,7 +6,7 @@ include plv.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/PacmanLogViewer | 9 | noblacklist ${HOME}/.config/PacmanLogViewer |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.config/PacmanLogViewer | 19 | mkdir ${HOME}/.config/PacmanLogViewer |
20 | allow ${HOME}/.config/PacmanLogViewer | 20 | whitelist ${HOME}/.config/PacmanLogViewer |
21 | allow /var/log/pacman.log | 21 | whitelist /var/log/pacman.log |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/pngquant.profile b/etc/profile-m-z/pngquant.profile index 2c4dda43e..8a181d5a8 100644 --- a/etc/profile-m-z/pngquant.profile +++ b/etc/profile-m-z/pngquant.profile | |||
@@ -7,9 +7,9 @@ include pngquant.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${PICTURES} | 10 | noblacklist ${PICTURES} |
11 | 11 | ||
12 | deny ${RUNUSER}/wayland-* | 12 | blacklist ${RUNUSER}/wayland-* |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/polari.profile b/etc/profile-m-z/polari.profile index 115ac36ab..a3d4f9851 100644 --- a/etc/profile-m-z/polari.profile +++ b/etc/profile-m-z/polari.profile | |||
@@ -21,12 +21,12 @@ mkdir ${HOME}/.local/share/Empathy | |||
21 | mkdir ${HOME}/.local/share/TpLogger | 21 | mkdir ${HOME}/.local/share/TpLogger |
22 | mkdir ${HOME}/.local/share/telepathy | 22 | mkdir ${HOME}/.local/share/telepathy |
23 | mkdir ${HOME}/.purple | 23 | mkdir ${HOME}/.purple |
24 | allow ${HOME}/.cache/telepathy | 24 | whitelist ${HOME}/.cache/telepathy |
25 | allow ${HOME}/.config/telepathy-account-widgets | 25 | whitelist ${HOME}/.config/telepathy-account-widgets |
26 | allow ${HOME}/.local/share/Empathy | 26 | whitelist ${HOME}/.local/share/Empathy |
27 | allow ${HOME}/.local/share/TpLogger | 27 | whitelist ${HOME}/.local/share/TpLogger |
28 | allow ${HOME}/.local/share/telepathy | 28 | whitelist ${HOME}/.local/share/telepathy |
29 | allow ${HOME}/.purple | 29 | whitelist ${HOME}/.purple |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | 32 | ||
diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile index 10c59ea32..1f73c1d89 100644 --- a/etc/profile-m-z/ppsspp.profile +++ b/etc/profile-m-z/ppsspp.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # Note: you must whitelist your games folder in your ppsspp.local. | 9 | # Note: you must whitelist your games folder in your ppsspp.local. |
10 | 10 | ||
11 | nodeny ${HOME}/.config/ppsspp | 11 | noblacklist ${HOME}/.config/ppsspp |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,8 +20,8 @@ include disable-write-mnt.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.config/ppsspp | 22 | mkdir ${HOME}/.config/ppsspp |
23 | allow ${HOME}/.config/ppsspp | 23 | whitelist ${HOME}/.config/ppsspp |
24 | allow /usr/share/ppsspp | 24 | whitelist /usr/share/ppsspp |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/pragha.profile b/etc/profile-m-z/pragha.profile index 9b03bf632..f138d785e 100644 --- a/etc/profile-m-z/pragha.profile +++ b/etc/profile-m-z/pragha.profile | |||
@@ -6,8 +6,8 @@ include pragha.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/pragha | 9 | noblacklist ${HOME}/.config/pragha |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/profanity.profile b/etc/profile-m-z/profanity.profile index 137b4cb20..743458725 100644 --- a/etc/profile-m-z/profanity.profile +++ b/etc/profile-m-z/profanity.profile | |||
@@ -7,8 +7,8 @@ include profanity.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.config/profanity | 10 | noblacklist ${HOME}/.config/profanity |
11 | nodeny ${HOME}/.local/share/profanity | 11 | noblacklist ${HOME}/.local/share/profanity |
12 | 12 | ||
13 | # Allow Python | 13 | # Allow Python |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-m-z/psi-plus.profile b/etc/profile-m-z/psi-plus.profile index b0e28baf7..5ac58b0ac 100644 --- a/etc/profile-m-z/psi-plus.profile +++ b/etc/profile-m-z/psi-plus.profile | |||
@@ -6,8 +6,8 @@ include psi-plus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/psi+ | 9 | noblacklist ${HOME}/.config/psi+ |
10 | nodeny ${HOME}/.local/share/psi+ | 10 | noblacklist ${HOME}/.local/share/psi+ |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,10 +19,10 @@ include disable-programs.inc | |||
19 | mkdir ${HOME}/.cache/psi+ | 19 | mkdir ${HOME}/.cache/psi+ |
20 | mkdir ${HOME}/.config/psi+ | 20 | mkdir ${HOME}/.config/psi+ |
21 | mkdir ${HOME}/.local/share/psi+ | 21 | mkdir ${HOME}/.local/share/psi+ |
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | allow ${HOME}/.cache/psi+ | 23 | whitelist ${HOME}/.cache/psi+ |
24 | allow ${HOME}/.config/psi+ | 24 | whitelist ${HOME}/.config/psi+ |
25 | allow ${HOME}/.local/share/psi+ | 25 | whitelist ${HOME}/.local/share/psi+ |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | 27 | ||
28 | caps.drop all | 28 | caps.drop all |
diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile index 2588c3b75..7e0ef99fc 100644 --- a/etc/profile-m-z/psi.profile +++ b/etc/profile-m-z/psi.profile | |||
@@ -8,11 +8,11 @@ include globals.local | |||
8 | 8 | ||
9 | # Add the next line to your psi.local to enable GPG support. | 9 | # Add the next line to your psi.local to enable GPG support. |
10 | #noblacklist ${HOME}/.gnupg | 10 | #noblacklist ${HOME}/.gnupg |
11 | nodeny ${HOME}/.cache/psi | 11 | noblacklist ${HOME}/.cache/psi |
12 | nodeny ${HOME}/.cache/Psi | 12 | noblacklist ${HOME}/.cache/Psi |
13 | nodeny ${HOME}/.config/psi | 13 | noblacklist ${HOME}/.config/psi |
14 | nodeny ${HOME}/.local/share/psi | 14 | noblacklist ${HOME}/.local/share/psi |
15 | nodeny ${HOME}/.local/share/Psi | 15 | noblacklist ${HOME}/.local/share/Psi |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -32,16 +32,16 @@ mkdir ${HOME}/.local/share/psi | |||
32 | mkdir ${HOME}/.local/share/Psi | 32 | mkdir ${HOME}/.local/share/Psi |
33 | # Add the next line to your psi.local to enable GPG support. | 33 | # Add the next line to your psi.local to enable GPG support. |
34 | #whitelist ${HOME}/.gnupg | 34 | #whitelist ${HOME}/.gnupg |
35 | allow ${HOME}/.cache/psi | 35 | whitelist ${HOME}/.cache/psi |
36 | allow ${HOME}/.cache/Psi | 36 | whitelist ${HOME}/.cache/Psi |
37 | allow ${HOME}/.config/psi | 37 | whitelist ${HOME}/.config/psi |
38 | allow ${HOME}/.local/share/psi | 38 | whitelist ${HOME}/.local/share/psi |
39 | allow ${HOME}/.local/share/Psi | 39 | whitelist ${HOME}/.local/share/Psi |
40 | allow ${DOWNLOADS} | 40 | whitelist ${DOWNLOADS} |
41 | # Add the next lines to your psi.local to enable GPG support. | 41 | # Add the next lines to your psi.local to enable GPG support. |
42 | #whitelist /usr/share/gnupg | 42 | #whitelist /usr/share/gnupg |
43 | #whitelist /usr/share/gnupg2 | 43 | #whitelist /usr/share/gnupg2 |
44 | allow /usr/share/psi | 44 | whitelist /usr/share/psi |
45 | # Add the next lines to your psi.local to enable GPG support. | 45 | # Add the next lines to your psi.local to enable GPG support. |
46 | #whitelist ${RUNUSER}/gnupg | 46 | #whitelist ${RUNUSER}/gnupg |
47 | #whitelist ${RUNUSER}/keyring | 47 | #whitelist ${RUNUSER}/keyring |
diff --git a/etc/profile-m-z/pybitmessage.profile b/etc/profile-m-z/pybitmessage.profile index 1f0e83ab6..60ae37930 100644 --- a/etc/profile-m-z/pybitmessage.profile +++ b/etc/profile-m-z/pybitmessage.profile | |||
@@ -5,9 +5,9 @@ include pybitmessage.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny /sbin | 8 | noblacklist /sbin |
9 | nodeny /usr/local/sbin | 9 | noblacklist /usr/local/sbin |
10 | nodeny /usr/sbin | 10 | noblacklist /usr/sbin |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-m-z/pycharm-community.profile b/etc/profile-m-z/pycharm-community.profile index b6c08290e..00d7239ae 100644 --- a/etc/profile-m-z/pycharm-community.profile +++ b/etc/profile-m-z/pycharm-community.profile | |||
@@ -5,7 +5,7 @@ include pycharm-community.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.PyCharmCE* | 8 | noblacklist ${HOME}/.PyCharmCE* |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
diff --git a/etc/profile-m-z/pycharm-professional.profile b/etc/profile-m-z/pycharm-professional.profile index fa0932cc0..b754a18c9 100644 --- a/etc/profile-m-z/pycharm-professional.profile +++ b/etc/profile-m-z/pycharm-professional.profile | |||
@@ -6,7 +6,7 @@ include pyucharm-professional.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.PyCharm* | 9 | noblacklist ${HOME}/.PyCharm* |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include pycharm-community.profile | 12 | include pycharm-community.profile |
diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile index fb8e622b0..506b738cc 100644 --- a/etc/profile-m-z/qbittorrent.profile +++ b/etc/profile-m-z/qbittorrent.profile | |||
@@ -6,10 +6,10 @@ include qbittorrent.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/qBittorrent | 9 | noblacklist ${HOME}/.cache/qBittorrent |
10 | nodeny ${HOME}/.config/qBittorrent | 10 | noblacklist ${HOME}/.config/qBittorrent |
11 | nodeny ${HOME}/.config/qBittorrentrc | 11 | noblacklist ${HOME}/.config/qBittorrentrc |
12 | nodeny ${HOME}/.local/share/data/qBittorrent | 12 | noblacklist ${HOME}/.local/share/data/qBittorrent |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
@@ -27,11 +27,11 @@ mkdir ${HOME}/.cache/qBittorrent | |||
27 | mkdir ${HOME}/.config/qBittorrent | 27 | mkdir ${HOME}/.config/qBittorrent |
28 | mkfile ${HOME}/.config/qBittorrentrc | 28 | mkfile ${HOME}/.config/qBittorrentrc |
29 | mkdir ${HOME}/.local/share/data/qBittorrent | 29 | mkdir ${HOME}/.local/share/data/qBittorrent |
30 | allow ${DOWNLOADS} | 30 | whitelist ${DOWNLOADS} |
31 | allow ${HOME}/.cache/qBittorrent | 31 | whitelist ${HOME}/.cache/qBittorrent |
32 | allow ${HOME}/.config/qBittorrent | 32 | whitelist ${HOME}/.config/qBittorrent |
33 | allow ${HOME}/.config/qBittorrentrc | 33 | whitelist ${HOME}/.config/qBittorrentrc |
34 | allow ${HOME}/.local/share/data/qBittorrent | 34 | whitelist ${HOME}/.local/share/data/qBittorrent |
35 | include whitelist-common.inc | 35 | include whitelist-common.inc |
36 | include whitelist-var-common.inc | 36 | include whitelist-var-common.inc |
37 | 37 | ||
diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile index 7bcc4b065..0e52d7fc4 100644 --- a/etc/profile-m-z/qcomicbook.profile +++ b/etc/profile-m-z/qcomicbook.profile | |||
@@ -6,10 +6,10 @@ include qcomicbook.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/PawelStolowski | 9 | noblacklist ${HOME}/.cache/PawelStolowski |
10 | nodeny ${HOME}/.config/PawelStolowski | 10 | noblacklist ${HOME}/.config/PawelStolowski |
11 | nodeny ${HOME}/.local/share/PawelStolowski | 11 | noblacklist ${HOME}/.local/share/PawelStolowski |
12 | nodeny ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | 13 | ||
14 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 14 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
15 | include allow-bin-sh.inc | 15 | include allow-bin-sh.inc |
@@ -27,7 +27,7 @@ include disable-xdg.inc | |||
27 | mkdir ${HOME}/.cache/PawelStolowski | 27 | mkdir ${HOME}/.cache/PawelStolowski |
28 | mkdir ${HOME}/.config/PawelStolowski | 28 | mkdir ${HOME}/.config/PawelStolowski |
29 | mkdir ${HOME}/.local/share/PawelStolowski | 29 | mkdir ${HOME}/.local/share/PawelStolowski |
30 | allow /usr/share/qcomicbook | 30 | whitelist /usr/share/qcomicbook |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/qemu-launcher.profile b/etc/profile-m-z/qemu-launcher.profile index d527a2b82..ac60384fd 100644 --- a/etc/profile-m-z/qemu-launcher.profile +++ b/etc/profile-m-z/qemu-launcher.profile | |||
@@ -5,7 +5,7 @@ include qemu-launcher.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.qemu-launcher | 8 | noblacklist ${HOME}/.qemu-launcher |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-passwdmgr.inc | 11 | include disable-passwdmgr.inc |
diff --git a/etc/profile-m-z/qgis.profile b/etc/profile-m-z/qgis.profile index e99140c22..2e97daea2 100644 --- a/etc/profile-m-z/qgis.profile +++ b/etc/profile-m-z/qgis.profile | |||
@@ -6,10 +6,10 @@ include qgis.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/QGIS | 9 | noblacklist ${HOME}/.config/QGIS |
10 | nodeny ${HOME}/.local/share/QGIS | 10 | noblacklist ${HOME}/.local/share/QGIS |
11 | nodeny ${HOME}/.qgis2 | 11 | noblacklist ${HOME}/.qgis2 |
12 | nodeny ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python3.inc | 15 | include allow-python3.inc |
@@ -25,10 +25,10 @@ include disable-xdg.inc | |||
25 | mkdir ${HOME}/.local/share/QGIS | 25 | mkdir ${HOME}/.local/share/QGIS |
26 | mkdir ${HOME}/.qgis2 | 26 | mkdir ${HOME}/.qgis2 |
27 | mkdir ${HOME}/.config/QGIS | 27 | mkdir ${HOME}/.config/QGIS |
28 | allow ${HOME}/.local/share/QGIS | 28 | whitelist ${HOME}/.local/share/QGIS |
29 | allow ${HOME}/.qgis2 | 29 | whitelist ${HOME}/.qgis2 |
30 | allow ${HOME}/.config/QGIS | 30 | whitelist ${HOME}/.config/QGIS |
31 | allow ${DOCUMENTS} | 31 | whitelist ${DOCUMENTS} |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-m-z/qlipper.profile b/etc/profile-m-z/qlipper.profile index 75dc58ae4..6e94d5845 100644 --- a/etc/profile-m-z/qlipper.profile +++ b/etc/profile-m-z/qlipper.profile | |||
@@ -6,7 +6,7 @@ include qlipper.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Qlipper | 9 | noblacklist ${HOME}/.config/Qlipper |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/qmmp.profile b/etc/profile-m-z/qmmp.profile index d37fce997..c3d982c17 100644 --- a/etc/profile-m-z/qmmp.profile +++ b/etc/profile-m-z/qmmp.profile | |||
@@ -6,8 +6,8 @@ include qmmp.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.qmmp | 9 | noblacklist ${HOME}/.qmmp |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/qnapi.profile b/etc/profile-m-z/qnapi.profile index f12340052..ca11df5be 100644 --- a/etc/profile-m-z/qnapi.profile +++ b/etc/profile-m-z/qnapi.profile | |||
@@ -6,7 +6,7 @@ include qnapi.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/qnapi.ini | 9 | noblacklist ${HOME}/.config/qnapi.ini |
10 | 10 | ||
11 | ignore noexec /tmp | 11 | ignore noexec /tmp |
12 | 12 | ||
@@ -20,8 +20,8 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkfile ${HOME}/.config/qnapi.ini | 22 | mkfile ${HOME}/.config/qnapi.ini |
23 | allow ${HOME}/.config/qnapi.ini | 23 | whitelist ${HOME}/.config/qnapi.ini |
24 | allow ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/qpdfview.profile b/etc/profile-m-z/qpdfview.profile index 62fae324c..be690ffa4 100644 --- a/etc/profile-m-z/qpdfview.profile +++ b/etc/profile-m-z/qpdfview.profile | |||
@@ -6,9 +6,9 @@ include qpdfview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/qpdfview | 9 | noblacklist ${HOME}/.config/qpdfview |
10 | nodeny ${HOME}/.local/share/qpdfview | 10 | noblacklist ${HOME}/.local/share/qpdfview |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/qrencode.profile b/etc/profile-m-z/qrencode.profile index 5f0aec804..6cbf8519f 100644 --- a/etc/profile-m-z/qrencode.profile +++ b/etc/profile-m-z/qrencode.profile | |||
@@ -7,7 +7,7 @@ include qrencode.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER} | 10 | blacklist ${RUNUSER} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/qtox.profile b/etc/profile-m-z/qtox.profile index 1ad46814e..8ffe24d11 100644 --- a/etc/profile-m-z/qtox.profile +++ b/etc/profile-m-z/qtox.profile | |||
@@ -6,8 +6,8 @@ include qtox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/Tox | 9 | noblacklist ${HOME}/.cache/Tox |
10 | nodeny ${HOME}/.config/tox | 10 | noblacklist ${HOME}/.config/tox |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-shell.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.config/tox | 21 | mkdir ${HOME}/.config/tox |
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | allow ${HOME}/.config/tox | 23 | whitelist ${HOME}/.config/tox |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/quadrapassel.profile b/etc/profile-m-z/quadrapassel.profile index aee24925c..91e0d9d0d 100644 --- a/etc/profile-m-z/quadrapassel.profile +++ b/etc/profile-m-z/quadrapassel.profile | |||
@@ -6,11 +6,11 @@ include quadrapassel.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/quadrapassel | 9 | noblacklist ${HOME}/.local/share/quadrapassel |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/quadrapassel | 11 | mkdir ${HOME}/.local/share/quadrapassel |
12 | allow ${HOME}/.local/share/quadrapassel | 12 | whitelist ${HOME}/.local/share/quadrapassel |
13 | allow /usr/share/quadrapassel | 13 | whitelist /usr/share/quadrapassel |
14 | 14 | ||
15 | private-bin quadrapassel | 15 | private-bin quadrapassel |
16 | 16 | ||
diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile index a319e1e12..1d146aa39 100644 --- a/etc/profile-m-z/quaternion.profile +++ b/etc/profile-m-z/quaternion.profile | |||
@@ -6,8 +6,8 @@ include quaternion.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/Quotient/quaternion | 9 | noblacklist ${HOME}/.cache/Quotient/quaternion |
10 | nodeny ${HOME}/.config/Quotient | 10 | noblacklist ${HOME}/.config/Quotient |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,10 +20,10 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.cache/Quotient/quaternion | 21 | mkdir ${HOME}/.cache/Quotient/quaternion |
22 | mkdir ${HOME}/.config/Quotient | 22 | mkdir ${HOME}/.config/Quotient |
23 | allow ${HOME}/.cache/Quotient/quaternion | 23 | whitelist ${HOME}/.cache/Quotient/quaternion |
24 | allow ${HOME}/.config/Quotient | 24 | whitelist ${HOME}/.config/Quotient |
25 | allow ${DOWNLOADS} | 25 | whitelist ${DOWNLOADS} |
26 | allow /usr/share/Quotient/quaternion | 26 | whitelist /usr/share/Quotient/quaternion |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/quiterss.profile b/etc/profile-m-z/quiterss.profile index 2693f2ed5..9490089b2 100644 --- a/etc/profile-m-z/quiterss.profile +++ b/etc/profile-m-z/quiterss.profile | |||
@@ -6,10 +6,10 @@ include quiterss.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/QuiteRss | 9 | noblacklist ${HOME}/.cache/QuiteRss |
10 | nodeny ${HOME}/.config/QuiteRss | 10 | noblacklist ${HOME}/.config/QuiteRss |
11 | nodeny ${HOME}/.config/QuiteRssrc | 11 | noblacklist ${HOME}/.config/QuiteRssrc |
12 | nodeny ${HOME}/.local/share/QuiteRss | 12 | noblacklist ${HOME}/.local/share/QuiteRss |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -25,12 +25,12 @@ mkdir ${HOME}/.local/share/data | |||
25 | mkdir ${HOME}/.local/share/data/QuiteRss | 25 | mkdir ${HOME}/.local/share/data/QuiteRss |
26 | mkdir ${HOME}/.local/share/QuiteRss | 26 | mkdir ${HOME}/.local/share/QuiteRss |
27 | mkfile ${HOME}/quiterssfeeds.opml | 27 | mkfile ${HOME}/quiterssfeeds.opml |
28 | allow ${HOME}/.cache/QuiteRss | 28 | whitelist ${HOME}/.cache/QuiteRss |
29 | allow ${HOME}/.config/QuiteRss | 29 | whitelist ${HOME}/.config/QuiteRss |
30 | allow ${HOME}/.config/QuiteRssrc | 30 | whitelist ${HOME}/.config/QuiteRssrc |
31 | allow ${HOME}/.local/share/data/QuiteRss | 31 | whitelist ${HOME}/.local/share/data/QuiteRss |
32 | allow ${HOME}/.local/share/QuiteRss | 32 | whitelist ${HOME}/.local/share/QuiteRss |
33 | allow ${HOME}/quiterssfeeds.opml | 33 | whitelist ${HOME}/quiterssfeeds.opml |
34 | include whitelist-common.inc | 34 | include whitelist-common.inc |
35 | 35 | ||
36 | caps.drop all | 36 | caps.drop all |
diff --git a/etc/profile-m-z/quodlibet.profile b/etc/profile-m-z/quodlibet.profile index 52c120c08..92b02b2bf 100644 --- a/etc/profile-m-z/quodlibet.profile +++ b/etc/profile-m-z/quodlibet.profile | |||
@@ -6,10 +6,10 @@ include quodlibet.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/quodlibet | 9 | noblacklist ${HOME}/.cache/quodlibet |
10 | nodeny ${HOME}/.config/quodlibet | 10 | noblacklist ${HOME}/.config/quodlibet |
11 | nodeny ${HOME}/.quodlibet | 11 | noblacklist ${HOME}/.quodlibet |
12 | nodeny ${MUSIC} | 12 | noblacklist ${MUSIC} |
13 | 13 | ||
14 | include allow-bin-sh.inc | 14 | include allow-bin-sh.inc |
15 | 15 | ||
@@ -30,11 +30,11 @@ mkdir ${HOME}/.cache/quodlibet | |||
30 | mkdir ${HOME}/.config/quodlibet | 30 | mkdir ${HOME}/.config/quodlibet |
31 | mkdir ${HOME}/.quodlibet | 31 | mkdir ${HOME}/.quodlibet |
32 | 32 | ||
33 | allow ${HOME}/.cache/quodlibet | 33 | whitelist ${HOME}/.cache/quodlibet |
34 | allow ${HOME}/.config/quodlibet | 34 | whitelist ${HOME}/.config/quodlibet |
35 | allow ${HOME}/.quodlibet | 35 | whitelist ${HOME}/.quodlibet |
36 | allow ${DOWNLOADS} | 36 | whitelist ${DOWNLOADS} |
37 | allow ${MUSIC} | 37 | whitelist ${MUSIC} |
38 | include whitelist-common.inc | 38 | include whitelist-common.inc |
39 | include whitelist-runuser-common.inc | 39 | include whitelist-runuser-common.inc |
40 | include whitelist-usr-share-common.inc | 40 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/qupzilla.profile b/etc/profile-m-z/qupzilla.profile index 9bc91808b..7aa71c848 100644 --- a/etc/profile-m-z/qupzilla.profile +++ b/etc/profile-m-z/qupzilla.profile | |||
@@ -6,8 +6,8 @@ include qupzilla.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/qupzilla | 9 | noblacklist ${HOME}/.cache/qupzilla |
10 | nodeny ${HOME}/.config/qupzilla | 10 | noblacklist ${HOME}/.config/qupzilla |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.cache/qupzilla | 19 | mkdir ${HOME}/.cache/qupzilla |
20 | mkdir ${HOME}/.config/qupzilla | 20 | mkdir ${HOME}/.config/qupzilla |
21 | allow ${HOME}/.cache/qupzilla | 21 | whitelist ${HOME}/.cache/qupzilla |
22 | allow ${HOME}/.config/qupzilla | 22 | whitelist ${HOME}/.config/qupzilla |
23 | 23 | ||
24 | # Redirect | 24 | # Redirect |
25 | include falkon.profile | 25 | include falkon.profile |
diff --git a/etc/profile-m-z/qutebrowser.profile b/etc/profile-m-z/qutebrowser.profile index a342e2acd..fc910b589 100644 --- a/etc/profile-m-z/qutebrowser.profile +++ b/etc/profile-m-z/qutebrowser.profile | |||
@@ -6,9 +6,9 @@ include qutebrowser.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/qutebrowser | 9 | noblacklist ${HOME}/.cache/qutebrowser |
10 | nodeny ${HOME}/.config/qutebrowser | 10 | noblacklist ${HOME}/.config/qutebrowser |
11 | nodeny ${HOME}/.local/share/qutebrowser | 11 | noblacklist ${HOME}/.local/share/qutebrowser |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -22,10 +22,10 @@ include disable-programs.inc | |||
22 | mkdir ${HOME}/.cache/qutebrowser | 22 | mkdir ${HOME}/.cache/qutebrowser |
23 | mkdir ${HOME}/.config/qutebrowser | 23 | mkdir ${HOME}/.config/qutebrowser |
24 | mkdir ${HOME}/.local/share/qutebrowser | 24 | mkdir ${HOME}/.local/share/qutebrowser |
25 | allow ${DOWNLOADS} | 25 | whitelist ${DOWNLOADS} |
26 | allow ${HOME}/.cache/qutebrowser | 26 | whitelist ${HOME}/.cache/qutebrowser |
27 | allow ${HOME}/.config/qutebrowser | 27 | whitelist ${HOME}/.config/qutebrowser |
28 | allow ${HOME}/.local/share/qutebrowser | 28 | whitelist ${HOME}/.local/share/qutebrowser |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | 30 | ||
31 | caps.drop all | 31 | caps.drop all |
diff --git a/etc/profile-m-z/rambox.profile b/etc/profile-m-z/rambox.profile index b1059cee8..ffa2022ee 100644 --- a/etc/profile-m-z/rambox.profile +++ b/etc/profile-m-z/rambox.profile | |||
@@ -6,9 +6,9 @@ include rambox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Rambox | 9 | noblacklist ${HOME}/.config/Rambox |
10 | nodeny ${HOME}/.pki | 10 | noblacklist ${HOME}/.pki |
11 | nodeny ${HOME}/.local/share/pki | 11 | noblacklist ${HOME}/.local/share/pki |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -18,10 +18,10 @@ include disable-programs.inc | |||
18 | mkdir ${HOME}/.config/Rambox | 18 | mkdir ${HOME}/.config/Rambox |
19 | mkdir ${HOME}/.pki | 19 | mkdir ${HOME}/.pki |
20 | mkdir ${HOME}/.local/share/pki | 20 | mkdir ${HOME}/.local/share/pki |
21 | allow ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
22 | allow ${HOME}/.config/Rambox | 22 | whitelist ${HOME}/.config/Rambox |
23 | allow ${HOME}/.pki | 23 | whitelist ${HOME}/.pki |
24 | allow ${HOME}/.local/share/pki | 24 | whitelist ${HOME}/.local/share/pki |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-m-z/redeclipse.profile b/etc/profile-m-z/redeclipse.profile index 3b56f651f..9bc196a16 100644 --- a/etc/profile-m-z/redeclipse.profile +++ b/etc/profile-m-z/redeclipse.profile | |||
@@ -6,7 +6,7 @@ include redeclipse.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.redeclipse | 9 | noblacklist ${HOME}/.redeclipse |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.redeclipse | 19 | mkdir ${HOME}/.redeclipse |
20 | allow ${HOME}/.redeclipse | 20 | whitelist ${HOME}/.redeclipse |
21 | allow /usr/share/redeclipse | 21 | whitelist /usr/share/redeclipse |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/rednotebook.profile b/etc/profile-m-z/rednotebook.profile new file mode 100644 index 000000000..67281c518 --- /dev/null +++ b/etc/profile-m-z/rednotebook.profile | |||
@@ -0,0 +1,67 @@ | |||
1 | # Firejail profile for rednotebook | ||
2 | # Description: Daily journal with calendar, templates and keyword searching | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include rednotebook.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | nodeny ${HOME}/.cache/rednotebook | ||
10 | nodeny ${HOME}/.rednotebook | ||
11 | |||
12 | # Allow python (blacklisted by disable-interpreters.inc) | ||
13 | include allow-python3.inc | ||
14 | |||
15 | include disable-common.inc | ||
16 | include disable-devel.inc | ||
17 | include disable-exec.inc | ||
18 | include disable-interpreters.inc | ||
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | ||
21 | include disable-shell.inc | ||
22 | |||
23 | mkdir ${HOME}/.cache/rednotebook | ||
24 | mkdir ${HOME}/.rednotebook | ||
25 | allow ${HOME}/.cache/rednotebook | ||
26 | allow ${HOME}/.rednotebook | ||
27 | allow ${DESKTOP} | ||
28 | allow ${DOCUMENTS} | ||
29 | allow ${DOWNLOADS} | ||
30 | allow ${MUSIC} | ||
31 | allow ${PICTURES} | ||
32 | allow ${VIDEOS} | ||
33 | allow /usr/libexec/webkit2gtk-4.0 | ||
34 | include whitelist-common.inc | ||
35 | include whitelist-runuser-common.inc | ||
36 | include whitelist-usr-share-common.inc | ||
37 | include whitelist-var-common.inc | ||
38 | |||
39 | apparmor | ||
40 | caps.drop all | ||
41 | machine-id | ||
42 | net none | ||
43 | no3d | ||
44 | nodvd | ||
45 | nogroups | ||
46 | noinput | ||
47 | nonewprivs | ||
48 | noroot | ||
49 | nosound | ||
50 | notv | ||
51 | nou2f | ||
52 | novideo | ||
53 | protocol unix | ||
54 | seccomp | ||
55 | seccomp.block-secondary | ||
56 | shell none | ||
57 | tracelog | ||
58 | |||
59 | disable-mnt | ||
60 | private-bin python3*,rednotebook | ||
61 | private-cache | ||
62 | private-dev | ||
63 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | ||
64 | private-tmp | ||
65 | |||
66 | dbus-user none | ||
67 | dbus-system none | ||
diff --git a/etc/profile-m-z/redshift.profile b/etc/profile-m-z/redshift.profile index 3035e1d74..f87c5f67c 100644 --- a/etc/profile-m-z/redshift.profile +++ b/etc/profile-m-z/redshift.profile | |||
@@ -7,8 +7,8 @@ include redshift.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.config/redshift | 10 | noblacklist ${HOME}/.config/redshift |
