diff options
-rw-r--r-- | etc/inc/disable-common.inc | 10 | ||||
-rw-r--r-- | etc/profile-a-l/awesome.profile | 1 | ||||
-rw-r--r-- | etc/profile-a-l/cower.profile | 1 | ||||
-rw-r--r-- | etc/profile-m-z/makepkg.profile | 1 | ||||
-rw-r--r-- | etc/profile-m-z/openbox.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/steam.profile | 1 |
6 files changed, 10 insertions, 6 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 18e94bb80..cf712a07e 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -69,6 +69,9 @@ blacklist ${HOME}/.xsessionrc | |||
69 | blacklist /etc/X11/Xsession.d | 69 | blacklist /etc/X11/Xsession.d |
70 | blacklist /etc/xdg/autostart | 70 | blacklist /etc/xdg/autostart |
71 | read-only ${HOME}/.Xauthority | 71 | read-only ${HOME}/.Xauthority |
72 | read-only ${HOME}/.config/awesome/autorun.sh | ||
73 | read-only ${HOME}/.config/openbox/autostart | ||
74 | read-only ${HOME}/.config/openbox/environment | ||
72 | 75 | ||
73 | # Session manager | 76 | # Session manager |
74 | # see #3358 | 77 | # see #3358 |
@@ -338,6 +341,7 @@ read-only ${HOME}/.elinks | |||
338 | read-only ${HOME}/.emacs | 341 | read-only ${HOME}/.emacs |
339 | read-only ${HOME}/.emacs.d | 342 | read-only ${HOME}/.emacs.d |
340 | read-only ${HOME}/.exrc | 343 | read-only ${HOME}/.exrc |
344 | read-only ${HOME}/.gnupg/gpg.conf | ||
341 | read-only ${HOME}/.gvimrc | 345 | read-only ${HOME}/.gvimrc |
342 | read-only ${HOME}/.homesick | 346 | read-only ${HOME}/.homesick |
343 | read-only ${HOME}/.iscreenrc | 347 | read-only ${HOME}/.iscreenrc |
@@ -370,6 +374,7 @@ read-only ${HOME}/dotfiles | |||
370 | 374 | ||
371 | # System package managers and AUR helpers | 375 | # System package managers and AUR helpers |
372 | blacklist ${HOME}/.config/cower | 376 | blacklist ${HOME}/.config/cower |
377 | read-only ${HOME}/.config/cower/config | ||
373 | 378 | ||
374 | # Make directories commonly found in $PATH read-only | 379 | # Make directories commonly found in $PATH read-only |
375 | read-only ${HOME}/.bin | 380 | read-only ${HOME}/.bin |
@@ -396,6 +401,11 @@ read-only ${HOME}/.config/user-dirs.dirs | |||
396 | read-only ${HOME}/.config/user-dirs.locale | 401 | read-only ${HOME}/.config/user-dirs.locale |
397 | read-only ${HOME}/.local/share/mime | 402 | read-only ${HOME}/.local/share/mime |
398 | 403 | ||
404 | # Configuration files that do not allow arbitrary command execution but that | ||
405 | # are intended to be modified manually (in a text editor and/or by a program | ||
406 | # dedicated to managing them) | ||
407 | read-only ${HOME}/.config/MangoHud | ||
408 | |||
399 | # Write-protection for thumbnailer dir | 409 | # Write-protection for thumbnailer dir |
400 | read-only ${HOME}/.local/share/thumbnailers | 410 | read-only ${HOME}/.local/share/thumbnailers |
401 | 411 | ||
diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile index d8c073c8d..910dd8a91 100644 --- a/etc/profile-a-l/awesome.profile +++ b/etc/profile-a-l/awesome.profile | |||
@@ -16,5 +16,4 @@ noroot | |||
16 | protocol unix,inet,inet6 | 16 | protocol unix,inet,inet6 |
17 | seccomp !chroot | 17 | seccomp !chroot |
18 | 18 | ||
19 | read-only ${HOME}/.config/awesome/autorun.sh | ||
20 | #restrict-namespaces | 19 | #restrict-namespaces |
diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile index e896f3537..9b05b4416 100644 --- a/etc/profile-a-l/cower.profile +++ b/etc/profile-a-l/cower.profile | |||
@@ -45,5 +45,4 @@ private-dev | |||
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
47 | memory-deny-write-execute | 47 | memory-deny-write-execute |
48 | read-only ${HOME}/.config/cower/config | ||
49 | restrict-namespaces | 48 | restrict-namespaces |
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile index e9d245a6d..266d00395 100644 --- a/etc/profile-m-z/makepkg.profile +++ b/etc/profile-m-z/makepkg.profile | |||
@@ -19,7 +19,6 @@ blacklist ${RUNUSER}/wayland-* | |||
19 | 19 | ||
20 | # Enable severely restricted access to ${HOME}/.gnupg | 20 | # Enable severely restricted access to ${HOME}/.gnupg |
21 | noblacklist ${HOME}/.gnupg | 21 | noblacklist ${HOME}/.gnupg |
22 | read-only ${HOME}/.gnupg/gpg.conf | ||
23 | read-only ${HOME}/.gnupg/trustdb.gpg | 22 | read-only ${HOME}/.gnupg/trustdb.gpg |
24 | read-only ${HOME}/.gnupg/pubring.kbx | 23 | read-only ${HOME}/.gnupg/pubring.kbx |
25 | blacklist ${HOME}/.gnupg/random_seed | 24 | blacklist ${HOME}/.gnupg/random_seed |
diff --git a/etc/profile-m-z/openbox.profile b/etc/profile-m-z/openbox.profile index 2da867dec..9b566a42b 100644 --- a/etc/profile-m-z/openbox.profile +++ b/etc/profile-m-z/openbox.profile | |||
@@ -16,6 +16,4 @@ noroot | |||
16 | protocol unix,inet,inet6 | 16 | protocol unix,inet,inet6 |
17 | seccomp !chroot | 17 | seccomp !chroot |
18 | 18 | ||
19 | read-only ${HOME}/.config/openbox/autostart | ||
20 | read-only ${HOME}/.config/openbox/environment | ||
21 | #restrict-namespaces | 19 | #restrict-namespaces |
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index a5b4d5d87..63d629a32 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile | |||
@@ -181,5 +181,4 @@ private-tmp | |||
181 | #dbus-user none | 181 | #dbus-user none |
182 | #dbus-system none | 182 | #dbus-system none |
183 | 183 | ||
184 | read-only ${HOME}/.config/MangoHud | ||
185 | #restrict-namespaces | 184 | #restrict-namespaces |