diff options
48 files changed, 50 insertions, 49 deletions
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile index 9ebbf1cb0..e455a17db 100644 --- a/etc/profile-a-l/agetpkg.profile +++ b/etc/profile-a-l/agetpkg.profile | |||
@@ -7,7 +7,6 @@ include agetpkg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
12 | 11 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
@@ -20,6 +19,7 @@ include disable-exec.inc | |||
20 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-shell.inc | 21 | include disable-shell.inc |
22 | include disable-X11.inc | ||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | whitelist ${DOWNLOADS} | 25 | whitelist ${DOWNLOADS} |
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile index 5ccb9896f..2ded32959 100644 --- a/etc/profile-a-l/alpine.profile +++ b/etc/profile-a-l/alpine.profile | |||
@@ -30,7 +30,6 @@ noblacklist ${HOME}/.pinercex | |||
30 | noblacklist ${HOME}/.signature | 30 | noblacklist ${HOME}/.signature |
31 | noblacklist ${HOME}/mail | 31 | noblacklist ${HOME}/mail |
32 | 32 | ||
33 | blacklist /tmp/.X11-unix | ||
34 | blacklist ${RUNUSER}/wayland-* | 33 | blacklist ${RUNUSER}/wayland-* |
35 | 34 | ||
36 | include disable-common.inc | 35 | include disable-common.inc |
@@ -39,6 +38,7 @@ include disable-exec.inc | |||
39 | include disable-interpreters.inc | 38 | include disable-interpreters.inc |
40 | include disable-programs.inc | 39 | include disable-programs.inc |
41 | include disable-shell.inc | 40 | include disable-shell.inc |
41 | include disable-X11.inc | ||
42 | include disable-xdg.inc | 42 | include disable-xdg.inc |
43 | 43 | ||
44 | #whitelist ${DOCUMENTS} | 44 | #whitelist ${DOCUMENTS} |
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile index 65ffdfa1b..0d70cf381 100644 --- a/etc/profile-a-l/aria2c.profile +++ b/etc/profile-a-l/aria2c.profile | |||
@@ -11,7 +11,6 @@ noblacklist ${HOME}/.cache/winetricks # XXX: See #5238 | |||
11 | noblacklist ${HOME}/.config/aria2 | 11 | noblacklist ${HOME}/.config/aria2 |
12 | noblacklist ${HOME}/.netrc | 12 | noblacklist ${HOME}/.netrc |
13 | 13 | ||
14 | blacklist /tmp/.X11-unix | ||
15 | blacklist ${RUNUSER}/wayland-* | 14 | blacklist ${RUNUSER}/wayland-* |
16 | 15 | ||
17 | include disable-common.inc | 16 | include disable-common.inc |
@@ -19,6 +18,7 @@ include disable-devel.inc | |||
19 | include disable-exec.inc | 18 | include disable-exec.inc |
20 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
21 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | include disable-X11.inc | ||
22 | 22 | ||
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/bpftop.profile b/etc/profile-a-l/bpftop.profile index 1bcfce06c..8c64a77c6 100644 --- a/etc/profile-a-l/bpftop.profile +++ b/etc/profile-a-l/bpftop.profile | |||
@@ -7,7 +7,6 @@ include bpftop.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist /usr/libexec | 10 | blacklist /usr/libexec |
12 | blacklist ${RUNUSER} | 11 | blacklist ${RUNUSER} |
13 | 12 | ||
@@ -18,6 +17,7 @@ include disable-interpreters.inc | |||
18 | include disable-proc.inc | 17 | include disable-proc.inc |
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-X11.inc | ||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
diff --git a/etc/profile-a-l/cloneit.profile b/etc/profile-a-l/cloneit.profile index b5328a807..445ef4890 100644 --- a/etc/profile-a-l/cloneit.profile +++ b/etc/profile-a-l/cloneit.profile | |||
@@ -7,7 +7,6 @@ include cloneit.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist /usr/libexec | 10 | blacklist /usr/libexec |
12 | blacklist ${RUNUSER} | 11 | blacklist ${RUNUSER} |
13 | 12 | ||
@@ -18,6 +17,7 @@ include disable-interpreters.inc | |||
18 | include disable-proc.inc | 17 | include disable-proc.inc |
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-X11.inc | ||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | include whitelist-run-common.inc | 23 | include whitelist-run-common.inc |
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile index 417abcc91..1d9ec5fa4 100644 --- a/etc/profile-a-l/curl.profile +++ b/etc/profile-a-l/curl.profile | |||
@@ -16,7 +16,6 @@ noblacklist ${HOME}/.config/curlrc # since curl 7.73.0 | |||
16 | noblacklist ${HOME}/.curl-hsts | 16 | noblacklist ${HOME}/.curl-hsts |
17 | noblacklist ${HOME}/.curlrc | 17 | noblacklist ${HOME}/.curlrc |
18 | 18 | ||
19 | blacklist /tmp/.X11-unix | ||
20 | blacklist ${RUNUSER} | 19 | blacklist ${RUNUSER} |
21 | 20 | ||
22 | # If you use nvm, add the below lines to your curl.local | 21 | # If you use nvm, add the below lines to your curl.local |
@@ -26,6 +25,7 @@ blacklist ${RUNUSER} | |||
26 | include disable-common.inc | 25 | include disable-common.inc |
27 | include disable-exec.inc | 26 | include disable-exec.inc |
28 | include disable-programs.inc | 27 | include disable-programs.inc |
28 | include disable-X11.inc | ||
29 | # Depending on workflow you can add 'include disable-xdg.inc' to your curl.local. | 29 | # Depending on workflow you can add 'include disable-xdg.inc' to your curl.local. |
