diff options
-rw-r--r-- | etc/disable-common.inc | 18 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/krunner.profile | 4 |
3 files changed, 13 insertions, 11 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 0f6e6bd19..ceca17826 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -317,9 +317,11 @@ blacklist /var/backup | |||
317 | # cloud provider configuration | 317 | # cloud provider configuration |
318 | blacklist ${HOME}/.aws | 318 | blacklist ${HOME}/.aws |
319 | blacklist ${HOME}/.boto | 319 | blacklist ${HOME}/.boto |
320 | blacklist /etc/boto.cfg | ||
321 | blacklist ${HOME}/.config/gcloud | 320 | blacklist ${HOME}/.config/gcloud |
322 | blacklist ${HOME}/.kube | 321 | blacklist ${HOME}/.kube |
322 | blacklist ${HOME}/.passwd-s3fs | ||
323 | blacklist ${HOME}/.s3cmd | ||
324 | blacklist /etc/boto.cfg | ||
323 | 325 | ||
324 | # system directories | 326 | # system directories |
325 | blacklist /sbin | 327 | blacklist /sbin |
@@ -391,14 +393,14 @@ blacklist /vmlinuz* | |||
391 | # snapshot files | 393 | # snapshot files |
392 | blacklist /.snapshots | 394 | blacklist /.snapshots |
393 | 395 | ||
394 | # complement noexec ${HOME} and noexec /tmp | ||
395 | noexec /tmp/.X11-unix | ||
396 | |||
397 | # flatpak | 396 | # flatpak |
398 | blacklist ${HOME}/*.config/flatpak | 397 | blacklist ${HOME}/.config/flatpak |
399 | blacklist ${HOME}/*.var | 398 | blacklist ${HOME}/.local/share/flatpak |
400 | blacklist ${HOME}/*.local/share/flatpak | 399 | blacklist ${HOME}/.var |
401 | blacklist /var/lib/flatpak | ||
402 | blacklist /usr/share/flatpak | 400 | blacklist /usr/share/flatpak |
401 | blacklist /var/lib/flatpak | ||
403 | # most of the time bwrap is SUID binary | 402 | # most of the time bwrap is SUID binary |
404 | blacklist ${PATH}/bwrap | 403 | blacklist ${PATH}/bwrap |
404 | |||
405 | # complement noexec ${HOME} and noexec /tmp | ||
406 | noexec /tmp/.X11-unix | ||
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 6fa0eed26..251362b77 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -478,7 +478,6 @@ blacklist ${HOME}/.openshot | |||
478 | blacklist ${HOME}/.openshot_qt | 478 | blacklist ${HOME}/.openshot_qt |
479 | blacklist ${HOME}/.opera | 479 | blacklist ${HOME}/.opera |
480 | blacklist ${HOME}/.opera-beta | 480 | blacklist ${HOME}/.opera-beta |
481 | blacklist ${HOME}/.passwd-s3fs | ||
482 | blacklist ${HOME}/.pingus | 481 | blacklist ${HOME}/.pingus |
483 | blacklist ${HOME}/.purple | 482 | blacklist ${HOME}/.purple |
484 | blacklist ${HOME}/.qemu-launcher | 483 | blacklist ${HOME}/.qemu-launcher |
@@ -488,7 +487,6 @@ blacklist ${HOME}/.remmina | |||
488 | blacklist ${HOME}/.repo_.gitconfig.json | 487 | blacklist ${HOME}/.repo_.gitconfig.json |
489 | blacklist ${HOME}/.repoconfig | 488 | blacklist ${HOME}/.repoconfig |
490 | blacklist ${HOME}/.retroshare | 489 | blacklist ${HOME}/.retroshare |
491 | blacklist ${HOME}/.s3cmd | ||
492 | blacklist ${HOME}/.scribus | 490 | blacklist ${HOME}/.scribus |
493 | blacklist ${HOME}/.scribusrc | 491 | blacklist ${HOME}/.scribusrc |
494 | blacklist ${HOME}/.simutrans | 492 | blacklist ${HOME}/.simutrans |
diff --git a/etc/krunner.profile b/etc/krunner.profile index 6b84e2c7c..0b1b9e5de 100644 --- a/etc/krunner.profile +++ b/etc/krunner.profile | |||
@@ -11,7 +11,7 @@ include /etc/firejail/globals.local | |||
11 | # with its own profile, if it is sandboxed automatically. | 11 | # with its own profile, if it is sandboxed automatically. |
12 | 12 | ||
13 | # noblacklist ${HOME}/.cache/krunner | 13 | # noblacklist ${HOME}/.cache/krunner |
14 | # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite | 14 | # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* |
15 | # noblacklist ${HOME}/.config/chromium | 15 | # noblacklist ${HOME}/.config/chromium |
16 | noblacklist ${HOME}/.config/krunnerrc | 16 | noblacklist ${HOME}/.config/krunnerrc |
17 | noblacklist ${HOME}/.kde/share/config/krunnerrc | 17 | noblacklist ${HOME}/.kde/share/config/krunnerrc |
@@ -34,3 +34,5 @@ nonewprivs | |||
34 | noroot | 34 | noroot |
35 | protocol unix,inet,inet6 | 35 | protocol unix,inet,inet6 |
36 | seccomp | 36 | seccomp |
37 | |||
38 | # private-cache | ||