diff options
65 files changed, 108 insertions, 0 deletions
diff --git a/etc/7z.profile b/etc/7z.profile index 5ff02e1c0..b60bb9ee9 100644 --- a/etc/7z.profile +++ b/etc/7z.profile | |||
@@ -7,6 +7,8 @@ include 7z.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | include disable-common.inc | 12 | include disable-common.inc |
11 | include disable-devel.inc | 13 | include disable-devel.inc |
12 | include disable-exec.inc | 14 | include disable-exec.inc |
diff --git a/etc/ar.profile b/etc/ar.profile index 6b1fb830c..e28370450 100644 --- a/etc/ar.profile +++ b/etc/ar.profile | |||
@@ -7,6 +7,8 @@ include ar.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | include disable-common.inc | 12 | include disable-common.inc |
11 | include disable-devel.inc | 13 | include disable-devel.inc |
12 | include disable-exec.inc | 14 | include disable-exec.inc |
diff --git a/etc/aria2c.profile b/etc/aria2c.profile index f46202ac8..7819300af 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile | |||
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.config/aria2 | |||
11 | noblacklist ${HOME}/.netrc | 11 | noblacklist ${HOME}/.netrc |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | blacklist /tmp/.X11-unix |
14 | blacklist ${RUNUSER}/wayland-* | ||
14 | 15 | ||
15 | include disable-common.inc | 16 | include disable-common.inc |
16 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/artha.profile b/etc/artha.profile index 31f8887c4..aaaede7ee 100644 --- a/etc/artha.profile +++ b/etc/artha.profile | |||
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.config/artha.log | |||
11 | noblacklist ${HOME}/.config/enchant | 11 | noblacklist ${HOME}/.config/enchant |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | blacklist /tmp/.X11-unix |
14 | blacklist ${RUNUSER}/wayland-* | ||
14 | 15 | ||
15 | include disable-common.inc | 16 | include disable-common.inc |
16 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/atool.profile b/etc/atool.profile index fb75c8408..0250451fc 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
@@ -7,6 +7,8 @@ include atool.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | # Allow perl (blacklisted by disable-interpreters.inc) | 12 | # Allow perl (blacklisted by disable-interpreters.inc) |
11 | include allow-perl.inc | 13 | include allow-perl.inc |
12 | 14 | ||
diff --git a/etc/audio-recorder.profile b/etc/audio-recorder.profile index afd1033de..799405f1d 100644 --- a/etc/audio-recorder.profile +++ b/etc/audio-recorder.profile | |||
@@ -7,6 +7,8 @@ include audio-recorder.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | noblacklist ${MUSIC} | 12 | noblacklist ${MUSIC} |
11 | 13 | ||
12 | include disable-common.inc | 14 | include disable-common.inc |
diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile index 17c67ed26..5ce9b6406 100644 --- a/etc/bsdtar.profile +++ b/etc/bsdtar.profile | |||
@@ -6,6 +6,8 @@ include bsdtar.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | ||
10 | |||
9 | include disable-common.inc | 11 | include disable-common.inc |
10 | # include disable-devel.inc | 12 | # include disable-devel.inc |
11 | include disable-exec.inc | 13 | include disable-exec.inc |
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile index c66776b9f..e15131dca 100644 --- a/etc/checkbashisms.profile +++ b/etc/checkbashisms.profile | |||
@@ -7,6 +7,8 @@ include checkbashisms.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | noblacklist ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
11 | 13 | ||
12 | # Allow perl (blacklisted by disable-interpreters.inc) | 14 | # Allow perl (blacklisted by disable-interpreters.inc) |
diff --git a/etc/clamav.profile b/etc/clamav.profile index 45e7723eb..51bc58108 100644 --- a/etc/clamav.profile +++ b/etc/clamav.profile | |||
@@ -7,6 +7,8 @@ include clamav.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | include disable-exec.inc | 12 | include disable-exec.inc |
11 | 13 | ||
12 | caps.drop all | 14 | caps.drop all |
diff --git a/etc/cpio.profile b/etc/cpio.profile index 17a765700..1156b7439 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile | |||