30 | #include disable-xdg.inc | 30 | #include disable-xdg.inc |
31 | 31 | ||
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile index 70bd7370d..3a552b929 100644 --- a/etc/profile-a-l/dbus-send.profile +++ b/etc/profile-a-l/dbus-send.profile | |||
@@ -7,7 +7,6 @@ include dbus-send.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
12 | 11 | ||
13 | include disable-common.inc | 12 | include disable-common.inc |
@@ -17,6 +16,7 @@ include disable-interpreters.inc | |||
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
19 | include disable-write-mnt.inc | 18 | include disable-write-mnt.inc |
19 | include disable-X11.inc | ||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | #include whitelist-common.inc # see #903 | 22 | #include whitelist-common.inc # see #903 |
diff --git a/etc/profile-a-l/deadlink.profile b/etc/profile-a-l/deadlink.profile index 2e3fe9e0c..f7535c597 100644 --- a/etc/profile-a-l/deadlink.profile +++ b/etc/profile-a-l/deadlink.profile | |||
@@ -6,7 +6,6 @@ include deadlink.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | ||
10 | blacklist /usr/libexec | 9 | blacklist /usr/libexec |
11 | blacklist ${RUNUSER} | 10 | blacklist ${RUNUSER} |
12 | 11 | ||
@@ -23,6 +22,7 @@ include disable-interpreters.inc | |||
23 | include disable-proc.inc | 22 | include disable-proc.inc |
24 | include disable-programs.inc | 23 | include disable-programs.inc |
25 | include disable-shell.inc | 24 | include disable-shell.inc |
25 | include disable-X11.inc | ||
26 | include disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | include whitelist-run-common.inc | 28 | include whitelist-run-common.inc |
diff --git a/etc/profile-a-l/dexios.profile b/etc/profile-a-l/dexios.profile index 4dfccd685..55d6c83ce 100644 --- a/etc/profile-a-l/dexios.profile +++ b/etc/profile-a-l/dexios.profile | |||
@@ -7,7 +7,6 @@ include dexios.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist /usr/libexec | 10 | blacklist /usr/libexec |
12 | blacklist ${RUNUSER} | 11 | blacklist ${RUNUSER} |
13 | 12 | ||
@@ -18,6 +17,7 @@ include disable-interpreters.inc | |||
18 | include disable-proc.inc | 17 | include disable-proc.inc |
19 | include disable-programs.inc | 18 | include disable-programs.inc |
20 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-X11.inc | ||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | whitelist ${DOWNLOADS} | 23 | whitelist ${DOWNLOADS} |
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile index 781dfdcbc..80eef569c 100644 --- a/etc/profile-a-l/dig.profile +++ b/etc/profile-a-l/dig.profile | |||
@@ -10,7 +10,6 @@ include globals.local | |||
10 | noblacklist ${HOME}/.digrc | 10 | noblacklist ${HOME}/.digrc |
11 | noblacklist ${PATH}/dig | 11 | noblacklist ${PATH}/dig |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | ||
14 | blacklist ${RUNUSER} | 13 | blacklist ${RUNUSER} |
15 | 14 | ||
16 | include disable-common.inc | 15 | include disable-common.inc |
@@ -18,6 +17,7 @@ include disable-common.inc | |||
18 | include disable-exec.inc | 17 | include disable-exec.inc |
19 | #include disable-interpreters.inc | 18 | #include disable-interpreters.inc |
20 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-X11.inc | ||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | #mkfile ${HOME}/.digrc # see #903 | 23 | #mkfile ${HOME}/.digrc # see #903 |
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile index 50b56fb2d..e27fa202b 100644 --- a/etc/profile-a-l/dnscrypt-proxy.profile +++ b/etc/profile-a-l/dnscrypt-proxy.profile | |||
@@ -7,7 +7,6 @@ include dnscrypt-proxy.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
12 | 11 | ||
13 | noblacklist /sbin | 12 | noblacklist /sbin |
@@ -18,6 +17,7 @@ include disable-devel.inc | |||
18 | include disable-exec.inc | 17 | include disable-exec.inc |
19 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
20 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-X11.inc | ||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | whitelist /usr/share/dnscrypt-proxy | 23 | whitelist /usr/share/dnscrypt-proxy |
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile index 40ccab8c7..b41eff3ae 100644 --- a/etc/profile-a-l/dnsmasq.profile +++ b/etc/profile-a-l/dnsmasq.profile | |||
@@ -11,13 +11,13 @@ noblacklist /sbin | |||
11 | noblacklist /usr/sbin | 11 | noblacklist /usr/sbin |
12 | noblacklist /var/lib/libvirt | 12 | noblacklist /var/lib/libvirt |
13 | 13 | ||
14 | blacklist /tmp/.X11-unix | ||
15 | blacklist ${RUNUSER} | 14 | blacklist ${RUNUSER} |
16 | 15 | ||
17 | include disable-common.inc | 16 | include disable-common.inc |
18 | include disable-devel.inc | 17 | include disable-devel.inc |
19 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
20 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-X11.inc | ||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | whitelist /var/lib/libvirt/dnsmasq | 23 | whitelist /var/lib/libvirt/dnsmasq |