11 | nodeny ${HOME}/.config/redshift.conf | 11 | noblacklist ${HOME}/.config/redshift.conf |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.config/redshift | 21 | mkdir ${HOME}/.config/redshift |
22 | allow ${HOME}/.config/redshift | 22 | whitelist ${HOME}/.config/redshift |
23 | allow ${HOME}/.config/redshift.conf | 23 | whitelist ${HOME}/.config/redshift.conf |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
26 | apparmor | 26 | apparmor |
diff --git a/etc/profile-m-z/regextester.profile b/etc/profile-m-z/regextester.profile index 82feafab9..f5131c5d0 100644 --- a/etc/profile-m-z/regextester.profile +++ b/etc/profile-m-z/regextester.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow /usr/share/com.github.artemanufrij.regextester | 18 | whitelist /usr/share/com.github.artemanufrij.regextester |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/remmina.profile b/etc/profile-m-z/remmina.profile index 3f385f602..aca22f187 100644 --- a/etc/profile-m-z/remmina.profile +++ b/etc/profile-m-z/remmina.profile | |||
@@ -6,9 +6,9 @@ include remmina.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.remmina | 9 | noblacklist ${HOME}/.remmina |
10 | nodeny ${HOME}/.config/remmina | 10 | noblacklist ${HOME}/.config/remmina |
11 | nodeny ${HOME}/.local/share/remmina | 11 | noblacklist ${HOME}/.local/share/remmina |
12 | 12 | ||
13 | # Allow ssh (blacklisted by disable-common.inc) | 13 | # Allow ssh (blacklisted by disable-common.inc) |
14 | include allow-ssh.inc | 14 | include allow-ssh.inc |
diff --git a/etc/profile-m-z/rhythmbox.profile b/etc/profile-m-z/rhythmbox.profile index c532d3dc1..970e8ffba 100644 --- a/etc/profile-m-z/rhythmbox.profile +++ b/etc/profile-m-z/rhythmbox.profile | |||
@@ -6,9 +6,9 @@ include rhythmbox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | nodeny ${HOME}/.cache/rhythmbox | 10 | noblacklist ${HOME}/.cache/rhythmbox |
11 | nodeny ${HOME}/.local/share/rhythmbox | 11 | noblacklist ${HOME}/.local/share/rhythmbox |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -26,10 +26,10 @@ include disable-programs.inc | |||
26 | include disable-shell.inc | 26 | include disable-shell.inc |
27 | include disable-xdg.inc | 27 | include disable-xdg.inc |
28 | 28 | ||
29 | allow /usr/share/rhythmbox | 29 | whitelist /usr/share/rhythmbox |
30 | allow /usr/share/lua | 30 | whitelist /usr/share/lua |
31 | allow /usr/share/libquvi-scripts | 31 | whitelist /usr/share/libquvi-scripts |
32 | allow /usr/share/tracker | 32 | whitelist /usr/share/tracker |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/ricochet.profile b/etc/profile-m-z/ricochet.profile index c3ee57ef3..b664a2be3 100644 --- a/etc/profile-m-z/ricochet.profile +++ b/etc/profile-m-z/ricochet.profile | |||
@@ -5,7 +5,7 @@ include ricochet.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.local/share/Ricochet | 8 | noblacklist ${HOME}/.local/share/Ricochet |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.local/share/Ricochet | 18 | mkdir ${HOME}/.local/share/Ricochet |
19 | allow ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | allow ${HOME}/.local/share/Ricochet | 20 | whitelist ${HOME}/.local/share/Ricochet |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-m-z/riot-web.profile b/etc/profile-m-z/riot-web.profile index 782396a50..687c943b0 100644 --- a/etc/profile-m-z/riot-web.profile +++ b/etc/profile-m-z/riot-web.profile | |||
@@ -8,11 +8,11 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec /tmp | 9 | ignore noexec /tmp |
10 | 10 | ||
11 | nodeny ${HOME}/.config/Riot | 11 | noblacklist ${HOME}/.config/Riot |
12 | 12 | ||
13 | mkdir ${HOME}/.config/Riot | 13 | mkdir ${HOME}/.config/Riot |
14 | allow ${HOME}/.config/Riot | 14 | whitelist ${HOME}/.config/Riot |
15 | allow /usr/share/webapps/element | 15 | whitelist /usr/share/webapps/element |
16 | 16 | ||
17 | # Redirect | 17 | # Redirect |
18 | include electron.profile | 18 | include electron.profile |
diff --git a/etc/profile-m-z/ripperx.profile b/etc/profile-m-z/ripperx.profile index c97ac8090..be815e714 100644 --- a/etc/profile-m-z/ripperx.profile +++ b/etc/profile-m-z/ripperx.profile | |||
@@ -6,8 +6,8 @@ include ripperx.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.ripperXrc | 9 | noblacklist ${HOME}/.ripperXrc |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/ristretto.profile b/etc/profile-m-z/ristretto.profile index 109d2f8f1..5572cab5a 100644 --- a/etc/profile-m-z/ristretto.profile +++ b/etc/profile-m-z/ristretto.profile | |||
@@ -6,9 +6,9 @@ include ristretto.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/ristretto | 9 | noblacklist ${HOME}/.config/ristretto |
10 | nodeny ${HOME}/.Steam | 10 | noblacklist ${HOME}/.Steam |
11 | nodeny ${HOME}/.steam | 11 | noblacklist ${HOME}/.steam |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/rocketchat.profile b/etc/profile-m-z/rocketchat.profile index 1a76c4211..8d3607c75 100644 --- a/etc/profile-m-z/rocketchat.profile +++ b/etc/profile-m-z/rocketchat.profile | |||
@@ -21,10 +21,10 @@ ignore private-cache | |||
21 | ignore private-dev | 21 | ignore private-dev |
22 | ignore private-tmp | 22 | ignore private-tmp |
23 | 23 | ||
24 | nodeny ${HOME}/.config/Rocket.Chat | 24 | noblacklist ${HOME}/.config/Rocket.Chat |
25 | 25 | ||
26 | mkdir ${HOME}/.config/Rocket.Chat | 26 | mkdir ${HOME}/.config/Rocket.Chat |
27 | allow ${HOME}/.config/Rocket.Chat | 27 | whitelist ${HOME}/.config/Rocket.Chat |
28 | 28 | ||
29 | # Redirect | 29 | # Redirect |
30 | include electron.profile | 30 | include electron.profile |
diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile index 4807b7d36..690b44bb1 100644 --- a/etc/profile-m-z/rsync-download_only.profile +++ b/etc/profile-m-z/rsync-download_only.profile | |||
@@ -11,8 +11,8 @@ include globals.local | |||
11 | # not as a daemon (rsync --daemon) nor to create backups. | 11 | # not as a daemon (rsync --daemon) nor to create backups. |
12 | # Usage: firejail --profile=rsync-download_only rsync | 12 | # Usage: firejail --profile=rsync-download_only rsync |
13 | 13 | ||
14 | deny /tmp/.X11-unix | 14 | blacklist /tmp/.X11-unix |
15 | deny ${RUNUSER} | 15 | blacklist ${RUNUSER} |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/profile-m-z/rtv-addons.profile b/etc/profile-m-z/rtv-addons.profile index 6b7d6b155..cc6db5043 100644 --- a/etc/profile-m-z/rtv-addons.profile +++ b/etc/profile-m-z/rtv-addons.profile | |||
@@ -11,16 +11,16 @@ ignore nosound | |||
11 | ignore private-bin | 11 | ignore private-bin |
12 | ignore dbus-user none | 12 | ignore dbus-user none |
13 | 13 | ||
14 | nodeny ${HOME}/.config/mpv | 14 | noblacklist ${HOME}/.config/mpv |
15 | nodeny ${HOME}/.mailcap | 15 | noblacklist ${HOME}/.mailcap |
16 | nodeny ${HOME}/.netrc | 16 | noblacklist ${HOME}/.netrc |
17 | nodeny ${HOME}/.w3m | 17 | noblacklist ${HOME}/.w3m |
18 | 18 | ||
19 | allow ${HOME}/.cache/youtube-dl/youtube-sigfuncs | 19 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs |
20 | allow ${HOME}/.config/mpv | 20 | whitelist ${HOME}/.config/mpv |
21 | allow ${HOME}/.mailcap | 21 | whitelist ${HOME}/.mailcap |
22 | allow ${HOME}/.netrc | 22 | whitelist ${HOME}/.netrc |
23 | allow ${HOME}/.w3m | 23 | whitelist ${HOME}/.w3m |
24 | 24 | ||
25 | #private-bin w3m,mpv,youtube-dl | 25 | #private-bin w3m,mpv,youtube-dl |
26 | 26 | ||
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile index 074050792..2f1fe0155 100644 --- a/etc/profile-m-z/rtv.profile +++ b/etc/profile-m-z/rtv.profile | |||
@@ -6,11 +6,11 @@ include rtv.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | deny ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | nodeny ${HOME}/.config/rtv | 12 | noblacklist ${HOME}/.config/rtv |
13 | nodeny ${HOME}/.local/share/rtv | 13 | noblacklist ${HOME}/.local/share/rtv |
14 | 14 | ||
15 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 15 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
16 | include allow-bin-sh.inc | 16 | include allow-bin-sh.inc |
@@ -33,8 +33,8 @@ include disable-xdg.inc | |||
33 | 33 | ||
34 | mkdir ${HOME}/.config/rtv | 34 | mkdir ${HOME}/.config/rtv |
35 | mkdir ${HOME}/.local/share/rtv | 35 | mkdir ${HOME}/.local/share/rtv |
36 | allow ${HOME}/.config/rtv | 36 | whitelist ${HOME}/.config/rtv |
37 | allow ${HOME}/.local/share/rtv | 37 | whitelist ${HOME}/.local/share/rtv |
38 | include whitelist-var-common.inc | 38 | include whitelist-var-common.inc |
39 | 39 | ||
40 | apparmor | 40 | apparmor |
diff --git a/etc/profile-m-z/sayonara.profile b/etc/profile-m-z/sayonara.profile index 963f5da02..de79913cc 100644 --- a/etc/profile-m-z/sayonara.profile +++ b/etc/profile-m-z/sayonara.profile | |||
@@ -5,8 +5,8 @@ include sayonara.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.Sayonara | 8 | noblacklist ${HOME}/.Sayonara |
9 | nodeny ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/scallion.profile b/etc/profile-m-z/scallion.profile index 26550b5e0..eb8468c3b 100644 --- a/etc/profile-m-z/scallion.profile +++ b/etc/profile-m-z/scallion.profile | |||
@@ -6,10 +6,10 @@ include scallion.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${PATH}/llvm* | 9 | noblacklist ${PATH}/llvm* |
10 | nodeny ${PATH}/openssl | 10 | noblacklist ${PATH}/openssl |
11 | nodeny ${PATH}/openssl-1.0 | 11 | noblacklist ${PATH}/openssl-1.0 |
12 | nodeny ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
diff --git a/etc/profile-m-z/scorched3d.profile b/etc/profile-m-z/scorched3d.profile index 921efb49e..b1989e474 100644 --- a/etc/profile-m-z/scorched3d.profile +++ b/etc/profile-m-z/scorched3d.profile | |||
@@ -6,7 +6,7 @@ include scorched3d.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.scorched3d | 9 | noblacklist ${HOME}/.scorched3d |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.scorched3d | 19 | mkdir ${HOME}/.scorched3d |
20 | allow ${HOME}/.scorched3d | 20 | whitelist ${HOME}/.scorched3d |
21 | allow /usr/share/scorched3d | 21 | whitelist /usr/share/scorched3d |
22 | allow /usr/share/games/scorched3d | 22 | whitelist /usr/share/games/scorched3d |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/scorchwentbonkers.profile b/etc/profile-m-z/scorchwentbonkers.profile index 54a6c3a01..2cb1df6b5 100644 --- a/etc/profile-m-z/scorchwentbonkers.profile +++ b/etc/profile-m-z/scorchwentbonkers.profile | |||
@@ -6,7 +6,7 @@ include scorchwentbonkers.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.swb.ini | 9 | noblacklist ${HOME}/.swb.ini |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.swb.ini | 20 | mkdir ${HOME}/.swb.ini |
21 | allow ${HOME}/.swb.ini | 21 | whitelist ${HOME}/.swb.ini |
22 | allow /usr/share/scorchwentbonkers | 22 | whitelist /usr/share/scorchwentbonkers |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/scribus.profile b/etc/profile-m-z/scribus.profile index 6519f8e87..1fdeaa145 100644 --- a/etc/profile-m-z/scribus.profile +++ b/etc/profile-m-z/scribus.profile | |||
@@ -7,24 +7,24 @@ include scribus.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Support for PDF readers comes with Scribus 1.5 and higher | 9 | # Support for PDF readers comes with Scribus 1.5 and higher |
10 | nodeny ${HOME}/.cache/okular | 10 | noblacklist ${HOME}/.cache/okular |
11 | nodeny ${HOME}/.config/GIMP | 11 | noblacklist ${HOME}/.config/GIMP |
12 | nodeny ${HOME}/.config/okularpartrc | 12 | noblacklist ${HOME}/.config/okularpartrc |
13 | nodeny ${HOME}/.config/okularrc | 13 | noblacklist ${HOME}/.config/okularrc |
14 | nodeny ${HOME}/.config/scribus | 14 | noblacklist ${HOME}/.config/scribus |
15 | nodeny ${HOME}/.config/scribusrc | 15 | noblacklist ${HOME}/.config/scribusrc |
16 | nodeny ${HOME}/.gimp* | 16 | noblacklist ${HOME}/.gimp* |
17 | nodeny ${HOME}/.kde/share/apps/okular | 17 | noblacklist ${HOME}/.kde/share/apps/okular |
18 | nodeny ${HOME}/.kde/share/config/okularpartrc | 18 | noblacklist ${HOME}/.kde/share/config/okularpartrc |
19 | nodeny ${HOME}/.kde/share/config/okularrc | 19 | noblacklist ${HOME}/.kde/share/config/okularrc |
20 | nodeny ${HOME}/.kde4/share/apps/okular | 20 | noblacklist ${HOME}/.kde4/share/apps/okular |
21 | nodeny ${HOME}/.kde4/share/config/okularpartrc | 21 | noblacklist ${HOME}/.kde4/share/config/okularpartrc |
22 | nodeny ${HOME}/.kde4/share/config/okularrc | 22 | noblacklist ${HOME}/.kde4/share/config/okularrc |
23 | nodeny ${HOME}/.local/share/okular | 23 | noblacklist ${HOME}/.local/share/okular |
24 | nodeny ${HOME}/.local/share/scribus | 24 | noblacklist ${HOME}/.local/share/scribus |
25 | nodeny ${HOME}/.scribus | 25 | noblacklist ${HOME}/.scribus |
26 | nodeny ${DOCUMENTS} | 26 | noblacklist ${DOCUMENTS} |
27 | nodeny ${PICTURES} | 27 | noblacklist ${PICTURES} |
28 | 28 | ||
29 | # Allow python (blacklisted by disable-interpreters.inc) | 29 | # Allow python (blacklisted by disable-interpreters.inc) |
30 | include allow-python2.inc | 30 | include allow-python2.inc |
diff --git a/etc/profile-m-z/seahorse-adventures.profile b/etc/profile-m-z/seahorse-adventures.profile index 95cedac3f..7799ab7ed 100644 --- a/etc/profile-m-z/seahorse-adventures.profile +++ b/etc/profile-m-z/seahorse-adventures.profile | |||
@@ -22,8 +22,8 @@ include disable-programs.inc | |||
22 | include disable-shell.inc | 22 | include disable-shell.inc |
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | allow /usr/share/seahorse-adventures | 25 | whitelist /usr/share/seahorse-adventures |
26 | allow /usr/share/games/seahorse-adventures | 26 | whitelist /usr/share/games/seahorse-adventures |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile index 66605173b..d3d8e453f 100644 --- a/etc/profile-m-z/seahorse.profile +++ b/etc/profile-m-z/seahorse.profile | |||
@@ -6,9 +6,9 @@ include seahorse.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
11 | nodeny ${HOME}/.gnupg | 11 | noblacklist ${HOME}/.gnupg |
12 | 12 | ||
13 | # Allow ssh (blacklisted by disable-common.inc) | 13 | # Allow ssh (blacklisted by disable-common.inc) |
14 | include allow-ssh.inc | 14 | include allow-ssh.inc |
@@ -27,13 +27,13 @@ include disable-xdg.inc | |||
27 | #mkdir ${HOME}/.ssh | 27 | #mkdir ${HOME}/.ssh |
28 | #whitelist ${HOME}/.gnupg | 28 | #whitelist ${HOME}/.gnupg |
29 | #whitelist ${HOME}/.ssh | 29 | #whitelist ${HOME}/.ssh |
30 | allow /tmp/ssh-* | 30 | whitelist /tmp/ssh-* |
31 | allow /usr/share/gnupg | 31 | whitelist /usr/share/gnupg |
32 | allow /usr/share/gnupg2 | 32 | whitelist /usr/share/gnupg2 |
33 | allow /usr/share/seahorse | 33 | whitelist /usr/share/seahorse |
34 | allow /usr/share/seahorse-nautilus | 34 | whitelist /usr/share/seahorse-nautilus |
35 | allow ${RUNUSER}/gnupg | 35 | whitelist ${RUNUSER}/gnupg |
36 | allow ${RUNUSER}/keyring | 36 | whitelist ${RUNUSER}/keyring |
37 | #include whitelist-common.inc | 37 | #include whitelist-common.inc |
38 | include whitelist-runuser-common.inc | 38 | include whitelist-runuser-common.inc |
39 | include whitelist-usr-share-common.inc | 39 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/seamonkey.profile b/etc/profile-m-z/seamonkey.profile index c9867719a..807effbeb 100644 --- a/etc/profile-m-z/seamonkey.profile +++ b/etc/profile-m-z/seamonkey.profile | |||
@@ -6,10 +6,10 @@ include seamonkey.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/mozilla | 9 | noblacklist ${HOME}/.cache/mozilla |
10 | nodeny ${HOME}/.mozilla | 10 | noblacklist ${HOME}/.mozilla |
11 | nodeny ${HOME}/.pki | 11 | noblacklist ${HOME}/.pki |
12 | nodeny ${HOME}/.local/share/pki | 12 | noblacklist ${HOME}/.local/share/pki |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -20,25 +20,25 @@ mkdir ${HOME}/.cache/mozilla | |||
20 | mkdir ${HOME}/.mozilla | 20 | mkdir ${HOME}/.mozilla |
21 | mkdir ${HOME}/.pki | 21 | mkdir ${HOME}/.pki |
22 | mkdir ${HOME}/.local/share/pki | 22 | mkdir ${HOME}/.local/share/pki |
23 | allow ${DOWNLOADS} | 23 | whitelist ${DOWNLOADS} |
24 | allow ${HOME}/.cache/gnome-mplayer/plugin | 24 | whitelist ${HOME}/.cache/gnome-mplayer/plugin |
25 | allow ${HOME}/.cache/mozilla | 25 | whitelist ${HOME}/.cache/mozilla |
26 | allow ${HOME}/.config/gnome-mplayer | 26 | whitelist ${HOME}/.config/gnome-mplayer |
27 | allow ${HOME}/.config/pipelight-silverlight5.1 | 27 | whitelist ${HOME}/.config/pipelight-silverlight5.1 |
28 | allow ${HOME}/.config/pipelight-widevine | 28 | whitelist ${HOME}/.config/pipelight-widevine |
29 | allow ${HOME}/.keysnail.js | 29 | whitelist ${HOME}/.keysnail.js |
30 | allow ${HOME}/.lastpass | 30 | whitelist ${HOME}/.lastpass |
31 | allow ${HOME}/.mozilla | 31 | whitelist ${HOME}/.mozilla |
32 | allow ${HOME}/.pentadactyl | 32 | whitelist ${HOME}/.pentadactyl |
33 | allow ${HOME}/.pentadactylrc | 33 | whitelist ${HOME}/.pentadactylrc |
34 | allow ${HOME}/.pki | 34 | whitelist ${HOME}/.pki |
35 | allow ${HOME}/.local/share/pki | 35 | whitelist ${HOME}/.local/share/pki |
36 | allow ${HOME}/.vimperator | 36 | whitelist ${HOME}/.vimperator |
37 | allow ${HOME}/.vimperatorrc | 37 | whitelist ${HOME}/.vimperatorrc |
38 | allow ${HOME}/.wine-pipelight | 38 | whitelist ${HOME}/.wine-pipelight |
39 | allow ${HOME}/.wine-pipelight64 | 39 | whitelist ${HOME}/.wine-pipelight64 |
40 | allow ${HOME}/.zotero | 40 | whitelist ${HOME}/.zotero |
41 | allow ${HOME}/dwhelper | 41 | whitelist ${HOME}/dwhelper |
42 | include whitelist-common.inc | 42 | include whitelist-common.inc |
43 | 43 | ||
44 | caps.drop all | 44 | caps.drop all |
diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile index 23f464637..7d56684db 100644 --- a/etc/profile-m-z/server.profile +++ b/etc/profile-m-z/server.profile | |||
@@ -32,12 +32,12 @@ include globals.local | |||
32 | # it allows /sbin and /usr/sbin directories - this is where servers are installed | 32 | # it allows /sbin and /usr/sbin directories - this is where servers are installed |
33 | # depending on your usage, you can enable some of the commands below: | 33 | # depending on your usage, you can enable some of the commands below: |
34 | 34 | ||
35 | nodeny /sbin | 35 | noblacklist /sbin |
36 | nodeny /usr/sbin | 36 | noblacklist /usr/sbin |
37 | # noblacklist /var/opt | 37 | # noblacklist /var/opt |
38 | 38 | ||
39 | deny /tmp/.X11-unix | 39 | blacklist /tmp/.X11-unix |
40 | deny ${RUNUSER}/wayland-* | 40 | blacklist ${RUNUSER}/wayland-* |
41 | 41 | ||
42 | include disable-common.inc | 42 | include disable-common.inc |
43 | # include disable-devel.inc | 43 | # include disable-devel.inc |
diff --git a/etc/profile-m-z/shellcheck.profile b/etc/profile-m-z/shellcheck.profile index 0cb9de45a..b7f398f45 100644 --- a/etc/profile-m-z/shellcheck.profile +++ b/etc/profile-m-z/shellcheck.profile | |||
@@ -7,9 +7,9 @@ include shellcheck.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER} | 10 | blacklist ${RUNUSER} |
11 | 11 | ||
12 | nodeny ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | allow /usr/share/shellcheck | 22 | whitelist /usr/share/shellcheck |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-m-z/shortwave.profile b/etc/profile-m-z/shortwave.profile index a8e5f6b18..d629240ec 100644 --- a/etc/profile-m-z/shortwave.profile +++ b/etc/profile-m-z/shortwave.profile | |||
@@ -6,8 +6,8 @@ include shortwave.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/Shortwave | 9 | noblacklist ${HOME}/.cache/Shortwave |
10 | nodeny ${HOME}/.local/share/Shortwave | 10 | noblacklist ${HOME}/.local/share/Shortwave |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.cache/Shortwave | 20 | mkdir ${HOME}/.cache/Shortwave |
21 | mkdir ${HOME}/.local/share/Shortwave | 21 | mkdir ${HOME}/.local/share/Shortwave |
22 | allow ${HOME}/.cache/Shortwave | 22 | whitelist ${HOME}/.cache/Shortwave |
23 | allow ${HOME}/.local/share/Shortwave | 23 | whitelist ${HOME}/.local/share/Shortwave |
24 | allow /usr/share/shortwave | 24 | whitelist /usr/share/shortwave |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/shotcut.profile b/etc/profile-m-z/shotcut.profile index 1f3c39c46..63af4d367 100644 --- a/etc/profile-m-z/shotcut.profile +++ b/etc/profile-m-z/shotcut.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | nodeny ${HOME}/.config/Meltytech | 11 | noblacklist ${HOME}/.config/Meltytech |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/shotwell.profile b/etc/profile-m-z/shotwell.profile index b653930c3..ddc8a7743 100644 --- a/etc/profile-m-z/shotwell.profile +++ b/etc/profile-m-z/shotwell.profile | |||
@@ -6,10 +6,10 @@ include shotwell.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/shotwell | 9 | noblacklist ${HOME}/.cache/shotwell |
10 | nodeny ${HOME}/.local/share/shotwell | 10 | noblacklist ${HOME}/.local/share/shotwell |
11 | 11 | ||
12 | nodeny ${PICTURES} | 12 | noblacklist ${PICTURES} |
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
@@ -21,9 +21,9 @@ include disable-xdg.inc | |||
21 | 21 | ||
22 | mkdir ${HOME}/.cache/shotwell | 22 | mkdir ${HOME}/.cache/shotwell |
23 | mkdir ${HOME}/.local/share/shotwell | 23 | mkdir ${HOME}/.local/share/shotwell |
24 | allow ${HOME}/.cache/shotwell | 24 | whitelist ${HOME}/.cache/shotwell |
25 | allow ${HOME}/.local/share/shotwell | 25 | whitelist ${HOME}/.local/share/shotwell |
26 | allow ${PICTURES} | 26 | whitelist ${PICTURES} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile index 8a46899f1..478377344 100644 --- a/etc/profile-m-z/signal-cli.profile +++ b/etc/profile-m-z/signal-cli.profile | |||
@@ -6,10 +6,10 @@ include signal-cli.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | deny ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | nodeny ${HOME}/.local/share/signal-cli | 12 | noblacklist ${HOME}/.local/share/signal-cli |
13 | 13 | ||
14 | include allow-java.inc | 14 | include allow-java.inc |
15 | 15 | ||
@@ -22,7 +22,7 @@ include disable-programs.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.local/share/signal-cli | 24 | mkdir ${HOME}/.local/share/signal-cli |
25 | allow ${HOME}/.local/share/signal-cli | 25 | whitelist ${HOME}/.local/share/signal-cli |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-m-z/signal-desktop.profile b/etc/profile-m-z/signal-desktop.profile index a12080748..77a7f5b38 100644 --- a/etc/profile-m-z/signal-desktop.profile +++ b/etc/profile-m-z/signal-desktop.profile | |||
@@ -9,15 +9,15 @@ ignore novideo | |||
9 | 9 | ||
10 | ignore noexec /tmp | 10 | ignore noexec /tmp |
11 | 11 | ||
12 | nodeny ${HOME}/.config/Signal | 12 | noblacklist ${HOME}/.config/Signal |
13 | 13 | ||
14 | # These lines are needed to allow Firefox to open links | 14 | # These lines are needed to allow Firefox to open links |
15 | nodeny ${HOME}/.mozilla | 15 | noblacklist ${HOME}/.mozilla |
16 | allow ${HOME}/.mozilla/firefox/profiles.ini | 16 | whitelist ${HOME}/.mozilla/firefox/profiles.ini |
17 | read-only ${HOME}/.mozilla/firefox/profiles.ini | 17 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
18 | 18 | ||
19 | mkdir ${HOME}/.config/Signal | 19 | mkdir ${HOME}/.config/Signal |
20 | allow ${HOME}/.config/Signal | 20 | whitelist ${HOME}/.config/Signal |
21 | 21 | ||
22 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 22 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl |
23 | 23 | ||
diff --git a/etc/profile-m-z/simple-scan.profile b/etc/profile-m-z/simple-scan.profile index 589a44ffc..17920677b 100644 --- a/etc/profile-m-z/simple-scan.profile +++ b/etc/profile-m-z/simple-scan.profile | |||
@@ -6,8 +6,8 @@ include simple-scan.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/simple-scan | 9 | noblacklist ${HOME}/.cache/simple-scan |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | allow /usr/share/hplip | 19 | whitelist /usr/share/hplip |
20 | allow /usr/share/simple-scan | 20 | whitelist /usr/share/simple-scan |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/simplescreenrecorder.profile b/etc/profile-m-z/simplescreenrecorder.profile index 83f833508..d664f8bf5 100644 --- a/etc/profile-m-z/simplescreenrecorder.profile +++ b/etc/profile-m-z/simplescreenrecorder.profile | |||
@@ -6,8 +6,8 @@ include simplescreenrecorder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${VIDEOS} | 9 | noblacklist ${VIDEOS} |
10 | nodeny ${HOME}/.ssr | 10 | noblacklist ${HOME}/.ssr |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | allow /usr/share/simplescreenrecorder | 20 | whitelist /usr/share/simplescreenrecorder |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/simutrans.profile b/etc/profile-m-z/simutrans.profile index 1d7f41579..afaa0f6d8 100644 --- a/etc/profile-m-z/simutrans.profile +++ b/etc/profile-m-z/simutrans.profile | |||
@@ -6,7 +6,7 @@ include simutrans.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.simutrans | 9 | noblacklist ${HOME}/.simutrans |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.simutrans | 18 | mkdir ${HOME}/.simutrans |
19 | allow ${HOME}/.simutrans | 19 | whitelist ${HOME}/.simutrans |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-m-z/skanlite.profile b/etc/profile-m-z/skanlite.profile index 98ed624f9..093a61398 100644 --- a/etc/profile-m-z/skanlite.profile +++ b/etc/profile-m-z/skanlite.profile | |||
@@ -6,7 +6,7 @@ include skanlite.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/skypeforlinux.profile b/etc/profile-m-z/skypeforlinux.profile index e7f70eebe..ed04eda8e 100644 --- a/etc/profile-m-z/skypeforlinux.profile +++ b/etc/profile-m-z/skypeforlinux.profile | |||
@@ -21,7 +21,7 @@ ignore dbus-system none | |||
21 | ignore apparmor | 21 | ignore apparmor |
22 | ignore noexec /tmp | 22 | ignore noexec /tmp |
23 | 23 | ||
24 | nodeny ${HOME}/.config/skypeforlinux | 24 | noblacklist ${HOME}/.config/skypeforlinux |
25 | 25 | ||
26 | # private-dev - needs /dev/disk | 26 | # private-dev - needs /dev/disk |
27 | 27 | ||
diff --git a/etc/profile-m-z/slack.profile b/etc/profile-m-z/slack.profile index b8299add3..51f6c8b00 100644 --- a/etc/profile-m-z/slack.profile +++ b/etc/profile-m-z/slack.profile | |||
@@ -16,14 +16,14 @@ ignore private-tmp | |||
16 | ignore dbus-user none | 16 | ignore dbus-user none |
17 | ignore dbus-system none | 17 | ignore dbus-system none |
18 | 18 | ||
19 | nodeny ${HOME}/.config/Slack | 19 | noblacklist ${HOME}/.config/Slack |
20 | 20 | ||
21 | include allow-bin-sh.inc | 21 | include allow-bin-sh.inc |
22 | 22 | ||
23 | include disable-shell.inc | 23 | include disable-shell.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.config/Slack | 25 | mkdir ${HOME}/.config/Slack |
26 | allow ${HOME}/.config/Slack | 26 | whitelist ${HOME}/.config/Slack |
27 | 27 | ||
28 | private-bin electron,electron[0-9],electron[0-9][0-9],locale,sh,slack | 28 | private-bin electron,electron[0-9],electron[0-9][0-9],locale,sh,slack |