@@ -7,6 +7,8 @@ include cpio.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | noblacklist /sbin | 12 | noblacklist /sbin |
11 | noblacklist /usr/sbin | 13 | noblacklist /usr/sbin |
12 | 14 | ||
diff --git a/etc/dconf.profile b/etc/dconf.profile index ebb362fb6..2ee573463 100644 --- a/etc/dconf.profile +++ b/etc/dconf.profile | |||
@@ -6,6 +6,8 @@ include dconf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | ||
10 | |||
9 | include disable-common.inc | 11 | include disable-common.inc |
10 | include disable-devel.inc | 12 | include disable-devel.inc |
11 | include disable-exec.inc | 13 | include disable-exec.inc |
diff --git a/etc/ddgtk.profile b/etc/ddgtk.profile index ef65046e1..46386f09e 100644 --- a/etc/ddgtk.profile +++ b/etc/ddgtk.profile | |||
@@ -6,6 +6,8 @@ include ddgtk.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | ||
10 | |||
9 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
10 | include allow-python2.inc | 12 | include allow-python2.inc |
11 | include allow-python3.inc | 13 | include allow-python3.inc |
diff --git a/etc/devilspie.profile b/etc/devilspie.profile index 4a08ad5e2..b561787d8 100644 --- a/etc/devilspie.profile +++ b/etc/devilspie.profile | |||
@@ -6,6 +6,8 @@ include devilspie.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | ||
10 | |||
9 | noblacklist ${HOME}/.devilspie | 11 | noblacklist ${HOME}/.devilspie |
10 | 12 | ||
11 | include disable-common.inc | 13 | include disable-common.inc |
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile index 2c1f7c9ac..0a1faf8d2 100644 --- a/etc/devilspie2.profile +++ b/etc/devilspie2.profile | |||
@@ -6,6 +6,8 @@ include devilspie2.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | ||
10 | |||
9 | noblacklist ${HOME}/.config/devilspie2 | 11 | noblacklist ${HOME}/.config/devilspie2 |
10 | 12 | ||
11 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index dfb1b61c1..6db71bd49 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile | |||
@@ -11,6 +11,7 @@ noblacklist /sbin | |||
11 | noblacklist /usr/sbin | 11 | noblacklist /usr/sbin |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | blacklist /tmp/.X11-unix |
14 | blacklist ${RUNUSER}/wayland-* | ||
14 | 15 | ||
15 | include disable-common.inc | 16 | include disable-common.inc |
16 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/elinks.profile b/etc/elinks.profile index 94f4179c7..82d1ba528 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile | |||
@@ -9,6 +9,7 @@ include globals.local | |||
9 | noblacklist ${HOME}/.elinks | 9 | noblacklist ${HOME}/.elinks |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
12 | blacklist ${RUNUSER}/wayland-* | ||
12 | 13 | ||
13 | include disable-common.inc | 14 | include disable-common.inc |
14 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/enchant.profile b/etc/enchant.profile index 82bd7174d..fa556c7d2 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile | |||
@@ -6,6 +6,8 @@ include enchant.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | ||
10 | |||
9 | noblacklist ${HOME}/.config/enchant | 11 | noblacklist ${HOME}/.config/enchant |
10 | 12 | ||
11 | include disable-common.inc | 13 | include disable-common.inc |
diff --git a/etc/exiftool.profile b/etc/exiftool.profile index e9c7d290a..9316a0585 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile | |||
@@ -6,6 +6,8 @@ include exiftool.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | ||
10 | |||
9 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
10 | include allow-perl.inc | 12 | include allow-perl.inc |
11 | 13 | ||
diff --git a/etc/file.profile b/etc/file.profile index 37c7ee9e7..9b21818f8 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -7,6 +7,8 @@ include file.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | include disable-common.inc | 12 | include disable-common.inc |
11 | include disable-exec.inc | 13 | include disable-exec.inc |
12 | include disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