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile index 63dfd6c0d..95e86e5b9 100644 --- a/etc/profile-a-l/drill.profile +++ b/etc/profile-a-l/drill.profile | |||
@@ -9,7 +9,6 @@ include globals.local | |||
9 | 9 | ||
10 | noblacklist ${PATH}/drill | 10 | noblacklist ${PATH}/drill |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | ||
13 | blacklist ${RUNUSER} | 12 | blacklist ${RUNUSER} |
14 | 13 | ||
15 | include disable-common.inc | 14 | include disable-common.inc |
@@ -17,6 +16,7 @@ include disable-common.inc | |||
17 | include disable-exec.inc | 16 | include disable-exec.inc |
18 | #include disable-interpreters.inc | 17 | #include disable-interpreters.inc |
19 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-X11.inc | ||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | #include whitelist-common.inc # see #903 | 22 | #include whitelist-common.inc # see #903 |
diff --git a/etc/profile-a-l/editorconfiger.profile b/etc/profile-a-l/editorconfiger.profile index 452ca7e6e..a921ae2d5 100644 --- a/etc/profile-a-l/editorconfiger.profile +++ b/etc/profile-a-l/editorconfiger.profile | |||
@@ -6,7 +6,6 @@ include editorconfiger.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | ||
10 | blacklist /usr/libexec | 9 | blacklist /usr/libexec |
11 | blacklist ${RUNUSER} | 10 | blacklist ${RUNUSER} |
12 | 11 | ||
@@ -17,6 +16,7 @@ include disable-interpreters.inc | |||
17 | include disable-proc.inc | 16 | include disable-proc.inc |
18 | include disable-programs.inc | 17 | include disable-programs.inc |
19 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-X11.inc | ||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | apparmor | 22 | apparmor |
diff --git a/etc/profile-a-l/erd.profile b/etc/profile-a-l/erd.profile index 8ab145016..d821f5882 100644 --- a/etc/profile-a-l/erd.profile +++ b/etc/profile-a-l/erd.profile | |||
@@ -7,9 +7,8 @@ include erd.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | |||
12 | include disable-exec.inc | 10 | include disable-exec.inc |
11 | #include disable-X11.inc # x11 none | ||
13 | 12 | ||
14 | apparmor | 13 | apparmor |
15 | caps.drop all | 14 | caps.drop all |
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile index e9d5709ec..cacd7025d 100644 --- a/etc/profile-a-l/fdns.profile +++ b/etc/profile-a-l/fdns.profile | |||
@@ -8,7 +8,6 @@ include globals.local | |||
8 | noblacklist /sbin | 8 | noblacklist /sbin |
9 | noblacklist /usr/sbin | 9 | noblacklist /usr/sbin |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | ||
12 | blacklist ${RUNUSER}/wayland-* | 11 | blacklist ${RUNUSER}/wayland-* |
13 | 12 | ||
14 | include disable-common.inc | 13 | include disable-common.inc |
@@ -16,6 +15,7 @@ include disable-devel.inc | |||
16 | include disable-exec.inc | 15 | include disable-exec.inc |
17 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
18 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-X11.inc | ||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | #include whitelist-usr-share-common.inc | 21 | #include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile index 11d5f620c..e0268a68c 100644 --- a/etc/profile-a-l/gget.profile +++ b/etc/profile-a-l/gget.profile | |||
@@ -7,7 +7,6 @@ include gget.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist ${RUNUSER} | 10 | blacklist ${RUNUSER} |
12 | 11 | ||
13 | include disable-common.inc | 12 | include disable-common.inc |
@@ -16,6 +15,7 @@ include disable-exec.inc | |||
16 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-X11.inc | ||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile index 6eea076f7..c7be8dcc5 100644 --- a/etc/profile-a-l/gist.profile +++ b/etc/profile-a-l/gist.profile | |||
@@ -7,7 +7,6 @@ include gist.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
12 | 11 | ||
13 | noblacklist ${HOME}/.gist | 12 | noblacklist ${HOME}/.gist |
@@ -20,6 +19,7 @@ include disable-devel.inc | |||
20 | include disable-exec.inc | 19 | include disable-exec.inc |
21 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
22 | include disable-programs.inc | 21 | include disable-programs.inc |
22 | include disable-X11.inc | ||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.gist | 25 | mkdir ${HOME}/.gist |
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile index 78d6cb2a1..a900e10f3 100644 --- a/etc/profile-a-l/git.profile +++ b/etc/profile-a-l/git.profile | |||
@@ -28,12 +28,12 @@ ignore rmenv GITHUB_ENTERPRISE_TOKEN | |||
28 | # Allow ssh (blacklisted by disable-common.inc) | 28 | # Allow ssh (blacklisted by disable-common.inc) |
29 | include allow-ssh.inc | 29 | include allow-ssh.inc |
30 | 30 | ||
31 | blacklist /tmp/.X11-unix | ||
32 | blacklist ${RUNUSER}/wayland-* | 31 | blacklist ${RUNUSER}/wayland-* |
33 | 32 | ||
34 | include disable-common.inc | 33 | include disable-common.inc |
35 | include disable-exec.inc | 34 | include disable-exec.inc |