29 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,debian_version,fedora-release,fonts,group,ld.so.cache,ld.so.conf,localtime,machine-id,os-release,passwd,pki,pulse,redhat-release,resolv.conf,ssl,system-release,system-release-cpe | 29 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,debian_version,fedora-release,fonts,group,ld.so.cache,ld.so.conf,localtime,machine-id,os-release,passwd,pki,pulse,redhat-release,resolv.conf,ssl,system-release,system-release-cpe |
diff --git a/etc/profile-m-z/slashem.profile b/etc/profile-m-z/slashem.profile index 36a0044dc..c5a31c237 100644 --- a/etc/profile-m-z/slashem.profile +++ b/etc/profile-m-z/slashem.profile | |||
@@ -6,7 +6,7 @@ include slashem.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny /var/games/slashem | 9 | noblacklist /var/games/slashem |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -15,7 +15,7 @@ include disable-interpreters.inc | |||
15 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | allow /var/games/slashem | 18 | whitelist /var/games/slashem |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
diff --git a/etc/profile-m-z/smplayer.profile b/etc/profile-m-z/smplayer.profile index 4e4334dc0..01547e5c1 100644 --- a/etc/profile-m-z/smplayer.profile +++ b/etc/profile-m-z/smplayer.profile | |||
@@ -6,9 +6,9 @@ include smplayer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/smplayer | 9 | noblacklist ${HOME}/.config/smplayer |
10 | nodeny ${HOME}/.config/youtube-dl | 10 | noblacklist ${HOME}/.config/youtube-dl |
11 | nodeny ${HOME}/.mplayer | 11 | noblacklist ${HOME}/.mplayer |
12 | 12 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -17,8 +17,8 @@ include allow-lua.inc | |||
17 | include allow-python2.inc | 17 | include allow-python2.inc |
18 | include allow-python3.inc | 18 | include allow-python3.inc |
19 | 19 | ||
20 | nodeny ${MUSIC} | 20 | noblacklist ${MUSIC} |
21 | nodeny ${VIDEOS} | 21 | noblacklist ${VIDEOS} |
22 | 22 | ||
23 | include disable-common.inc | 23 | include disable-common.inc |
24 | include disable-devel.inc | 24 | include disable-devel.inc |
@@ -29,9 +29,9 @@ include disable-programs.inc | |||
29 | include disable-shell.inc | 29 | include disable-shell.inc |
30 | include disable-xdg.inc | 30 | include disable-xdg.inc |
31 | 31 | ||
32 | allow /usr/share/lua* | 32 | whitelist /usr/share/lua* |
33 | allow /usr/share/smplayer | 33 | whitelist /usr/share/smplayer |
34 | allow /usr/share/vulkan | 34 | whitelist /usr/share/vulkan |
35 | include whitelist-usr-share-common.inc | 35 | include whitelist-usr-share-common.inc |
36 | include whitelist-var-common.inc | 36 | include whitelist-var-common.inc |
37 | 37 | ||
diff --git a/etc/profile-m-z/smtube.profile b/etc/profile-m-z/smtube.profile index 99d02ffdf..196950eaf 100644 --- a/etc/profile-m-z/smtube.profile +++ b/etc/profile-m-z/smtube.profile | |||
@@ -6,14 +6,14 @@ include smtube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/smplayer | 9 | noblacklist ${HOME}/.config/smplayer |
10 | nodeny ${HOME}/.config/smtube | 10 | noblacklist ${HOME}/.config/smtube |
11 | nodeny ${HOME}/.config/mpv | 11 | noblacklist ${HOME}/.config/mpv |
12 | nodeny ${HOME}/.mplayer | 12 | noblacklist ${HOME}/.mplayer |
13 | nodeny ${HOME}/.config/vlc | 13 | noblacklist ${HOME}/.config/vlc |
14 | nodeny ${HOME}/.local/share/vlc | 14 | noblacklist ${HOME}/.local/share/vlc |
15 | nodeny ${MUSIC} | 15 | noblacklist ${MUSIC} |
16 | nodeny ${VIDEOS} | 16 | noblacklist ${VIDEOS} |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -23,8 +23,8 @@ include disable-passwdmgr.inc | |||
23 | include disable-programs.inc | 23 | include disable-programs.inc |
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | allow /usr/share/smplayer | 26 | whitelist /usr/share/smplayer |
27 | allow /usr/share/smtube | 27 | whitelist /usr/share/smtube |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
diff --git a/etc/profile-m-z/smuxi-frontend-gnome.profile b/etc/profile-m-z/smuxi-frontend-gnome.profile index 3a79890cc..c3a9bb858 100644 --- a/etc/profile-m-z/smuxi-frontend-gnome.profile +++ b/etc/profile-m-z/smuxi-frontend-gnome.profile | |||
@@ -6,9 +6,9 @@ include smuxi-frontend-gnome.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/smuxi | 9 | noblacklist ${HOME}/.cache/smuxi |
10 | nodeny ${HOME}/.config/smuxi | 10 | noblacklist ${HOME}/.config/smuxi |
11 | nodeny ${HOME}/.local/share/smuxi | 11 | noblacklist ${HOME}/.local/share/smuxi |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,10 +21,10 @@ include disable-xdg.inc | |||
21 | mkdir ${HOME}/.cache/smuxi | 21 | mkdir ${HOME}/.cache/smuxi |
22 | mkdir ${HOME}/.config/smuxi | 22 | mkdir ${HOME}/.config/smuxi |
23 | mkdir ${HOME}/.local/share/smuxi | 23 | mkdir ${HOME}/.local/share/smuxi |
24 | allow ${HOME}/.cache/smuxi | 24 | whitelist ${HOME}/.cache/smuxi |
25 | allow ${HOME}/.config/smuxi | 25 | whitelist ${HOME}/.config/smuxi |
26 | allow ${HOME}/.local/share/smuxi | 26 | whitelist ${HOME}/.local/share/smuxi |
27 | allow ${DOWNLOADS} | 27 | whitelist ${DOWNLOADS} |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/snox.profile b/etc/profile-m-z/snox.profile index 1d315404e..83493652c 100644 --- a/etc/profile-m-z/snox.profile +++ b/etc/profile-m-z/snox.profile | |||
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/snox | 13 | noblacklist ${HOME}/.cache/snox |
14 | nodeny ${HOME}/.config/snox | 14 | noblacklist ${HOME}/.config/snox |
15 | 15 | ||
16 | #mkdir ${HOME}/.cache/dnox | 16 | #mkdir ${HOME}/.cache/dnox |
17 | #mkdir ${HOME}/.config/dnox | 17 | #mkdir ${HOME}/.config/dnox |
18 | mkdir ${HOME}/.cache/snox | 18 | mkdir ${HOME}/.cache/snox |
19 | mkdir ${HOME}/.config/snox | 19 | mkdir ${HOME}/.config/snox |
20 | allow ${HOME}/.cache/snox | 20 | whitelist ${HOME}/.cache/snox |
21 | allow ${HOME}/.config/snox | 21 | whitelist ${HOME}/.config/snox |
22 | 22 | ||
23 | # Redirect | 23 | # Redirect |
24 | include chromium-common.profile | 24 | include chromium-common.profile |
diff --git a/etc/profile-m-z/softmaker-common.profile b/etc/profile-m-z/softmaker-common.profile index bd4991e81..83315231f 100644 --- a/etc/profile-m-z/softmaker-common.profile +++ b/etc/profile-m-z/softmaker-common.profile | |||
@@ -10,7 +10,7 @@ include softmaker-common.local | |||
10 | # with an absolute Exec line. These files are NOT handelt by firecfg, | 10 | # with an absolute Exec line. These files are NOT handelt by firecfg, |
11 | # therefore you must manualy copy them in you home and remove '/usr/bin/'. | 11 | # therefore you must manualy copy them in you home and remove '/usr/bin/'. |
12 | 12 | ||
13 | nodeny ${HOME}/SoftMaker | 13 | noblacklist ${HOME}/SoftMaker |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | allow /usr/share/office2018 | 22 | whitelist /usr/share/office2018 |
23 | allow /usr/share/freeoffice2018 | 23 | whitelist /usr/share/freeoffice2018 |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/sound-juicer.profile b/etc/profile-m-z/sound-juicer.profile index 16ee39e09..ef00fdfff 100644 --- a/etc/profile-m-z/sound-juicer.profile +++ b/etc/profile-m-z/sound-juicer.profile | |||
@@ -6,8 +6,8 @@ include sound-juicer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/sound-juicer | 9 | noblacklist ${HOME}/.config/sound-juicer |
10 | nodeny ${MUSIC} | 10 | noblacklist ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/soundconverter.profile b/etc/profile-m-z/soundconverter.profile index 46da7a453..4dbf34100 100644 --- a/etc/profile-m-z/soundconverter.profile +++ b/etc/profile-m-z/soundconverter.profile | |||
@@ -10,7 +10,7 @@ include globals.local | |||
10 | include allow-python2.inc | 10 | include allow-python2.inc |
11 | include allow-python3.inc | 11 | include allow-python3.inc |
12 | 12 | ||
13 | nodeny ${MUSIC} | 13 | noblacklist ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | allow ${DOWNLOADS} | 23 | whitelist ${DOWNLOADS} |
24 | allow ${MUSIC} | 24 | whitelist ${MUSIC} |
25 | allow /usr/share/soundconverter | 25 | whitelist /usr/share/soundconverter |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/spectacle.profile b/etc/profile-m-z/spectacle.profile index 08adb5861..4468f21e7 100644 --- a/etc/profile-m-z/spectacle.profile +++ b/etc/profile-m-z/spectacle.profile | |||
@@ -12,8 +12,8 @@ include globals.local | |||
12 | #private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl | 12 | #private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl |
13 | #protocol unix,inet,inet6 | 13 | #protocol unix,inet,inet6 |
14 | 14 | ||
15 | nodeny ${HOME}/.config/spectaclerc | 15 | noblacklist ${HOME}/.config/spectaclerc |
16 | nodeny ${PICTURES} | 16 | noblacklist ${PICTURES} |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -24,10 +24,10 @@ include disable-programs.inc | |||
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | mkfile ${HOME}/.config/spectaclerc | 26 | mkfile ${HOME}/.config/spectaclerc |
27 | allow ${HOME}/.config/spectaclerc | 27 | whitelist ${HOME}/.config/spectaclerc |
28 | allow ${PICTURES} | 28 | whitelist ${PICTURES} |
29 | allow /usr/share/kconf_update/spectacle_newConfig.upd | 29 | whitelist /usr/share/kconf_update/spectacle_newConfig.upd |
30 | allow /usr/share/kconf_update/spectacle_shortcuts.upd | 30 | whitelist /usr/share/kconf_update/spectacle_shortcuts.upd |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
33 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile index 4c1b2d3e1..283674517 100644 --- a/etc/profile-m-z/spectral.profile +++ b/etc/profile-m-z/spectral.profile | |||
@@ -6,8 +6,8 @@ include spectral.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/ENCOM/Spectral | 9 | noblacklist ${HOME}/.cache/ENCOM/Spectral |
10 | nodeny ${HOME}/.config/ENCOM | 10 | noblacklist ${HOME}/.config/ENCOM |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.cache/ENCOM/Spectral | 21 | mkdir ${HOME}/.cache/ENCOM/Spectral |
22 | mkdir ${HOME}/.config/ENCOM | 22 | mkdir ${HOME}/.config/ENCOM |
23 | allow ${HOME}/.cache/ENCOM/Spectral | 23 | whitelist ${HOME}/.cache/ENCOM/Spectral |
24 | allow ${HOME}/.config/ENCOM | 24 | whitelist ${HOME}/.config/ENCOM |
25 | allow ${DOWNLOADS} | 25 | whitelist ${DOWNLOADS} |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/spectre-meltdown-checker.profile b/etc/profile-m-z/spectre-meltdown-checker.profile index 3a3fd838d..984461f90 100644 --- a/etc/profile-m-z/spectre-meltdown-checker.profile +++ b/etc/profile-m-z/spectre-meltdown-checker.profile | |||
@@ -6,10 +6,10 @@ include spectre-meltdown-checker.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | deny ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | nodeny ${PATH}/mount | 11 | noblacklist ${PATH}/mount |
12 | nodeny ${PATH}/umount | 12 | noblacklist ${PATH}/umount |
13 | 13 | ||
14 | # Allow perl (blacklisted by disable-interpreters.inc) | 14 | # Allow perl (blacklisted by disable-interpreters.inc) |
15 | include allow-perl.inc | 15 | include allow-perl.inc |
diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile index e1c830268..01bc2bc05 100644 --- a/etc/profile-m-z/spotify.profile +++ b/etc/profile-m-z/spotify.profile | |||
@@ -5,11 +5,11 @@ include spotify.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/spotify | 8 | noblacklist ${HOME}/.cache/spotify |
9 | nodeny ${HOME}/.config/spotify | 9 | noblacklist ${HOME}/.config/spotify |
10 | nodeny ${HOME}/.local/share/spotify | 10 | noblacklist ${HOME}/.local/share/spotify |
11 | 11 | ||
12 | deny ${HOME}/.bashrc | 12 | blacklist ${HOME}/.bashrc |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -21,9 +21,9 @@ include disable-programs.inc | |||
21 | mkdir ${HOME}/.cache/spotify | 21 | mkdir ${HOME}/.cache/spotify |
22 | mkdir ${HOME}/.config/spotify | 22 | mkdir ${HOME}/.config/spotify |
23 | mkdir ${HOME}/.local/share/spotify | 23 | mkdir ${HOME}/.local/share/spotify |
24 | allow ${HOME}/.cache/spotify | 24 | whitelist ${HOME}/.cache/spotify |
25 | allow ${HOME}/.config/spotify | 25 | whitelist ${HOME}/.config/spotify |
26 | allow ${HOME}/.local/share/spotify | 26 | whitelist ${HOME}/.local/share/spotify |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
diff --git a/etc/profile-m-z/sqlitebrowser.profile b/etc/profile-m-z/sqlitebrowser.profile index aa577b63a..4dd2c7262 100644 --- a/etc/profile-m-z/sqlitebrowser.profile +++ b/etc/profile-m-z/sqlitebrowser.profile | |||
@@ -6,8 +6,8 @@ include sqlitebrowser.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/sqlitebrowser | 9 | noblacklist ${HOME}/.config/sqlitebrowser |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/ssh-agent.profile b/etc/profile-m-z/ssh-agent.profile index e456ebe07..5802299a3 100644 --- a/etc/profile-m-z/ssh-agent.profile +++ b/etc/profile-m-z/ssh-agent.profile | |||
@@ -9,8 +9,8 @@ include globals.local | |||
9 | # Allow ssh (blacklisted by disable-common.inc) | 9 | # Allow ssh (blacklisted by disable-common.inc) |
10 | include allow-ssh.inc | 10 | include allow-ssh.inc |
11 | 11 | ||
12 | deny /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
13 | deny ${RUNUSER}/wayland-* | 13 | blacklist ${RUNUSER}/wayland-* |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index 8a0d86150..a58642192 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile | |||
@@ -8,8 +8,8 @@ include ssh.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # nc can be used as ProxyCommand, e.g. when using tor | 10 | # nc can be used as ProxyCommand, e.g. when using tor |
11 | nodeny ${PATH}/nc | 11 | noblacklist ${PATH}/nc |
12 | nodeny ${PATH}/ncat | 12 | noblacklist ${PATH}/ncat |
13 | 13 | ||
14 | # Allow ssh (blacklisted by disable-common.inc) | 14 | # Allow ssh (blacklisted by disable-common.inc) |
15 | include allow-ssh.inc | 15 | include allow-ssh.inc |
@@ -19,8 +19,8 @@ include disable-exec.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | allow ${RUNUSER}/gnupg/S.gpg-agent.ssh | 22 | whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh |
23 | allow ${RUNUSER}/keyring/ssh | 23 | whitelist ${RUNUSER}/keyring/ssh |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/standardnotes-desktop.profile b/etc/profile-m-z/standardnotes-desktop.profile index 75de118ab..48a532876 100644 --- a/etc/profile-m-z/standardnotes-desktop.profile +++ b/etc/profile-m-z/standardnotes-desktop.profile | |||
@@ -5,8 +5,8 @@ include standardnotes-desktop.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/Standard Notes Backups | 8 | noblacklist ${HOME}/Standard Notes Backups |
9 | nodeny ${HOME}/.config/Standard Notes | 9 | noblacklist ${HOME}/.config/Standard Notes |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | 17 | ||
18 | mkdir ${HOME}/Standard Notes Backups | 18 | mkdir ${HOME}/Standard Notes Backups |
19 | mkdir ${HOME}/.config/Standard Notes | 19 | mkdir ${HOME}/.config/Standard Notes |
20 | allow ${HOME}/Standard Notes Backups | 20 | whitelist ${HOME}/Standard Notes Backups |
21 | allow ${HOME}/.config/Standard Notes | 21 | whitelist ${HOME}/.config/Standard Notes |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | apparmor | 24 | apparmor |
diff --git a/etc/profile-m-z/start-tor-browser.desktop.profile b/etc/profile-m-z/start-tor-browser.desktop.profile index 8f75365e8..2f73c9fee 100644 --- a/etc/profile-m-z/start-tor-browser.desktop.profile +++ b/etc/profile-m-z/start-tor-browser.desktop.profile | |||
@@ -6,71 +6,71 @@ include start-tor-browser.desktop.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser* | 9 | noblacklist ${HOME}/.tor-browser* |
10 | 10 | ||
11 | allow ${HOME}/.tor-browser-ar | 11 | whitelist ${HOME}/.tor-browser-ar |
12 | allow ${HOME}/.tor-browser-ca | 12 | whitelist ${HOME}/.tor-browser-ca |
13 | allow ${HOME}/.tor-browser-cs | 13 | whitelist ${HOME}/.tor-browser-cs |
14 | allow ${HOME}/.tor-browser-da | 14 | whitelist ${HOME}/.tor-browser-da |
15 | allow ${HOME}/.tor-browser-de | 15 | whitelist ${HOME}/.tor-browser-de |
16 | allow ${HOME}/.tor-browser-el | 16 | whitelist ${HOME}/.tor-browser-el |
17 | allow ${HOME}/.tor-browser-en | 17 | whitelist ${HOME}/.tor-browser-en |
18 | allow ${HOME}/.tor-browser-en-us | 18 | whitelist ${HOME}/.tor-browser-en-us |
19 | allow ${HOME}/.tor-browser-es | 19 | whitelist ${HOME}/.tor-browser-es |
20 | allow ${HOME}/.tor-browser-es-es | 20 | whitelist ${HOME}/.tor-browser-es-es |
21 | allow ${HOME}/.tor-browser-fa | 21 | whitelist ${HOME}/.tor-browser-fa |
22 | allow ${HOME}/.tor-browser-fr | 22 | whitelist ${HOME}/.tor-browser-fr |
23 | allow ${HOME}/.tor-browser-ga-ie | 23 | whitelist ${HOME}/.tor-browser-ga-ie |
24 | allow ${HOME}/.tor-browser-he | 24 | whitelist ${HOME}/.tor-browser-he |
25 | allow ${HOME}/.tor-browser-hu | 25 | whitelist ${HOME}/.tor-browser-hu |
26 | allow ${HOME}/.tor-browser-id | 26 | whitelist ${HOME}/.tor-browser-id |
27 | allow ${HOME}/.tor-browser-is | 27 | whitelist ${HOME}/.tor-browser-is |
28 | allow ${HOME}/.tor-browser-it | 28 | whitelist ${HOME}/.tor-browser-it |
29 | allow ${HOME}/.tor-browser-ja | 29 | whitelist ${HOME}/.tor-browser-ja |
30 | allow ${HOME}/.tor-browser-ka | 30 | whitelist ${HOME}/.tor-browser-ka |
31 | allow ${HOME}/.tor-browser-ko | 31 | whitelist ${HOME}/.tor-browser-ko |
32 | allow ${HOME}/.tor-browser-nb | 32 | whitelist ${HOME}/.tor-browser-nb |
33 | allow ${HOME}/.tor-browser-nl | 33 | whitelist ${HOME}/.tor-browser-nl |
34 | allow ${HOME}/.tor-browser-pl | 34 | whitelist ${HOME}/.tor-browser-pl |
35 | allow ${HOME}/.tor-browser-pt-br | 35 | whitelist ${HOME}/.tor-browser-pt-br |
36 | allow ${HOME}/.tor-browser-ru | 36 | whitelist ${HOME}/.tor-browser-ru |
37 | allow ${HOME}/.tor-browser-sv-se | 37 | whitelist ${HOME}/.tor-browser-sv-se |
38 | allow ${HOME}/.tor-browser-tr | 38 | whitelist ${HOME}/.tor-browser-tr |
39 | allow ${HOME}/.tor-browser-vi | 39 | whitelist ${HOME}/.tor-browser-vi |
40 | allow ${HOME}/.tor-browser-zh-cn | 40 | whitelist ${HOME}/.tor-browser-zh-cn |
41 | allow ${HOME}/.tor-browser-zh-tw | 41 | whitelist ${HOME}/.tor-browser-zh-tw |
42 | 42 | ||
43 | allow ${HOME}/.tor-browser_ar | 43 | whitelist ${HOME}/.tor-browser_ar |
44 | allow ${HOME}/.tor-browser_ca | 44 | whitelist ${HOME}/.tor-browser_ca |
45 | allow ${HOME}/.tor-browser_cs | 45 | whitelist ${HOME}/.tor-browser_cs |
46 | allow ${HOME}/.tor-browser_da | 46 | whitelist ${HOME}/.tor-browser_da |
47 | allow ${HOME}/.tor-browser_de | 47 | whitelist ${HOME}/.tor-browser_de |
48 | allow ${HOME}/.tor-browser_el | 48 | whitelist ${HOME}/.tor-browser_el |
49 | allow ${HOME}/.tor-browser_en | 49 | whitelist ${HOME}/.tor-browser_en |
50 | allow ${HOME}/.tor-browser_en_US | 50 | whitelist ${HOME}/.tor-browser_en_US |
51 | allow ${HOME}/.tor-browser_es | 51 | whitelist ${HOME}/.tor-browser_es |
52 | allow ${HOME}/.tor-browser_es-ES | 52 | whitelist ${HOME}/.tor-browser_es-ES |
53 | allow ${HOME}/.tor-browser_fa | 53 | whitelist ${HOME}/.tor-browser_fa |
54 | allow ${HOME}/.tor-browser_fr | 54 | whitelist ${HOME}/.tor-browser_fr |
55 | allow ${HOME}/.tor-browser_ga-IE | 55 | whitelist ${HOME}/.tor-browser_ga-IE |
56 | allow ${HOME}/.tor-browser_he | 56 | whitelist ${HOME}/.tor-browser_he |
57 | allow ${HOME}/.tor-browser_hu | 57 | whitelist ${HOME}/.tor-browser_hu |
58 | allow ${HOME}/.tor-browser_id | 58 | whitelist ${HOME}/.tor-browser_id |
59 | allow ${HOME}/.tor-browser_is | 59 | whitelist ${HOME}/.tor-browser_is |
60 | allow ${HOME}/.tor-browser_it | 60 | whitelist ${HOME}/.tor-browser_it |
61 | allow ${HOME}/.tor-browser_ja | 61 | whitelist ${HOME}/.tor-browser_ja |
62 | allow ${HOME}/.tor-browser_ka | 62 | whitelist ${HOME}/.tor-browser_ka |
63 | allow ${HOME}/.tor-browser_ko | 63 | whitelist ${HOME}/.tor-browser_ko |
64 | allow ${HOME}/.tor-browser_nb | 64 | whitelist ${HOME}/.tor-browser_nb |
65 | allow ${HOME}/.tor-browser_nl | 65 | whitelist ${HOME}/.tor-browser_nl |
66 | allow ${HOME}/.tor-browser_pl | 66 | whitelist ${HOME}/.tor-browser_pl |
67 | allow ${HOME}/.tor-browser_pt-BR | 67 | whitelist ${HOME}/.tor-browser_pt-BR |
68 | allow ${HOME}/.tor-browser_ru | 68 | whitelist ${HOME}/.tor-browser_ru |
69 | allow ${HOME}/.tor-browser_sv-SE | 69 | whitelist ${HOME}/.tor-browser_sv-SE |
70 | allow ${HOME}/.tor-browser_tr | 70 | whitelist ${HOME}/.tor-browser_tr |
71 | allow ${HOME}/.tor-browser_vi | 71 | whitelist ${HOME}/.tor-browser_vi |
72 | allow ${HOME}/.tor-browser_zh-CN | 72 | whitelist ${HOME}/.tor-browser_zh-CN |
73 | allow ${HOME}/.tor-browser_zh-TW | 73 | whitelist ${HOME}/.tor-browser_zh-TW |
74 | 74 | ||
75 | # Redirect | 75 | # Redirect |
76 | include torbrowser-launcher.profile | 76 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index 09e29373d..06d08f3a2 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile | |||
@@ -6,40 +6,40 @@ include steam.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Epic | 9 | noblacklist ${HOME}/.config/Epic |
10 | nodeny ${HOME}/.config/Loop_Hero | 10 | noblacklist ${HOME}/.config/Loop_Hero |
11 | nodeny ${HOME}/.config/ModTheSpire | 11 | noblacklist ${HOME}/.config/ModTheSpire |
12 | nodeny ${HOME}/.config/RogueLegacy | 12 | noblacklist ${HOME}/.config/RogueLegacy |
13 | nodeny ${HOME}/.config/RogueLegacyStorageContainer | 13 | noblacklist ${HOME}/.config/RogueLegacyStorageContainer |
14 | nodeny ${HOME}/.killingfloor | 14 | noblacklist ${HOME}/.killingfloor |
15 | nodeny ${HOME}/.klei | 15 | noblacklist ${HOME}/.klei |
16 | nodeny ${HOME}/.local/share/3909/PapersPlease | 16 | noblacklist ${HOME}/.local/share/3909/PapersPlease |
17 | nodeny ${HOME}/.local/share/aspyr-media | 17 | noblacklist ${HOME}/.local/share/aspyr-media |
18 | nodeny ${HOME}/.local/share/bohemiainteractive | 18 | noblacklist ${HOME}/.local/share/bohemiainteractive |
19 | nodeny ${HOME}/.local/share/cdprojektred | 19 | noblacklist ${HOME}/.local/share/cdprojektred |
20 | nodeny ${HOME}/.local/share/Dredmor | 20 | noblacklist ${HOME}/.local/share/Dredmor |
21 | nodeny ${HOME}/.local/share/FasterThanLight | 21 | noblacklist ${HOME}/.local/share/FasterThanLight |
22 | nodeny ${HOME}/.local/share/feral-interactive | 22 | noblacklist ${HOME}/.local/share/feral-interactive |
23 | nodeny ${HOME}/.local/share/IntoTheBreach | 23 | noblacklist ${HOME}/.local/share/IntoTheBreach |
24 | nodeny ${HOME}/.local/share/Paradox Interactive | 24 | noblacklist ${HOME}/.local/share/Paradox Interactive |
25 | nodeny ${HOME}/.local/share/PillarsOfEternity | 25 | noblacklist ${HOME}/.local/share/PillarsOfEternity |
26 | nodeny ${HOME}/.local/share/RogueLegacy | 26 | noblacklist ${HOME}/.local/share/RogueLegacy |
27 | nodeny ${HOME}/.local/share/RogueLegacyStorageContainer | 27 | noblacklist ${HOME}/.local/share/RogueLegacyStorageContainer |
28 | nodeny ${HOME}/.local/share/Steam | 28 | noblacklist ${HOME}/.local/share/Steam |
29 | nodeny ${HOME}/.local/share/SteamWorldDig | 29 | noblacklist ${HOME}/.local/share/SteamWorldDig |
30 | nodeny ${HOME}/.local/share/SteamWorld Dig 2 | 30 | noblacklist ${HOME}/.local/share/SteamWorld Dig 2 |
31 | nodeny ${HOME}/.local/share/SuperHexagon | 31 | noblacklist ${HOME}/.local/share/SuperHexagon |
32 | nodeny ${HOME}/.local/share/Terraria | 32 | noblacklist ${HOME}/.local/share/Terraria |
33 | nodeny ${HOME}/.local/share/vpltd | 33 | noblacklist ${HOME}/.local/share/vpltd |
34 | nodeny ${HOME}/.local/share/vulkan | 34 | noblacklist ${HOME}/.local/share/vulkan |
35 | nodeny ${HOME}/.mbwarband | 35 | noblacklist ${HOME}/.mbwarband |
36 | nodeny ${HOME}/.paradoxinteractive | 36 | noblacklist ${HOME}/.paradoxinteractive |
37 | nodeny ${HOME}/.steam | 37 | noblacklist ${HOME}/.steam |
38 | nodeny ${HOME}/.steampath | 38 | noblacklist ${HOME}/.steampath |
39 | nodeny ${HOME}/.steampid | 39 | noblacklist ${HOME}/.steampid |
40 | # needed for STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 to work | 40 | # needed for STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 to work |
41 | nodeny /sbin | 41 | noblacklist /sbin |
42 | nodeny /usr/sbin | 42 | noblacklist /usr/sbin |
43 | 43 | ||
44 | # Allow java (blacklisted by disable-devel.inc) | 44 | # Allow java (blacklisted by disable-devel.inc) |
45 | include allow-java.inc | 45 | include allow-java.inc |
@@ -84,38 +84,38 @@ mkdir ${HOME}/.paradoxinteractive | |||
84 | mkdir ${HOME}/.steam | 84 | mkdir ${HOME}/.steam |
85 | mkfile ${HOME}/.steampath | 85 | mkfile ${HOME}/.steampath |
86 | mkfile ${HOME}/.steampid | 86 | mkfile ${HOME}/.steampid |
87 | allow ${HOME}/.config/Epic | 87 | whitelist ${HOME}/.config/Epic |
88 | allow ${HOME}/.config/Loop_Hero | 88 | whitelist ${HOME}/.config/Loop_Hero |
89 | allow ${HOME}/.config/ModTheSpire | 89 | whitelist ${HOME}/.config/ModTheSpire |
90 | allow ${HOME}/.config/RogueLegacy | 90 | whitelist ${HOME}/.config/RogueLegacy |
91 | allow ${HOME}/.config/RogueLegacyStorageContainer | 91 | whitelist ${HOME}/.config/RogueLegacyStorageContainer |
92 | allow ${HOME}/.config/unity3d | 92 | whitelist ${HOME}/.config/unity3d |
93 | allow ${HOME}/.killingfloor | 93 | whitelist ${HOME}/.killingfloor |
94 | allow ${HOME}/.klei | 94 | whitelist ${HOME}/.klei |
95 | allow ${HOME}/.local/share/3909/PapersPlease | 95 | whitelist ${HOME}/.local/share/3909/PapersPlease |
96 | allow ${HOME}/.local/share/aspyr-media | 96 | whitelist ${HOME}/.local/share/aspyr-media |
97 | allow ${HOME}/.local/share/bohemiainteractive | 97 | whitelist ${HOME}/.local/share/bohemiainteractive |
98 | allow ${HOME}/.local/share/cdprojektred | 98 | whitelist ${HOME}/.local/share/cdprojektred |
99 | allow ${HOME}/.local/share/Dredmor | 99 | whitelist ${HOME}/.local/share/Dredmor |
100 | allow ${HOME}/.local/share/FasterThanLight | 100 | whitelist ${HOME}/.local/share/FasterThanLight |
101 | allow ${HOME}/.local/share/feral-interactive | 101 | whitelist ${HOME}/.local/share/feral-interactive |
102 | allow ${HOME}/.local/share/IntoTheBreach | 102 | whitelist ${HOME}/.local/share/IntoTheBreach |
103 | allow ${HOME}/.local/share/Paradox Interactive | 103 | whitelist ${HOME}/.local/share/Paradox Interactive |
104 | allow ${HOME}/.local/share/PillarsOfEternity | 104 | whitelist ${HOME}/.local/share/PillarsOfEternity |
105 | allow ${HOME}/.local/share/RogueLegacy | 105 | whitelist ${HOME}/.local/share/RogueLegacy |
106 | allow ${HOME}/.local/share/RogueLegacyStorageContainer | 106 | whitelist ${HOME}/.local/share/RogueLegacyStorageContainer |
107 | allow ${HOME}/.local/share/Steam | 107 | whitelist ${HOME}/.local/share/Steam |
108 | allow ${HOME}/.local/share/SteamWorldDig | 108 | whitelist ${HOME}/.local/share/SteamWorldDig |
109 | allow ${HOME}/.local/share/SteamWorld Dig 2 | 109 | whitelist ${HOME}/.local/share/SteamWorld Dig 2 |
110 | allow ${HOME}/.local/share/SuperHexagon | 110 | whitelist ${HOME}/.local/share/SuperHexagon |
111 | allow ${HOME}/.local/share/Terraria | 111 | whitelist ${HOME}/.local/share/Terraria |
112 | allow ${HOME}/.local/share/vpltd | 112 | whitelist ${HOME}/.local/share/vpltd |
113 | allow ${HOME}/.local/share/vulkan | 113 | whitelist ${HOME}/.local/share/vulkan |
114 | allow ${HOME}/.mbwarband | 114 | whitelist ${HOME}/.mbwarband |
115 | allow ${HOME}/.paradoxinteractive | 115 | whitelist ${HOME}/.paradoxinteractive |