diff --git a/etc/gconf-editor.profile b/etc/gconf-editor.profile index a2c441a20..7325bfb4c 100644 --- a/etc/gconf-editor.profile +++ b/etc/gconf-editor.profile | |||
@@ -8,6 +8,7 @@ include gconf-editor.local | |||
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | ||
11 | 12 | ||
12 | ignore net none | 13 | ignore net none |
13 | ignore x11 none | 14 | ignore x11 none |
diff --git a/etc/gconf.profile b/etc/gconf.profile index 25145c77d..f070e6944 100644 --- a/etc/gconf.profile +++ b/etc/gconf.profile | |||
@@ -6,6 +6,8 @@ include gconf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | ||
10 | |||
9 | noblacklist ${HOME}/.config/gconf | 11 | noblacklist ${HOME}/.config/gconf |
10 | 12 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
diff --git a/etc/gist.profile b/etc/gist.profile index 7413238c8..59fcb2775 100644 --- a/etc/gist.profile +++ b/etc/gist.profile | |||
@@ -8,6 +8,7 @@ include gist.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | ||
11 | 12 | ||
12 | noblacklist ${HOME}/.gist | 13 | noblacklist ${HOME}/.gist |
13 | 14 | ||
diff --git a/etc/git.profile b/etc/git.profile index dbaaefcc4..da55f8744 100644 --- a/etc/git.profile +++ b/etc/git.profile | |||
@@ -20,6 +20,7 @@ noblacklist ${HOME}/.vim | |||
20 | noblacklist ${HOME}/.viminfo | 20 | noblacklist ${HOME}/.viminfo |
21 | 21 | ||
22 | blacklist /tmp/.X11-unix | 22 | blacklist /tmp/.X11-unix |
23 | blacklist ${RUNUSER}/wayland-* | ||
23 | 24 | ||
24 | include disable-common.inc | 25 | include disable-common.inc |
25 | include disable-exec.inc | 26 | include disable-exec.inc |
diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index c11773147..2710ac88e 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile | |||
@@ -10,6 +10,7 @@ include globals.local | |||
10 | noblacklist ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
13 | blacklist ${RUNUSER}/wayland-* | ||
13 | 14 | ||
14 | include disable-common.inc | 15 | include disable-common.inc |
15 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/gpg.profile b/etc/gpg.profile index 5eb18a0bc..a60d42cf8 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile | |||
@@ -10,6 +10,7 @@ include globals.local | |||
10 | noblacklist ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
13 | blacklist ${RUNUSER}/wayland-* | ||
13 | 14 | ||
14 | include disable-common.inc | 15 | include disable-common.inc |
15 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/gtk-update-icon-cache.profile b/etc/gtk-update-icon-cache.profile index fd35a563b..668a48f9a 100644 --- a/etc/gtk-update-icon-cache.profile +++ b/etc/gtk-update-icon-cache.profile | |||
@@ -7,6 +7,8 @@ include gtk-update-icon-cache.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | include disable-common.inc | 12 | include disable-common.inc |
11 | include disable-devel.inc | 13 | include disable-devel.inc |
12 | include disable-exec.inc | 14 | include disable-exec.inc |
diff --git a/etc/gzip.profile b/etc/gzip.profile index 48e495c60..1af15d227 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
@@ -7,6 +7,8 @@ include gzip.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. | 12 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. |
11 | noblacklist /var/lib/pacman | 13 | noblacklist /var/lib/pacman |
12 | 14 | ||
diff --git a/etc/hashcat.profile b/etc/hashcat.profile index da59984d7..b4d6d52f0 100644 --- a/etc/hashcat.profile +++ b/etc/hashcat.profile | |||
@@ -7,6 +7,8 @@ include hashcat.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | noblacklist ${HOME}/.hashcat | 12 | noblacklist ${HOME}/.hashcat |
11 | noblacklist /usr/include | 13 | noblacklist /usr/include |
12 | noblacklist ${DOCUMENTS} | 14 | noblacklist ${DOCUMENTS} |
diff --git a/etc/highlight.profile b/etc/highlight.profile index 249d5cd17..036de8d99 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile | |||
@@ -6,6 +6,8 @@ include highlight.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | ||
10 | |||
9 | include disable-common.inc | 11 | include disable-common.inc |
10 | include disable-devel.inc | 12 | include disable-devel.inc |
11 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
diff --git a/etc/img2txt.profile b/etc/img2txt.profile index c17e82870..419da765d 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile | |||
@@ -5,6 +5,8 @@ include img2txt.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | blacklist ${RUNUSER}/wayland-* | ||
9 | |||
8 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
9 | noblacklist ${PICTURES} | 11 | noblacklist ${PICTURES} |
10 | 12 | ||
diff --git a/etc/less.profile b/etc/less.profile index 282b033a6..00624e0f1 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
@@ -7,6 +7,8 @@ include less.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | noblacklist ${HOME}/.lesshst | 12 | noblacklist ${HOME}/.lesshst |
11 | 13 | ||
12 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/links.profile b/etc/links.profile index bd0b0cc92..a31001c87 100644 --- a/etc/links.profile +++ b/etc/links.profile | |||
@@ -9,6 +9,7 @@ include globals.local | |||
9 | noblacklist ${HOME}/.links | 9 | noblacklist ${HOME}/.links |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
12 | blacklist ${RUNUSER}/wayland-* | ||
12 | 13 | ||
13 | include disable-common.inc | 14 | include disable-common.inc |
14 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/lynx.profile b/etc/lynx.profile index 063285316..fb6fe94ec 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile | |||
@@ -7,6 +7,7 @@ include lynx.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | blacklist ${RUNUSER}/wayland-* | ||
10 | 11 | ||
11 | include disable-common.inc | 12 | include disable-common.inc |
12 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index 00730c00b..fb8db3e3d 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile | |||
@@ -6,6 +6,8 @@ include mediainfo.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | ||
10 | |||
9 | include disable-common.inc | 11 | include disable-common.inc |
10 | include disable-devel.inc | 12 | include disable-devel.inc |
11 | include disable-exec.inc | 13 | include disable-exec.inc |
diff --git a/etc/mp3splt.profile b/etc/mp3splt.profile index 95173a890..7754d276b 100644 --- a/etc/mp3splt.profile +++ b/etc/mp3splt.profile | |||
@@ -6,6 +6,8 @@ include mp3splt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | ||
10 | |||
9 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
10 | 12 | ||
11 | include disable-common.inc | 13 | include disable-common.inc |
diff --git a/etc/mutt.profile b/etc/mutt.profile index 92babd50f..1fc412955 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile | |||
@@ -32,6 +32,7 @@ noblacklist ${HOME}/postponed | |||
32 | noblacklist ${HOME}/sent | 32 | noblacklist ${HOME}/sent |
33 | 33 | ||
34 | blacklist /tmp/.X11-unix | 34 | blacklist /tmp/.X11-unix |
35 | blacklist ${RUNUSER}/wayland-* | ||
35 | 36 | ||
36 | include disable-common.inc | 37 | include disable-common.inc |
37 | include disable-devel.inc | 38 | include disable-devel.inc |
diff --git a/etc/nano.profile b/etc/nano.profile index af6fcc3fe..bc8c3dde0 100644 --- a/etc/nano.profile +++ b/etc/nano.profile | |||
@@ -7,6 +7,8 @@ include nano.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | noblacklist ${HOME}/.config/nano | 12 | noblacklist ${HOME}/.config/nano |
11 | noblacklist ${HOME}/.nanorc | 13 | noblacklist ${HOME}/.nanorc |
12 | 14 | ||
diff --git a/etc/ncdu.profile b/etc/ncdu.profile index 0d7915839..9fda6ebe0 100644 --- a/etc/ncdu.profile +++ b/etc/ncdu.profile | |||
@@ -6,6 +6,8 @@ include ncdu.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | ||
10 | |||
9 | include disable-exec.inc | 11 | include disable-exec.inc |
10 | 12 | ||
11 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index 719753c87..c0c5b671c 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile | |||
@@ -6,6 +6,8 @@ include odt2txt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | ||
10 | |||
9 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
10 | 12 | ||
11 | include disable-common.inc | 13 | include disable-common.inc |
diff --git a/etc/pandoc.profile b/etc/pandoc.profile index 57b5d7e39..9a8d82a96 100644 --- a/etc/pandoc.profile +++ b/etc/pandoc.profile | |||