36 | include disable-programs.inc | 35 | include disable-programs.inc |
36 | include disable-X11.inc | ||
37 | 37 | ||
38 | whitelist /usr/share/git | 38 | whitelist /usr/share/git |
39 | whitelist /usr/share/git-core | 39 | whitelist /usr/share/git-core |
diff --git a/etc/profile-a-l/gnome-keyring-daemon.profile b/etc/profile-a-l/gnome-keyring-daemon.profile index 41ea136a6..0370b0472 100644 --- a/etc/profile-a-l/gnome-keyring-daemon.profile +++ b/etc/profile-a-l/gnome-keyring-daemon.profile | |||
@@ -7,7 +7,6 @@ include gnome-keyring-daemon.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
12 | 11 | ||
13 | include disable-common.inc | 12 | include disable-common.inc |
@@ -16,6 +15,7 @@ include disable-exec.inc | |||
16 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | #include disable-X11.inc # x11 none | 17 | #include disable-X11.inc # x11 none |
18 | include disable-X11.inc | ||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist ${RUNUSER}/gnupg | 21 | whitelist ${RUNUSER}/gnupg |
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile index 58769643a..e1ec5f4b9 100644 --- a/etc/profile-a-l/googler-common.profile +++ b/etc/profile-a-l/googler-common.profile | |||
@@ -7,7 +7,6 @@ include googler-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist ${RUNUSER} | 10 | blacklist ${RUNUSER} |
12 | 11 | ||
13 | noblacklist ${HOME}/.w3m | 12 | noblacklist ${HOME}/.w3m |
@@ -23,6 +22,7 @@ include disable-exec.inc | |||
23 | include disable-interpreters.inc | 22 | include disable-interpreters.inc |
24 | include disable-programs.inc | 23 | include disable-programs.inc |
25 | include disable-shell.inc | 24 | include disable-shell.inc |
25 | include disable-X11.inc | ||
26 | include disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | whitelist ${HOME}/.w3m | 28 | whitelist ${HOME}/.w3m |
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile index 3b623a338..29249cf21 100644 --- a/etc/profile-a-l/gpg-agent.profile +++ b/etc/profile-a-l/gpg-agent.profile | |||
@@ -9,13 +9,13 @@ include globals.local | |||
9 | 9 | ||
10 | noblacklist ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | ||
13 | blacklist ${RUNUSER}/wayland-* | 12 | blacklist ${RUNUSER}/wayland-* |
14 | 13 | ||
15 | include disable-common.inc | 14 | include disable-common.inc |
16 | include disable-devel.inc | 15 | include disable-devel.inc |
17 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
18 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-X11.inc | ||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.gnupg | 21 | mkdir ${HOME}/.gnupg |
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile index bf4a1c60b..02dd3b076 100644 --- a/etc/profile-a-l/gpg.profile +++ b/etc/profile-a-l/gpg.profile | |||
@@ -9,13 +9,13 @@ include globals.local | |||
9 | 9 | ||
10 | noblacklist ${HOME}/.gnupg | 10 | noblacklist ${HOME}/.gnupg |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | ||
13 | blacklist ${RUNUSER}/wayland-* | 12 | blacklist ${RUNUSER}/wayland-* |
14 | 13 | ||
15 | include disable-common.inc | 14 | include disable-common.inc |
16 | include disable-devel.inc | 15 | include disable-devel.inc |
17 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
18 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-X11.inc | ||
19 | 19 | ||
20 | whitelist ${RUNUSER}/gnupg | 20 | whitelist ${RUNUSER}/gnupg |
21 | whitelist ${RUNUSER}/keyring | 21 | whitelist ${RUNUSER}/keyring |
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile index 636560789..4bab6b0cc 100644 --- a/etc/profile-a-l/links-common.profile +++ b/etc/profile-a-l/links-common.profile | |||
@@ -4,7 +4,6 @@ include links-common.local | |||
4 | 4 | ||
5 | # common profile for links browsers | 5 | # common profile for links browsers |
6 | 6 | ||
7 | blacklist /tmp/.X11-unix | ||
8 | blacklist ${RUNUSER}/wayland-* | 7 | blacklist ${RUNUSER}/wayland-* |
9 | 8 | ||
10 | include disable-common.inc | 9 | include disable-common.inc |
@@ -14,6 +13,7 @@ include disable-interpreters.inc | |||
14 | # Additional noblacklist files/directories (blacklisted in disable-programs.inc) | 13 | # Additional noblacklist files/directories (blacklisted in disable-programs.inc) |
15 | # used as associated programs can be added in your links-common.local. | 14 | # used as associated programs can be added in your links-common.local. |
16 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | include disable-X11.inc | ||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile index 248061b3f..2c61147ec 100644 --- a/etc/profile-a-l/lynx.profile +++ b/etc/profile-a-l/lynx.profile | |||
@@ -7,13 +7,13 @@ include lynx.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
12 | 11 | ||
13 | include disable-common.inc | 12 | include disable-common.inc |
14 | include disable-devel.inc | 13 | include disable-devel.inc |
15 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