116 | allow ${HOME}/.steam | 116 | whitelist ${HOME}/.steam |
117 | allow ${HOME}/.steampath | 117 | whitelist ${HOME}/.steampath |
118 | allow ${HOME}/.steampid | 118 | whitelist ${HOME}/.steampid |
119 | include whitelist-common.inc | 119 | include whitelist-common.inc |
120 | include whitelist-var-common.inc | 120 | include whitelist-var-common.inc |
121 | 121 | ||
diff --git a/etc/profile-m-z/stellarium.profile b/etc/profile-m-z/stellarium.profile index 003d3a079..a752ab53c 100644 --- a/etc/profile-m-z/stellarium.profile +++ b/etc/profile-m-z/stellarium.profile | |||
@@ -6,8 +6,8 @@ include stellarium.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/stellarium | 9 | noblacklist ${HOME}/.config/stellarium |
10 | nodeny ${HOME}/.stellarium | 10 | noblacklist ${HOME}/.stellarium |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-shell.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.config/stellarium | 20 | mkdir ${HOME}/.config/stellarium |
21 | mkdir ${HOME}/.stellarium | 21 | mkdir ${HOME}/.stellarium |
22 | allow ${HOME}/.config/stellarium | 22 | whitelist ${HOME}/.config/stellarium |
23 | allow ${HOME}/.stellarium | 23 | whitelist ${HOME}/.stellarium |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/straw-viewer.profile b/etc/profile-m-z/straw-viewer.profile index dd643bc20..d73927f2a 100644 --- a/etc/profile-m-z/straw-viewer.profile +++ b/etc/profile-m-z/straw-viewer.profile | |||
@@ -7,13 +7,13 @@ include straw-viewer.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.cache/straw-viewer | 10 | noblacklist ${HOME}/.cache/straw-viewer |
11 | nodeny ${HOME}/.config/straw-viewer | 11 | noblacklist ${HOME}/.config/straw-viewer |
12 | 12 | ||
13 | mkdir ${HOME}/.config/straw-viewer | 13 | mkdir ${HOME}/.config/straw-viewer |
14 | mkdir ${HOME}/.cache/straw-viewer | 14 | mkdir ${HOME}/.cache/straw-viewer |
15 | allow ${HOME}/.cache/straw-viewer | 15 | whitelist ${HOME}/.cache/straw-viewer |
16 | allow ${HOME}/.config/straw-viewer | 16 | whitelist ${HOME}/.config/straw-viewer |
17 | 17 | ||
18 | private-bin gtk-straw-viewer,straw-viewer | 18 | private-bin gtk-straw-viewer,straw-viewer |
19 | 19 | ||
diff --git a/etc/profile-m-z/strawberry.profile b/etc/profile-m-z/strawberry.profile index aed0b7910..b87906f55 100644 --- a/etc/profile-m-z/strawberry.profile +++ b/etc/profile-m-z/strawberry.profile | |||
@@ -6,10 +6,10 @@ include strawberry.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/strawberry | 9 | noblacklist ${HOME}/.cache/strawberry |
10 | nodeny ${HOME}/.config/strawberry | 10 | noblacklist ${HOME}/.config/strawberry |
11 | nodeny ${HOME}/.local/share/strawberry | 11 | noblacklist ${HOME}/.local/share/strawberry |
12 | nodeny ${MUSIC} | 12 | noblacklist ${MUSIC} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/strings.profile b/etc/profile-m-z/strings.profile index 5c820ef81..1ebcded7f 100644 --- a/etc/profile-m-z/strings.profile +++ b/etc/profile-m-z/strings.profile | |||
@@ -7,7 +7,7 @@ include strings.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER} | 10 | blacklist ${RUNUSER} |
11 | 11 | ||
12 | #include disable-common.inc | 12 | #include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/subdownloader.profile b/etc/profile-m-z/subdownloader.profile index 0d07b5ea7..bbe92fd38 100644 --- a/etc/profile-m-z/subdownloader.profile +++ b/etc/profile-m-z/subdownloader.profile | |||
@@ -6,8 +6,8 @@ include subdownloader.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/SubDownloader | 9 | noblacklist ${HOME}/.config/SubDownloader |
10 | nodeny ${VIDEOS} | 10 | noblacklist ${VIDEOS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-m-z/supertux2.profile b/etc/profile-m-z/supertux2.profile index 8cc547805..cfd7a63ea 100644 --- a/etc/profile-m-z/supertux2.profile +++ b/etc/profile-m-z/supertux2.profile | |||
@@ -6,7 +6,7 @@ include supertux2.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/supertux2 | 9 | noblacklist ${HOME}/.local/share/supertux2 |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/supertux2 | 20 | mkdir ${HOME}/.local/share/supertux2 |
21 | allow ${HOME}/.local/share/supertux2 | 21 | whitelist ${HOME}/.local/share/supertux2 |
22 | allow /usr/share/supertux2 | 22 | whitelist /usr/share/supertux2 |
23 | allow /usr/share/games/supertux2 # Debian version | 23 | whitelist /usr/share/games/supertux2 # Debian version |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile index 44dc1524f..4eb8f921c 100644 --- a/etc/profile-m-z/supertuxkart.profile +++ b/etc/profile-m-z/supertuxkart.profile | |||
@@ -6,11 +6,11 @@ include supertuxkart.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/supertuxkart | 9 | noblacklist ${HOME}/.config/supertuxkart |
10 | nodeny ${HOME}/.cache/supertuxkart | 10 | noblacklist ${HOME}/.cache/supertuxkart |
11 | nodeny ${HOME}/.local/share/supertuxkart | 11 | noblacklist ${HOME}/.local/share/supertuxkart |
12 | 12 | ||
13 | deny /usr/libexec | 13 | blacklist /usr/libexec |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -24,11 +24,11 @@ include disable-xdg.inc | |||
24 | mkdir ${HOME}/.config/supertuxkart | 24 | mkdir ${HOME}/.config/supertuxkart |
25 | mkdir ${HOME}/.cache/supertuxkart | 25 | mkdir ${HOME}/.cache/supertuxkart |
26 | mkdir ${HOME}/.local/share/supertuxkart | 26 | mkdir ${HOME}/.local/share/supertuxkart |
27 | allow ${HOME}/.config/supertuxkart | 27 | whitelist ${HOME}/.config/supertuxkart |
28 | allow ${HOME}/.cache/supertuxkart | 28 | whitelist ${HOME}/.cache/supertuxkart |
29 | allow ${HOME}/.local/share/supertuxkart | 29 | whitelist ${HOME}/.local/share/supertuxkart |
30 | allow /usr/share/supertuxkart | 30 | whitelist /usr/share/supertuxkart |
31 | allow /usr/share/games/supertuxkart # Debian version | 31 | whitelist /usr/share/games/supertuxkart # Debian version |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/surf.profile b/etc/profile-m-z/surf.profile index fd1e7f9e9..8db7d2433 100644 --- a/etc/profile-m-z/surf.profile +++ b/etc/profile-m-z/surf.profile | |||
@@ -6,7 +6,7 @@ include surf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.surf | 9 | noblacklist ${HOME}/.surf |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -15,8 +15,8 @@ include disable-passwdmgr.inc | |||
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.surf | 17 | mkdir ${HOME}/.surf |
18 | allow ${HOME}/.surf | 18 | whitelist ${HOME}/.surf |
19 | allow ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/profile-m-z/swell-foop.profile b/etc/profile-m-z/swell-foop.profile index 55cd0965a..9efae815d 100644 --- a/etc/profile-m-z/swell-foop.profile +++ b/etc/profile-m-z/swell-foop.profile | |||
@@ -6,12 +6,12 @@ include swell-foop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.local/share/swell-foop | 9 | noblacklist ${HOME}/.local/share/swell-foop |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/swell-foop | 11 | mkdir ${HOME}/.local/share/swell-foop |
12 | allow ${HOME}/.local/share/swell-foop | 12 | whitelist ${HOME}/.local/share/swell-foop |
13 | 13 | ||
14 | allow /usr/share/swell-foop | 14 | whitelist /usr/share/swell-foop |
15 | 15 | ||
16 | private-bin swell-foop | 16 | private-bin swell-foop |
17 | 17 | ||
diff --git a/etc/profile-m-z/sylpheed.profile b/etc/profile-m-z/sylpheed.profile index 447cdc99e..328812b04 100644 --- a/etc/profile-m-z/sylpheed.profile +++ b/etc/profile-m-z/sylpheed.profile | |||
@@ -6,12 +6,12 @@ include sylpheed.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.sylpheed-2.0 | 9 | noblacklist ${HOME}/.sylpheed-2.0 |
10 | 10 | ||
11 | mkdir ${HOME}/.sylpheed-2.0 | 11 | mkdir ${HOME}/.sylpheed-2.0 |
12 | allow ${HOME}/.sylpheed-2.0 | 12 | whitelist ${HOME}/.sylpheed-2.0 |
13 | 13 | ||
14 | allow /usr/share/sylpheed | 14 | whitelist /usr/share/sylpheed |
15 | 15 | ||
16 | # private-bin curl,gpg,gpg2,gpg-agent,gpgsm,pinentry,pinentry-gtk-2,sylpheed | 16 | # private-bin curl,gpg,gpg2,gpg-agent,gpgsm,pinentry,pinentry-gtk-2,sylpheed |
17 | 17 | ||
diff --git a/etc/profile-m-z/synfigstudio.profile b/etc/profile-m-z/synfigstudio.profile index 7cbbafd54..c60186c42 100644 --- a/etc/profile-m-z/synfigstudio.profile +++ b/etc/profile-m-z/synfigstudio.profile | |||
@@ -6,8 +6,8 @@ include synfigstudio.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/synfig | 9 | noblacklist ${HOME}/.config/synfig |
10 | nodeny ${HOME}/.synfig | 10 | noblacklist ${HOME}/.synfig |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/sysprof.profile b/etc/profile-m-z/sysprof.profile index f20f88791..b52b25b96 100644 --- a/etc/profile-m-z/sysprof.profile +++ b/etc/profile-m-z/sysprof.profile | |||
@@ -6,7 +6,7 @@ include sysprof.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | 12 | include disable-exec.inc |
@@ -24,15 +24,15 @@ include disable-xdg.inc | |||
24 | #nowhitelist /usr/share/yelp-tools | 24 | #nowhitelist /usr/share/yelp-tools |
25 | #nowhitelist /usr/share/yelp-xsl | 25 | #nowhitelist /usr/share/yelp-xsl |
26 | 26 | ||
27 | nodeny ${HOME}/.config/yelp | 27 | noblacklist ${HOME}/.config/yelp |
28 | mkdir ${HOME}/.config/yelp | 28 | mkdir ${HOME}/.config/yelp |
29 | allow ${HOME}/.config/yelp | 29 | whitelist ${HOME}/.config/yelp |
30 | allow /usr/share/help/C/sysprof | 30 | whitelist /usr/share/help/C/sysprof |
31 | allow /usr/share/yelp | 31 | whitelist /usr/share/yelp |
32 | allow /usr/share/yelp-tools | 32 | whitelist /usr/share/yelp-tools |
33 | allow /usr/share/yelp-xsl | 33 | whitelist /usr/share/yelp-xsl |
34 | 34 | ||
35 | allow ${DOCUMENTS} | 35 | whitelist ${DOCUMENTS} |
36 | include whitelist-common.inc | 36 | include whitelist-common.inc |
37 | include whitelist-runuser-common.inc | 37 | include whitelist-runuser-common.inc |
38 | include whitelist-usr-share-common.inc | 38 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/tar.profile b/etc/profile-m-z/tar.profile index 74c8a0849..0d3a900e9 100644 --- a/etc/profile-m-z/tar.profile +++ b/etc/profile-m-z/tar.profile | |||
@@ -12,7 +12,7 @@ ignore include disable-shell.inc | |||
12 | 12 | ||
13 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop | 13 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop |
14 | # all capabilities this is automatically read-only. | 14 | # all capabilities this is automatically read-only. |
15 | nodeny /var/lib/pacman | 15 | noblacklist /var/lib/pacman |
16 | 16 | ||
17 | private-etc alternatives,group,localtime,login.defs,passwd | 17 | private-etc alternatives,group,localtime,login.defs,passwd |
18 | #private-lib libfakeroot,liblzma.so.*,libreadline.so.* | 18 | #private-lib libfakeroot,liblzma.so.*,libreadline.so.* |
diff --git a/etc/profile-m-z/tb-starter-wrapper.profile b/etc/profile-m-z/tb-starter-wrapper.profile index 691c33191..ffe9605b6 100644 --- a/etc/profile-m-z/tb-starter-wrapper.profile +++ b/etc/profile-m-z/tb-starter-wrapper.profile | |||
@@ -8,10 +8,10 @@ include tb-starter-wrapper.local | |||
8 | # added by included profile | 8 | # added by included profile |
9 | #include globals.local | 9 | #include globals.local |
10 | 10 | ||
11 | nodeny ${HOME}/.tb | 11 | noblacklist ${HOME}/.tb |
12 | 12 | ||
13 | mkdir ${HOME}/.tb | 13 | mkdir ${HOME}/.tb |
14 | allow ${HOME}/.tb | 14 | whitelist ${HOME}/.tb |
15 | 15 | ||
16 | private-bin tb-starter-wrapper | 16 | private-bin tb-starter-wrapper |
17 | 17 | ||
diff --git a/etc/profile-m-z/tcpdump.profile b/etc/profile-m-z/tcpdump.profile index b4c4873b3..e2ba5893c 100644 --- a/etc/profile-m-z/tcpdump.profile +++ b/etc/profile-m-z/tcpdump.profile | |||
@@ -6,9 +6,9 @@ include tcpdump.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny /sbin | 9 | noblacklist /sbin |
10 | nodeny /usr/sbin | 10 | noblacklist /usr/sbin |
11 | nodeny ${PATH}/tcpdump | 11 | noblacklist ${PATH}/tcpdump |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/teams-for-linux.profile b/etc/profile-m-z/teams-for-linux.profile index 24cbb42da..eee083332 100644 --- a/etc/profile-m-z/teams-for-linux.profile +++ b/etc/profile-m-z/teams-for-linux.profile | |||
@@ -14,10 +14,10 @@ ignore include whitelist-usr-share-common.inc | |||
14 | ignore dbus-user none | 14 | ignore dbus-user none |
15 | ignore dbus-system none | 15 | ignore dbus-system none |
16 | 16 | ||
17 | nodeny ${HOME}/.config/teams-for-linux | 17 | noblacklist ${HOME}/.config/teams-for-linux |
18 | 18 | ||
19 | mkdir ${HOME}/.config/teams-for-linux | 19 | mkdir ${HOME}/.config/teams-for-linux |
20 | allow ${HOME}/.config/teams-for-linux | 20 | whitelist ${HOME}/.config/teams-for-linux |
21 | 21 | ||
22 | private-bin bash,cut,echo,egrep,grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh | 22 | private-bin bash,cut,echo,egrep,grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh |
23 | private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl | 23 | private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl |
diff --git a/etc/profile-m-z/teams.profile b/etc/profile-m-z/teams.profile index 8639edbc8..c8d98cbaa 100644 --- a/etc/profile-m-z/teams.profile +++ b/etc/profile-m-z/teams.profile | |||
@@ -18,13 +18,13 @@ ignore apparmor | |||
18 | ignore dbus-user none | 18 | ignore dbus-user none |
19 | ignore dbus-system none | 19 | ignore dbus-system none |
20 | 20 | ||
21 | nodeny ${HOME}/.config/teams | 21 | noblacklist ${HOME}/.config/teams |
22 | nodeny ${HOME}/.config/Microsoft | 22 | noblacklist ${HOME}/.config/Microsoft |
23 | 23 | ||
24 | mkdir ${HOME}/.config/teams | 24 | mkdir ${HOME}/.config/teams |
25 | mkdir ${HOME}/.config/Microsoft | 25 | mkdir ${HOME}/.config/Microsoft |
26 | allow ${HOME}/.config/teams | 26 | whitelist ${HOME}/.config/teams |
27 | allow ${HOME}/.config/Microsoft | 27 | whitelist ${HOME}/.config/Microsoft |
28 | 28 | ||
29 | # Redirect | 29 | # Redirect |
30 | include electron.profile | 30 | include electron.profile |
diff --git a/etc/profile-m-z/teamspeak3.profile b/etc/profile-m-z/teamspeak3.profile index 781a5f4eb..02a2c8ae4 100644 --- a/etc/profile-m-z/teamspeak3.profile +++ b/etc/profile-m-z/teamspeak3.profile | |||
@@ -6,8 +6,8 @@ include teamspeak3.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.ts3client | 9 | noblacklist ${HOME}/.ts3client |
10 | nodeny ${PATH}/openssl | 10 | noblacklist ${PATH}/openssl |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.ts3client | 19 | mkdir ${HOME}/.ts3client |
20 | allow ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
21 | allow ${HOME}/.ts3client | 21 | whitelist ${HOME}/.ts3client |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-m-z/teeworlds.profile b/etc/profile-m-z/teeworlds.profile index c9c444ffc..be01aee12 100644 --- a/etc/profile-m-z/teeworlds.profile +++ b/etc/profile-m-z/teeworlds.profile | |||
@@ -6,7 +6,7 @@ include teeworlds.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.teeworlds | 9 | noblacklist ${HOME}/.teeworlds |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.teeworlds | 20 | mkdir ${HOME}/.teeworlds |
21 | allow ${HOME}/.teeworlds | 21 | whitelist ${HOME}/.teeworlds |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile index 92689a461..53f932eef 100644 --- a/etc/profile-m-z/telegram.profile +++ b/etc/profile-m-z/telegram.profile | |||
@@ -5,8 +5,8 @@ include telegram.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.TelegramDesktop | 8 | noblacklist ${HOME}/.TelegramDesktop |
9 | nodeny ${HOME}/.local/share/TelegramDesktop | 9 | noblacklist ${HOME}/.local/share/TelegramDesktop |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.TelegramDesktop | 20 | mkdir ${HOME}/.TelegramDesktop |
21 | mkdir ${HOME}/.local/share/TelegramDesktop | 21 | mkdir ${HOME}/.local/share/TelegramDesktop |
22 | allow ${HOME}/.TelegramDesktop | 22 | whitelist ${HOME}/.TelegramDesktop |
23 | allow ${HOME}/.local/share/TelegramDesktop | 23 | whitelist ${HOME}/.local/share/TelegramDesktop |
24 | allow ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
@@ -48,6 +48,7 @@ private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so. | |||
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | dbus-user filter | 50 | dbus-user filter |
51 | dbus-user.own org.telegram.desktop.* | ||
51 | dbus-user.talk org.freedesktop.Notifications | 52 | dbus-user.talk org.freedesktop.Notifications |
52 | dbus-user.talk org.kde.StatusNotifierWatcher | 53 | dbus-user.talk org.kde.StatusNotifierWatcher |
53 | dbus-user.talk org.gnome.Mutter.IdleMonitor | 54 | dbus-user.talk org.gnome.Mutter.IdleMonitor |
diff --git a/etc/profile-m-z/terasology.profile b/etc/profile-m-z/terasology.profile index b2f98fbac..ce2ca1d17 100644 --- a/etc/profile-m-z/terasology.profile +++ b/etc/profile-m-z/terasology.profile | |||
@@ -7,7 +7,7 @@ include globals.local | |||
7 | 7 | ||
8 | ignore noexec /tmp | 8 | ignore noexec /tmp |
9 | 9 | ||
10 | nodeny ${HOME}/.local/share/terasology | 10 | noblacklist ${HOME}/.local/share/terasology |
11 | 11 | ||
12 | # Allow java (blacklisted by disable-devel.inc) | 12 | # Allow java (blacklisted by disable-devel.inc) |
13 | include allow-java.inc | 13 | include allow-java.inc |
@@ -21,8 +21,8 @@ include disable-programs.inc | |||
21 | 21 | ||
22 | mkdir ${HOME}/.java | 22 | mkdir ${HOME}/.java |
23 | mkdir ${HOME}/.local/share/terasology | 23 | mkdir ${HOME}/.local/share/terasology |
24 | allow ${HOME}/.java | 24 | whitelist ${HOME}/.java |
25 | allow ${HOME}/.local/share/terasology | 25 | whitelist ${HOME}/.local/share/terasology |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | 27 | ||
28 | caps.drop all | 28 | caps.drop all |
diff --git a/etc/profile-m-z/thunderbird.profile b/etc/profile-m-z/thunderbird.profile index a539cadf8..b478fbe1e 100644 --- a/etc/profile-m-z/thunderbird.profile +++ b/etc/profile-m-z/thunderbird.profile | |||
@@ -22,14 +22,14 @@ writable-run-user | |||
22 | #writable-var | 22 | #writable-var |
23 | 23 | ||
24 | # These lines are needed to allow Firefox to load your profile when clicking a link in an email | 24 | # These lines are needed to allow Firefox to load your profile when clicking a link in an email |
25 | nodeny ${HOME}/.mozilla | 25 | noblacklist ${HOME}/.mozilla |
26 | allow ${HOME}/.mozilla/firefox/profiles.ini | 26 | whitelist ${HOME}/.mozilla/firefox/profiles.ini |
27 | read-only ${HOME}/.mozilla/firefox/profiles.ini | 27 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
28 | 28 | ||
29 | nodeny ${HOME}/.cache/thunderbird | 29 | noblacklist ${HOME}/.cache/thunderbird |
30 | nodeny ${HOME}/.gnupg | 30 | noblacklist ${HOME}/.gnupg |
31 | # noblacklist ${HOME}/.icedove | 31 | # noblacklist ${HOME}/.icedove |
32 | nodeny ${HOME}/.thunderbird | 32 | noblacklist ${HOME}/.thunderbird |
33 | 33 | ||
34 | include disable-passwdmgr.inc | 34 | include disable-passwdmgr.inc |
35 | include disable-xdg.inc | 35 | include disable-xdg.inc |
@@ -42,15 +42,15 @@ mkdir ${HOME}/.cache/thunderbird | |||
42 | mkdir ${HOME}/.gnupg | 42 | mkdir ${HOME}/.gnupg |
43 | # mkdir ${HOME}/.icedove | 43 | # mkdir ${HOME}/.icedove |
44 | mkdir ${HOME}/.thunderbird | 44 | mkdir ${HOME}/.thunderbird |
45 | allow ${HOME}/.cache/thunderbird | 45 | whitelist ${HOME}/.cache/thunderbird |
46 | allow ${HOME}/.gnupg | 46 | whitelist ${HOME}/.gnupg |
47 | # whitelist ${HOME}/.icedove | 47 | # whitelist ${HOME}/.icedove |
48 | allow ${HOME}/.thunderbird | 48 | whitelist ${HOME}/.thunderbird |
49 | 49 | ||
50 | allow /usr/share/gnupg | 50 | whitelist /usr/share/gnupg |
51 | allow /usr/share/mozilla | 51 | whitelist /usr/share/mozilla |
52 | allow /usr/share/thunderbird | 52 | whitelist /usr/share/thunderbird |
53 | allow /usr/share/webext | 53 | whitelist /usr/share/webext |
54 | include whitelist-usr-share-common.inc | 54 | include whitelist-usr-share-common.inc |
55 | 55 | ||
56 | # machine-id breaks audio in browsers; enable or put it in your thunderbird.local when sound is not required | 56 | # machine-id breaks audio in browsers; enable or put it in your thunderbird.local when sound is not required |
diff --git a/etc/profile-m-z/tilp.profile b/etc/profile-m-z/tilp.profile index b0fa54f08..dd4a372c4 100644 --- a/etc/profile-m-z/tilp.profile +++ b/etc/profile-m-z/tilp.profile | |||
@@ -5,7 +5,7 @@ include tilp.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.tilp | 8 | noblacklist ${HOME}/.tilp |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile index 3ee696b8b..e0ed3090a 100644 --- a/etc/profile-m-z/tin.profile +++ b/etc/profile-m-z/tin.profile | |||
@@ -6,12 +6,12 @@ include tin.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.newsrc | 9 | noblacklist ${HOME}/.newsrc |
10 | nodeny ${HOME}/.tin | 10 | noblacklist ${HOME}/.tin |
11 | 11 | ||
12 | deny /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
13 | deny ${RUNUSER} | 13 | blacklist ${RUNUSER} |
14 | deny /usr/libexec | 14 | blacklist /usr/libexec |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-m-z/tmux.profile b/etc/profile-m-z/tmux.profile index d2e90e356..0139d7515 100644 --- a/etc/profile-m-z/tmux.profile +++ b/etc/profile-m-z/tmux.profile | |||
@@ -7,10 +7,10 @@ include tmux.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER} | 11 | blacklist ${RUNUSER} |
12 | 12 | ||
13 | nodeny /tmp/tmux-* | 13 | noblacklist /tmp/tmux-* |
14 | 14 | ||
15 | # include disable-common.inc | 15 | # include disable-common.inc |
16 | # include disable-devel.inc | 16 | # include disable-devel.inc |
diff --git a/etc/profile-m-z/tor-browser-ar.profile b/etc/profile-m-z/tor-browser-ar.profile index 49158b93e..59f1bc3b1 100644 --- a/etc/profile-m-z/tor-browser-ar.profile +++ b/etc/profile-m-z/tor-browser-ar.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ar.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-ar | 9 | noblacklist ${HOME}/.tor-browser-ar |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ar | 11 | mkdir ${HOME}/.tor-browser-ar |
12 | allow ${HOME}/.tor-browser-ar | 12 | whitelist ${HOME}/.tor-browser-ar |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ca.profile b/etc/profile-m-z/tor-browser-ca.profile index 612f8bd7c..68577e352 100644 --- a/etc/profile-m-z/tor-browser-ca.profile +++ b/etc/profile-m-z/tor-browser-ca.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ca.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-ca | 9 | noblacklist ${HOME}/.tor-browser-ca |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ca | 11 | mkdir ${HOME}/.tor-browser-ca |
12 | allow ${HOME}/.tor-browser-ca | 12 | whitelist ${HOME}/.tor-browser-ca |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-cs.profile b/etc/profile-m-z/tor-browser-cs.profile index a400fde05..33e51fcd0 100644 --- a/etc/profile-m-z/tor-browser-cs.profile +++ b/etc/profile-m-z/tor-browser-cs.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-cs.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-cs | 9 | noblacklist ${HOME}/.tor-browser-cs |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-cs | 11 | mkdir ${HOME}/.tor-browser-cs |
12 | allow ${HOME}/.tor-browser-cs | 12 | whitelist ${HOME}/.tor-browser-cs |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-da.profile b/etc/profile-m-z/tor-browser-da.profile index 9010025e3..440bb7fc3 100644 --- a/etc/profile-m-z/tor-browser-da.profile +++ b/etc/profile-m-z/tor-browser-da.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-da.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-da | 9 | noblacklist ${HOME}/.tor-browser-da |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-da | 11 | mkdir ${HOME}/.tor-browser-da |
12 | allow ${HOME}/.tor-browser-da | 12 | whitelist ${HOME}/.tor-browser-da |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-de.profile b/etc/profile-m-z/tor-browser-de.profile index cd556c32b..b2b98cf82 100644 --- a/etc/profile-m-z/tor-browser-de.profile +++ b/etc/profile-m-z/tor-browser-de.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-de.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-de | 9 | noblacklist ${HOME}/.tor-browser-de |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-de | 11 | mkdir ${HOME}/.tor-browser-de |
12 | allow ${HOME}/.tor-browser-de | 12 | whitelist ${HOME}/.tor-browser-de |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-el.profile b/etc/profile-m-z/tor-browser-el.profile index ee2b0fea7..626757dd5 100644 --- a/etc/profile-m-z/tor-browser-el.profile +++ b/etc/profile-m-z/tor-browser-el.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-el.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-el | 9 | noblacklist ${HOME}/.tor-browser-el |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-el | 11 | mkdir ${HOME}/.tor-browser-el |
12 | allow ${HOME}/.tor-browser-el | 12 | whitelist ${HOME}/.tor-browser-el |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-en-us.profile b/etc/profile-m-z/tor-browser-en-us.profile index 2be71a5aa..15e690748 100644 --- a/etc/profile-m-z/tor-browser-en-us.profile +++ b/etc/profile-m-z/tor-browser-en-us.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-en-us.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-en-us | 9 | noblacklist ${HOME}/.tor-browser-en-us |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-en-us | 11 | mkdir ${HOME}/.tor-browser-en-us |
12 | allow ${HOME}/.tor-browser-en-us | 12 | whitelist ${HOME}/.tor-browser-en-us |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-en.profile b/etc/profile-m-z/tor-browser-en.profile index 633c2f4f9..ef8c1eb8b 100644 --- a/etc/profile-m-z/tor-browser-en.profile +++ b/etc/profile-m-z/tor-browser-en.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-en.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-en | 9 | noblacklist ${HOME}/.tor-browser-en |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-en | 11 | mkdir ${HOME}/.tor-browser-en |
12 | allow ${HOME}/.tor-browser-en | 12 | whitelist ${HOME}/.tor-browser-en |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-es-es.profile b/etc/profile-m-z/tor-browser-es-es.profile index f7c2302a7..ad734662e 100644 --- a/etc/profile-m-z/tor-browser-es-es.profile +++ b/etc/profile-m-z/tor-browser-es-es.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-es-es.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-es-es | 9 | noblacklist ${HOME}/.tor-browser-es-es |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-es-es | 11 | mkdir ${HOME}/.tor-browser-es-es |
12 | allow ${HOME}/.tor-browser-es-es | 12 | whitelist ${HOME}/.tor-browser-es-es |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-es.profile b/etc/profile-m-z/tor-browser-es.profile index d88dcdec1..97d8d8577 100644 --- a/etc/profile-m-z/tor-browser-es.profile +++ b/etc/profile-m-z/tor-browser-es.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-es.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-es | 9 | noblacklist ${HOME}/.tor-browser-es |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-es | 11 | mkdir ${HOME}/.tor-browser-es |