@@ -7,6 +7,8 @@ include pandoc.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | noblacklist ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
11 | 13 | ||
12 | include disable-common.inc | 14 | include disable-common.inc |
diff --git a/etc/patch.profile b/etc/patch.profile index 03f5a4b71..4a3365378 100644 --- a/etc/patch.profile +++ b/etc/patch.profile | |||
@@ -7,6 +7,8 @@ include patch.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | noblacklist ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
11 | 13 | ||
12 | include disable-common.inc | 14 | include disable-common.inc |
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index f8448f514..73ebf4615 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
@@ -6,6 +6,8 @@ include pdftotext.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | ||
10 | |||
9 | noblacklist ${DOCUMENTS} | 11 | noblacklist ${DOCUMENTS} |
10 | 12 | ||
11 | include disable-common.inc | 13 | include disable-common.inc |
diff --git a/etc/pngquant.profile b/etc/pngquant.profile index 8c06cef1a..f9ce43c4c 100644 --- a/etc/pngquant.profile +++ b/etc/pngquant.profile | |||
@@ -7,6 +7,8 @@ include pngquant.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | include disable-common.inc | 12 | include disable-common.inc |
11 | include disable-devel.inc | 13 | include disable-devel.inc |
12 | include disable-exec.inc | 14 | include disable-exec.inc |
diff --git a/etc/rsync-download_only.profile b/etc/rsync-download_only.profile index bda3bca92..84147f0a5 100644 --- a/etc/rsync-download_only.profile +++ b/etc/rsync-download_only.profile | |||
@@ -13,6 +13,7 @@ include globals.local | |||
13 | # Usage: firejail --profile=rsync-download_only rsync | 13 | # Usage: firejail --profile=rsync-download_only rsync |
14 | 14 | ||
15 | blacklist /tmp/.X11-unix | 15 | blacklist /tmp/.X11-unix |
16 | blacklist ${RUNUSER}/wayland-* | ||
16 | 17 | ||
17 | include disable-common.inc | 18 | include disable-common.inc |
18 | include disable-devel.inc | 19 | include disable-devel.inc |
diff --git a/etc/seahorse.profile b/etc/seahorse.profile index 5a742d05f..0470dc286 100644 --- a/etc/seahorse.profile +++ b/etc/seahorse.profile | |||
@@ -7,6 +7,7 @@ include seahorse.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | blacklist ${RUNUSER}/wayland-* | ||
10 | 11 | ||
11 | noblacklist ${HOME}/.gnupg | 12 | noblacklist ${HOME}/.gnupg |
12 | noblacklist ${HOME}/.ssh | 13 | noblacklist ${HOME}/.ssh |
diff --git a/etc/server.profile b/etc/server.profile index 6e077ff84..ce318a828 100644 --- a/etc/server.profile +++ b/etc/server.profile | |||
@@ -14,6 +14,7 @@ noblacklist /usr/sbin | |||
14 | # noblacklist /var/opt | 14 | # noblacklist /var/opt |
15 | 15 | ||
16 | blacklist /tmp/.X11-unix | 16 | blacklist /tmp/.X11-unix |
17 | blacklist ${RUNUSER}/wayland-* | ||
17 | 18 | ||
18 | include disable-common.inc | 19 | include disable-common.inc |
19 | # include disable-devel.inc | 20 | # include disable-devel.inc |
diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile index d26096c77..f8744bdf8 100644 --- a/etc/shellcheck.profile +++ b/etc/shellcheck.profile | |||
@@ -7,6 +7,8 @@ include shellcheck.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | noblacklist ${DOCUMENTS} | 12 | noblacklist ${DOCUMENTS} |
11 | 13 | ||
12 | include disable-common.inc | 14 | include disable-common.inc |
diff --git a/etc/signal-cli.profile b/etc/signal-cli.profile index bb1bf732d..6a2f5c434 100644 --- a/etc/signal-cli.profile +++ b/etc/signal-cli.profile | |||
@@ -7,6 +7,7 @@ include signal-cli.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | blacklist ${RUNUSER}/wayland-* | ||
10 | 11 | ||
11 | noblacklist ${HOME}/.local/share/signal-cli | 12 | noblacklist ${HOME}/.local/share/signal-cli |
12 | 13 | ||
diff --git a/etc/spectre-meltdown-checker.profile b/etc/spectre-meltdown-checker.profile index 3306181e4..e27df4cc8 100644 --- a/etc/spectre-meltdown-checker.profile +++ b/etc/spectre-meltdown-checker.profile | |||
@@ -6,6 +6,8 @@ include spectre-meltdown-checker.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | ||
10 | |||
9 | noblacklist ${PATH}/mount | 11 | noblacklist ${PATH}/mount |
10 | noblacklist ${PATH}/umount | 12 | noblacklist ${PATH}/umount |
11 | 13 | ||
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index 8e355a176..cf509852a 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile | |||
@@ -11,6 +11,7 @@ noblacklist /tmp/ssh-* | |||
11 | noblacklist ${HOME}/.ssh | 11 | noblacklist ${HOME}/.ssh |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | blacklist /tmp/.X11-unix |
14 | blacklist ${RUNUSER}/wayland-* | ||
14 | 15 | ||
15 | include disable-common.inc | 16 | include disable-common.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
diff --git a/etc/strings.profile b/etc/strings.profile index 52b762108..7dc453b1f 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -7,6 +7,8 @@ include strings.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | #include disable-common.inc | 12 | #include disable-common.inc |
11 | include disable-devel.inc | 13 | include disable-devel.inc |
12 | include disable-exec.inc | 14 | include disable-exec.inc |
diff --git a/etc/tar.profile b/etc/tar.profile index 455a370de..0858dcb26 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -7,6 +7,8 @@ include tar.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. | 12 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. |
11 | noblacklist /var/lib/pacman | 13 | noblacklist /var/lib/pacman |
12 | 14 | ||
diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 7bfc3cf0d..828b3f50e 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template | |||
@@ -42,6 +42,7 @@ | |||
42 | # ${HOME} (user's home) | 42 | # ${HOME} (user's home) |
43 | # ${PATH} (contents of PATH envvar) | 43 | # ${PATH} (contents of PATH envvar) |
44 | # ${MUSIC} | 44 | # ${MUSIC} |
45 | # ${RUNUSER} (/run/user/UID) | ||
45 | # ${VIDEOS} | 46 | # ${VIDEOS} |
46 | # | 47 | # |
47 | # Check contents of ~/.config/user-dirs.dirs to see how they translate to actual paths. | 48 | # Check contents of ~/.config/user-dirs.dirs to see how they translate to actual paths. |
@@ -59,6 +60,8 @@ include globals.local | |||
59 | ##blacklist PATH | 60 | ##blacklist PATH |
60 | # Disable X11 (CLI only), see also 'x11 none' below | 61 | # Disable X11 (CLI only), see also 'x11 none' below |
61 | #blacklist /tmp/.X11-unix | 62 | #blacklist /tmp/.X11-unix |
63 | # Disable Wayland | ||
64 | #blacklist ${RUNUSER}/wayland-* | ||
62 | 65 | ||
63 | # It is common practice to add files/dirs containing program-specific configuration | 66 | # It is common practice to add files/dirs containing program-specific configuration |
64 | # (often ${HOME}/PROGRAMNAME or ${HOME}/.config/PROGRAMNAME) into disable-programs.inc | 67 | # (often ${HOME}/PROGRAMNAME or ${HOME}/.config/PROGRAMNAME) into disable-programs.inc |
diff --git a/etc/tracker.profile b/etc/tracker.profile index 6e107d99e..d47185b1d 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile | |||
@@ -9,6 +9,7 @@ include globals.local | |||
9 | # Tracker is started by systemd on most systems. Therefore it is not firejailed by default | 9 | # Tracker is started by systemd on most systems. Therefore it is not firejailed by default |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
12 | blacklist ${RUNUSER}/wayland-* | ||
12 | 13 | ||
13 | include disable-common.inc | 14 | include disable-common.inc |
14 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/unbound.profile b/etc/unbound.profile index 67448d766..36533a762 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -10,6 +10,7 @@ noblacklist /sbin | |||
10 | noblacklist /usr/sbin | 10 | noblacklist /usr/sbin |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
13 | blacklist ${RUNUSER}/wayland-* | ||
13 | 14 | ||
14 | include disable-common.inc | 15 | include disable-common.inc |
15 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/unf.profile b/etc/unf.profile index 1f0b2aa32..7687a1a53 100644 --- a/etc/unf.profile +++ b/etc/unf.profile | |||
@@ -7,6 +7,8 @@ include unf.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | include disable-common.inc | 12 | include disable-common.inc |
11 | include disable-devel.inc | 13 | include disable-devel.inc |
12 | include disable-exec.inc | 14 | include disable-exec.inc |
diff --git a/etc/unrar.profile b/etc/unrar.profile index 428173e7d..bf28746b0 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile | |||
@@ -7,6 +7,8 @@ include unrar.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | include disable-common.inc | 12 | include disable-common.inc |
11 | include disable-devel.inc | 13 | include disable-devel.inc |
12 | include disable-exec.inc | 14 | include disable-exec.inc |
diff --git a/etc/unzip.profile b/etc/unzip.profile index 60e447049..7882f2b63 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile | |||
@@ -7,6 +7,8 @@ include unzip.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | # GNOME Shell integration (chrome-gnome-shell) | 12 | # GNOME Shell integration (chrome-gnome-shell) |
11 | noblacklist ${HOME}/.local/share/gnome-shell | 13 | noblacklist ${HOME}/.local/share/gnome-shell |
12 | 14 | ||
diff --git a/etc/uudeview.profile b/etc/uudeview.profile index 60a7f0d20..bd2ee01d5 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile | |||
@@ -7,6 +7,8 @@ include uudeview.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | include disable-common.inc | 12 | include disable-common.inc |
11 | include disable-devel.inc | 13 | include disable-devel.inc |
12 | include disable-exec.inc | 14 | include disable-exec.inc |
diff --git a/etc/w3m.profile b/etc/w3m.profile index 76531d315..97465baa1 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile | |||
@@ -9,6 +9,7 @@ include globals.local | |||
9 | noblacklist ${HOME}/.w3m | 9 | noblacklist ${HOME}/.w3m |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | blacklist /tmp/.X11-unix |
12 | blacklist ${RUNUSER}/wayland-* | ||
12 | 13 | ||
13 | include allow-perl.inc | 14 | include allow-perl.inc |
14 | 15 | ||
diff --git a/etc/wget.profile b/etc/wget.profile index c1f7dfc3f..401926e2d 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.wget-hsts | |||
12 | noblacklist ${HOME}/.wgetrc | 12 | noblacklist ${HOME}/.wgetrc |
13 | 13 | ||
14 | blacklist /tmp/.X11-unix | 14 | blacklist /tmp/.X11-unix |
15 | blacklist ${RUNUSER}/wayland-* | ||
15 | 16 | ||
16 | include disable-common.inc | 17 | include disable-common.inc |
17 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/whois.profile b/etc/whois.profile index bd0870bea..7f48afd36 100644 --- a/etc/whois.profile +++ b/etc/whois.profile | |||
@@ -8,6 +8,7 @@ include whois.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | ||
11 | 12 | ||
12 | include disable-common.inc | 13 | include disable-common.inc |
13 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/xzdec.profile b/etc/xzdec.profile index 93c288d6e..ca6aaf1d5 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile | |||
@@ -7,6 +7,8 @@ include xzdec.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | include disable-common.inc | 12 | include disable-common.inc |
11 | include disable-devel.inc | 13 | include disable-devel.inc |
12 | include disable-exec.inc | 14 | include disable-exec.inc |
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index 5fa72c9dc..19effef47 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile | |||
@@ -21,6 +21,7 @@ include allow-python2.inc | |||
21 | include allow-python3.inc | 21 | include allow-python3.inc |
22 | 22 | ||
23 | blacklist /tmp/.X11-unix | 23 | blacklist /tmp/.X11-unix |
24 | blacklist ${RUNUSER}/wayland-* | ||
24 | 25 | ||
25 | include disable-common.inc | 26 | include disable-common.inc |
26 | include disable-devel.inc | 27 | include disable-devel.inc |
diff --git a/etc/zstd.profile b/etc/zstd.profile index ea7bbfb0d..93b849568 100644 --- a/etc/zstd.profile +++ b/etc/zstd.profile | |||
@@ -7,6 +7,8 @@ include zstd.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | ||
11 | |||
10 | include disable-common.inc | 12 | include disable-common.inc |
11 | include disable-devel.inc | 13 | include disable-devel.inc |
12 | include disable-exec.inc | 14 | include disable-exec.inc |