16 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | include disable-X11.inc | ||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile index 49e84dedb..3bda47fad 100644 --- a/etc/profile-m-z/makepkg.profile +++ b/etc/profile-m-z/makepkg.profile | |||
@@ -7,7 +7,6 @@ include makepkg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
12 | 11 | ||
13 | # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 | 12 | # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 |
@@ -33,6 +32,7 @@ noblacklist /var/lib/pacman | |||
33 | include disable-common.inc | 32 | include disable-common.inc |
34 | include disable-exec.inc | 33 | include disable-exec.inc |
35 | include disable-programs.inc | 34 | include disable-programs.inc |
35 | include disable-X11.inc | ||
36 | 36 | ||
37 | caps.drop all | 37 | caps.drop all |
38 | ipc-namespace | 38 | ipc-namespace |
diff --git a/etc/profile-m-z/mimetype.profile b/etc/profile-m-z/mimetype.profile index 9902da882..4b62624bb 100644 --- a/etc/profile-m-z/mimetype.profile +++ b/etc/profile-m-z/mimetype.profile | |||
@@ -7,11 +7,11 @@ include mimetype.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist ${RUNUSER}/wayland-* | 10 | blacklist ${RUNUSER}/wayland-* |
12 | 11 | ||
13 | include disable-exec.inc | 12 | include disable-exec.inc |
14 | include disable-proc.inc | 13 | include disable-proc.inc |
14 | include disable-X11.inc | ||
15 | 15 | ||
16 | apparmor | 16 | apparmor |
17 | caps.drop all | 17 | caps.drop all |
diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile index 0a5e4255a..d80e263b6 100644 --- a/etc/profile-m-z/mocp.profile +++ b/etc/profile-m-z/mocp.profile | |||
@@ -10,7 +10,6 @@ include globals.local | |||
10 | noblacklist ${HOME}/.moc | 10 | noblacklist ${HOME}/.moc |
11 | noblacklist ${MUSIC} | 11 | noblacklist ${MUSIC} |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | ||
14 | blacklist ${RUNUSER}/wayland-* | 13 | blacklist ${RUNUSER}/wayland-* |
15 | 14 | ||
16 | include disable-common.inc | 15 | include disable-common.inc |
@@ -19,6 +18,7 @@ include disable-exec.inc | |||
19 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
20 | include disable-proc.inc | 19 | include disable-proc.inc |
21 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | include disable-X11.inc | ||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.moc | 24 | mkdir ${HOME}/.moc |
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 097ce6e83..447301d46 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile | |||
@@ -38,7 +38,6 @@ noblacklist ${HOME}/postponed | |||
38 | noblacklist ${HOME}/sent | 38 | noblacklist ${HOME}/sent |
39 | noblacklist /etc/msmtprc | 39 | noblacklist /etc/msmtprc |
40 | 40 | ||
41 | blacklist /tmp/.X11-unix | ||
42 | blacklist ${RUNUSER}/wayland-* | 41 | blacklist ${RUNUSER}/wayland-* |
43 | 42 | ||
44 | # Add the next lines to your mutt.local for oauth.py,S/MIME support. | 43 | # Add the next lines to your mutt.local for oauth.py,S/MIME support. |
@@ -51,6 +50,7 @@ include disable-devel.inc | |||
51 | include disable-exec.inc | 50 | include disable-exec.inc |
52 | include disable-interpreters.inc | 51 | include disable-interpreters.inc |
53 | include disable-programs.inc | 52 | include disable-programs.inc |
53 | include disable-X11.inc | ||
54 | include disable-xdg.inc | 54 | include disable-xdg.inc |
55 | 55 | ||
56 | mkdir ${HOME}/.Mail | 56 | mkdir ${HOME}/.Mail |
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index 51e2e43bf..22720422b 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile | |||
@@ -39,7 +39,6 @@ noblacklist /etc/msmtprc | |||
39 | noblacklist /var/mail | 39 | noblacklist /var/mail |
40 | noblacklist /var/spool/mail | 40 | noblacklist /var/spool/mail |
41 | 41 | ||
42 | blacklist /tmp/.X11-unix | ||
43 | blacklist ${RUNUSER}/wayland-* | 42 | blacklist ${RUNUSER}/wayland-* |
44 | 43 | ||
45 | include allow-lua.inc | 44 | include allow-lua.inc |
@@ -49,6 +48,7 @@ include disable-devel.inc | |||
49 | include disable-exec.inc | 48 | include disable-exec.inc |
50 | include disable-interpreters.inc | 49 | include disable-interpreters.inc |
51 | include disable-programs.inc | 50 | include disable-programs.inc |
51 | include disable-X11.inc | ||
52 | include disable-xdg.inc | 52 | include disable-xdg.inc |
53 | 53 | ||
54 | mkdir ${HOME}/.Mail | 54 | mkdir ${HOME}/.Mail |
diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile index dcd76f2ad..aae506b0b 100644 --- a/etc/profile-m-z/nslookup.profile +++ b/etc/profile-m-z/nslookup.profile | |||
@@ -7,7 +7,6 @@ include nslookup.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist ${RUNUSER} | 10 | blacklist ${RUNUSER} |
12 | 11 | ||
13 | noblacklist ${PATH}/nslookup | 12 | noblacklist ${PATH}/nslookup |
@@ -17,6 +16,7 @@ include disable-devel.inc | |||
17 | include disable-exec.inc | 16 | include disable-exec.inc |
18 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