12 | allow ${HOME}/.tor-browser-es | 12 | whitelist ${HOME}/.tor-browser-es |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-fa.profile b/etc/profile-m-z/tor-browser-fa.profile index 3f7074fdb..095be69e4 100644 --- a/etc/profile-m-z/tor-browser-fa.profile +++ b/etc/profile-m-z/tor-browser-fa.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-fa.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-fa | 9 | noblacklist ${HOME}/.tor-browser-fa |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-fa | 11 | mkdir ${HOME}/.tor-browser-fa |
12 | allow ${HOME}/.tor-browser-fa | 12 | whitelist ${HOME}/.tor-browser-fa |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-fr.profile b/etc/profile-m-z/tor-browser-fr.profile index ef14f44a2..37f61fc3a 100644 --- a/etc/profile-m-z/tor-browser-fr.profile +++ b/etc/profile-m-z/tor-browser-fr.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-fr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-fr | 9 | noblacklist ${HOME}/.tor-browser-fr |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-fr | 11 | mkdir ${HOME}/.tor-browser-fr |
12 | allow ${HOME}/.tor-browser-fr | 12 | whitelist ${HOME}/.tor-browser-fr |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ga-ie.profile b/etc/profile-m-z/tor-browser-ga-ie.profile index 06baaf34f..ab7141fc4 100644 --- a/etc/profile-m-z/tor-browser-ga-ie.profile +++ b/etc/profile-m-z/tor-browser-ga-ie.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ga-ie.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-ga-ie | 9 | noblacklist ${HOME}/.tor-browser-ga-ie |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ga-ie | 11 | mkdir ${HOME}/.tor-browser-ga-ie |
12 | allow ${HOME}/.tor-browser-ga-ie | 12 | whitelist ${HOME}/.tor-browser-ga-ie |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-he.profile b/etc/profile-m-z/tor-browser-he.profile index 57588ffc7..ae56f3b7f 100644 --- a/etc/profile-m-z/tor-browser-he.profile +++ b/etc/profile-m-z/tor-browser-he.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-he.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-he | 9 | noblacklist ${HOME}/.tor-browser-he |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-he | 11 | mkdir ${HOME}/.tor-browser-he |
12 | allow ${HOME}/.tor-browser-he | 12 | whitelist ${HOME}/.tor-browser-he |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-hu.profile b/etc/profile-m-z/tor-browser-hu.profile index a10b66a24..65cd18ac8 100644 --- a/etc/profile-m-z/tor-browser-hu.profile +++ b/etc/profile-m-z/tor-browser-hu.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-hu.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-hu | 9 | noblacklist ${HOME}/.tor-browser-hu |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-hu | 11 | mkdir ${HOME}/.tor-browser-hu |
12 | allow ${HOME}/.tor-browser-hu | 12 | whitelist ${HOME}/.tor-browser-hu |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-id.profile b/etc/profile-m-z/tor-browser-id.profile index fcdb822cd..57fe09f47 100644 --- a/etc/profile-m-z/tor-browser-id.profile +++ b/etc/profile-m-z/tor-browser-id.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-id.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-id | 9 | noblacklist ${HOME}/.tor-browser-id |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-id | 11 | mkdir ${HOME}/.tor-browser-id |
12 | allow ${HOME}/.tor-browser-id | 12 | whitelist ${HOME}/.tor-browser-id |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-is.profile b/etc/profile-m-z/tor-browser-is.profile index 45b47c108..54f1df42d 100644 --- a/etc/profile-m-z/tor-browser-is.profile +++ b/etc/profile-m-z/tor-browser-is.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-is.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-is | 9 | noblacklist ${HOME}/.tor-browser-is |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-is | 11 | mkdir ${HOME}/.tor-browser-is |
12 | allow ${HOME}/.tor-browser-is | 12 | whitelist ${HOME}/.tor-browser-is |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-it.profile b/etc/profile-m-z/tor-browser-it.profile index b5a2f7c13..a7d46e875 100644 --- a/etc/profile-m-z/tor-browser-it.profile +++ b/etc/profile-m-z/tor-browser-it.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-it.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-it | 9 | noblacklist ${HOME}/.tor-browser-it |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-it | 11 | mkdir ${HOME}/.tor-browser-it |
12 | allow ${HOME}/.tor-browser-it | 12 | whitelist ${HOME}/.tor-browser-it |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ja.profile b/etc/profile-m-z/tor-browser-ja.profile index e1f023bd4..b89016141 100644 --- a/etc/profile-m-z/tor-browser-ja.profile +++ b/etc/profile-m-z/tor-browser-ja.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ja.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-ja | 9 | noblacklist ${HOME}/.tor-browser-ja |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ja | 11 | mkdir ${HOME}/.tor-browser-ja |
12 | allow ${HOME}/.tor-browser-ja | 12 | whitelist ${HOME}/.tor-browser-ja |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ka.profile b/etc/profile-m-z/tor-browser-ka.profile index 17930b58e..b57cf10de 100644 --- a/etc/profile-m-z/tor-browser-ka.profile +++ b/etc/profile-m-z/tor-browser-ka.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ka.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-ka | 9 | noblacklist ${HOME}/.tor-browser-ka |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ka | 11 | mkdir ${HOME}/.tor-browser-ka |
12 | allow ${HOME}/.tor-browser-ka | 12 | whitelist ${HOME}/.tor-browser-ka |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ko.profile b/etc/profile-m-z/tor-browser-ko.profile index b33d1edb4..a9bedb6fd 100644 --- a/etc/profile-m-z/tor-browser-ko.profile +++ b/etc/profile-m-z/tor-browser-ko.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ko.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-ko | 9 | noblacklist ${HOME}/.tor-browser-ko |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ko | 11 | mkdir ${HOME}/.tor-browser-ko |
12 | allow ${HOME}/.tor-browser-ko | 12 | whitelist ${HOME}/.tor-browser-ko |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-nb.profile b/etc/profile-m-z/tor-browser-nb.profile index b462eb9ac..fbe9f92bd 100644 --- a/etc/profile-m-z/tor-browser-nb.profile +++ b/etc/profile-m-z/tor-browser-nb.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-nb.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-nb | 9 | noblacklist ${HOME}/.tor-browser-nb |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-nb | 11 | mkdir ${HOME}/.tor-browser-nb |
12 | allow ${HOME}/.tor-browser-nb | 12 | whitelist ${HOME}/.tor-browser-nb |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-nl.profile b/etc/profile-m-z/tor-browser-nl.profile index 0225eb6fd..678ac1713 100644 --- a/etc/profile-m-z/tor-browser-nl.profile +++ b/etc/profile-m-z/tor-browser-nl.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-nl.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-nl | 9 | noblacklist ${HOME}/.tor-browser-nl |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-nl | 11 | mkdir ${HOME}/.tor-browser-nl |
12 | allow ${HOME}/.tor-browser-nl | 12 | whitelist ${HOME}/.tor-browser-nl |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-pl.profile b/etc/profile-m-z/tor-browser-pl.profile index 75604b458..25d473b1a 100644 --- a/etc/profile-m-z/tor-browser-pl.profile +++ b/etc/profile-m-z/tor-browser-pl.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-pl.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-pl | 9 | noblacklist ${HOME}/.tor-browser-pl |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-pl | 11 | mkdir ${HOME}/.tor-browser-pl |
12 | allow ${HOME}/.tor-browser-pl | 12 | whitelist ${HOME}/.tor-browser-pl |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-pt-br.profile b/etc/profile-m-z/tor-browser-pt-br.profile index 4d50d8034..55adbd5ea 100644 --- a/etc/profile-m-z/tor-browser-pt-br.profile +++ b/etc/profile-m-z/tor-browser-pt-br.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-pt-br.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-pt-br | 9 | noblacklist ${HOME}/.tor-browser-pt-br |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-pt-br | 11 | mkdir ${HOME}/.tor-browser-pt-br |
12 | allow ${HOME}/.tor-browser-pt-br | 12 | whitelist ${HOME}/.tor-browser-pt-br |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ru.profile b/etc/profile-m-z/tor-browser-ru.profile index 4bca3c46f..aea13be9d 100644 --- a/etc/profile-m-z/tor-browser-ru.profile +++ b/etc/profile-m-z/tor-browser-ru.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ru.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-ru | 9 | noblacklist ${HOME}/.tor-browser-ru |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ru | 11 | mkdir ${HOME}/.tor-browser-ru |
12 | allow ${HOME}/.tor-browser-ru | 12 | whitelist ${HOME}/.tor-browser-ru |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-sv-se.profile b/etc/profile-m-z/tor-browser-sv-se.profile index 1b319dc43..b7882bd04 100644 --- a/etc/profile-m-z/tor-browser-sv-se.profile +++ b/etc/profile-m-z/tor-browser-sv-se.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-sv-se.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-sv-se | 9 | noblacklist ${HOME}/.tor-browser-sv-se |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-sv-se | 11 | mkdir ${HOME}/.tor-browser-sv-se |
12 | allow ${HOME}/.tor-browser-sv-se | 12 | whitelist ${HOME}/.tor-browser-sv-se |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-tr.profile b/etc/profile-m-z/tor-browser-tr.profile index 0775a0c08..c52e8c4c4 100644 --- a/etc/profile-m-z/tor-browser-tr.profile +++ b/etc/profile-m-z/tor-browser-tr.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-tr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-tr | 9 | noblacklist ${HOME}/.tor-browser-tr |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-tr | 11 | mkdir ${HOME}/.tor-browser-tr |
12 | allow ${HOME}/.tor-browser-tr | 12 | whitelist ${HOME}/.tor-browser-tr |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-vi.profile b/etc/profile-m-z/tor-browser-vi.profile index c4d5a7a76..d5bf76655 100644 --- a/etc/profile-m-z/tor-browser-vi.profile +++ b/etc/profile-m-z/tor-browser-vi.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-vi.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-vi | 9 | noblacklist ${HOME}/.tor-browser-vi |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-vi | 11 | mkdir ${HOME}/.tor-browser-vi |
12 | allow ${HOME}/.tor-browser-vi | 12 | whitelist ${HOME}/.tor-browser-vi |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-zh-cn.profile b/etc/profile-m-z/tor-browser-zh-cn.profile index 4cd287e5d..6c8925a4a 100644 --- a/etc/profile-m-z/tor-browser-zh-cn.profile +++ b/etc/profile-m-z/tor-browser-zh-cn.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-zh-cn.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-zh-cn | 9 | noblacklist ${HOME}/.tor-browser-zh-cn |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-zh-cn | 11 | mkdir ${HOME}/.tor-browser-zh-cn |
12 | allow ${HOME}/.tor-browser-zh-cn | 12 | whitelist ${HOME}/.tor-browser-zh-cn |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-zh-tw.profile b/etc/profile-m-z/tor-browser-zh-tw.profile index c75baf522..141a6701e 100644 --- a/etc/profile-m-z/tor-browser-zh-tw.profile +++ b/etc/profile-m-z/tor-browser-zh-tw.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-zh-tw.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser-zh-tw | 9 | noblacklist ${HOME}/.tor-browser-zh-tw |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-zh-tw | 11 | mkdir ${HOME}/.tor-browser-zh-tw |
12 | allow ${HOME}/.tor-browser-zh-tw | 12 | whitelist ${HOME}/.tor-browser-zh-tw |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser.profile b/etc/profile-m-z/tor-browser.profile index 8a2dbda53..76a0e1fa5 100644 --- a/etc/profile-m-z/tor-browser.profile +++ b/etc/profile-m-z/tor-browser.profile | |||
@@ -6,10 +6,10 @@ include tor-browser.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser | 9 | noblacklist ${HOME}/.tor-browser |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser | 11 | mkdir ${HOME}/.tor-browser |
12 | allow ${HOME}/.tor-browser | 12 | whitelist ${HOME}/.tor-browser |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ar.profile b/etc/profile-m-z/tor-browser_ar.profile index 90b5a0960..d811b7549 100644 --- a/etc/profile-m-z/tor-browser_ar.profile +++ b/etc/profile-m-z/tor-browser_ar.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ar.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_ar | 9 | noblacklist ${HOME}/.tor-browser_ar |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ar | 11 | mkdir ${HOME}/.tor-browser_ar |
12 | allow ${HOME}/.tor-browser_ar | 12 | whitelist ${HOME}/.tor-browser_ar |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ca.profile b/etc/profile-m-z/tor-browser_ca.profile index a04207ccd..8bf1f7cd4 100644 --- a/etc/profile-m-z/tor-browser_ca.profile +++ b/etc/profile-m-z/tor-browser_ca.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ca.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_ca | 9 | noblacklist ${HOME}/.tor-browser_ca |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ca | 11 | mkdir ${HOME}/.tor-browser_ca |
12 | allow ${HOME}/.tor-browser_ca | 12 | whitelist ${HOME}/.tor-browser_ca |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_cs.profile b/etc/profile-m-z/tor-browser_cs.profile index b99ad14a8..b41107bf1 100644 --- a/etc/profile-m-z/tor-browser_cs.profile +++ b/etc/profile-m-z/tor-browser_cs.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_cs.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_cs | 9 | noblacklist ${HOME}/.tor-browser_cs |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_cs | 11 | mkdir ${HOME}/.tor-browser_cs |
12 | allow ${HOME}/.tor-browser_cs | 12 | whitelist ${HOME}/.tor-browser_cs |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_da.profile b/etc/profile-m-z/tor-browser_da.profile index 545e53b7e..cbec4ee2e 100644 --- a/etc/profile-m-z/tor-browser_da.profile +++ b/etc/profile-m-z/tor-browser_da.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_da.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_da | 9 | noblacklist ${HOME}/.tor-browser_da |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_da | 11 | mkdir ${HOME}/.tor-browser_da |
12 | allow ${HOME}/.tor-browser_da | 12 | whitelist ${HOME}/.tor-browser_da |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_de.profile b/etc/profile-m-z/tor-browser_de.profile index 545f82f72..ea26765d3 100644 --- a/etc/profile-m-z/tor-browser_de.profile +++ b/etc/profile-m-z/tor-browser_de.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_de.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_de | 9 | noblacklist ${HOME}/.tor-browser_de |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_de | 11 | mkdir ${HOME}/.tor-browser_de |
12 | allow ${HOME}/.tor-browser_de | 12 | whitelist ${HOME}/.tor-browser_de |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_el.profile b/etc/profile-m-z/tor-browser_el.profile index 3120b1701..ff57a8722 100644 --- a/etc/profile-m-z/tor-browser_el.profile +++ b/etc/profile-m-z/tor-browser_el.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_el.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_el | 9 | noblacklist ${HOME}/.tor-browser_el |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_el | 11 | mkdir ${HOME}/.tor-browser_el |
12 | allow ${HOME}/.tor-browser_el | 12 | whitelist ${HOME}/.tor-browser_el |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_en-US.profile b/etc/profile-m-z/tor-browser_en-US.profile index 6719ac057..18c92b638 100644 --- a/etc/profile-m-z/tor-browser_en-US.profile +++ b/etc/profile-m-z/tor-browser_en-US.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_en-US.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_en-US | 9 | noblacklist ${HOME}/.tor-browser_en-US |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_en-US | 11 | mkdir ${HOME}/.tor-browser_en-US |
12 | allow ${HOME}/.tor-browser_en-US | 12 | whitelist ${HOME}/.tor-browser_en-US |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_en.profile b/etc/profile-m-z/tor-browser_en.profile index 4cbd37109..ebba83cc4 100644 --- a/etc/profile-m-z/tor-browser_en.profile +++ b/etc/profile-m-z/tor-browser_en.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_en.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_en | 9 | noblacklist ${HOME}/.tor-browser_en |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_en | 11 | mkdir ${HOME}/.tor-browser_en |
12 | allow ${HOME}/.tor-browser_en | 12 | whitelist ${HOME}/.tor-browser_en |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_es-ES.profile b/etc/profile-m-z/tor-browser_es-ES.profile index 6c8a5987c..aecab38d5 100644 --- a/etc/profile-m-z/tor-browser_es-ES.profile +++ b/etc/profile-m-z/tor-browser_es-ES.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_es-ES.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_es-ES | 9 | noblacklist ${HOME}/.tor-browser_es-ES |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_es-ES | 11 | mkdir ${HOME}/.tor-browser_es-ES |
12 | allow ${HOME}/.tor-browser_es-ES | 12 | whitelist ${HOME}/.tor-browser_es-ES |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_es.profile b/etc/profile-m-z/tor-browser_es.profile index 7d358b7ca..e19e9b5e6 100644 --- a/etc/profile-m-z/tor-browser_es.profile +++ b/etc/profile-m-z/tor-browser_es.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_es.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_es | 9 | noblacklist ${HOME}/.tor-browser_es |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_es | 11 | mkdir ${HOME}/.tor-browser_es |
12 | allow ${HOME}/.tor-browser_es | 12 | whitelist ${HOME}/.tor-browser_es |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_fa.profile b/etc/profile-m-z/tor-browser_fa.profile index fc4285c5d..68414c277 100644 --- a/etc/profile-m-z/tor-browser_fa.profile +++ b/etc/profile-m-z/tor-browser_fa.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_fa.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_fa | 9 | noblacklist ${HOME}/.tor-browser_fa |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_fa | 11 | mkdir ${HOME}/.tor-browser_fa |
12 | allow ${HOME}/.tor-browser_fa | 12 | whitelist ${HOME}/.tor-browser_fa |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_fr.profile b/etc/profile-m-z/tor-browser_fr.profile index 2d0c0ff1f..0a8bb30b7 100644 --- a/etc/profile-m-z/tor-browser_fr.profile +++ b/etc/profile-m-z/tor-browser_fr.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_fr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_fr | 9 | noblacklist ${HOME}/.tor-browser_fr |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_fr | 11 | mkdir ${HOME}/.tor-browser_fr |
12 | allow ${HOME}/.tor-browser_fr | 12 | whitelist ${HOME}/.tor-browser_fr |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ga-IE.profile b/etc/profile-m-z/tor-browser_ga-IE.profile index 2880e1e2a..12354b900 100644 --- a/etc/profile-m-z/tor-browser_ga-IE.profile +++ b/etc/profile-m-z/tor-browser_ga-IE.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ga-IE.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_ga-IE | 9 | noblacklist ${HOME}/.tor-browser_ga-IE |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ga-IE | 11 | mkdir ${HOME}/.tor-browser_ga-IE |
12 | allow ${HOME}/.tor-browser_ga-IE | 12 | whitelist ${HOME}/.tor-browser_ga-IE |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_he.profile b/etc/profile-m-z/tor-browser_he.profile index ac6993019..19cbb0809 100644 --- a/etc/profile-m-z/tor-browser_he.profile +++ b/etc/profile-m-z/tor-browser_he.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_he.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_he | 9 | noblacklist ${HOME}/.tor-browser_he |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_he | 11 | mkdir ${HOME}/.tor-browser_he |
12 | allow ${HOME}/.tor-browser_he | 12 | whitelist ${HOME}/.tor-browser_he |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_hu.profile b/etc/profile-m-z/tor-browser_hu.profile index 6877a6be4..62b55e170 100644 --- a/etc/profile-m-z/tor-browser_hu.profile +++ b/etc/profile-m-z/tor-browser_hu.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_hu.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_hu | 9 | noblacklist ${HOME}/.tor-browser_hu |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_hu | 11 | mkdir ${HOME}/.tor-browser_hu |
12 | allow ${HOME}/.tor-browser_hu | 12 | whitelist ${HOME}/.tor-browser_hu |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_id.profile b/etc/profile-m-z/tor-browser_id.profile index 5f5601f74..2970a7747 100644 --- a/etc/profile-m-z/tor-browser_id.profile +++ b/etc/profile-m-z/tor-browser_id.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_id.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_id | 9 | noblacklist ${HOME}/.tor-browser_id |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_id | 11 | mkdir ${HOME}/.tor-browser_id |
12 | allow ${HOME}/.tor-browser_id | 12 | whitelist ${HOME}/.tor-browser_id |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_is.profile b/etc/profile-m-z/tor-browser_is.profile index f0814d16e..f922c7644 100644 --- a/etc/profile-m-z/tor-browser_is.profile +++ b/etc/profile-m-z/tor-browser_is.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_is.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_is | 9 | noblacklist ${HOME}/.tor-browser_is |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_is | 11 | mkdir ${HOME}/.tor-browser_is |
12 | allow ${HOME}/.tor-browser_is | 12 | whitelist ${HOME}/.tor-browser_is |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_it.profile b/etc/profile-m-z/tor-browser_it.profile index fa01f6bca..406901759 100644 --- a/etc/profile-m-z/tor-browser_it.profile +++ b/etc/profile-m-z/tor-browser_it.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_it.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_it | 9 | noblacklist ${HOME}/.tor-browser_it |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_it | 11 | mkdir ${HOME}/.tor-browser_it |
12 | allow ${HOME}/.tor-browser_it | 12 | whitelist ${HOME}/.tor-browser_it |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ja.profile b/etc/profile-m-z/tor-browser_ja.profile index dde107dd3..8f9d8d751 100644 --- a/etc/profile-m-z/tor-browser_ja.profile +++ b/etc/profile-m-z/tor-browser_ja.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ja.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_ja | 9 | noblacklist ${HOME}/.tor-browser_ja |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ja | 11 | mkdir ${HOME}/.tor-browser_ja |
12 | allow ${HOME}/.tor-browser_ja | 12 | whitelist ${HOME}/.tor-browser_ja |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ka.profile b/etc/profile-m-z/tor-browser_ka.profile index 7de4dff65..4de4135e1 100644 --- a/etc/profile-m-z/tor-browser_ka.profile +++ b/etc/profile-m-z/tor-browser_ka.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ka.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_ka | 9 | noblacklist ${HOME}/.tor-browser_ka |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ka | 11 | mkdir ${HOME}/.tor-browser_ka |
12 | allow ${HOME}/.tor-browser_ka | 12 | whitelist ${HOME}/.tor-browser_ka |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ko.profile b/etc/profile-m-z/tor-browser_ko.profile index 7e3ceb4d9..125c733ce 100644 --- a/etc/profile-m-z/tor-browser_ko.profile +++ b/etc/profile-m-z/tor-browser_ko.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ko.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_ko | 9 | noblacklist ${HOME}/.tor-browser_ko |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ko | 11 | mkdir ${HOME}/.tor-browser_ko |
12 | allow ${HOME}/.tor-browser_ko | 12 | whitelist ${HOME}/.tor-browser_ko |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_nb.profile b/etc/profile-m-z/tor-browser_nb.profile index c11001960..dc6ac876b 100644 --- a/etc/profile-m-z/tor-browser_nb.profile +++ b/etc/profile-m-z/tor-browser_nb.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_nb.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_nb | 9 | noblacklist ${HOME}/.tor-browser_nb |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_nb | 11 | mkdir ${HOME}/.tor-browser_nb |
12 | allow ${HOME}/.tor-browser_nb | 12 | whitelist ${HOME}/.tor-browser_nb |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_nl.profile b/etc/profile-m-z/tor-browser_nl.profile index 2d1044f9d..2a3a5b519 100644 --- a/etc/profile-m-z/tor-browser_nl.profile +++ b/etc/profile-m-z/tor-browser_nl.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_nl.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_nl | 9 | noblacklist ${HOME}/.tor-browser_nl |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_nl | 11 | mkdir ${HOME}/.tor-browser_nl |
12 | allow ${HOME}/.tor-browser_nl | 12 | whitelist ${HOME}/.tor-browser_nl |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_pl.profile b/etc/profile-m-z/tor-browser_pl.profile index 2818320a0..b7dec32db 100644 --- a/etc/profile-m-z/tor-browser_pl.profile +++ b/etc/profile-m-z/tor-browser_pl.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_pl.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_pl | 9 | noblacklist ${HOME}/.tor-browser_pl |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_pl | 11 | mkdir ${HOME}/.tor-browser_pl |
12 | allow ${HOME}/.tor-browser_pl | 12 | whitelist ${HOME}/.tor-browser_pl |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_pt-BR.profile b/etc/profile-m-z/tor-browser_pt-BR.profile index 8c33e2545..7a7d4726c 100644 --- a/etc/profile-m-z/tor-browser_pt-BR.profile +++ b/etc/profile-m-z/tor-browser_pt-BR.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_pt-BR.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_pt-BR | 9 | noblacklist ${HOME}/.tor-browser_pt-BR |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_pt-BR | 11 | mkdir ${HOME}/.tor-browser_pt-BR |
12 | allow ${HOME}/.tor-browser_pt-BR | 12 | whitelist ${HOME}/.tor-browser_pt-BR |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ru.profile b/etc/profile-m-z/tor-browser_ru.profile index 2553bb031..7d2e6bc97 100644 --- a/etc/profile-m-z/tor-browser_ru.profile +++ b/etc/profile-m-z/tor-browser_ru.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ru.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_ru | 9 | noblacklist ${HOME}/.tor-browser_ru |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ru | 11 | mkdir ${HOME}/.tor-browser_ru |
12 | allow ${HOME}/.tor-browser_ru | 12 | whitelist ${HOME}/.tor-browser_ru |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_sv-SE.profile b/etc/profile-m-z/tor-browser_sv-SE.profile index 3152cb658..585925e81 100644 --- a/etc/profile-m-z/tor-browser_sv-SE.profile +++ b/etc/profile-m-z/tor-browser_sv-SE.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_sv-SE.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_sv-SE | 9 | noblacklist ${HOME}/.tor-browser_sv-SE |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_sv-SE | 11 | mkdir ${HOME}/.tor-browser_sv-SE |
12 | allow ${HOME}/.tor-browser_sv-SE | 12 | whitelist ${HOME}/.tor-browser_sv-SE |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_tr.profile b/etc/profile-m-z/tor-browser_tr.profile index 9808d4725..4b0cc3821 100644 --- a/etc/profile-m-z/tor-browser_tr.profile +++ b/etc/profile-m-z/tor-browser_tr.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_tr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_tr | 9 | noblacklist ${HOME}/.tor-browser_tr |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_tr | 11 | mkdir ${HOME}/.tor-browser_tr |
12 | allow ${HOME}/.tor-browser_tr | 12 | whitelist ${HOME}/.tor-browser_tr |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_vi.profile b/etc/profile-m-z/tor-browser_vi.profile index 364fca40b..4dcfbf56d 100644 --- a/etc/profile-m-z/tor-browser_vi.profile +++ b/etc/profile-m-z/tor-browser_vi.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_vi.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_vi | 9 | noblacklist ${HOME}/.tor-browser_vi |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_vi | 11 | mkdir ${HOME}/.tor-browser_vi |
12 | allow ${HOME}/.tor-browser_vi | 12 | whitelist ${HOME}/.tor-browser_vi |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_zh-CN.profile b/etc/profile-m-z/tor-browser_zh-CN.profile index 193e8a399..1e03b8d6b 100644 --- a/etc/profile-m-z/tor-browser_zh-CN.profile +++ b/etc/profile-m-z/tor-browser_zh-CN.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_zh-CN.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_zh-CN | 9 | noblacklist ${HOME}/.tor-browser_zh-CN |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_zh-CN | 11 | mkdir ${HOME}/.tor-browser_zh-CN |
12 | allow ${HOME}/.tor-browser_zh-CN | 12 | whitelist ${HOME}/.tor-browser_zh-CN |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_zh-TW.profile b/etc/profile-m-z/tor-browser_zh-TW.profile index 047be9b8e..a2dcf5cf1 100644 --- a/etc/profile-m-z/tor-browser_zh-TW.profile +++ b/etc/profile-m-z/tor-browser_zh-TW.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_zh-TW.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tor-browser_zh-TW | 9 | noblacklist ${HOME}/.tor-browser_zh-TW |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_zh-TW | 11 | mkdir ${HOME}/.tor-browser_zh-TW |
12 | allow ${HOME}/.tor-browser_zh-TW | 12 | whitelist ${HOME}/.tor-browser_zh-TW |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile index 65a37db5f..7659ed1e9 100644 --- a/etc/profile-m-z/torbrowser-launcher.profile +++ b/etc/profile-m-z/torbrowser-launcher.profile | |||
@@ -8,15 +8,15 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | nodeny ${HOME}/.config/torbrowser | 11 | noblacklist ${HOME}/.config/torbrowser |
12 | nodeny ${HOME}/.local/share/torbrowser | 12 | noblacklist ${HOME}/.local/share/torbrowser |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
16 | include allow-python3.inc | 16 | include allow-python3.inc |
17 | 17 | ||
18 | deny /opt | 18 | blacklist /opt |
19 | deny /srv | 19 | blacklist /srv |
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-devel.inc | 22 | include disable-devel.inc |
@@ -28,10 +28,10 @@ include disable-xdg.inc | |||
28 | 28 | ||
29 | mkdir ${HOME}/.config/torbrowser | 29 | mkdir ${HOME}/.config/torbrowser |
30 | mkdir ${HOME}/.local/share/torbrowser | 30 | mkdir ${HOME}/.local/share/torbrowser |
31 | allow ${DOWNLOADS} | 31 | whitelist ${DOWNLOADS} |
32 | allow ${HOME}/.config/torbrowser | 32 | whitelist ${HOME}/.config/torbrowser |
33 | allow ${HOME}/.local/share/torbrowser | 33 | whitelist ${HOME}/.local/share/torbrowser |
34 | allow /usr/share/torbrowser-launcher | 34 | whitelist /usr/share/torbrowser-launcher |
35 | include whitelist-common.inc | 35 | include whitelist-common.inc |
36 | include whitelist-var-common.inc | 36 | include whitelist-var-common.inc |
37 | include whitelist-runuser-common.inc | 37 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/torcs.profile b/etc/profile-m-z/torcs.profile index c5d89c3e3..0f98a8f64 100644 --- a/etc/profile-m-z/torcs.profile +++ b/etc/profile-m-z/torcs.profile | |||
@@ -6,7 +6,7 @@ include torcs.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.torcs | 9 | noblacklist ${HOME}/.torcs |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.torcs | 19 | mkdir ${HOME}/.torcs |
20 | allow ${HOME}/.torcs | 20 | whitelist ${HOME}/.torcs |
21 | allow /usr/share/games/torcs | 21 | whitelist /usr/share/games/torcs |
22 | allow /var/games/torcs | 22 | whitelist /var/games/torcs |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/totem.profile b/etc/profile-m-z/totem.profile index 77d3c55f8..70d9e0aee 100644 --- a/etc/profile-m-z/totem.profile +++ b/etc/profile-m-z/totem.profile | |||
@@ -13,8 +13,8 @@ include allow-lua.inc | |||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python3.inc | 14 | include allow-python3.inc |
15 | 15 | ||
16 | nodeny ${HOME}/.config/totem | 16 | noblacklist ${HOME}/.config/totem |
17 | nodeny ${HOME}/.local/share/totem | 17 | noblacklist ${HOME}/.local/share/totem |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
@@ -27,9 +27,9 @@ include disable-shell.inc | |||
27 | read-only ${DESKTOP} | 27 | read-only ${DESKTOP} |
28 | mkdir ${HOME}/.config/totem | 28 | mkdir ${HOME}/.config/totem |
29 | mkdir ${HOME}/.local/share/totem | 29 | mkdir ${HOME}/.local/share/totem |
30 | allow ${HOME}/.config/totem | 30 | whitelist ${HOME}/.config/totem |
31 | allow ${HOME}/.local/share/totem | 31 | whitelist ${HOME}/.local/share/totem |
32 | allow /usr/share/totem | 32 | whitelist /usr/share/totem |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-player-common.inc | 34 | include whitelist-player-common.inc |
35 | include whitelist-runuser-common.inc | 35 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/tracker.profile b/etc/profile-m-z/tracker.profile index 26f4abd0b..87c5de076 100644 --- a/etc/profile-m-z/tracker.profile +++ b/etc/profile-m-z/tracker.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | # Tracker is started by systemd on most systems. Therefore it is not firejailed by default | 9 | # Tracker is started by systemd on most systems. Therefore it is not firejailed by default |
10 | 10 | ||
11 | deny /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
12 | deny ${RUNUSER}/wayland-* | 12 | blacklist ${RUNUSER}/wayland-* |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/transgui.profile b/etc/profile-m-z/transgui.profile index d5920e2a2..ea118a9f0 100644 --- a/etc/profile-m-z/transgui.profile +++ b/etc/profile-m-z/transgui.profile | |||
@@ -6,7 +6,7 @@ include transgui.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/transgui | 9 | noblacklist ${HOME}/.config/transgui |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/transgui | 20 | mkdir ${HOME}/.config/transgui |
21 | allow ${HOME}/.config/transgui | 21 | whitelist ${HOME}/.config/transgui |
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/transmission-common.profile b/etc/profile-m-z/transmission-common.profile index 5c2cf9d9a..82671b709 100644 --- a/etc/profile-m-z/transmission-common.profile +++ b/etc/profile-m-z/transmission-common.profile | |||
@@ -7,8 +7,8 @@ include transmission-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.cache/transmission | 10 | noblacklist ${HOME}/.cache/transmission |
11 | nodeny ${HOME}/.config/transmission | 11 | noblacklist ${HOME}/.config/transmission |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-programs.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.cache/transmission | 20 | mkdir ${HOME}/.cache/transmission |
21 | mkdir ${HOME}/.config/transmission | 21 | mkdir ${HOME}/.config/transmission |
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | allow ${HOME}/.cache/transmission | 23 | whitelist ${HOME}/.cache/transmission |
24 | allow ${HOME}/.config/transmission | 24 | whitelist ${HOME}/.config/transmission |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile index 9f0c464fc..348d3cb80 100644 --- a/etc/profile-m-z/transmission-daemon.profile +++ b/etc/profile-m-z/transmission-daemon.profile | |||
@@ -10,8 +10,8 @@ include globals.local | |||
10 | ignore caps.drop all | 10 | ignore caps.drop all |
11 | 11 | ||
12 | mkdir ${HOME}/.config/transmission-daemon | 12 | mkdir ${HOME}/.config/transmission-daemon |
13 | allow ${HOME}/.config/transmission-daemon | 13 | whitelist ${HOME}/.config/transmission-daemon |
14 | allow /var/lib/transmission | 14 | whitelist /var/lib/transmission |
15 | 15 | ||
16 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot | 16 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot |
17 | protocol packet | 17 | protocol packet |
diff --git a/etc/profile-m-z/transmission-remote-gtk.profile b/etc/profile-m-z/transmission-remote-gtk.profile index 7c8eddcbc..a6400e2c0 100644 --- a/etc/profile-m-z/transmission-remote-gtk.profile +++ b/etc/profile-m-z/transmission-remote-gtk.profile | |||
@@ -7,10 +7,10 @@ include transmission-remote-gtk.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.config/transmission-remote-gtk | 10 | noblacklist ${HOME}/.config/transmission-remote-gtk |
11 | 11 | ||
12 | mkdir ${HOME}/.config/transmission-remote-gtk | 12 | mkdir ${HOME}/.config/transmission-remote-gtk |
13 | allow ${HOME}/.config/transmission-remote-gtk | 13 | whitelist ${HOME}/.config/transmission-remote-gtk |
14 | 14 | ||
15 | private-etc fonts,hostname,hosts,resolv.conf | 15 | private-etc fonts,hostname,hosts,resolv.conf |
16 | # Problems with private-lib (see issue #2889) | 16 | # Problems with private-lib (see issue #2889) |
diff --git a/etc/profile-m-z/tremulous.profile b/etc/profile-m-z/tremulous.profile index c2797ddaa..aba563fac 100644 --- a/etc/profile-m-z/tremulous.profile +++ b/etc/profile-m-z/tremulous.profile | |||
@@ -6,7 +6,7 @@ include tremulous.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.tremulous | 9 | noblacklist ${HOME}/.tremulous |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.tremulous | 20 | mkdir ${HOME}/.tremulous |
21 | allow ${HOME}/.tremulous | 21 | whitelist ${HOME}/.tremulous |
22 | allow /usr/share/tremulous | 22 | whitelist /usr/share/tremulous |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile index 95f39b35d..2d95081f6 100644 --- a/etc/profile-m-z/trojita.profile +++ b/etc/profile-m-z/trojita.profile | |||
@@ -6,10 +6,10 @@ include trojita.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.abook | 9 | noblacklist ${HOME}/.abook |
10 | nodeny ${HOME}/.mozilla | 10 | noblacklist ${HOME}/.mozilla |
11 | nodeny ${HOME}/.cache/flaska.net/trojita | 11 | noblacklist ${HOME}/.cache/flaska.net/trojita |
12 | nodeny ${HOME}/.config/flaska.net | 12 | noblacklist ${HOME}/.config/flaska.net |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -23,10 +23,10 @@ include disable-xdg.inc | |||
23 | mkdir ${HOME}/.abook | 23 | mkdir ${HOME}/.abook |
24 | mkdir ${HOME}/.cache/flaska.net/trojita | 24 | mkdir ${HOME}/.cache/flaska.net/trojita |
25 | mkdir ${HOME}/.config/flaska.net | 25 | mkdir ${HOME}/.config/flaska.net |
26 | allow ${HOME}/.abook | 26 | whitelist ${HOME}/.abook |
27 | allow ${HOME}/.mozilla/firefox/profiles.ini | 27 | whitelist ${HOME}/.mozilla/firefox/profiles.ini |
28 | allow ${HOME}/.cache/flaska.net/trojita | 28 | whitelist ${HOME}/.cache/flaska.net/trojita |
29 | allow ${HOME}/.config/flaska.net | 29 | whitelist ${HOME}/.config/flaska.net |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/truecraft.profile b/etc/profile-m-z/truecraft.profile index 76f289a27..749626475 100644 --- a/etc/profile-m-z/truecraft.profile +++ b/etc/profile-m-z/truecraft.profile | |||
@@ -5,8 +5,8 @@ include truecraft.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/mono | 8 | noblacklist ${HOME}/.config/mono |
9 | nodeny ${HOME}/.config/truecraft | 9 | noblacklist ${HOME}/.config/truecraft |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | 17 | ||
18 | mkdir ${HOME}/.config/mono | 18 | mkdir ${HOME}/.config/mono |
19 | mkdir ${HOME}/.config/truecraft | 19 | mkdir ${HOME}/.config/truecraft |
20 | allow ${HOME}/.config/mono | 20 | whitelist ${HOME}/.config/mono |
21 | allow ${HOME}/.config/truecraft | 21 | whitelist ${HOME}/.config/truecraft |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-m-z/ts3client_runscript.sh.profile b/etc/profile-m-z/ts3client_runscript.sh.profile index cd6ae96df..8d4675454 100644 --- a/etc/profile-m-z/ts3client_runscript.sh.profile +++ b/etc/profile-m-z/ts3client_runscript.sh.profile | |||
@@ -9,11 +9,11 @@ include ts3client_runscript.sh.local | |||
9 | 9 | ||
10 | ignore noexec ${HOME} | 10 | ignore noexec ${HOME} |
11 | 11 | ||
12 | nodeny ${HOME}/TeamSpeak3-Client-linux_x86 | 12 | noblacklist ${HOME}/TeamSpeak3-Client-linux_x86 |
13 | nodeny ${HOME}/TeamSpeak3-Client-linux_amd64 | 13 | noblacklist ${HOME}/TeamSpeak3-Client-linux_amd64 |
14 | 14 | ||
15 | allow ${HOME}/TeamSpeak3-Client-linux_x86 | 15 | whitelist ${HOME}/TeamSpeak3-Client-linux_x86 |
16 | allow ${HOME}/TeamSpeak3-Client-linux_amd64 | 16 | whitelist ${HOME}/TeamSpeak3-Client-linux_amd64 |
17 | 17 | ||
18 | # Redirect | 18 | # Redirect |
19 | include teamspeak3.profile | 19 | include teamspeak3.profile |
diff --git a/etc/profile-m-z/tutanota-desktop.profile b/etc/profile-m-z/tutanota-desktop.profile index e59a86ce6..d2cb0cc8a 100644 --- a/etc/profile-m-z/tutanota-desktop.profile +++ b/etc/profile-m-z/tutanota-desktop.profile | |||
@@ -6,8 +6,8 @@ include tutanota-desktop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/tuta_integration | 9 | noblacklist ${HOME}/.config/tuta_integration |
10 | nodeny ${HOME}/.config/tutanota-desktop | 10 | noblacklist ${HOME}/.config/tutanota-desktop |
11 | 11 | ||
12 | ignore noexec /tmp | 12 | ignore noexec /tmp |
13 | 13 | ||
@@ -15,12 +15,12 @@ include disable-shell.inc | |||
15 | 15 | ||
16 | mkdir ${HOME}/.config/tuta_integration | 16 | mkdir ${HOME}/.config/tuta_integration |
17 | mkdir ${HOME}/.config/tutanota-desktop | 17 | mkdir ${HOME}/.config/tutanota-desktop |
18 | allow ${HOME}/.config/tuta_integration | 18 | whitelist ${HOME}/.config/tuta_integration |
19 | allow ${HOME}/.config/tutanota-desktop | 19 | whitelist ${HOME}/.config/tutanota-desktop |
20 | 20 | ||
21 | # These lines are needed to allow Firefox to open links | 21 | # These lines are needed to allow Firefox to open links |
22 | nodeny ${HOME}/.mozilla | 22 | noblacklist ${HOME}/.mozilla |
23 | allow ${HOME}/.mozilla/firefox/profiles.ini | 23 | whitelist ${HOME}/.mozilla/firefox/profiles.ini |
24 | read-only ${HOME}/.mozilla/firefox/profiles.ini | 24 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
25 | 25 | ||
26 | ?HAS_APPIMAGE: ignore private-dev | 26 | ?HAS_APPIMAGE: ignore private-dev |
diff --git a/etc/profile-m-z/tuxguitar.profile b/etc/profile-m-z/tuxguitar.profile index 5bb97e161..3cd496412 100644 --- a/etc/profile-m-z/tuxguitar.profile +++ b/etc/profile-m-z/tuxguitar.profile | |||
@@ -9,9 +9,9 @@ include globals.local | |||
9 | # tuxguitar fails to launch | 9 | # tuxguitar fails to launch |
10 | ignore noexec ${HOME} | 10 | ignore noexec ${HOME} |
11 | 11 | ||
12 | nodeny ${HOME}/.tuxguitar* | 12 | noblacklist ${HOME}/.tuxguitar* |
13 | nodeny ${DOCUMENTS} | 13 | noblacklist ${DOCUMENTS} |
14 | nodeny ${MUSIC} | 14 | noblacklist ${MUSIC} |
15 | 15 | ||
16 | # Allow java (blacklisted by disable-devel.inc) | 16 | # Allow java (blacklisted by disable-devel.inc) |
17 | include allow-java.inc | 17 | include allow-java.inc |
diff --git a/etc/profile-m-z/tvbrowser.profile b/etc/profile-m-z/tvbrowser.profile index 8febcd337..dae7d86da 100644 --- a/etc/profile-m-z/tvbrowser.profile +++ b/etc/profile-m-z/tvbrowser.profile | |||
@@ -6,8 +6,8 @@ include tvbrowser.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/tvbrowser | 9 | noblacklist ${HOME}/.config/tvbrowser |
10 | nodeny ${HOME}/.tvbrowser | 10 | noblacklist ${HOME}/.tvbrowser |
11 | 11 | ||
12 | # Allow java (blacklisted by disable-devel.inc) | 12 | # Allow java (blacklisted by disable-devel.inc) |
13 | include allow-java.inc | 13 | include allow-java.inc |
@@ -22,9 +22,9 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | mkdir ${HOME}/.config/tvbrowser | 23 | mkdir ${HOME}/.config/tvbrowser |
24 | mkdir ${HOME}/.tvbrowser | 24 | mkdir ${HOME}/.tvbrowser |
25 | allow ${HOME}/.config/tvbrowser | 25 | whitelist ${HOME}/.config/tvbrowser |
26 | allow ${HOME}/.tvbrowser | 26 | whitelist ${HOME}/.tvbrowser |
27 | allow /usr/share/tvbrowser | 27 | whitelist /usr/share/tvbrowser |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
30 | include whitelist-var-common.inc | 30 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile index abcc885e6..2f573c872 100644 --- a/etc/profile-m-z/twitch.profile +++ b/etc/profile-m-z/twitch.profile | |||
@@ -10,12 +10,12 @@ include globals.local | |||
10 | ignore nou2f | 10 | ignore nou2f |
11 | ignore novideo | 11 | ignore novideo |
12 | 12 | ||
13 | nodeny ${HOME}/.config/Twitch | 13 | noblacklist ${HOME}/.config/Twitch |
14 | 14 | ||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.config/Twitch | 17 | mkdir ${HOME}/.config/Twitch |
18 | allow ${HOME}/.config/Twitch | 18 | whitelist ${HOME}/.config/Twitch |
19 | 19 | ||
20 | private-bin twitch | 20 | private-bin twitch |
21 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 21 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
diff --git a/etc/profile-m-z/uefitool.profile b/etc/profile-m-z/uefitool.profile index 8c705c95f..3e4fdbb03 100644 --- a/etc/profile-m-z/uefitool.profile +++ b/etc/profile-m-z/uefitool.profile | |||
@@ -5,7 +5,7 @@ include uefitool.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${DOCUMENTS} | 8 | noblacklist ${DOCUMENTS} |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-m-z/uget-gtk.profile b/etc/profile-m-z/uget-gtk.profile index eed2db541..4420099ff 100644 --- a/etc/profile-m-z/uget-gtk.profile +++ b/etc/profile-m-z/uget-gtk.profile | |||
@@ -5,7 +5,7 @@ include uget-gtk.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/uGet | 8 | noblacklist ${HOME}/.config/uGet |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -14,8 +14,8 @@ include disable-programs.inc | |||
14 | include disable-shell.inc | 14 | include disable-shell.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.config/uGet | 16 | mkdir ${HOME}/.config/uGet |
17 | allow ${DOWNLOADS} | 17 | whitelist ${DOWNLOADS} |
18 | allow ${HOME}/.config/uGet | 18 | whitelist ${HOME}/.config/uGet |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/unbound.profile b/etc/profile-m-z/unbound.profile index 7e7b3fbec..0c077babf 100644 --- a/etc/profile-m-z/unbound.profile +++ b/etc/profile-m-z/unbound.profile | |||
@@ -6,11 +6,11 @@ include unbound.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny /sbin | 9 | noblacklist /sbin |
10 | nodeny /usr/sbin | 10 | noblacklist /usr/sbin |
11 | 11 | ||
12 | deny /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
13 | deny ${RUNUSER}/wayland-* | 13 | blacklist ${RUNUSER}/wayland-* |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | 24 | ||
25 | allow /var/lib/unbound | 25 | whitelist /var/lib/unbound |
26 | allow /var/run | 26 | whitelist /var/run |
27 | 27 | ||
28 | caps.keep net_admin,net_bind_service,setgid,setuid,sys_chroot,sys_resource | 28 | caps.keep net_admin,net_bind_service,setgid,setuid,sys_chroot,sys_resource |
29 | ipc-namespace | 29 | ipc-namespace |
diff --git a/etc/profile-m-z/unf.profile b/etc/profile-m-z/unf.profile index 846271971..6db7ba362 100644 --- a/etc/profile-m-z/unf.profile +++ b/etc/profile-m-z/unf.profile | |||
@@ -7,7 +7,7 @@ include unf.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | allow ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/unknown-horizons.profile b/etc/profile-m-z/unknown-horizons.profile index 3e1c6264d..956492f52 100644 --- a/etc/profile-m-z/unknown-horizons.profile +++ b/etc/profile-m-z/unknown-horizons.profile | |||
@@ -6,7 +6,7 @@ include unknown-horizons.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.unknown-horizons | 9 | noblacklist ${HOME}/.unknown-horizons |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-exec.inc | 12 | include disable-exec.inc |
@@ -14,10 +14,10 @@ include disable-passwdmgr.inc | |||
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.unknown-horizons | 16 | mkdir ${HOME}/.unknown-horizons |
17 | allow ${HOME}/.unknown-horizons | 17 | whitelist ${HOME}/.unknown-horizons |
18 | include whitelist-common.inc | 18 | include whitelist-common.inc |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | allow /usr/share/unknown-horizons | 20 | whitelist /usr/share/unknown-horizons |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile index 99d2415ca..0231e3dba 100644 --- a/etc/profile-m-z/unzip.profile +++ b/etc/profile-m-z/unzip.profile | |||
@@ -8,7 +8,7 @@ include unzip.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # GNOME Shell integration (chrome-gnome-shell) | 10 | # GNOME Shell integration (chrome-gnome-shell) |
11 | nodeny ${HOME}/.local/share/gnome-shell | 11 | noblacklist ${HOME}/.local/share/gnome-shell |
12 | 12 | ||
13 | private-etc alternatives,group,localtime,passwd | 13 | private-etc alternatives,group,localtime,passwd |
14 | 14 | ||
diff --git a/etc/profile-m-z/utox.profile b/etc/profile-m-z/utox.profile index 3b0f7c646..dd881f091 100644 --- a/etc/profile-m-z/utox.profile +++ b/etc/profile-m-z/utox.profile | |||
@@ -6,8 +6,8 @@ include utox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/Tox | 9 | noblacklist ${HOME}/.cache/Tox |
10 | nodeny ${HOME}/.config/tox | 10 | noblacklist ${HOME}/.config/tox |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-shell.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.config/tox | 21 | mkdir ${HOME}/.config/tox |
22 | allow ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
23 | allow ${HOME}/.config/tox | 23 | whitelist ${HOME}/.config/tox |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/uudeview.profile b/etc/profile-m-z/uudeview.profile index 3bda71666..2adc044e5 100644 --- a/etc/profile-m-z/uudeview.profile +++ b/etc/profile-m-z/uudeview.profile | |||
@@ -7,7 +7,7 @@ include uudeview.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/uzbl-browser.profile b/etc/profile-m-z/uzbl-browser.profile index 6899f4bf7..41487a8f2 100644 --- a/etc/profile-m-z/uzbl-browser.profile +++ b/etc/profile-m-z/uzbl-browser.profile | |||
@@ -5,9 +5,9 @@ include uzbl-browser.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/uzbl | 8 | noblacklist ${HOME}/.config/uzbl |
9 | nodeny ${HOME}/.gnupg | 9 | noblacklist ${HOME}/.gnupg |
10 | nodeny ${HOME}/.local/share/uzbl | 10 | noblacklist ${HOME}/.local/share/uzbl |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -22,11 +22,11 @@ mkdir ${HOME}/.config/uzbl | |||
22 | mkdir ${HOME}/.gnupg | 22 | mkdir ${HOME}/.gnupg |
23 | mkdir ${HOME}/.local/share/uzbl | 23 | mkdir ${HOME}/.local/share/uzbl |
24 | mkdir ${HOME}/.password-store | 24 | mkdir ${HOME}/.password-store |
25 | allow ${DOWNLOADS} | 25 | whitelist ${DOWNLOADS} |
26 | allow ${HOME}/.config/uzbl | 26 | whitelist ${HOME}/.config/uzbl |
27 | allow ${HOME}/.gnupg | 27 | whitelist ${HOME}/.gnupg |
28 | allow ${HOME}/.local/share/uzbl | 28 | whitelist ${HOME}/.local/share/uzbl |
29 | allow ${HOME}/.password-store | 29 | whitelist ${HOME}/.password-store |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | 31 | ||
32 | caps.drop all | 32 | caps.drop all |
diff --git a/etc/profile-m-z/viewnior.profile b/etc/profile-m-z/viewnior.profile index e0bf02706..a9ba344dd 100644 --- a/etc/profile-m-z/viewnior.profile +++ b/etc/profile-m-z/viewnior.profile | |||
@@ -6,11 +6,11 @@ include viewnior.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.Steam | 9 | noblacklist ${HOME}/.Steam |
10 | nodeny ${HOME}/.config/viewnior | 10 | noblacklist ${HOME}/.config/viewnior |
11 | nodeny ${HOME}/.steam | 11 | noblacklist ${HOME}/.steam |
12 | 12 | ||
13 | deny ${HOME}/.bashrc | 13 | blacklist ${HOME}/.bashrc |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-m-z/viking.profile b/etc/profile-m-z/viking.profile index b16f691d6..8f8ef5939 100644 --- a/etc/profile-m-z/viking.profile +++ b/etc/profile-m-z/viking.profile | |||
@@ -6,9 +6,9 @@ include viking.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.viking | 9 | noblacklist ${HOME}/.viking |
10 | nodeny ${HOME}/.viking-maps | 10 | noblacklist ${HOME}/.viking-maps |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/vim.profile b/etc/profile-m-z/vim.profile index b535225dd..c3cfe5980 100644 --- a/etc/profile-m-z/vim.profile +++ b/etc/profile-m-z/vim.profile | |||
@@ -6,9 +6,9 @@ include vim.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.vim | 9 | noblacklist ${HOME}/.vim |
10 | nodeny ${HOME}/.viminfo | 10 | noblacklist ${HOME}/.viminfo |
11 | nodeny ${HOME}/.vimrc | 11 | noblacklist ${HOME}/.vimrc |
12 | 12 | ||
13 | # Allows files commonly used by IDEs | 13 | # Allows files commonly used by IDEs |
14 | include allow-common-devel.inc | 14 | include allow-common-devel.inc |
diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile index f28828338..c22fb0ff9 100644 --- a/etc/profile-m-z/virtualbox.profile +++ b/etc/profile-m-z/virtualbox.profile | |||
@@ -6,12 +6,12 @@ include virtualbox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.VirtualBox | 9 | noblacklist ${HOME}/.VirtualBox |
10 | nodeny ${HOME}/.config/VirtualBox | 10 | noblacklist ${HOME}/.config/VirtualBox |
11 | nodeny ${HOME}/VirtualBox VMs | 11 | noblacklist ${HOME}/VirtualBox VMs |
12 | # noblacklist /usr/bin/virtualbox | 12 | # noblacklist /usr/bin/virtualbox |
13 | nodeny /usr/lib/virtualbox | 13 | noblacklist /usr/lib/virtualbox |
14 | nodeny /usr/lib64/virtualbox | 14 | noblacklist /usr/lib64/virtualbox |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -23,10 +23,10 @@ include disable-xdg.inc | |||
23 | 23 | ||
24 | mkdir ${HOME}/.config/VirtualBox | 24 | mkdir ${HOME}/.config/VirtualBox |
25 | mkdir ${HOME}/VirtualBox VMs | 25 | mkdir ${HOME}/VirtualBox VMs |
26 | allow ${HOME}/.config/VirtualBox | 26 | whitelist ${HOME}/.config/VirtualBox |
27 | allow ${HOME}/VirtualBox VMs | 27 | whitelist ${HOME}/VirtualBox VMs |
28 | allow ${DOWNLOADS} | 28 | whitelist ${DOWNLOADS} |
29 | allow /usr/share/virtualbox | 29 | whitelist /usr/share/virtualbox |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/vivaldi.profile b/etc/profile-m-z/vivaldi.profile index 3858405db..fdeb0307f 100644 --- a/etc/profile-m-z/vivaldi.profile +++ b/etc/profile-m-z/vivaldi.profile | |||
@@ -8,26 +8,26 @@ include globals.local | |||
8 | # Allow HTML5 Proprietary Media & DRM/EME (Widevine) | 8 | # Allow HTML5 Proprietary Media & DRM/EME (Widevine) |
9 | ignore apparmor | 9 | ignore apparmor |
10 | ignore noexec /var | 10 | ignore noexec /var |
11 | nodeny /var/opt | 11 | noblacklist /var/opt |
12 | allow /var/opt/vivaldi | 12 | whitelist /var/opt/vivaldi |
13 | writable-var | 13 | writable-var |
14 | 14 | ||
15 | nodeny ${HOME}/.cache/vivaldi | 15 | noblacklist ${HOME}/.cache/vivaldi |
16 | nodeny ${HOME}/.cache/vivaldi-snapshot | 16 | noblacklist ${HOME}/.cache/vivaldi-snapshot |
17 | nodeny ${HOME}/.config/vivaldi | 17 | noblacklist ${HOME}/.config/vivaldi |
18 | nodeny ${HOME}/.config/vivaldi-snapshot | 18 | noblacklist ${HOME}/.config/vivaldi-snapshot |
19 | nodeny ${HOME}/.local/lib/vivaldi | 19 | noblacklist ${HOME}/.local/lib/vivaldi |
20 | 20 | ||
21 | mkdir ${HOME}/.cache/vivaldi | 21 | mkdir ${HOME}/.cache/vivaldi |
22 | mkdir ${HOME}/.cache/vivaldi-snapshot | 22 | mkdir ${HOME}/.cache/vivaldi-snapshot |
23 | mkdir ${HOME}/.config/vivaldi | 23 | mkdir ${HOME}/.config/vivaldi |
24 | mkdir ${HOME}/.config/vivaldi-snapshot | 24 | mkdir ${HOME}/.config/vivaldi-snapshot |
25 | mkdir ${HOME}/.local/lib/vivaldi | 25 | mkdir ${HOME}/.local/lib/vivaldi |
26 | allow ${HOME}/.cache/vivaldi | 26 | whitelist ${HOME}/.cache/vivaldi |
27 | allow ${HOME}/.cache/vivaldi-snapshot | 27 | whitelist ${HOME}/.cache/vivaldi-snapshot |
28 | allow ${HOME}/.config/vivaldi | 28 | whitelist ${HOME}/.config/vivaldi |
29 | allow ${HOME}/.config/vivaldi-snapshot | 29 | whitelist ${HOME}/.config/vivaldi-snapshot |
30 | allow ${HOME}/.local/lib/vivaldi | 30 | whitelist ${HOME}/.local/lib/vivaldi |
31 | 31 | ||
32 | #private-bin bash,cat,dirname,readlink,rm,vivaldi,vivaldi-stable,vivaldi-snapshot | 32 | #private-bin bash,cat,dirname,readlink,rm,vivaldi,vivaldi-stable,vivaldi-snapshot |
33 | 33 | ||
diff --git a/etc/profile-m-z/vlc.profile b/etc/profile-m-z/vlc.profile index ede2d4525..cd7dccd8a 100644 --- a/etc/profile-m-z/vlc.profile +++ b/etc/profile-m-z/vlc.profile | |||
@@ -6,10 +6,10 @@ include vlc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/vlc | 9 | noblacklist ${HOME}/.cache/vlc |
10 | nodeny ${HOME}/.config/vlc | 10 | noblacklist ${HOME}/.config/vlc |
11 | nodeny ${HOME}/.config/aacs | 11 | noblacklist ${HOME}/.config/aacs |
12 | nodeny ${HOME}/.local/share/vlc | 12 | noblacklist ${HOME}/.local/share/vlc |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -22,10 +22,10 @@ read-only ${DESKTOP} | |||
22 | mkdir ${HOME}/.cache/vlc | 22 | mkdir ${HOME}/.cache/vlc |
23 | mkdir ${HOME}/.config/vlc | 23 | mkdir ${HOME}/.config/vlc |
24 | mkdir ${HOME}/.local/share/vlc | 24 | mkdir ${HOME}/.local/share/vlc |
25 | allow ${HOME}/.cache/vlc | 25 | whitelist ${HOME}/.cache/vlc |
26 | allow ${HOME}/.config/vlc | 26 | whitelist ${HOME}/.config/vlc |
27 | allow ${HOME}/.config/aacs | 27 | whitelist ${HOME}/.config/aacs |
28 | allow ${HOME}/.local/share/vlc | 28 | whitelist ${HOME}/.local/share/vlc |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-player-common.inc | 30 | include whitelist-player-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/vmware-view.profile b/etc/profile-m-z/vmware-view.profile index f23e90e84..f07c31b68 100644 --- a/etc/profile-m-z/vmware-view.profile +++ b/etc/profile-m-z/vmware-view.profile | |||
@@ -6,10 +6,10 @@ include vmware-view.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.vmware | 9 | noblacklist ${HOME}/.vmware |
10 | 10 | ||
11 | nodeny /sbin | 11 | noblacklist /sbin |
12 | nodeny /usr/sbin | 12 | noblacklist /usr/sbin |
13 | 13 | ||
14 | include allow-bin-sh.inc | 14 | include allow-bin-sh.inc |
15 | 15 | ||
@@ -23,7 +23,7 @@ include disable-shell.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.vmware | 25 | mkdir ${HOME}/.vmware |
26 | allow ${HOME}/.vmware | 26 | whitelist ${HOME}/.vmware |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/vmware.profile b/etc/profile-m-z/vmware.profile index 3a535588f..5241e27b3 100644 --- a/etc/profile-m-z/vmware.profile +++ b/etc/profile-m-z/vmware.profile | |||
@@ -6,8 +6,8 @@ include vmware.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/vmware | 9 | noblacklist ${HOME}/.cache/vmware |
10 | nodeny ${HOME}/.vmware | 10 | noblacklist ${HOME}/.vmware |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.cache/vmware | 20 | mkdir ${HOME}/.cache/vmware |
21 | mkdir ${HOME}/.vmware | 21 | mkdir ${HOME}/.vmware |
22 | allow ${HOME}/.cache/vmware | 22 | whitelist ${HOME}/.cache/vmware |
23 | allow ${HOME}/.vmware | 23 | whitelist ${HOME}/.vmware |
24 | # Add the next lines to your vmware.local if you need to use "shared VM". | 24 | # Add the next lines to your vmware.local if you need to use "shared VM". |
25 | #whitelist /var/lib/vmware | 25 | #whitelist /var/lib/vmware |
26 | #writable-var | 26 | #writable-var |
diff --git a/etc/profile-m-z/vscodium.profile b/etc/profile-m-z/vscodium.profile index 7996113f5..a4a4fb7d8 100644 --- a/etc/profile-m-z/vscodium.profile +++ b/etc/profile-m-z/vscodium.profile | |||
@@ -6,7 +6,7 @@ include vscodium.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.VSCodium | 9 | noblacklist ${HOME}/.VSCodium |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include code.profile | 12 | include code.profile |
diff --git a/etc/profile-m-z/vulturesclaw.profile b/etc/profile-m-z/vulturesclaw.profile index a6c38c1f1..fa6ddf1fb 100644 --- a/etc/profile-m-z/vulturesclaw.profile +++ b/etc/profile-m-z/vulturesclaw.profile | |||
@@ -6,8 +6,8 @@ include vulturesclaw.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny /var/games/vulturesclaw | 9 | noblacklist /var/games/vulturesclaw |
10 | allow /var/games/vulturesclaw | 10 | whitelist /var/games/vulturesclaw |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
13 | include nethack-vultures.profile | 13 | include nethack-vultures.profile |
diff --git a/etc/profile-m-z/vultureseye.profile b/etc/profile-m-z/vultureseye.profile index 763c50bf6..49d3fa94f 100644 --- a/etc/profile-m-z/vultureseye.profile +++ b/etc/profile-m-z/vultureseye.profile | |||
@@ -6,8 +6,8 @@ include vultureseye.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | nodeny /var/games/vultureseye | 9 | noblacklist /var/games/vultureseye |
10 | allow /var/games/vultureseye | 10 | whitelist /var/games/vultureseye |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
13 | include nethack-vultures.profile | 13 | include nethack-vultures.profile |
diff --git a/etc/profile-m-z/vym.profile b/etc/profile-m-z/vym.profile index 1f2462c32..5421c4e4b 100644 --- a/etc/profile-m-z/vym.profile +++ b/etc/profile-m-z/vym.profile | |||
@@ -6,7 +6,7 @@ include vym.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/InSilmaril | 9 | noblacklist ${HOME}/.config/InSilmaril |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile index 6b38bbf13..69b2c6c59 100644 --- a/etc/profile-m-z/w3m.profile +++ b/etc/profile-m-z/w3m.profile | |||
@@ -12,10 +12,10 @@ include globals.local | |||
12 | #ignore private-dev | 12 | #ignore private-dev |
13 | #ignore private-etc | 13 | #ignore private-etc |
14 | 14 | ||
15 | nodeny ${HOME}/.w3m | 15 | noblacklist ${HOME}/.w3m |
16 | 16 | ||
17 | deny /tmp/.X11-unix | 17 | blacklist /tmp/.X11-unix |
18 | deny ${RUNUSER}/wayland-* | 18 | blacklist ${RUNUSER}/wayland-* |
19 | 19 | ||
20 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 20 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
21 | include allow-bin-sh.inc | 21 | include allow-bin-sh.inc |
@@ -33,9 +33,9 @@ include disable-shell.inc | |||
33 | include disable-xdg.inc | 33 | include disable-xdg.inc |
34 | 34 | ||
35 | mkdir ${HOME}/.w3m | 35 | mkdir ${HOME}/.w3m |
36 | allow /usr/share/w3m | 36 | whitelist /usr/share/w3m |
37 | allow ${DOWNLOADS} | 37 | whitelist ${DOWNLOADS} |
38 | allow ${HOME}/.w3m | 38 | whitelist ${HOME}/.w3m |
39 | include whitelist-runuser-common.inc | 39 | include whitelist-runuser-common.inc |
40 | include whitelist-usr-share-common.inc | 40 | include whitelist-usr-share-common.inc |
41 | include whitelist-var-common.inc | 41 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/warmux.profile b/etc/profile-m-z/warmux.profile index 6658ac5db..1227a202c 100644 --- a/etc/profile-m-z/warmux.profile +++ b/etc/profile-m-z/warmux.profile | |||
@@ -6,9 +6,9 @@ include warmux.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/wormux | 9 | noblacklist ${HOME}/.config/wormux |
10 | nodeny ${HOME}/.local/share/wormux | 10 | noblacklist ${HOME}/.local/share/wormux |
11 | nodeny ${HOME}/.wormux | 11 | noblacklist ${HOME}/.wormux |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,10 +22,10 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.config/wormux | 22 | mkdir ${HOME}/.config/wormux |
23 | mkdir ${HOME}/.local/share/wormux | 23 | mkdir ${HOME}/.local/share/wormux |
24 | mkdir ${HOME}/.wormux | 24 | mkdir ${HOME}/.wormux |
25 | allow ${HOME}/.config/wormux | 25 | whitelist ${HOME}/.config/wormux |
26 | allow ${HOME}/.local/share/wormux | 26 | whitelist ${HOME}/.local/share/wormux |
27 | allow ${HOME}/.wormux | 27 | whitelist ${HOME}/.wormux |
28 | allow /usr/share/warmux | 28 | whitelist /usr/share/warmux |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/warsow.profile b/etc/profile-m-z/warsow.profile index fac4d0555..e0cd3daad 100644 --- a/etc/profile-m-z/warsow.profile +++ b/etc/profile-m-z/warsow.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | nodeny ${HOME}/.cache/warsow-2.1 | 11 | noblacklist ${HOME}/.cache/warsow-2.1 |
12 | nodeny ${HOME}/.local/share/warsow-2.1 | 12 | noblacklist ${HOME}/.local/share/warsow-2.1 |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -22,9 +22,9 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | mkdir ${HOME}/.cache/warsow-2.1 | 23 | mkdir ${HOME}/.cache/warsow-2.1 |
24 | mkdir ${HOME}/.local/share/warsow-2.1 | 24 | mkdir ${HOME}/.local/share/warsow-2.1 |
25 | allow ${HOME}/.cache/warsow-2.1 | 25 | whitelist ${HOME}/.cache/warsow-2.1 |
26 | allow ${HOME}/.local/share/warsow-2.1 | 26 | whitelist ${HOME}/.local/share/warsow-2.1 |
27 | allow /usr/share/warsow | 27 | whitelist /usr/share/warsow |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/warzone2100.profile b/etc/profile-m-z/warzone2100.profile index 081ae349b..420e8927e 100644 --- a/etc/profile-m-z/warzone2100.profile +++ b/etc/profile-m-z/warzone2100.profile | |||
@@ -6,7 +6,7 @@ include warzone2100.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.warzone2100-3.* | 9 | noblacklist ${HOME}/.warzone2100-3.* |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.warzone2100-3.1 | 19 | mkdir ${HOME}/.warzone2100-3.1 |
20 | mkdir ${HOME}/.warzone2100-3.2 | 20 | mkdir ${HOME}/.warzone2100-3.2 |
21 | allow ${HOME}/.warzone2100-3.1 | 21 | whitelist ${HOME}/.warzone2100-3.1 |
22 | allow ${HOME}/.warzone2100-3.2 | 22 | whitelist ${HOME}/.warzone2100-3.2 |
23 | allow /usr/share/games | 23 | whitelist /usr/share/games |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/waterfox.profile b/etc/profile-m-z/waterfox.profile index 4081b29b9..18f1ca79a 100644 --- a/etc/profile-m-z/waterfox.profile +++ b/etc/profile-m-z/waterfox.profile | |||
@@ -5,13 +5,13 @@ include waterfox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.cache/waterfox | 8 | noblacklist ${HOME}/.cache/waterfox |
9 | nodeny ${HOME}/.waterfox | 9 | noblacklist ${HOME}/.waterfox |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/waterfox | 11 | mkdir ${HOME}/.cache/waterfox |
12 | mkdir ${HOME}/.waterfox | 12 | mkdir ${HOME}/.waterfox |
13 | allow ${HOME}/.cache/waterfox | 13 | whitelist ${HOME}/.cache/waterfox |
14 | allow ${HOME}/.waterfox | 14 | whitelist ${HOME}/.waterfox |
15 | 15 | ||
16 | # Add the next lines to your watefox.local if you want to use the migration wizard. | 16 | # Add the next lines to your watefox.local if you want to use the migration wizard. |
17 | #noblacklist ${HOME}/.mozilla | 17 | #noblacklist ${HOME}/.mozilla |
diff --git a/etc/profile-m-z/webstorm.profile b/etc/profile-m-z/webstorm.profile index 1f42dae2c..69e96d0cd 100644 --- a/etc/profile-m-z/webstorm.profile +++ b/etc/profile-m-z/webstorm.profile | |||
@@ -5,12 +5,12 @@ include webstorm.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.WebStorm* | 8 | noblacklist ${HOME}/.WebStorm* |
9 | nodeny ${HOME}/.android | 9 | noblacklist ${HOME}/.android |
10 | nodeny ${HOME}/.local/share/JetBrains | 10 | noblacklist ${HOME}/.local/share/JetBrains |
11 | nodeny ${HOME}/.tooling | 11 | noblacklist ${HOME}/.tooling |
12 | # Allow KDE file manager to open with log directories (blacklisted by disable-programs.inc) | 12 | # Allow KDE file manager to open with log directories (blacklisted by disable-programs.inc) |
13 | nodeny ${HOME}/.config/dolphinrc | 13 | noblacklist ${HOME}/.config/dolphinrc |
14 | 14 | ||
15 | # Allows files commonly used by IDEs | 15 | # Allows files commonly used by IDEs |
16 | include allow-common-devel.inc | 16 | include allow-common-devel.inc |
@@ -18,8 +18,8 @@ include allow-common-devel.inc | |||
18 | # Allow ssh (blacklisted by disable-common.inc) | 18 | # Allow ssh (blacklisted by disable-common.inc) |
19 | include allow-ssh.inc | 19 | include allow-ssh.inc |
20 | 20 | ||
21 | nodeny ${PATH}/node | 21 | noblacklist ${PATH}/node |
22 | nodeny ${HOME}/.nvm | 22 | noblacklist ${HOME}/.nvm |
23 | 23 | ||
24 | include disable-common.inc | 24 | include disable-common.inc |
25 | include disable-devel.inc | 25 | include disable-devel.inc |
diff --git a/etc/profile-m-z/webui-aria2.profile b/etc/profile-m-z/webui-aria2.profile index d1bbcfb67..d5a998f35 100644 --- a/etc/profile-m-z/webui-aria2.profile +++ b/etc/profile-m-z/webui-aria2.profile | |||
@@ -6,7 +6,7 @@ include webui-aria2.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${PATH}/node | 9 | noblacklist ${PATH}/node |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/weechat.profile b/etc/profile-m-z/weechat.profile index 99941a590..76935212f 100644 --- a/etc/profile-m-z/weechat.profile +++ b/etc/profile-m-z/weechat.profile | |||
@@ -6,12 +6,12 @@ include weechat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.weechat | 9 | noblacklist ${HOME}/.weechat |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-programs.inc | 12 | include disable-programs.inc |
13 | 13 | ||
14 | allow /usr/share/weechat | 14 | whitelist /usr/share/weechat |
15 | include whitelist-usr-share-common.inc | 15 | include whitelist-usr-share-common.inc |
16 | include whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
17 | 17 | ||
diff --git a/etc/profile-m-z/wesnoth.profile b/etc/profile-m-z/wesnoth.profile index 47b923e6a..199b3c6f0 100644 --- a/etc/profile-m-z/wesnoth.profile +++ b/etc/profile-m-z/wesnoth.profile | |||
@@ -6,9 +6,9 @@ include wesnoth.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/wesnoth | 9 | noblacklist ${HOME}/.cache/wesnoth |
10 | nodeny ${HOME}/.config/wesnoth | 10 | noblacklist ${HOME}/.config/wesnoth |
11 | nodeny ${HOME}/.local/share/wesnoth | 11 | noblacklist ${HOME}/.local/share/wesnoth |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-programs.inc | |||
19 | mkdir ${HOME}/.cache/wesnoth | 19 | mkdir ${HOME}/.cache/wesnoth |
20 | mkdir ${HOME}/.config/wesnoth | 20 | mkdir ${HOME}/.config/wesnoth |
21 | mkdir ${HOME}/.local/share/wesnoth | 21 | mkdir ${HOME}/.local/share/wesnoth |
22 | allow ${HOME}/.cache/wesnoth | 22 | whitelist ${HOME}/.cache/wesnoth |
23 | allow ${HOME}/.config/wesnoth | 23 | whitelist ${HOME}/.config/wesnoth |
24 | allow ${HOME}/.local/share/wesnoth | 24 | whitelist ${HOME}/.local/share/wesnoth |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-m-z/wget.profile b/etc/profile-m-z/wget.profile index 3c4a4eb63..53c4711bd 100644 --- a/etc/profile-m-z/wget.profile +++ b/etc/profile-m-z/wget.profile | |||
@@ -7,12 +7,12 @@ include wget.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.netrc | 10 | noblacklist ${HOME}/.netrc |
11 | nodeny ${HOME}/.wget-hsts | 11 | noblacklist ${HOME}/.wget-hsts |
12 | nodeny ${HOME}/.wgetrc | 12 | noblacklist ${HOME}/.wgetrc |
13 | 13 | ||
14 | deny /tmp/.X11-unix | 14 | blacklist /tmp/.X11-unix |
15 | deny ${RUNUSER} | 15 | blacklist ${RUNUSER} |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/profile-m-z/whalebird.profile b/etc/profile-m-z/whalebird.profile index fdbd406c2..22a84274d 100644 --- a/etc/profile-m-z/whalebird.profile +++ b/etc/profile-m-z/whalebird.profile | |||
@@ -13,10 +13,10 @@ ignore include whitelist-usr-share-common.inc | |||
13 | ignore dbus-user none | 13 | ignore dbus-user none |
14 | ignore dbus-system none | 14 | ignore dbus-system none |
15 | 15 | ||
16 | nodeny ${HOME}/.config/Whalebird | 16 | noblacklist ${HOME}/.config/Whalebird |
17 | 17 | ||
18 | mkdir ${HOME}/.config/Whalebird | 18 | mkdir ${HOME}/.config/Whalebird |
19 | allow ${HOME}/.config/Whalebird | 19 | whitelist ${HOME}/.config/Whalebird |
20 | 20 | ||
21 | no3d | 21 | no3d |
22 | 22 | ||
diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile index 35d7fe9cb..93871a5a4 100644 --- a/etc/profile-m-z/whois.profile +++ b/etc/profile-m-z/whois.profile | |||
@@ -7,8 +7,8 @@ include whois.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | deny /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | deny ${RUNUSER} | 11 | blacklist ${RUNUSER} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/widelands.profile b/etc/profile-m-z/widelands.profile index 8f5adb0fc..0dc26b11d 100644 --- a/etc/profile-m-z/widelands.profile +++ b/etc/profile-m-z/widelands.profile | |||
@@ -6,7 +6,7 @@ include widelands.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.widelands | 9 | noblacklist ${HOME}/.widelands |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.widelands | 20 | mkdir ${HOME}/.widelands |
21 | allow ${HOME}/.widelands | 21 | whitelist ${HOME}/.widelands |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/wine.profile b/etc/profile-m-z/wine.profile index 6bc68c829..0ea24aafd 100644 --- a/etc/profile-m-z/wine.profile +++ b/etc/profile-m-z/wine.profile | |||
@@ -6,13 +6,13 @@ include wine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/winetricks | 9 | noblacklist ${HOME}/.cache/winetricks |
10 | nodeny ${HOME}/.Steam | 10 | noblacklist ${HOME}/.Steam |
11 | nodeny ${HOME}/.local/share/Steam | 11 | noblacklist ${HOME}/.local/share/Steam |
12 | nodeny ${HOME}/.local/share/steam | 12 | noblacklist ${HOME}/.local/share/steam |
13 | nodeny ${HOME}/.steam | 13 | noblacklist ${HOME}/.steam |
14 | nodeny ${HOME}/.wine | 14 | noblacklist ${HOME}/.wine |
15 | nodeny /tmp/.wine-* | 15 | noblacklist /tmp/.wine-* |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/profile-m-z/wire-desktop.profile b/etc/profile-m-z/wire-desktop.profile index 5f40bbd48..151cd2adb 100644 --- a/etc/profile-m-z/wire-desktop.profile +++ b/etc/profile-m-z/wire-desktop.profile | |||
@@ -20,10 +20,10 @@ ignore private-cache | |||
20 | ignore dbus-user none | 20 | ignore dbus-user none |
21 | ignore dbus-system none | 21 | ignore dbus-system none |
22 | 22 | ||
23 | nodeny ${HOME}/.config/Wire | 23 | noblacklist ${HOME}/.config/Wire |
24 | 24 | ||
25 | mkdir ${HOME}/.config/Wire | 25 | mkdir ${HOME}/.config/Wire |
26 | allow ${HOME}/.config/Wire | 26 | whitelist ${HOME}/.config/Wire |
27 | 27 | ||
28 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop | 28 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop |
29 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl | 29 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl |
diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile index f3f347283..1824026a8 100644 --- a/etc/profile-m-z/wireshark.profile +++ b/etc/profile-m-z/wireshark.profile | |||
@@ -6,9 +6,9 @@ include wireshark.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/wireshark | 9 | noblacklist ${HOME}/.config/wireshark |
10 | nodeny ${HOME}/.wireshark | 10 | noblacklist ${HOME}/.wireshark |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc | |||
21 | include disable-programs.inc | 21 | include disable-programs.inc |
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | allow /usr/share/wireshark | 24 | whitelist /usr/share/wireshark |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-m-z/wordwarvi.profile b/etc/profile-m-z/wordwarvi.profile index 1f1541a20..9c724a5d2 100644 --- a/etc/profile-m-z/wordwarvi.profile +++ b/etc/profile-m-z/wordwarvi.profile | |||
@@ -6,7 +6,7 @@ include wordwarvi.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.wordwarvi | 9 | noblacklist ${HOME}/.wordwarvi |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.wordwarvi | 20 | mkdir ${HOME}/.wordwarvi |
21 | allow ${HOME}/.wordwarvi | 21 | whitelist ${HOME}/.wordwarvi |
22 | allow /usr/share/wordwarvi | 22 | whitelist /usr/share/wordwarvi |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/wps.profile b/etc/profile-m-z/wps.profile index 6d16dfb04..a44b6490e 100644 --- a/etc/profile-m-z/wps.profile +++ b/etc/profile-m-z/wps.profile | |||
@@ -6,9 +6,9 @@ include wps.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.kingsoft | 9 | noblacklist ${HOME}/.kingsoft |
10 | nodeny ${HOME}/.config/Kingsoft | 10 | noblacklist ${HOME}/.config/Kingsoft |
11 | nodeny ${HOME}/.local/share/Kingsoft | 11 | noblacklist ${HOME}/.local/share/Kingsoft |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/x2goclient.profile b/etc/profile-m-z/x2goclient.profile index 311746cd9..557f07cd9 100644 --- a/etc/profile-m-z/x2goclient.profile +++ b/etc/profile-m-z/x2goclient.profile | |||
@@ -6,8 +6,8 @@ include x2goclient.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.x2go | 9 | noblacklist ${HOME}/.x2go |
10 | nodeny ${HOME}/.x2goclient | 10 | noblacklist ${HOME}/.x2goclient |
11 | 11 | ||
12 | # Allow ssh (blacklisted by disable-common.inc) | 12 | # Allow ssh (blacklisted by disable-common.inc) |
13 | include allow-ssh.inc | 13 | include allow-ssh.inc |
diff --git a/etc/profile-m-z/xbill.profile b/etc/profile-m-z/xbill.profile index e545aa3a0..384f76acc 100644 --- a/etc/profile-m-z/xbill.profile +++ b/etc/profile-m-z/xbill.profile | |||
@@ -15,8 +15,8 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | allow /usr/share/xbill | 18 | whitelist /usr/share/xbill |
19 | allow /var/games/xbill/scores | 19 | whitelist /var/games/xbill/scores |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/xchat.profile b/etc/profile-m-z/xchat.profile index 7d0adbcc2..a94444aab 100644 --- a/etc/profile-m-z/xchat.profile +++ b/etc/profile-m-z/xchat.profile | |||
@@ -6,7 +6,7 @@ include xchat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/xchat | 9 | noblacklist ${HOME}/.config/xchat |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xed.profile b/etc/profile-m-z/xed.profile index 5db709bd1..4a3022e83 100644 --- a/etc/profile-m-z/xed.profile +++ b/etc/profile-m-z/xed.profile | |||
@@ -5,10 +5,10 @@ include xed.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/xed | 8 | noblacklist ${HOME}/.config/xed |
9 | nodeny ${HOME}/.python-history | 9 | noblacklist ${HOME}/.python-history |
10 | nodeny ${HOME}/.python_history | 10 | noblacklist ${HOME}/.python_history |
11 | nodeny ${HOME}/.pythonhist | 11 | noblacklist ${HOME}/.pythonhist |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-m-z/xfburn.profile b/etc/profile-m-z/xfburn.profile index 297ff6164..cd9561e74 100644 --- a/etc/profile-m-z/xfburn.profile +++ b/etc/profile-m-z/xfburn.profile | |||
@@ -6,7 +6,7 @@ include xfburn.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/xfburn | 9 | noblacklist ${HOME}/.config/xfburn |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xfce4-dict.profile b/etc/profile-m-z/xfce4-dict.profile index 8ecd84116..ecd321c7e 100644 --- a/etc/profile-m-z/xfce4-dict.profile +++ b/etc/profile-m-z/xfce4-dict.profile | |||
@@ -6,7 +6,7 @@ include xfce4-dict.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/xfce4-dict | 9 | noblacklist ${HOME}/.config/xfce4-dict |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xfce4-mixer.profile b/etc/profile-m-z/xfce4-mixer.profile index 8a6f9e921..bb38dbebd 100644 --- a/etc/profile-m-z/xfce4-mixer.profile +++ b/etc/profile-m-z/xfce4-mixer.profile | |||
@@ -6,7 +6,7 @@ include xfce4-mixer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml | 9 | noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,10 +18,10 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml | 20 | mkfile ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml |
21 | allow ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml | 21 | whitelist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml |
22 | allow /usr/share/gstreamer-* | 22 | whitelist /usr/share/gstreamer-* |
23 | allow /usr/share/xfce4 | 23 | whitelist /usr/share/xfce4 |
24 | allow /usr/share/xfce4-mixer | 24 | whitelist /usr/share/xfce4-mixer |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/xfce4-notes.profile b/etc/profile-m-z/xfce4-notes.profile index fe88f9b27..ebfb4333c 100644 --- a/etc/profile-m-z/xfce4-notes.profile +++ b/etc/profile-m-z/xfce4-notes.profile | |||
@@ -6,9 +6,9 @@ include xfce4-notes.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/xfce4/xfce4-notes.gtkrc | 9 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc |
10 | nodeny ${HOME}/.config/xfce4/xfce4-notes.rc | 10 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc |
11 | nodeny ${HOME}/.local/share/notes | 11 | noblacklist ${HOME}/.local/share/notes |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xfce4-screenshooter.profile b/etc/profile-m-z/xfce4-screenshooter.profile index baf222354..b1e5bafbf 100644 --- a/etc/profile-m-z/xfce4-screenshooter.profile +++ b/etc/profile-m-z/xfce4-screenshooter.profile | |||
@@ -6,7 +6,7 @@ include xfce4-screenshooter.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${PICTURES} | 9 | noblacklist ${PICTURES} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | allow /usr/share/xfce4 | 20 | whitelist /usr/share/xfce4 |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/xiphos.profile b/etc/profile-m-z/xiphos.profile index 5c11cbd66..81d98db7a 100644 --- a/etc/profile-m-z/xiphos.profile +++ b/etc/profile-m-z/xiphos.profile | |||
@@ -6,10 +6,10 @@ include xiphos.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.sword | 9 | noblacklist ${HOME}/.sword |
10 | nodeny ${HOME}/.xiphos | 10 | noblacklist ${HOME}/.xiphos |
11 | 11 | ||
12 | deny ${HOME}/.bashrc | 12 | blacklist ${HOME}/.bashrc |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -21,8 +21,8 @@ include disable-shell.inc | |||
21 | 21 | ||
22 | mkdir ${HOME}/.sword | 22 | mkdir ${HOME}/.sword |
23 | mkdir ${HOME}/.xiphos | 23 | mkdir ${HOME}/.xiphos |
24 | allow ${HOME}/.sword | 24 | whitelist ${HOME}/.sword |
25 | allow ${HOME}/.xiphos | 25 | whitelist ${HOME}/.xiphos |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-m-z/xlinks.profile b/etc/profile-m-z/xlinks.profile index da4801101..d5e25cfe7 100644 --- a/etc/profile-m-z/xlinks.profile +++ b/etc/profile-m-z/xlinks.profile | |||
@@ -7,7 +7,7 @@ include xlinks.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | nodeny /tmp/.X11-unix | 10 | noblacklist /tmp/.X11-unix |
11 | 11 | ||
12 | include whitelist-common.inc | 12 | include whitelist-common.inc |
13 | 13 | ||
diff --git a/etc/profile-m-z/xlinks2 b/etc/profile-m-z/xlinks2 index a7612cb2a..1ae6a60ca 100644 --- a/etc/profile-m-z/xlinks2 +++ b/etc/profile-m-z/xlinks2 | |||
@@ -7,7 +7,7 @@ include xlinks2.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | nodeny /tmp/.X11-unix | 10 | noblacklist /tmp/.X11-unix |
11 | 11 | ||
12 | include whitelist-common.inc | 12 | include whitelist-common.inc |
13 | 13 | ||
diff --git a/etc/profile-m-z/xmms.profile b/etc/profile-m-z/xmms.profile index 1ed35f29a..25261d925 100644 --- a/etc/profile-m-z/xmms.profile +++ b/etc/profile-m-z/xmms.profile | |||
@@ -5,8 +5,8 @@ include xmms.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.xmms | 8 | noblacklist ${HOME}/.xmms |
9 | nodeny ${MUSIC} | 9 | noblacklist ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xmr-stak.profile b/etc/profile-m-z/xmr-stak.profile index c97c12f56..e7020f36b 100644 --- a/etc/profile-m-z/xmr-stak.profile +++ b/etc/profile-m-z/xmr-stak.profile | |||
@@ -5,7 +5,7 @@ include xmr-stak.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.xmr-stak | 8 | noblacklist ${HOME}/.xmr-stak |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile index 94a09198c..53c9a0a08 100644 --- a/etc/profile-m-z/xonotic.profile +++ b/etc/profile-m-z/xonotic.profile | |||
@@ -6,7 +6,7 @@ include xonotic.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.xonotic | 9 | noblacklist ${HOME}/.xonotic |
10 | 10 | ||
11 | include allow-bin-sh.inc | 11 | include allow-bin-sh.inc |
12 | include allow-opengl-game.inc | 12 | include allow-opengl-game.inc |
@@ -21,8 +21,8 @@ include disable-shell.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.xonotic | 23 | mkdir ${HOME}/.xonotic |
24 | allow ${HOME}/.xonotic | 24 | whitelist ${HOME}/.xonotic |
25 | allow /usr/share/xonotic | 25 | whitelist /usr/share/xonotic |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/xournal.profile b/etc/profile-m-z/xournal.profile index 34a188a4e..c4f092d50 100644 --- a/etc/profile-m-z/xournal.profile +++ b/etc/profile-m-z/xournal.profile | |||
@@ -6,7 +6,7 @@ include xournal.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | allow /usr/share/xournal | 20 | whitelist /usr/share/xournal |
21 | allow /usr/share/poppler | 21 | whitelist /usr/share/poppler |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/xournalpp.profile b/etc/profile-m-z/xournalpp.profile index f82d2a5d3..988b878b9 100644 --- a/etc/profile-m-z/xournalpp.profile +++ b/etc/profile-m-z/xournalpp.profile | |||
@@ -7,13 +7,13 @@ include xournalpp.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.xournalpp | 10 | noblacklist ${HOME}/.xournalpp |
11 | 11 | ||
12 | include allow-lua.inc | 12 | include allow-lua.inc |
13 | 13 | ||
14 | allow /usr/share/texlive | 14 | whitelist /usr/share/texlive |
15 | allow /usr/share/xournalpp | 15 | whitelist /usr/share/xournalpp |
16 | allow /var/lib/texmf | 16 | whitelist /var/lib/texmf |
17 | include whitelist-runuser-common.inc | 17 | include whitelist-runuser-common.inc |
18 | 18 | ||
19 | #mkdir ${HOME}/.xournalpp | 19 | #mkdir ${HOME}/.xournalpp |
diff --git a/etc/profile-m-z/xpdf.profile b/etc/profile-m-z/xpdf.profile index 9da63b52a..1447ec9a7 100644 --- a/etc/profile-m-z/xpdf.profile +++ b/etc/profile-m-z/xpdf.profile | |||
@@ -6,8 +6,8 @@ include xpdf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.xpdfrc | 9 | noblacklist ${HOME}/.xpdfrc |
10 | nodeny ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xplayer.profile b/etc/profile-m-z/xplayer.profile index 4af4586e3..c3bb3292c 100644 --- a/etc/profile-m-z/xplayer.profile +++ b/etc/profile-m-z/xplayer.profile | |||
@@ -5,8 +5,8 @@ include xplayer.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.config/xplayer | 8 | noblacklist ${HOME}/.config/xplayer |
9 | nodeny ${HOME}/.local/share/xplayer | 9 | noblacklist ${HOME}/.local/share/xplayer |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,8 +22,8 @@ include disable-programs.inc | |||
22 | read-only ${DESKTOP} | 22 | read-only ${DESKTOP} |
23 | mkdir ${HOME}/.config/xplayer | 23 | mkdir ${HOME}/.config/xplayer |
24 | mkdir ${HOME}/.local/share/xplayer | 24 | mkdir ${HOME}/.local/share/xplayer |
25 | allow ${HOME}/.config/xplayer | 25 | whitelist ${HOME}/.config/xplayer |
26 | allow ${HOME}/.local/share/xplayer | 26 | whitelist ${HOME}/.local/share/xplayer |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-player-common.inc | 28 | include whitelist-player-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/xpra.profile b/etc/profile-m-z/xpra.profile index 28fbc94dd..6e409e1aa 100644 --- a/etc/profile-m-z/xpra.profile +++ b/etc/profile-m-z/xpra.profile | |||
@@ -25,7 +25,7 @@ include disable-interpreters.inc | |||
25 | include disable-passwdmgr.inc | 25 | include disable-passwdmgr.inc |
26 | include disable-programs.inc | 26 | include disable-programs.inc |
27 | 27 | ||
28 | allow /var/lib/xkb | 28 | whitelist /var/lib/xkb |
29 | # whitelisting home directory, or including whitelist-common.inc | 29 | # whitelisting home directory, or including whitelist-common.inc |
30 | # will crash xpra on some platforms | 30 | # will crash xpra on some platforms |
31 | 31 | ||
diff --git a/etc/profile-m-z/xreader.profile b/etc/profile-m-z/xreader.profile index 440f26af2..3ab35edfc 100644 --- a/etc/profile-m-z/xreader.profile +++ b/etc/profile-m-z/xreader.profile | |||
@@ -6,9 +6,9 @@ include xreader.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.cache/xreader | 9 | noblacklist ${HOME}/.cache/xreader |
10 | nodeny ${HOME}/.config/xreader | 10 | noblacklist ${HOME}/.config/xreader |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xviewer.profile b/etc/profile-m-z/xviewer.profile index 671e0cf5b..4d454f81c 100644 --- a/etc/profile-m-z/xviewer.profile +++ b/etc/profile-m-z/xviewer.profile | |||
@@ -5,10 +5,10 @@ include xviewer.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | nodeny ${HOME}/.Steam | 8 | noblacklist ${HOME}/.Steam |
9 | nodeny ${HOME}/.config/xviewer | 9 | noblacklist ${HOME}/.config/xviewer |
10 | nodeny ${HOME}/.local/share/Trash | 10 | noblacklist ${HOME}/.local/share/Trash |
11 | nodeny ${HOME}/.steam | 11 | noblacklist ${HOME}/.steam |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/yandex-browser.profile b/etc/profile-m-z/yandex-browser.profile index 27d0eb411..81cd021f7 100644 --- a/etc/profile-m-z/yandex-browser.profile +++ b/etc/profile-m-z/yandex-browser.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/yandex-browser | 13 | noblacklist ${HOME}/.cache/yandex-browser |
14 | nodeny ${HOME}/.cache/yandex-browser-beta | 14 | noblacklist ${HOME}/.cache/yandex-browser-beta |
15 | nodeny ${HOME}/.config/yandex-browser | 15 | noblacklist ${HOME}/.config/yandex-browser |
16 | nodeny ${HOME}/.config/yandex-browser-beta | 16 | noblacklist ${HOME}/.config/yandex-browser-beta |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/yandex-browser | 18 | mkdir ${HOME}/.cache/yandex-browser |
19 | mkdir ${HOME}/.cache/yandex-browser-beta | 19 | mkdir ${HOME}/.cache/yandex-browser-beta |
20 | mkdir ${HOME}/.config/yandex-browser | 20 | mkdir ${HOME}/.config/yandex-browser |
21 | mkdir ${HOME}/.config/yandex-browser-beta | 21 | mkdir ${HOME}/.config/yandex-browser-beta |
22 | allow ${HOME}/.cache/yandex-browser | 22 | whitelist ${HOME}/.cache/yandex-browser |
23 | allow ${HOME}/.cache/yandex-browser-beta | 23 | whitelist ${HOME}/.cache/yandex-browser-beta |
24 | allow ${HOME}/.config/yandex-browser | 24 | whitelist ${HOME}/.config/yandex-browser |
25 | allow ${HOME}/.config/yandex-browser-beta | 25 | whitelist ${HOME}/.config/yandex-browser-beta |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile index b288993f2..dee154409 100644 --- a/etc/profile-m-z/yelp.profile +++ b/etc/profile-m-z/yelp.profile | |||
@@ -6,7 +6,7 @@ include yelp.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/yelp | 9 | noblacklist ${HOME}/.config/yelp |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,15 +18,15 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/yelp | 20 | mkdir ${HOME}/.config/yelp |
21 | allow ${HOME}/.config/yelp | 21 | whitelist ${HOME}/.config/yelp |
22 | allow /usr/libexec/webkit2gtk-4.0 | 22 | whitelist /usr/libexec/webkit2gtk-4.0 |
23 | allow /usr/share/doc | 23 | whitelist /usr/share/doc |
24 | allow /usr/share/groff | 24 | whitelist /usr/share/groff |
25 | allow /usr/share/help | 25 | whitelist /usr/share/help |
26 | allow /usr/share/man | 26 | whitelist /usr/share/man |
27 | allow /usr/share/yelp | 27 | whitelist /usr/share/yelp |
28 | allow /usr/share/yelp-tools | 28 | whitelist /usr/share/yelp-tools |
29 | allow /usr/share/yelp-xsl | 29 | whitelist /usr/share/yelp-xsl |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/youtube-dl-gui.profile b/etc/profile-m-z/youtube-dl-gui.profile index 26ea3acaa..b52271a2c 100644 --- a/etc/profile-m-z/youtube-dl-gui.profile +++ b/etc/profile-m-z/youtube-dl-gui.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | include allow-python2.inc | 8 | include allow-python2.inc |
9 | include allow-python3.inc | 9 | include allow-python3.inc |
10 | 10 | ||
11 | nodeny ${HOME}/.config/youtube-dlg | 11 | noblacklist ${HOME}/.config/youtube-dlg |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,8 +20,8 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.config/youtube-dlg | 22 | mkdir ${HOME}/.config/youtube-dlg |
23 | allow ${HOME}/.config/youtube-dlg | 23 | whitelist ${HOME}/.config/youtube-dlg |
24 | allow ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/youtube-dl.profile b/etc/profile-m-z/youtube-dl.profile index 37f87d0b5..24c4d6db3 100644 --- a/etc/profile-m-z/youtube-dl.profile +++ b/etc/profile-m-z/youtube-dl.profile | |||
@@ -10,18 +10,18 @@ include globals.local | |||
10 | # breaks when installed under ${HOME} via `pip install --user` (see #2833) | 10 | # breaks when installed under ${HOME} via `pip install --user` (see #2833) |
11 | ignore noexec ${HOME} | 11 | ignore noexec ${HOME} |
12 | 12 | ||
13 | nodeny ${HOME}/.cache/youtube-dl | 13 | noblacklist ${HOME}/.cache/youtube-dl |
14 | nodeny ${HOME}/.config/youtube-dl | 14 | noblacklist ${HOME}/.config/youtube-dl |
15 | nodeny ${HOME}/.netrc | 15 | noblacklist ${HOME}/.netrc |
16 | nodeny ${MUSIC} | 16 | noblacklist ${MUSIC} |
17 | nodeny ${VIDEOS} | 17 | noblacklist ${VIDEOS} |
18 | 18 | ||
19 | # Allow python (blacklisted by disable-interpreters.inc) | 19 | # Allow python (blacklisted by disable-interpreters.inc) |
20 | include allow-python2.inc | 20 | include allow-python2.inc |
21 | include allow-python3.inc | 21 | include allow-python3.inc |
22 | 22 | ||
23 | deny /tmp/.X11-unix | 23 | blacklist /tmp/.X11-unix |
24 | deny ${RUNUSER} | 24 | blacklist ${RUNUSER} |
25 | 25 | ||
26 | include disable-common.inc | 26 | include disable-common.inc |
27 | include disable-devel.inc | 27 | include disable-devel.inc |
diff --git a/etc/profile-m-z/youtube-viewer.profile b/etc/profile-m-z/youtube-viewer.profile index 84b8bbc6a..b54dd37ad 100644 --- a/etc/profile-m-z/youtube-viewer.profile +++ b/etc/profile-m-z/youtube-viewer.profile | |||
@@ -7,13 +7,13 @@ include youtube-viewer.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.cache/youtube-viewer | 10 | noblacklist ${HOME}/.cache/youtube-viewer |
11 | nodeny ${HOME}/.config/youtube-viewer | 11 | noblacklist ${HOME}/.config/youtube-viewer |
12 | 12 | ||
13 | mkdir ${HOME}/.cache/youtube-viewer | 13 | mkdir ${HOME}/.cache/youtube-viewer |
14 | mkdir ${HOME}/.config/youtube-viewer | 14 | mkdir ${HOME}/.config/youtube-viewer |
15 | allow ${HOME}/.cache/youtube-viewer | 15 | whitelist ${HOME}/.cache/youtube-viewer |
16 | allow ${HOME}/.config/youtube-viewer | 16 | whitelist ${HOME}/.config/youtube-viewer |
17 | 17 | ||
18 | private-bin gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,youtube-viewer | 18 | private-bin gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,youtube-viewer |
19 | 19 | ||
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile index f531f815e..25a073d4a 100644 --- a/etc/profile-m-z/youtube-viewers-common.profile +++ b/etc/profile-m-z/youtube-viewers-common.profile | |||
@@ -7,7 +7,7 @@ include youtube-viewers-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | nodeny ${HOME}/.cache/youtube-dl | 10 | noblacklist ${HOME}/.cache/youtube-dl |
11 | 11 | ||
12 | # Allow lua (blacklisted by disable-interpreters.inc) | 12 | # Allow lua (blacklisted by disable-interpreters.inc) |
13 | include allow-lua.inc | 13 | include allow-lua.inc |
@@ -27,8 +27,8 @@ include disable-passwdmgr.inc | |||
27 | include disable-programs.inc | 27 | include disable-programs.inc |
28 | include disable-xdg.inc | 28 | include disable-xdg.inc |
29 | 29 | ||
30 | allow ${DOWNLOADS} | 30 | whitelist ${DOWNLOADS} |
31 | allow ${HOME}/.cache/youtube-dl/youtube-sigfuncs | 31 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile index b015fb013..ad7ceaee4 100644 --- a/etc/profile-m-z/youtube.profile +++ b/etc/profile-m-z/youtube.profile | |||
@@ -9,12 +9,12 @@ include globals.local | |||
9 | # Disabled until someone reported positive feedback | 9 | # Disabled until someone reported positive feedback |
10 | ignore nou2f | 10 | ignore nou2f |
11 | 11 | ||
12 | nodeny ${HOME}/.config/Youtube | 12 | noblacklist ${HOME}/.config/Youtube |
13 | 13 | ||
14 | include disable-shell.inc | 14 | include disable-shell.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.config/Youtube | 16 | mkdir ${HOME}/.config/Youtube |
17 | allow ${HOME}/.config/Youtube | 17 | whitelist ${HOME}/.config/Youtube |
18 | 18 | ||
19 | private-bin youtube | 19 | private-bin youtube |
20 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 20 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile index d594a3d0f..74b0e38b9 100644 --- a/etc/profile-m-z/youtubemusic-nativefier.profile +++ b/etc/profile-m-z/youtubemusic-nativefier.profile | |||
@@ -6,12 +6,12 @@ include youtube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/youtubemusic-nativefier-040164 | 9 | noblacklist ${HOME}/.config/youtubemusic-nativefier-040164 |
10 | 10 | ||
11 | include disable-shell.inc | 11 | include disable-shell.inc |
12 | 12 | ||
13 | mkdir ${HOME}/.config/youtubemusic-nativefier-040164 | 13 | mkdir ${HOME}/.config/youtubemusic-nativefier-040164 |
14 | allow ${HOME}/.config/youtubemusic-nativefier-040164 | 14 | whitelist ${HOME}/.config/youtubemusic-nativefier-040164 |
15 | 15 | ||
16 | private-bin youtubemusic-nativefier | 16 | private-bin youtubemusic-nativefier |
17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile index 9987c953e..ab46fccc2 100644 --- a/etc/profile-m-z/ytmdesktop.profile +++ b/etc/profile-m-z/ytmdesktop.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | 8 | ||
9 | ignore dbus-user none | 9 | ignore dbus-user none |
10 | 10 | ||
11 | nodeny ${HOME}/.config/youtube-music-desktop-app | 11 | noblacklist ${HOME}/.config/youtube-music-desktop-app |
12 | 12 | ||
13 | mkdir ${HOME}/.config/youtube-music-desktop-app | 13 | mkdir ${HOME}/.config/youtube-music-desktop-app |
14 | allow ${HOME}/.config/youtube-music-desktop-app | 14 | whitelist ${HOME}/.config/youtube-music-desktop-app |
15 | 15 | ||
16 | # private-bin env,ytmdesktop | 16 | # private-bin env,ytmdesktop |
17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
diff --git a/etc/profile-m-z/zaproxy.profile b/etc/profile-m-z/zaproxy.profile index 2f18a8c45..5a168feb6 100644 --- a/etc/profile-m-z/zaproxy.profile +++ b/etc/profile-m-z/zaproxy.profile | |||
@@ -6,7 +6,7 @@ include zaproxy.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.ZAP | 9 | noblacklist ${HOME}/.ZAP |
10 | 10 | ||
11 | # Allow java (blacklisted by disable-devel.inc) | 11 | # Allow java (blacklisted by disable-devel.inc) |
12 | include allow-java.inc | 12 | include allow-java.inc |
@@ -20,8 +20,8 @@ include disable-programs.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.java | 21 | mkdir ${HOME}/.java |
22 | mkdir ${HOME}/.ZAP | 22 | mkdir ${HOME}/.ZAP |
23 | allow ${HOME}/.java | 23 | whitelist ${HOME}/.java |
24 | allow ${HOME}/.ZAP | 24 | whitelist ${HOME}/.ZAP |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-m-z/zart.profile b/etc/profile-m-z/zart.profile index 32ff4f8ed..10f83aa30 100644 --- a/etc/profile-m-z/zart.profile +++ b/etc/profile-m-z/zart.profile | |||
@@ -6,8 +6,8 @@ include zart.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${DOCUMENTS} | 9 | noblacklist ${DOCUMENTS} |
10 | nodeny ${PICTURES} | 10 | noblacklist ${PICTURES} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/zathura.profile b/etc/profile-m-z/zathura.profile index 4bc841f63..d0e68c980 100644 --- a/etc/profile-m-z/zathura.profile +++ b/etc/profile-m-z/zathura.profile | |||
@@ -6,9 +6,9 @@ include zathura.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/zathura | 9 | noblacklist ${HOME}/.config/zathura |
10 | nodeny ${HOME}/.local/share/zathura | 10 | noblacklist ${HOME}/.local/share/zathura |
11 | nodeny ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | mkdir ${HOME}/.config/zathura | 23 | mkdir ${HOME}/.config/zathura |
24 | mkdir ${HOME}/.local/share/zathura | 24 | mkdir ${HOME}/.local/share/zathura |
25 | allow /usr/share/doc | 25 | whitelist /usr/share/doc |
26 | allow /usr/share/zathura | 26 | whitelist /usr/share/zathura |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/zcat.profile b/etc/profile-m-z/zcat.profile index 904ea9f05..5de13ab90 100644 --- a/etc/profile-m-z/zcat.profile +++ b/etc/profile-m-z/zcat.profile | |||
@@ -9,7 +9,7 @@ include zcat.local | |||
9 | 9 | ||
10 | # Allow running kernel config check | 10 | # Allow running kernel config check |
11 | ignore include disable-shell.inc | 11 | ignore include disable-shell.inc |
12 | nodeny /proc/config.gz | 12 | noblacklist /proc/config.gz |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include gzip.profile | 15 | include gzip.profile |
diff --git a/etc/profile-m-z/zeal.profile b/etc/profile-m-z/zeal.profile index 458df2a46..2c6f6910f 100644 --- a/etc/profile-m-z/zeal.profile +++ b/etc/profile-m-z/zeal.profile | |||
@@ -6,9 +6,9 @@ include zeal.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | nodeny ${HOME}/.config/Zeal | 9 | noblacklist ${HOME}/.config/Zeal |
10 | nodeny ${HOME}/.cache/Zeal | 10 | noblacklist ${HOME}/.cache/Zeal |
11 | nodeny ${HOME}/.local/share/Zeal | 11 | noblacklist ${HOME}/.local/share/Zeal |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -23,9 +23,9 @@ mkdir ${HOME}/.cache/Zeal | |||
23 | mkdir ${HOME}/.config/qt5ct | 23 | mkdir ${HOME}/.config/qt5ct |
24 | mkdir ${HOME}/.config/Zeal | 24 | mkdir ${HOME}/.config/Zeal |
25 | mkdir ${HOME}/.local/share/Zeal | 25 | mkdir ${HOME}/.local/share/Zeal |
26 | allow ${HOME}/.cache/Zeal | 26 | whitelist ${HOME}/.cache/Zeal |
27 | allow ${HOME}/.config/Zeal | 27 | whitelist ${HOME}/.config/Zeal |
28 | allow ${HOME}/.local/share/Zeal | 28 | whitelist ${HOME}/.local/share/Zeal |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-var-common.inc | 30 | include whitelist-var-common.inc |
31 | 31 | ||
diff --git a/etc/profile-m-z/zgrep.profile b/etc/profile-m-z/zgrep.profile index e2dfbd105..f63dc871f 100644 --- a/etc/profile-m-z/zgrep.profile +++ b/etc/profile-m-z/zgrep.profile | |||
@@ -9,7 +9,7 @@ include zgrep.local | |||
9 | 9 | ||
10 | # Allow running kernel config check | 10 | # Allow running kernel config check |
11 | ignore include disable-shell.inc | 11 | ignore include disable-shell.inc |
12 | nodeny /proc/config.gz | 12 | noblacklist /proc/config.gz |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include gzip.profile | 15 | include gzip.profile |
diff --git a/etc/profile-m-z/zim.profile b/etc/profile-m-z/zim.profile new file mode 100644 index 000000000..5ae9cddb3 --- /dev/null +++ b/etc/profile-m-z/zim.profile | |||
@@ -0,0 +1,72 @@ | |||
1 | # Firejail profile for Zim | ||
2 | # Description: Desktop wiki & notekeeper | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include zim.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | nodeny ${HOME}/.cache/zim | ||
10 | nodeny ${HOME}/.config/zim | ||
11 | |||
12 | # Allow python (blacklisted by disable-interpreters.inc) | ||
13 | include allow-python2.inc | ||
14 | include allow-python3.inc | ||
15 | |||
16 | deny /usr/libexec | ||
17 | |||
18 | include disable-common.inc | ||
19 | include disable-devel.inc | ||
20 | include disable-exec.inc | ||
21 | include disable-interpreters.inc | ||
22 | include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | ||
24 | include disable-shell.inc | ||
25 | |||
26 | mkdir ${HOME}/.cache/zim | ||
27 | mkdir ${HOME}/.config/zim | ||
28 | mkdir ${HOME}/Notebooks | ||
29 | allow ${HOME}/.cache/zim | ||
30 | allow ${HOME}/.config/zim | ||
31 | allow ${HOME}/Notebooks | ||
32 | allow ${DESKTOP} | ||
33 | allow ${DOCUMENTS} | ||
34 | allow ${DOWNLOADS} | ||
35 | allow ${MUSIC} | ||
36 | allow ${PICTURES} | ||
37 | allow ${VIDEOS} | ||
38 | allow /usr/share/zim | ||
39 | include whitelist-common.inc | ||
40 | include whitelist-runuser-common.inc | ||
41 | include whitelist-usr-share-common.inc | ||
42 | include whitelist-var-common.inc | ||
43 | |||
44 | apparmor | ||
45 | caps.drop all | ||
46 | machine-id | ||
47 | net none | ||
48 | no3d | ||
49 | nodvd | ||
50 | nogroups | ||
51 | noinput | ||
52 | nonewprivs | ||
53 | noroot | ||
54 | nosound | ||
55 | notv | ||
56 | nou2f | ||
57 | novideo | ||
58 | protocol unix | ||
59 | seccomp | ||
60 | seccomp.block-secondary | ||
61 | shell none | ||
62 | tracelog | ||
63 | |||
64 | disable-mnt | ||
65 | private-bin python*,zim | ||
66 | private-cache | ||
67 | private-dev | ||
68 | private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | ||
69 | private-tmp | ||
70 | |||
71 | dbus-user none | ||
72 | dbus-system none | ||
diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile index 6b0417b56..ac615d861 100644 --- a/etc/profile-m-z/zoom.profile +++ b/etc/profile-m-z/zoom.profile | |||
@@ -16,17 +16,17 @@ ignore dbus-system none | |||
16 | # If you use such a system, add 'ignore nogroups' to your zoom.local. | 16 | # If you use such a system, add 'ignore nogroups' to your zoom.local. |
17 | #ignore nogroups | 17 | #ignore nogroups |
18 | 18 | ||
19 | nodeny ${HOME}/.config/zoomus.conf | 19 | noblacklist ${HOME}/.config/zoomus.conf |
20 | nodeny ${HOME}/.zoom | 20 | noblacklist ${HOME}/.zoom |
21 | 21 | ||
22 | noallow ${DOWNLOADS} | 22 | nowhitelist ${DOWNLOADS} |
23 | 23 | ||
24 | mkdir ${HOME}/.cache/zoom | 24 | mkdir ${HOME}/.cache/zoom |
25 | mkfile ${HOME}/.config/zoomus.conf | 25 | mkfile ${HOME}/.config/zoomus.conf |
26 | mkdir ${HOME}/.zoom | 26 | mkdir ${HOME}/.zoom |
27 | allow ${HOME}/.cache/zoom | 27 | whitelist ${HOME}/.cache/zoom |
28 | allow ${HOME}/.config/zoomus.conf | 28 | whitelist ${HOME}/.config/zoomus.conf |
29 | allow ${HOME}/.zoom | 29 | whitelist ${HOME}/.zoom |
30 | 30 | ||
31 | # Disable for now, see https://github.com/netblue30/firejail/issues/3726 | 31 | # Disable for now, see https://github.com/netblue30/firejail/issues/3726 |
32 | #private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 32 | #private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl |
diff --git a/etc/profile-m-z/zulip.profile b/etc/profile-m-z/zulip.profile index cdbbdccf1..093da5212 100644 --- a/etc/profile-m-z/zulip.profile +++ b/etc/profile-m-z/zulip.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec /tmp | 9 | ignore noexec /tmp |
10 | 10 | ||
11 | nodeny ${HOME}/.config/Zulip | 11 | noblacklist ${HOME}/.config/Zulip |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,8 +20,8 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.config/Zulip | 22 | mkdir ${HOME}/.config/Zulip |
23 | allow ${HOME}/.config/Zulip | 23 | whitelist ${HOME}/.config/Zulip |
24 | allow ${DOWNLOADS} | 24 | whitelist ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/templates/syscalls.txt b/etc/templates/syscalls.txt index 3992c984a..38f789923 100644 --- a/etc/templates/syscalls.txt +++ b/etc/templates/syscalls.txt | |||
@@ -89,18 +89,24 @@ Inheritance of groups | |||
89 | What to do if seccomp breaks a program | 89 | What to do if seccomp breaks a program |
90 | -------------------------------------- | 90 | -------------------------------------- |
91 | 91 | ||
92 | Start `journalctl --grep=SECCOMP --follow` in a terminal and run | ||
93 | `firejail --seccomp-error-action=log /path/to/program` in a second terminal. | ||
94 | Now switch back to the first terminal (where `journalctl` is running) and look | ||
95 | for the numbers of the blocked syscall(s) (`syscall=<NUMBER>`). As soon as you | ||
96 | have found them, you can stop `journalctl` (^C) and execute | ||
97 | `firejail --debug-syscalls | grep NUMBER` to get the name of the syscall. | ||
98 | In the particular case that it is a 32bit syscall on a 64bit system, use `ausyscall i386 NUMBER`. | ||
99 | Now you can add a seccomp exception using `seccomp !NAME`. | ||
100 | |||
101 | If the blocked syscall is ptrace, consider to add allow-debuggers to the profile. | ||
102 | |||
92 | ``` | 103 | ``` |
93 | $ journalctl --grep=syscall --follow | 104 | term1$ journalctl --grep=SECCOMP --follow |
94 | <...> audit[…]: SECCOMP <...> syscall=161 <...> | 105 | term2$ firejail --seccomp-error-action=log /usr/bin/signal-desktop |
95 | $ firejail --debug-syscalls | grep 161 | 106 | term1$ (journalctl --grep=SECCOMP --follow) |
96 | 161 - chroot | 107 | audit[1234]: SECCOMP ... comm="signal-desktop" exe="/usr/bin/signal-desktop" sig=31 arch=c000003e syscall=161 ... |
108 | ^C | ||
109 | term1$ firejail --debug-syscalls | grep "^161[[:space:]]" | ||
110 | 161 - chroot | ||
97 | ``` | 111 | ``` |
98 | Profile: `seccomp -> seccomp !chroot` | 112 | Profile: `seccomp -> seccomp !chroot` |
99 | |||
100 | Start `journalctl --grep=syscall --follow` in a terminal, then start the broken | ||
101 | program. Now you see one or more long lines containing `syscall=NUMBER` somewhere. | ||
102 | Stop journalctl (^C) and execute `firejail --debug-syscalls | grep NUMBER`. You | ||
103 | will see something like `NUMBER - NAME`, because you now know the name of the | ||
104 | syscall, you can add an exception to seccomp by putting `!NAME` to seccomp. | ||
105 | |||
106 | If the blocked syscall is ptrace, consider to add allow-debuggers to the profile. | ||