19 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-X11.inc | ||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist ${HOME}/.nslookuprc | 22 | whitelist ${HOME}/.nslookuprc |
diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile index ce90012e3..52ccb4309 100644 --- a/etc/profile-m-z/rsync-download_only.profile +++ b/etc/profile-m-z/rsync-download_only.profile | |||
@@ -11,7 +11,6 @@ include globals.local | |||
11 | # not as a daemon (rsync --daemon) nor to create backups. | 11 | # not as a daemon (rsync --daemon) nor to create backups. |
12 | # Usage: firejail --profile=rsync-download_only rsync | 12 | # Usage: firejail --profile=rsync-download_only rsync |
13 | 13 | ||
14 | blacklist /tmp/.X11-unix | ||
15 | blacklist ${RUNUSER} | 14 | blacklist ${RUNUSER} |
16 | 15 | ||
17 | include disable-common.inc | 16 | include disable-common.inc |
@@ -20,6 +19,7 @@ include disable-exec.inc | |||
20 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
21 | include disable-programs.inc | 20 | include disable-programs.inc |
22 | include disable-shell.inc | 21 | include disable-shell.inc |
22 | include disable-X11.inc | ||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | # Add the next line to your rsync-download_only.local to enable extra hardening. | 25 | # Add the next line to your rsync-download_only.local to enable extra hardening. |
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile index 0d57e6916..e719b0d0d 100644 --- a/etc/profile-m-z/rtv.profile +++ b/etc/profile-m-z/rtv.profile | |||
@@ -6,7 +6,6 @@ include rtv.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | ||
10 | blacklist ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
11 | 10 | ||
12 | noblacklist ${HOME}/.config/rtv | 11 | noblacklist ${HOME}/.config/rtv |
@@ -28,6 +27,7 @@ include disable-devel.inc | |||
28 | include disable-exec.inc | 27 | include disable-exec.inc |
29 | include disable-interpreters.inc | 28 | include disable-interpreters.inc |
30 | include disable-programs.inc | 29 | include disable-programs.inc |
30 | include disable-X11.inc | ||
31 | include disable-xdg.inc | 31 | include disable-xdg.inc |
32 | 32 | ||
33 | mkdir ${HOME}/.config/rtv | 33 | mkdir ${HOME}/.config/rtv |
diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile index 74587c992..a77cf7e0b 100644 --- a/etc/profile-m-z/server.profile +++ b/etc/profile-m-z/server.profile | |||
@@ -36,7 +36,6 @@ noblacklist /usr/sbin | |||
36 | noblacklist /etc/init.d | 36 | noblacklist /etc/init.d |
37 | #noblacklist /var/opt | 37 | #noblacklist /var/opt |
38 | 38 | ||
39 | blacklist /tmp/.X11-unix | ||
40 | blacklist ${RUNUSER}/wayland-* | 39 | blacklist ${RUNUSER}/wayland-* |
41 | 40 | ||
42 | include disable-common.inc | 41 | include disable-common.inc |
@@ -45,6 +44,7 @@ include disable-common.inc | |||
45 | #include disable-interpreters.inc | 44 | #include disable-interpreters.inc |
46 | include disable-programs.inc | 45 | include disable-programs.inc |
47 | include disable-write-mnt.inc | 46 | include disable-write-mnt.inc |
47 | include disable-X11.inc | ||
48 | include disable-xdg.inc | 48 | include disable-xdg.inc |
49 | 49 | ||
50 | #include whitelist-runuser-common.inc | 50 | #include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile index d881db714..979d71b33 100644 --- a/etc/profile-m-z/signal-cli.profile +++ b/etc/profile-m-z/signal-cli.profile | |||
@@ -6,7 +6,6 @@ include signal-cli.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | ||
10 | blacklist ${RUNUSER}/wayland-* | 9 | blacklist ${RUNUSER}/wayland-* |
11 | 10 | ||
12 | noblacklist ${HOME}/.local/share/signal-cli | 11 | noblacklist ${HOME}/.local/share/signal-cli |
@@ -18,6 +17,7 @@ include disable-devel.inc | |||
18 | include disable-exec.inc | 17 | include disable-exec.inc |
19 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
20 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-X11.inc | ||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.local/share/signal-cli | 23 | mkdir ${HOME}/.local/share/signal-cli |
diff --git a/etc/profile-m-z/ssh-agent.profile b/etc/profile-m-z/ssh-agent.profile index 76755def4..6630244be 100644 --- a/etc/profile-m-z/ssh-agent.profile +++ b/etc/profile-m-z/ssh-agent.profile | |||
@@ -9,11 +9,11 @@ include globals.local | |||
9 | # Allow ssh (blacklisted by disable-common.inc) | 9 | # Allow ssh (blacklisted by disable-common.inc) |
10 | include allow-ssh.inc | 10 | include allow-ssh.inc |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | ||
13 | blacklist ${RUNUSER}/wayland-* | 12 | blacklist ${RUNUSER}/wayland-* |
14 | 13 | ||
15 | include disable-common.inc | 14 | include disable-common.inc |
16 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | include disable-X11.inc | ||
17 | 17 | ||
18 | include whitelist-usr-share-common.inc | 18 | include whitelist-usr-share-common.inc |
19 | 19 | ||
diff --git a/etc/profile-m-z/statusof.profile b/etc/profile-m-z/statusof.profile index 7463b90f5..25c8df680 100644 --- a/etc/profile-m-z/statusof.profile +++ b/etc/profile-m-z/statusof.profile | |||
@@ -7,7 +7,6 @@ include statusof.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist /usr/libexec | 10 | blacklist /usr/libexec |
12 | blacklist ${RUNUSER} | 11 | blacklist ${RUNUSER} |
13 | 12 | ||
@@ -21,6 +20,7 @@ include disable-interpreters.inc | |||
21 | include disable-proc.inc | 20 | include disable-proc.inc |
22 | include disable-programs.inc | 21 | include disable-programs.inc |
23 | include disable-shell.inc | 22 | include disable-shell.inc |
23 | include disable-X11.inc | ||
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
diff --git a/etc/profile-m-z/termshark.profile b/etc/profile-m-z/termshark.profile index 630d5dda6..bdee14e64 100644 --- a/etc/profile-m-z/termshark.profile +++ b/etc/profile-m-z/termshark.profile | |||
@@ -8,8 +8,9 @@ include termshark.local | |||
8 | # added by included profile | 8 | # added by included profile |
9 | #include globals.local | 9 | #include globals.local |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | ||
12 | blacklist ${RUNUSER} | 11 | blacklist ${RUNUSER} |
13 | 12 | ||
13 | include disable-X11.inc | ||
14 | |||
14 | # Redirect | 15 | # Redirect |
15 | include wireshark.profile | 16 | include wireshark.profile |
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile index 35ff14e88..7c1d534e9 100644 --- a/etc/profile-m-z/tin.profile +++ b/etc/profile-m-z/tin.profile | |||
@@ -9,7 +9,6 @@ include globals.local | |||
9 | noblacklist ${HOME}/.newsrc | 9 | noblacklist ${HOME}/.newsrc |
10 | noblacklist ${HOME}/.tin | 10 | noblacklist ${HOME}/.tin |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | ||
13 | blacklist ${RUNUSER} | 12 | blacklist ${RUNUSER} |
14 | blacklist /usr/libexec | 13 | blacklist /usr/libexec |
15 | 14 | ||
@@ -19,6 +18,7 @@ include disable-exec.inc | |||
19 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
20 | include disable-programs.inc | 19 | include disable-programs.inc |
21 | include disable-shell.inc | 20 | include disable-shell.inc |
21 | include disable-X11.inc | ||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.tin | 24 | mkdir ${HOME}/.tin |
diff --git a/etc/profile-m-z/tmux.profile b/etc/profile-m-z/tmux.profile index ddd2aa85f..55d84a618 100644 --- a/etc/profile-m-z/tmux.profile +++ b/etc/profile-m-z/tmux.profile | |||
@@ -7,7 +7,6 @@ include tmux.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist ${RUNUSER} | 10 | blacklist ${RUNUSER} |
12 | 11 | ||
13 | noblacklist /tmp/tmux-* | 12 | noblacklist /tmp/tmux-* |
@@ -16,6 +15,7 @@ noblacklist /tmp/tmux-* | |||
16 | #include disable-devel.inc | 15 | #include disable-devel.inc |
17 | #include disable-exec.inc | 16 | #include disable-exec.inc |
18 | #include disable-programs.inc | 17 | #include disable-programs.inc |
18 | include disable-X11.inc | ||
19 | 19 | ||
20 | caps.drop all | 20 | caps.drop all |
21 | ipc-namespace | 21 | ipc-namespace |
diff --git a/etc/profile-m-z/tracker.profile b/etc/profile-m-z/tracker.profile index c46b00fc9..8a3464496 100644 --- a/etc/profile-m-z/tracker.profile +++ b/etc/profile-m-z/tracker.profile | |||
@@ -8,7 +8,6 @@ include globals.local | |||
8 | 8 | ||
9 | # Tracker is started by systemd on most systems. Therefore it is not firejailed by default | 9 | # Tracker is started by systemd on most systems. Therefore it is not firejailed by default |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | ||
12 | blacklist ${RUNUSER}/wayland-* | 11 | blacklist ${RUNUSER}/wayland-* |
13 | 12 | ||
14 | include disable-common.inc | 13 | include disable-common.inc |
@@ -16,6 +15,7 @@ include disable-devel.inc | |||
16 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
17 | include disable-programs.inc | 16 | include disable-programs.inc |
18 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-X11.inc | ||
19 | 19 | ||
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | 21 | ||
diff --git a/etc/profile-m-z/tshark.profile b/etc/profile-m-z/tshark.profile index f2273e6a7..fab45a334 100644 --- a/etc/profile-m-z/tshark.profile +++ b/etc/profile-m-z/tshark.profile | |||
@@ -7,8 +7,9 @@ include tshark.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist ${RUNUSER} | 10 | blacklist ${RUNUSER} |
12 | 11 | ||
12 | include disable-X11.inc | ||
13 | |||
13 | # Redirect | 14 | # Redirect |
14 | include wireshark.profile | 15 | include wireshark.profile |
diff --git a/etc/profile-m-z/tvnamer.profile b/etc/profile-m-z/tvnamer.profile index ccfd07e40..24439672a 100644 --- a/etc/profile-m-z/tvnamer.profile +++ b/etc/profile-m-z/tvnamer.profile | |||
@@ -6,7 +6,6 @@ include tvnamer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | ||
10 | blacklist /usr/libexec | 9 | blacklist /usr/libexec |
11 | blacklist ${RUNUSER} | 10 | blacklist ${RUNUSER} |
12 | 11 | ||
@@ -24,6 +23,7 @@ include disable-interpreters.inc | |||
24 | include disable-programs.inc | 23 | include disable-programs.inc |
25 | include disable-proc.inc | 24 | include disable-proc.inc |
26 | include disable-shell.inc | 25 | include disable-shell.inc |
26 | include disable-X11.inc | ||
27 | include disable-xdg.inc | 27 | include disable-xdg.inc |
28 | 28 | ||
29 | mkdir ${HOME}/.config/tvnamer | 29 | mkdir ${HOME}/.config/tvnamer |
diff --git a/etc/profile-m-z/unbound.profile b/etc/profile-m-z/unbound.profile index 63d84688c..dfce92e2d 100644 --- a/etc/profile-m-z/unbound.profile +++ b/etc/profile-m-z/unbound.profile | |||
@@ -9,7 +9,6 @@ include globals.local | |||
9 | noblacklist /sbin | 9 | noblacklist /sbin |
10 | noblacklist /usr/sbin | 10 | noblacklist /usr/sbin |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | ||
13 | blacklist ${RUNUSER} | 12 | blacklist ${RUNUSER} |
14 | 13 | ||
15 | include disable-common.inc | 14 | include disable-common.inc |
@@ -17,6 +16,7 @@ include disable-devel.inc | |||
17 | include disable-exec.inc | 16 | include disable-exec.inc |
18 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
19 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-X11.inc | ||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist /usr/share/dns | 22 | whitelist /usr/share/dns |
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile index edc08ca44..4e2f1bb3e 100644 --- a/etc/profile-m-z/w3m.profile +++ b/etc/profile-m-z/w3m.profile | |||
@@ -14,7 +14,6 @@ include globals.local | |||
14 | 14 | ||
15 | noblacklist ${HOME}/.w3m | 15 | noblacklist ${HOME}/.w3m |
16 | 16 | ||
17 | blacklist /tmp/.X11-unix | ||
18 | blacklist ${RUNUSER}/wayland-* | 17 | blacklist ${RUNUSER}/wayland-* |
19 | 18 | ||
20 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 19 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
@@ -29,6 +28,7 @@ include disable-exec.inc | |||
29 | include disable-interpreters.inc | 28 | include disable-interpreters.inc |
30 | include disable-programs.inc | 29 | include disable-programs.inc |
31 | include disable-shell.inc | 30 | include disable-shell.inc |
31 | include disable-X11.inc | ||
32 | include disable-xdg.inc | 32 | include disable-xdg.inc |
33 | 33 | ||
34 | mkdir ${HOME}/.w3m | 34 | mkdir ${HOME}/.w3m |
diff --git a/etc/profile-m-z/wget.profile b/etc/profile-m-z/wget.profile index 5e1823593..90a1d3d7a 100644 --- a/etc/profile-m-z/wget.profile +++ b/etc/profile-m-z/wget.profile | |||
@@ -15,7 +15,6 @@ noblacklist ${HOME}/.wgetrc | |||
15 | #ignore read-only ${HOME}/.nvm | 15 | #ignore read-only ${HOME}/.nvm |
16 | #noblacklist ${HOME}/.nvm | 16 | #noblacklist ${HOME}/.nvm |
17 | 17 | ||
18 | blacklist /tmp/.X11-unix | ||
19 | blacklist ${RUNUSER} | 18 | blacklist ${RUNUSER} |
20 | 19 | ||
21 | include disable-common.inc | 20 | include disable-common.inc |
@@ -24,6 +23,7 @@ include disable-exec.inc | |||
24 | include disable-interpreters.inc | 23 | include disable-interpreters.inc |
25 | include disable-programs.inc | 24 | include disable-programs.inc |
26 | include disable-shell.inc | 25 | include disable-shell.inc |
26 | include disable-X11.inc | ||
27 | # Depending on workflow you can add the next line to your wget.local. | 27 | # Depending on workflow you can add the next line to your wget.local. |
28 | #include disable-xdg.inc | 28 | #include disable-xdg.inc |
29 | 29 | ||
diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile index 8265e1ff8..e7f66cf76 100644 --- a/etc/profile-m-z/whois.profile +++ b/etc/profile-m-z/whois.profile | |||
@@ -7,7 +7,6 @@ include whois.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist ${RUNUSER} | 10 | blacklist ${RUNUSER} |
12 | 11 | ||
13 | include disable-common.inc | 12 | include disable-common.inc |
@@ -15,6 +14,7 @@ include disable-devel.inc | |||
15 | include disable-exec.inc | 14 | include disable-exec.inc |
16 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
17 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-X11.inc | ||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/yt-dlp.profile b/etc/profile-m-z/yt-dlp.profile index 97f9e620a..6dd9d03a3 100644 --- a/etc/profile-m-z/yt-dlp.profile +++ b/etc/profile-m-z/yt-dlp.profile | |||
@@ -29,7 +29,6 @@ noblacklist ${VIDEOS} | |||
29 | # Allow python (blacklisted by disable-interpreters.inc) | 29 | # Allow python (blacklisted by disable-interpreters.inc) |
30 | include allow-python3.inc | 30 | include allow-python3.inc |
31 | 31 | ||
32 | blacklist /tmp/.X11-unix | ||
33 | blacklist ${RUNUSER} | 32 | blacklist ${RUNUSER} |
34 | 33 | ||
35 | include disable-common.inc | 34 | include disable-common.inc |
@@ -38,6 +37,7 @@ include disable-exec.inc | |||
38 | include disable-interpreters.inc | 37 | include disable-interpreters.inc |
39 | include disable-programs.inc | 38 | include disable-programs.inc |
40 | include disable-shell.inc | 39 | include disable-shell.inc |
40 | include disable-X11.inc | ||
41 | include disable-xdg.inc | 41 | include disable-xdg.inc |
42 | 42 | ||
43 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |