diff options
846 files changed, 6131 insertions, 5700 deletions
diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs new file mode 100644 index 000000000..cc0be3b3d --- /dev/null +++ b/.git-blame-ignore-revs | |||
@@ -0,0 +1,2 @@ | |||
1 | # move whitelist/blacklist to allow/deny | ||
2 | fe0f975f447d59977d90c3226cc8c623b31b20b3 | ||
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 688101d13..0f868d6c4 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md | |||
@@ -34,6 +34,13 @@ If you want to write a new profile, the easiest way to do this is to use the | |||
34 | [profile template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template). | 34 | [profile template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template). |
35 | If you have already written a profile, please make sure it follows the rules described in the template. | 35 | If you have already written a profile, please make sure it follows the rules described in the template. |
36 | 36 | ||
37 | If you add a new command, here's the checklist: | ||
38 | |||
39 | - [ ] Update manpages: firejail(1) and firejail-profile(5) | ||
40 | - [ ] Update shell completions | ||
41 | - [ ] Update vim syntax files | ||
42 | - [ ] Update --help | ||
43 | |||
37 | # Editing the wiki | 44 | # Editing the wiki |
38 | 45 | ||
39 | You are highly encouraged to add your own tips and tricks to the [wiki](https://github.com/netblue30/firejail/wiki). | 46 | You are highly encouraged to add your own tips and tricks to the [wiki](https://github.com/netblue30/firejail/wiki). |
@@ -80,6 +80,8 @@ Akhil Hans Maulloo (https://github.com/kouul) | |||
80 | Albin Kauffmann (https://github.com/albinou) | 80 | Albin Kauffmann (https://github.com/albinou) |
81 | - Firefox and Chromium profile fixes | 81 | - Firefox and Chromium profile fixes |
82 | - info to allow screen sharing in profiles | 82 | - info to allow screen sharing in profiles |
83 | Alex Leahu (https://github.com/alxjsn) | ||
84 | - fix screen sharing configuration on Wayland | ||
83 | Alexey Kuznetsov (kuznet@ms2.inr.ac.ru) | 85 | Alexey Kuznetsov (kuznet@ms2.inr.ac.ru) |
84 | - src/lib/libnetlink.c extracted from iproute2 software package | 86 | - src/lib/libnetlink.c extracted from iproute2 software package |
85 | Aleksey Manevich (https://github.com/manevich) | 87 | Aleksey Manevich (https://github.com/manevich) |
@@ -328,6 +330,7 @@ Florian Begusch (https://github.com/florianbegusch) | |||
328 | - (la)tex profiles | 330 | - (la)tex profiles |
329 | - fixed transmission-common.profile | 331 | - fixed transmission-common.profile |
330 | - fixed standardnotes-desktop.profile | 332 | - fixed standardnotes-desktop.profile |
333 | - fix jailprober.py | ||
331 | floxo (https://github.com/floxo) | 334 | floxo (https://github.com/floxo) |
332 | - fixed qml disk cache issue | 335 | - fixed qml disk cache issue |
333 | Franco (nextime) Lanza (https://github.com/nextime) | 336 | Franco (nextime) Lanza (https://github.com/nextime) |
@@ -471,6 +474,8 @@ irregulator (https://github.com/irregulator) | |||
471 | Irvine (https://github.com/Irvinehimself) | 474 | Irvine (https://github.com/Irvinehimself) |
472 | - added conky profile | 475 | - added conky profile |
473 | - added ping, bsdtar, makepkg (Arch), archaudit-report, cower (Arch) profiles | 476 | - added ping, bsdtar, makepkg (Arch), archaudit-report, cower (Arch) profiles |
477 | Ivan (https://github.com/ordinary-dev) | ||
478 | - fix telegram profile | ||
474 | Ivan Kozik (https://github.com/ivan) | 479 | Ivan Kozik (https://github.com/ivan) |
475 | - speed up sandbox exit | 480 | - speed up sandbox exit |
476 | Jaykishan Mutkawoa (https://github.com/jmutkawoa) | 481 | Jaykishan Mutkawoa (https://github.com/jmutkawoa) |
@@ -573,6 +578,8 @@ Kristóf Marussy (https://github.com/kris7t) | |||
573 | - dns support | 578 | - dns support |
574 | kuesji koesnu (https://github.com/kuesji) | 579 | kuesji koesnu (https://github.com/kuesji) |
575 | - unit suffixes for rlimit-fsize and rlimit-as | 580 | - unit suffixes for rlimit-fsize and rlimit-as |
581 | - util.c and firejail.h fixes | ||
582 | - better parser for size strings | ||
576 | Kunal Mehta (https://github.com/legoktm) | 583 | Kunal Mehta (https://github.com/legoktm) |
577 | - converted all links to https in manpages | 584 | - converted all links to https in manpages |
578 | laniakea64 (https://github.com/laniakea64) | 585 | laniakea64 (https://github.com/laniakea64) |
@@ -596,6 +603,8 @@ Lukáš Krejčí (https://github.com/lskrejci) | |||
596 | - fixed parsing of --keep-var-tmp | 603 | - fixed parsing of --keep-var-tmp |
597 | luzpaz (https://github.com/luzpaz) | 604 | luzpaz (https://github.com/luzpaz) |
598 | - code spelling fixes | 605 | - code spelling fixes |
606 | lxeiqr (https://github.com/lxeiqr) | ||
607 | - fix sndio support | ||
599 | Mace Muilman (https://github.com/mace015) | 608 | Mace Muilman (https://github.com/mace015) |
600 | - google-chrome{,beta,unstable} flags | 609 | - google-chrome{,beta,unstable} flags |
601 | maces (https://github.com/maces) | 610 | maces (https://github.com/maces) |
@@ -654,6 +663,8 @@ Neo00001 (https://github.com/Neo00001) | |||
654 | - update telegram profile | 663 | - update telegram profile |
655 | - add spectacle profile | 664 | - add spectacle profile |
656 | - add kdiff3 profile | 665 | - add kdiff3 profile |
666 | NetSysFire (https://github.com/NetSysFire) | ||
667 | - update weechat profile | ||
657 | Nick Fox (https://github.com/njfox) | 668 | Nick Fox (https://github.com/njfox) |
658 | - add a profile alias for code-oss | 669 | - add a profile alias for code-oss |
659 | - add code-oss config directory | 670 | - add code-oss config directory |
@@ -739,8 +750,9 @@ pirate486743186 (https://github.com/pirate486743186) | |||
739 | - adding qcomicbook and pipe-viewer in disable-programs | 750 | - adding qcomicbook and pipe-viewer in disable-programs |
740 | - newsboat/newsbeuter profiles | 751 | - newsboat/newsbeuter profiles |
741 | - fix atril profile | 752 | - fix atril profile |
742 | - rtv profile | ||
743 | - reorganizing links browsers | 753 | - reorganizing links browsers |
754 | - added rtv, alpine, mcomix, qcomicbook, googler, ddgr profiles | ||
755 | - w3m, zahura, profile.template fixes | ||
744 | Pixel Fairy (https://github.com/xahare) | 756 | Pixel Fairy (https://github.com/xahare) |
745 | - added fjclip.py, fjdisplay.py and fjresize.py in contrib section | 757 | - added fjclip.py, fjdisplay.py and fjresize.py in contrib section |
746 | PizzaDude (https://github.com/pizzadude) | 758 | PizzaDude (https://github.com/pizzadude) |
@@ -1047,6 +1059,7 @@ Vladimir Schowalter (https://github.com/VladimirSchowalter20) | |||
1047 | Vladislav Nepogodin (https://github.com/vnepogodin) | 1059 | Vladislav Nepogodin (https://github.com/vnepogodin) |
1048 | - added Librewolf profiles | 1060 | - added Librewolf profiles |
1049 | - added Sway profile | 1061 | - added Sway profile |
1062 | - fix CLion profile | ||
1050 | xee5ch (https://github.com/xee5ch) | 1063 | xee5ch (https://github.com/xee5ch) |
1051 | - skypeforlinux profile | 1064 | - skypeforlinux profile |
1052 | Ypnose (https://github.com/Ypnose) | 1065 | Ypnose (https://github.com/Ypnose) |
@@ -189,107 +189,18 @@ You can also use this tool to get a list of syscalls needed by a program: [contr | |||
189 | 189 | ||
190 | We also keep a list of profile fixes for previous released versions in [etc-fixes](https://github.com/netblue30/firejail/tree/master/etc-fixes) directory. | 190 | We also keep a list of profile fixes for previous released versions in [etc-fixes](https://github.com/netblue30/firejail/tree/master/etc-fixes) directory. |
191 | 191 | ||
192 | ## Latest released version: 0.9.64 | 192 | ## Latest released version: 0.9.66 |
193 | 193 | ||
194 | ## Current development version: 0.9.65 | 194 | ## Current development version: 0.9.67 |
195 | 195 | ||
196 | Milestone page: https://github.com/netblue30/firejail/milestone/1 | 196 | Milestone page: https://github.com/netblue30/firejail/milestone/1 |
197 | Release discussion: https://github.com/netblue30/firejail/issues/3696 | 197 | Release discussion: https://github.com/netblue30/firejail/issues/3696 |
198 | 198 | ||
199 | ### jailcheck | 199 | Moving from whitelist/blacklist to allow/deny is under way! We are still open to other options, so it might change! |
200 | ````` | ||
201 | JAILCHECK(1) JAILCHECK man page JAILCHECK(1) | ||
202 | |||
203 | NAME | ||
204 | jailcheck - Simple utility program to test running sandboxes | ||
205 | |||
206 | SYNOPSIS | ||
207 | sudo jailcheck [OPTIONS] [directory] | ||
208 | |||
209 | DESCRIPTION | ||
210 | jailcheck attaches itself to all sandboxes started by the user and per‐ | ||
211 | forms some basic tests on the sandbox filesystem: | ||
212 | |||
213 | 1. Virtual directories | ||
214 | jailcheck extracts a list with the main virtual directories in‐ | ||
215 | stalled by the sandbox. These directories are build by firejail | ||
216 | at startup using --private* and --whitelist commands. | ||
217 | |||
218 | 2. Noexec test | ||
219 | jailcheck inserts executable programs in /home/username, /tmp, | ||
220 | and /var/tmp directories and tries to run them from inside the | ||
221 | sandbox, thus testing if the directory is executable or not. | ||
222 | |||
223 | 3. Read access test | ||
224 | jailcheck creates test files in the directories specified by the | ||
225 | user and tries to read them from inside the sandbox. | ||
226 | |||
227 | 4. AppArmor test | ||
228 | |||
229 | 5. Seccomp test | ||
230 | |||
231 | The program is started as root using sudo. | ||
232 | |||
233 | OPTIONS | ||
234 | --debug | ||
235 | Print debug messages. | ||
236 | |||
237 | -?, --help | ||
238 | Print options and exit. | ||
239 | |||
240 | --version | ||
241 | Print program version and exit. | ||
242 | 200 | ||
243 | [directory] | 201 | The old whitelist/blacklist will remain as aliasses for the next one or two releases |
244 | One or more directories in user home to test for read access. | 202 | in order to give users a chance to switch their local profiles. |
245 | ~/.ssh and ~/.gnupg are tested by default. | 203 | The latest discussion on this issue is here: https://github.com/netblue30/firejail/issues/4379 |
246 | |||
247 | OUTPUT | ||
248 | For each sandbox detected we print the following line: | ||
249 | |||
250 | PID:USER:Sandbox Name:Command | ||
251 | |||
252 | It is followed by relevant sandbox information, such as the virtual di‐ | ||
253 | rectories and various warnings. | ||
254 | |||
255 | EXAMPLE | ||
256 | $ sudo jailcheck | ||
257 | 2014:netblue::firejail /usr/bin/gimp | ||
258 | Virtual dirs: /tmp, /var/tmp, /dev, /usr/share, | ||
259 | Warning: I can run programs in /home/netblue | ||
260 | |||
261 | 2055:netblue::firejail /usr/bin/ssh -X netblue@x.y.z.net | ||
262 | Virtual dirs: /var/tmp, /dev, /usr/share, /run/user/1000, | ||
263 | Warning: I can read ~/.ssh | ||
264 | |||
265 | 2186:netblue:libreoffice:firejail --appimage /opt/LibreOffice-fresh.ap‐ | ||
266 | pimage | ||
267 | Virtual dirs: /tmp, /var/tmp, /dev, | ||
268 | |||
269 | 26090:netblue::/usr/bin/firejail /opt/firefox/firefox | ||
270 | Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /usr/share, | ||
271 | /run/user/1000, | ||
272 | |||
273 | 26160:netblue:tor:firejail --private=~/tor-browser_en-US ./start-tor | ||
274 | Warning: AppArmor not enabled | ||
275 | Virtual dirs: /home/netblue, /tmp, /var/tmp, /dev, /etc, /bin, | ||
276 | /usr/share, /run/user/1000, | ||
277 | Warning: I can run programs in /home/netblue | ||
278 | |||
279 | LICENSE | ||
280 | This program is free software; you can redistribute it and/or modify it | ||
281 | under the terms of the GNU General Public License as published by the | ||
282 | Free Software Foundation; either version 2 of the License, or (at your | ||
283 | option) any later version. | ||
284 | |||
285 | Homepage: https://firejail.wordpress.com | ||
286 | |||
287 | SEE ALSO | ||
288 | firejail(1), firemon(1), firecfg(1), firejail-profile(5), firejail-lo‐ | ||
289 | gin(5), firejail-users(5), | ||
290 | |||
291 | 0.9.65 May 2021 JAILCHECK(1) | ||
292 | ````` | ||
293 | 204 | ||
294 | ### Profile Statistics | 205 | ### Profile Statistics |
295 | 206 | ||
@@ -298,40 +209,32 @@ A small tool to print profile statistics. Compile as usual and run in /etc/profi | |||
298 | $ sudo cp src/profstats/profstats /etc/firejail/. | 209 | $ sudo cp src/profstats/profstats /etc/firejail/. |
299 | $ cd /etc/firejail | 210 | $ cd /etc/firejail |
300 | $ ./profstats *.profile | 211 | $ ./profstats *.profile |
301 | Stats: | 212 | profiles 1150 |
302 | profiles 1135 | 213 | include local profile 1150 (include profile-name.local) |
303 | include local profile 1135 (include profile-name.local) | 214 | include globals 1120 (include globals.local) |
304 | include globals 1106 (include globals.local) | 215 | blacklist ~/.ssh 1026 (include disable-common.inc) |
305 | blacklist ~/.ssh 1009 (include disable-common.inc) | 216 | seccomp 1050 |
306 | seccomp 1035 | 217 | capabilities 1146 |
307 | capabilities 1130 | 218 | noexec 1030 (include disable-exec.inc) |
308 | noexec 1011 (include disable-exec.inc) | 219 | noroot 959 |
309 | noroot 944 | 220 | memory-deny-write-execute 253 |
310 | memory-deny-write-execute 242 | 221 | apparmor 681 |
311 | apparmor 667 | 222 | private-bin 667 |
312 | private-bin 635 | 223 | private-dev 1009 |
313 | private-dev 992 | 224 | private-etc 523 |
314 | private-etc 508 | 225 | private-tmp 883 |
315 | private-tmp 866 | 226 | whitelist home directory 547 |
316 | whitelist home directory 542 | 227 | whitelist var 818 (include whitelist-var-common.inc) |
317 | whitelist var 799 (include whitelist-var-common.inc) | 228 | whitelist run/user 616 (include whitelist-runuser-common.inc |
318 | whitelist run/user 597 (include whitelist-runuser-common.inc | ||
319 | or blacklist ${RUNUSER}) | 229 | or blacklist ${RUNUSER}) |
320 | whitelist usr/share 569 (include whitelist-usr-share-common.inc | 230 | whitelist usr/share 591 (include whitelist-usr-share-common.inc |
321 | net none 389 | 231 | net none 391 |
322 | dbus-user none 619 | 232 | dbus-user none 641 |
323 | dbus-user filter 105 | 233 | dbus-user filter 105 |
324 | dbus-system none 770 | 234 | dbus-system none 792 |
325 | dbus-system filter 7 | 235 | dbus-system filter 7 |
326 | ``` | 236 | ``` |
327 | 237 | ||
328 | ### New profiles: | 238 | ### New profiles: |
329 | 239 | ||
330 | vmware-view, display-im6.q16, ipcalc, ipcalc-ng, ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop, | 240 | clion-eap, lifeograph, io.github.lainsce.Notejot, rednotebook, zim, microsoft-edge-beta |
331 | avidemux, calligragemini, vmware-player, vmware-workstation, gget, com.github.phase1geo.minder, nextcloud-desktop, | ||
332 | pcsxr, PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2, bcompare, b2sum, cksum, md5sum, sha1sum, sha224sum, | ||
333 | sha256sum, sha384sum, sha512sum, sum, librewold-nightly, Quodlibet, tmux, sway, alienarena, alienarena-wrapper, | ||
334 | ballbuster, ballbuster-wrapper, colorful, colorful-wrapper, gl-117, gl-117-wrapper, glaxium, glaxium-wrapper, | ||
335 | pinball, pinball-wrapper, etr-wrapper, neverball-wrapper, neverputt-wrapper, supertuxkart-wrapper, firedragon, | ||
336 | neochat, node, nvm, cargo, LibreCAD, blobby, funnyboat, pipe-viewer, gtk-pipe-viewer, links2, xlinks2, googler, ddgr, | ||
337 | tin | ||
@@ -1,10 +1,18 @@ | |||
1 | firejail (0.9.65) baseline; urgency=low | 1 | firejail (0.9.67) baseline; urgency=low |
2 | * work in progress | ||
3 | * deprecated --disable-whitelist at compile time | ||
4 | * deprecated whitelist=yes/no in /etc/firejail/firejail.config | ||
5 | * new profiles: microsoft-edge-beta | ||
6 | -- netblue30 <netblue30@yahoo.com> Mon, 28 Jun 2021 09:00:00 -0500 | ||
7 | |||
8 | firejail (0.9.66) baseline; urgency=low | ||
2 | * deprecated --audit options, relpaced by jailcheck utility | 9 | * deprecated --audit options, relpaced by jailcheck utility |
3 | * deprecated follow-symlink-as-user from firejail.config | 10 | * deprecated follow-symlink-as-user from firejail.config |
4 | * new firejail.config settings: private-bin, private-etc | 11 | * new firejail.config settings: private-bin, private-etc |
5 | * new firejail.config settings: private-opt, private-srv | 12 | * new firejail.config settings: private-opt, private-srv |
6 | * new firejail.config settings: whitelist-disable-topdir | 13 | * new firejail.config settings: whitelist-disable-topdir |
7 | * new firejail.config settings: seccomp-filter-add | 14 | * new firejail.config settings: seccomp-filter-add |
15 | * removed kcmp syscall from seccomp default filter | ||
8 | * rename --noautopulse to keep-config-pulse | 16 | * rename --noautopulse to keep-config-pulse |
9 | * filtering environment variables | 17 | * filtering environment variables |
10 | * zsh completion | 18 | * zsh completion |
@@ -38,7 +46,7 @@ firejail (0.9.65) baseline; urgency=low | |||
38 | * neverball-wrapper, neverputt-wrapper, supertuxkart-wrapper, neochat, | 46 | * neverball-wrapper, neverputt-wrapper, supertuxkart-wrapper, neochat, |
39 | * cargo, LibreCAD, blobby, funnyboat, pipe-viewer, gtk-pipe-viewer | 47 | * cargo, LibreCAD, blobby, funnyboat, pipe-viewer, gtk-pipe-viewer |
40 | * links2, xlinks2, googler, ddgr, tin | 48 | * links2, xlinks2, googler, ddgr, tin |
41 | -- netblue30 <netblue30@yahoo.com> Wed, 2 Jun 2021 09:00:00 -0500 | 49 | -- netblue30 <netblue30@yahoo.com> Mon, 28 Jun 2021 09:00:00 -0500 |
42 | 50 | ||
43 | firejail (0.9.64.4) baseline; urgency=low | 51 | firejail (0.9.64.4) baseline; urgency=low |
44 | * disabled overlayfs, pending multiple fixes (CVE-2021-26910) | 52 | * disabled overlayfs, pending multiple fixes (CVE-2021-26910) |
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.66rc1. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.67. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@protonmail.com>. | 5 | # Report bugs to <netblue30@protonmail.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.66rc1' | 583 | PACKAGE_VERSION='0.9.67' |
584 | PACKAGE_STRING='firejail 0.9.66rc1' | 584 | PACKAGE_STRING='firejail 0.9.67' |
585 | PACKAGE_BUGREPORT='netblue30@protonmail.com' | 585 | PACKAGE_BUGREPORT='netblue30@protonmail.com' |
586 | PACKAGE_URL='https://firejail.wordpress.com' | 586 | PACKAGE_URL='https://firejail.wordpress.com' |
587 | 587 | ||
@@ -634,7 +634,6 @@ HAVE_GCOV | |||
634 | BUSYBOX_WORKAROUND | 634 | BUSYBOX_WORKAROUND |
635 | HAVE_FATAL_WARNINGS | 635 | HAVE_FATAL_WARNINGS |
636 | HAVE_SUID | 636 | HAVE_SUID |
637 | HAVE_WHITELIST | ||
638 | HAVE_FILE_TRANSFER | 637 | HAVE_FILE_TRANSFER |
639 | HAVE_X11 | 638 | HAVE_X11 |
640 | HAVE_USERNS | 639 | HAVE_USERNS |
@@ -726,7 +725,6 @@ enable_network | |||
726 | enable_userns | 725 | enable_userns |
727 | enable_x11 | 726 | enable_x11 |
728 | enable_file_transfer | 727 | enable_file_transfer |
729 | enable_whitelist | ||
730 | enable_suid | 728 | enable_suid |
731 | enable_fatal_warnings | 729 | enable_fatal_warnings |
732 | enable_busybox_workaround | 730 | enable_busybox_workaround |
@@ -1299,7 +1297,7 @@ if test "$ac_init_help" = "long"; then | |||
1299 | # Omit some internal or obsolete options to make the list less imposing. | 1297 | # Omit some internal or obsolete options to make the list less imposing. |
1300 | # This message is too long to be a string in the A/UX 3.1 sh. | 1298 | # This message is too long to be a string in the A/UX 3.1 sh. |
1301 | cat <<_ACEOF | 1299 | cat <<_ACEOF |
1302 | \`configure' configures firejail 0.9.66rc1 to adapt to many kinds of systems. | 1300 | \`configure' configures firejail 0.9.67 to adapt to many kinds of systems. |
1303 | 1301 | ||
1304 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1302 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1305 | 1303 | ||
@@ -1361,7 +1359,7 @@ fi | |||
1361 | 1359 | ||
1362 | if test -n "$ac_init_help"; then | 1360 | if test -n "$ac_init_help"; then |
1363 | case $ac_init_help in | 1361 | case $ac_init_help in |
1364 | short | recursive ) echo "Configuration of firejail 0.9.66rc1:";; | 1362 | short | recursive ) echo "Configuration of firejail 0.9.67:";; |
1365 | esac | 1363 | esac |
1366 | cat <<\_ACEOF | 1364 | cat <<\_ACEOF |
1367 | 1365 | ||
@@ -1385,7 +1383,6 @@ Optional Features: | |||
1385 | --disable-userns disable user namespace | 1383 | --disable-userns disable user namespace |
1386 | --disable-x11 disable X11 sandboxing support | 1384 | --disable-x11 disable X11 sandboxing support |
1387 | --disable-file-transfer disable file transfer | 1385 | --disable-file-transfer disable file transfer |
1388 | --disable-whitelist disable whitelist | ||
1389 | --disable-suid install as a non-SUID executable | 1386 | --disable-suid install as a non-SUID executable |
1390 | --enable-fatal-warnings -W -Wall -Werror | 1387 | --enable-fatal-warnings -W -Wall -Werror |
1391 | --enable-busybox-workaround | 1388 | --enable-busybox-workaround |
@@ -1481,7 +1478,7 @@ fi | |||
1481 | test -n "$ac_init_help" && exit $ac_status | 1478 | test -n "$ac_init_help" && exit $ac_status |
1482 | if $ac_init_version; then | 1479 | if $ac_init_version; then |
1483 | cat <<\_ACEOF | 1480 | cat <<\_ACEOF |
1484 | firejail configure 0.9.66rc1 | 1481 | firejail configure 0.9.67 |
1485 | generated by GNU Autoconf 2.69 | 1482 | generated by GNU Autoconf 2.69 |
1486 | 1483 | ||
1487 | Copyright (C) 2012 Free Software Foundation, Inc. | 1484 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1783,7 +1780,7 @@ cat >config.log <<_ACEOF | |||
1783 | This file contains any messages produced by compilers while | 1780 | This file contains any messages produced by compilers while |
1784 | running configure, to aid debugging if configure makes a mistake. | 1781 | running configure, to aid debugging if configure makes a mistake. |
1785 | 1782 | ||
1786 | It was created by firejail $as_me 0.9.66rc1, which was | 1783 | It was created by firejail $as_me 0.9.67, which was |
1787 | generated by GNU Autoconf 2.69. Invocation command line was | 1784 | generated by GNU Autoconf 2.69. Invocation command line was |
1788 | 1785 | ||
1789 | $ $0 $@ | 1786 | $ $0 $@ |
@@ -3747,19 +3744,6 @@ if test "x$enable_file_transfer" != "xno"; then : | |||
3747 | 3744 | ||
3748 | fi | 3745 | fi |
3749 | 3746 | ||
3750 | HAVE_WHITELIST="" | ||
3751 | # Check whether --enable-whitelist was given. | ||
3752 | if test "${enable_whitelist+set}" = set; then : | ||
3753 | enableval=$enable_whitelist; | ||
3754 | fi | ||
3755 | |||
3756 | if test "x$enable_whitelist" != "xno"; then : | ||
3757 | |||
3758 | HAVE_WHITELIST="-DHAVE_WHITELIST" | ||
3759 | |||
3760 | |||
3761 | fi | ||
3762 | |||
3763 | HAVE_SUID="" | 3747 | HAVE_SUID="" |
3764 | # Check whether --enable-suid was given. | 3748 | # Check whether --enable-suid was given. |
3765 | if test "${enable_suid+set}" = set; then : | 3749 | if test "${enable_suid+set}" = set; then : |
@@ -4910,7 +4894,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4910 | # report actual input values of CONFIG_FILES etc. instead of their | 4894 | # report actual input values of CONFIG_FILES etc. instead of their |
4911 | # values after options handling. | 4895 | # values after options handling. |
4912 | ac_log=" | 4896 | ac_log=" |
4913 | This file was extended by firejail $as_me 0.9.66rc1, which was | 4897 | This file was extended by firejail $as_me 0.9.67, which was |
4914 | generated by GNU Autoconf 2.69. Invocation command line was | 4898 | generated by GNU Autoconf 2.69. Invocation command line was |
4915 | 4899 | ||
4916 | CONFIG_FILES = $CONFIG_FILES | 4900 | CONFIG_FILES = $CONFIG_FILES |
@@ -4964,7 +4948,7 @@ _ACEOF | |||
4964 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4948 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4965 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4949 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4966 | ac_cs_version="\\ | 4950 | ac_cs_version="\\ |
4967 | firejail config.status 0.9.66rc1 | 4951 | firejail config.status 0.9.67 |
4968 | configured by $0, generated by GNU Autoconf 2.69, | 4952 | configured by $0, generated by GNU Autoconf 2.69, |
4969 | with options \\"\$ac_cs_config\\" | 4953 | with options \\"\$ac_cs_config\\" |
4970 | 4954 | ||
@@ -5572,7 +5556,6 @@ Configuration options: | |||
5572 | network: $HAVE_NETWORK | 5556 | network: $HAVE_NETWORK |
5573 | user namespace: $HAVE_USERNS | 5557 | user namespace: $HAVE_USERNS |
5574 | X11 sandboxing support: $HAVE_X11 | 5558 | X11 sandboxing support: $HAVE_X11 |
5575 | whitelisting: $HAVE_WHITELIST | ||
5576 | private home support: $HAVE_PRIVATE_HOME | 5559 | private home support: $HAVE_PRIVATE_HOME |
5577 | file transfer support: $HAVE_FILE_TRANSFER | 5560 | file transfer support: $HAVE_FILE_TRANSFER |
5578 | overlayfs support: $HAVE_OVERLAYFS | 5561 | overlayfs support: $HAVE_OVERLAYFS |
diff --git a/configure.ac b/configure.ac index f37db5926..1f8e802b5 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -12,7 +12,7 @@ | |||
12 | # | 12 | # |
13 | 13 | ||
14 | AC_PREREQ([2.68]) | 14 | AC_PREREQ([2.68]) |
15 | AC_INIT([firejail],[0.9.66rc1],[netblue30@protonmail.com],[],[https://firejail.wordpress.com]) | 15 | AC_INIT([firejail],[0.9.67],[netblue30@protonmail.com],[],[https://firejail.wordpress.com]) |
16 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 16 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
17 | 17 | ||
18 | AC_CONFIG_MACRO_DIR([m4]) | 18 | AC_CONFIG_MACRO_DIR([m4]) |
@@ -177,14 +177,6 @@ AS_IF([test "x$enable_file_transfer" != "xno"], [ | |||
177 | AC_SUBST(HAVE_FILE_TRANSFER) | 177 | AC_SUBST(HAVE_FILE_TRANSFER) |
178 | ]) | 178 | ]) |
179 | 179 | ||
180 | HAVE_WHITELIST="" | ||
181 | AC_ARG_ENABLE([whitelist], | ||
182 | AS_HELP_STRING([--disable-whitelist], [disable whitelist])) | ||
183 | AS_IF([test "x$enable_whitelist" != "xno"], [ | ||
184 | HAVE_WHITELIST="-DHAVE_WHITELIST" | ||
185 | AC_SUBST(HAVE_WHITELIST) | ||
186 | ]) | ||
187 | |||
188 | HAVE_SUID="" | 180 | HAVE_SUID="" |
189 | AC_ARG_ENABLE([suid], | 181 | AC_ARG_ENABLE([suid], |
190 | AS_HELP_STRING([--disable-suid], [install as a non-SUID executable])) | 182 | AS_HELP_STRING([--disable-suid], [install as a non-SUID executable])) |
@@ -323,7 +315,6 @@ Configuration options: | |||
323 | network: $HAVE_NETWORK | 315 | network: $HAVE_NETWORK |
324 | user namespace: $HAVE_USERNS | 316 | user namespace: $HAVE_USERNS |
325 | X11 sandboxing support: $HAVE_X11 | 317 | X11 sandboxing support: $HAVE_X11 |
326 | whitelisting: $HAVE_WHITELIST | ||
327 | private home support: $HAVE_PRIVATE_HOME | 318 | private home support: $HAVE_PRIVATE_HOME |
328 | file transfer support: $HAVE_FILE_TRANSFER | 319 | file transfer support: $HAVE_FILE_TRANSFER |
329 | overlayfs support: $HAVE_OVERLAYFS | 320 | overlayfs support: $HAVE_OVERLAYFS |
diff --git a/etc/firejail.config b/etc/firejail.config index 43db49422..2e355586b 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
@@ -123,9 +123,6 @@ | |||
123 | # Enable or disable user namespace support, default enabled. | 123 | # Enable or disable user namespace support, default enabled. |
124 | # userns yes | 124 | # userns yes |
125 | 125 | ||
126 | # Enable or disable whitelisting support, default enabled. | ||
127 | # whitelist yes | ||
128 | |||
129 | # Disable whitelist top level directories, in addition to those | 126 | # Disable whitelist top level directories, in addition to those |
130 | # that are disabled out of the box. None by default; this is an example. | 127 | # that are disabled out of the box. None by default; this is an example. |
131 | # whitelist-disable-topdir /etc,/usr/etc | 128 | # whitelist-disable-topdir /etc,/usr/etc |
diff --git a/etc/inc/allow-bin-sh.inc b/etc/inc/allow-bin-sh.inc index d6c295414..59cd40878 100644 --- a/etc/inc/allow-bin-sh.inc +++ b/etc/inc/allow-bin-sh.inc | |||
@@ -2,6 +2,6 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-bin-sh.local | 3 | include allow-bin-sh.local |
4 | 4 | ||
5 | noblacklist ${PATH}/bash | 5 | nodeny ${PATH}/bash |
6 | noblacklist ${PATH}/dash | 6 | nodeny ${PATH}/dash |
7 | noblacklist ${PATH}/sh | 7 | nodeny ${PATH}/sh |
diff --git a/etc/inc/allow-common-devel.inc b/etc/inc/allow-common-devel.inc index 011bbe226..71b1483cd 100644 --- a/etc/inc/allow-common-devel.inc +++ b/etc/inc/allow-common-devel.inc | |||
@@ -3,29 +3,29 @@ | |||
3 | include allow-common-devel.local | 3 | include allow-common-devel.local |
4 | 4 | ||
5 | # Git | 5 | # Git |
6 | noblacklist ${HOME}/.config/git | 6 | nodeny ${HOME}/.config/git |
7 | noblacklist ${HOME}/.gitconfig | 7 | nodeny ${HOME}/.gitconfig |
8 | noblacklist ${HOME}/.git-credentials | 8 | nodeny ${HOME}/.git-credentials |
9 | 9 | ||
10 | # Java | 10 | # Java |
11 | noblacklist ${HOME}/.gradle | 11 | nodeny ${HOME}/.gradle |
12 | noblacklist ${HOME}/.java | 12 | nodeny ${HOME}/.java |
13 | 13 | ||
14 | # Node.js | 14 | # Node.js |
15 | noblacklist ${HOME}/.node-gyp | 15 | nodeny ${HOME}/.node-gyp |
16 | noblacklist ${HOME}/.npm | 16 | nodeny ${HOME}/.npm |
17 | noblacklist ${HOME}/.npmrc | 17 | nodeny ${HOME}/.npmrc |
18 | noblacklist ${HOME}/.nvm | 18 | nodeny ${HOME}/.nvm |
19 | noblacklist ${HOME}/.yarn | 19 | nodeny ${HOME}/.yarn |
20 | noblacklist ${HOME}/.yarn-config | 20 | nodeny ${HOME}/.yarn-config |
21 | noblacklist ${HOME}/.yarncache | 21 | nodeny ${HOME}/.yarncache |
22 | noblacklist ${HOME}/.yarnrc | 22 | nodeny ${HOME}/.yarnrc |
23 | 23 | ||
24 | # Python | 24 | # Python |
25 | noblacklist ${HOME}/.pylint.d | 25 | nodeny ${HOME}/.pylint.d |
26 | noblacklist ${HOME}/.python-history | 26 | nodeny ${HOME}/.python-history |
27 | noblacklist ${HOME}/.python_history | 27 | nodeny ${HOME}/.python_history |
28 | noblacklist ${HOME}/.pythonhist | 28 | nodeny ${HOME}/.pythonhist |
29 | 29 | ||
30 | # Rust | 30 | # Rust |
31 | noblacklist ${HOME}/.cargo/* | 31 | nodeny ${HOME}/.cargo/* |
diff --git a/etc/inc/allow-gjs.inc b/etc/inc/allow-gjs.inc index c1366e093..2e2490079 100644 --- a/etc/inc/allow-gjs.inc +++ b/etc/inc/allow-gjs.inc | |||
@@ -2,11 +2,11 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-gjs.local | 3 | include allow-gjs.local |
4 | 4 | ||
5 | noblacklist ${PATH}/gjs | 5 | nodeny ${PATH}/gjs |
6 | noblacklist ${PATH}/gjs-console | 6 | nodeny ${PATH}/gjs-console |
7 | noblacklist /usr/lib/gjs | 7 | nodeny /usr/lib/gjs |
8 | noblacklist /usr/lib/libgjs* | 8 | nodeny /usr/lib/libgjs* |
9 | noblacklist /usr/lib/libmozjs-* | 9 | nodeny /usr/lib/libmozjs-* |
10 | noblacklist /usr/lib64/gjs | 10 | nodeny /usr/lib64/gjs |
11 | noblacklist /usr/lib64/libgjs* | 11 | nodeny /usr/lib64/libgjs* |
12 | noblacklist /usr/lib64/libmozjs-* | 12 | nodeny /usr/lib64/libmozjs-* |
diff --git a/etc/inc/allow-java.inc b/etc/inc/allow-java.inc index 24d18fb77..af44f3664 100644 --- a/etc/inc/allow-java.inc +++ b/etc/inc/allow-java.inc | |||
@@ -2,8 +2,8 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-java.local | 3 | include allow-java.local |
4 | 4 | ||
5 | noblacklist ${HOME}/.java | 5 | nodeny ${HOME}/.java |
6 | noblacklist ${PATH}/java | 6 | nodeny ${PATH}/java |
7 | noblacklist /etc/java | 7 | nodeny /etc/java |
8 | noblacklist /usr/lib/java | 8 | nodeny /usr/lib/java |
9 | noblacklist /usr/share/java | 9 | nodeny /usr/share/java |
diff --git a/etc/inc/allow-lua.inc b/etc/inc/allow-lua.inc index 9c47e7a3b..3d0a1997b 100644 --- a/etc/inc/allow-lua.inc +++ b/etc/inc/allow-lua.inc | |||
@@ -2,11 +2,11 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-lua.local | 3 | include allow-lua.local |
4 | 4 | ||
5 | noblacklist ${PATH}/lua* | 5 | nodeny ${PATH}/lua* |
6 | noblacklist /usr/include | 6 | nodeny /usr/include |
7 | noblacklist /usr/lib/liblua* | 7 | nodeny /usr/lib/liblua* |
8 | noblacklist /usr/lib/lua | 8 | nodeny /usr/lib/lua |
9 | noblacklist /usr/lib64/liblua* | 9 | nodeny /usr/lib64/liblua* |
10 | noblacklist /usr/lib64/lua | 10 | nodeny /usr/lib64/lua |
11 | noblacklist /usr/share/lua | 11 | nodeny /usr/share/lua |
12 | noblacklist /usr/share/lua* | 12 | nodeny /usr/share/lua* |
diff --git a/etc/inc/allow-nodejs.inc b/etc/inc/allow-nodejs.inc index 351c94ab8..e915b3866 100644 --- a/etc/inc/allow-nodejs.inc +++ b/etc/inc/allow-nodejs.inc | |||
@@ -2,8 +2,8 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-nodejs.local | 3 | include allow-nodejs.local |
4 | 4 | ||
5 | noblacklist ${PATH}/node | 5 | nodeny ${PATH}/node |
6 | noblacklist /usr/include/node | 6 | nodeny /usr/include/node |
7 | 7 | ||
8 | # Allow python for node-gyp (blacklisted by disable-interpreters.inc) | 8 | # Allow python for node-gyp (blacklisted by disable-interpreters.inc) |
9 | include allow-python2.inc | 9 | include allow-python2.inc |
diff --git a/etc/inc/allow-opengl-game.inc b/etc/inc/allow-opengl-game.inc index b5ff1bd50..00e35e983 100644 --- a/etc/inc/allow-opengl-game.inc +++ b/etc/inc/allow-opengl-game.inc | |||
@@ -1,3 +1,7 @@ | |||
1 | noblacklist ${PATH}/bash | 1 | # This file is overwritten during software install. |
2 | whitelist /usr/share/opengl-games-utils/opengl-game-functions.sh | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-opengl-game.local | ||
4 | |||
5 | nodeny ${PATH}/bash | ||
6 | allow /usr/share/opengl-games-utils/opengl-game-functions.sh | ||
3 | private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity | 7 | private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity |
diff --git a/etc/inc/allow-perl.inc b/etc/inc/allow-perl.inc index 5a1952c94..134d27239 100644 --- a/etc/inc/allow-perl.inc +++ b/etc/inc/allow-perl.inc | |||
@@ -2,11 +2,11 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-perl.local | 3 | include allow-perl.local |
4 | 4 | ||
5 | noblacklist ${PATH}/core_perl | 5 | nodeny ${PATH}/core_perl |
6 | noblacklist ${PATH}/cpan* | 6 | nodeny ${PATH}/cpan* |
7 | noblacklist ${PATH}/perl | 7 | nodeny ${PATH}/perl |
8 | noblacklist ${PATH}/site_perl | 8 | nodeny ${PATH}/site_perl |
9 | noblacklist ${PATH}/vendor_perl | 9 | nodeny ${PATH}/vendor_perl |
10 | noblacklist /usr/lib/perl* | 10 | nodeny /usr/lib/perl* |
11 | noblacklist /usr/lib64/perl* | 11 | nodeny /usr/lib64/perl* |
12 | noblacklist /usr/share/perl* | 12 | nodeny /usr/share/perl* |
diff --git a/etc/inc/allow-php.inc b/etc/inc/allow-php.inc index a0950dc26..520c2019e 100644 --- a/etc/inc/allow-php.inc +++ b/etc/inc/allow-php.inc | |||
@@ -2,6 +2,6 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-php.local | 3 | include allow-php.local |
4 | 4 | ||
5 | noblacklist ${PATH}/php* | 5 | nodeny ${PATH}/php* |
6 | noblacklist /usr/lib/php* | 6 | nodeny /usr/lib/php* |
7 | noblacklist /usr/share/php* | 7 | nodeny /usr/share/php* |
diff --git a/etc/inc/allow-python2.inc b/etc/inc/allow-python2.inc index b0525e2e1..f1830043a 100644 --- a/etc/inc/allow-python2.inc +++ b/etc/inc/allow-python2.inc | |||
@@ -2,8 +2,8 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-python2.local | 3 | include allow-python2.local |
4 | 4 | ||
5 | noblacklist ${PATH}/python2* | 5 | nodeny ${PATH}/python2* |
6 | noblacklist /usr/include/python2* | 6 | nodeny /usr/include/python2* |
7 | noblacklist /usr/lib/python2* | 7 | nodeny /usr/lib/python2* |
8 | noblacklist /usr/local/lib/python2* | 8 | nodeny /usr/local/lib/python2* |
9 | noblacklist /usr/share/python2* | 9 | nodeny /usr/share/python2* |
diff --git a/etc/inc/allow-python3.inc b/etc/inc/allow-python3.inc index d968886b0..e4b6ed1a9 100644 --- a/etc/inc/allow-python3.inc +++ b/etc/inc/allow-python3.inc | |||
@@ -2,9 +2,9 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-python3.local | 3 | include allow-python3.local |
4 | 4 | ||
5 | noblacklist ${PATH}/python3* | 5 | nodeny ${PATH}/python3* |
6 | noblacklist /usr/include/python3* | 6 | nodeny /usr/include/python3* |
7 | noblacklist /usr/lib/python3* | 7 | nodeny /usr/lib/python3* |
8 | noblacklist /usr/lib64/python3* | 8 | nodeny /usr/lib64/python3* |
9 | noblacklist /usr/local/lib/python3* | 9 | nodeny /usr/local/lib/python3* |
10 | noblacklist /usr/share/python3* | 10 | nodeny /usr/share/python3* |
diff --git a/etc/inc/allow-ruby.inc b/etc/inc/allow-ruby.inc index a8c701219..d949bbc84 100644 --- a/etc/inc/allow-ruby.inc +++ b/etc/inc/allow-ruby.inc | |||
@@ -2,5 +2,5 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-ruby.local | 3 | include allow-ruby.local |
4 | 4 | ||
5 | noblacklist ${PATH}/ruby | 5 | nodeny ${PATH}/ruby |
6 | noblacklist /usr/lib/ruby | 6 | nodeny /usr/lib/ruby |
diff --git a/etc/inc/allow-ssh.inc b/etc/inc/allow-ssh.inc index 67c78a483..44957bf32 100644 --- a/etc/inc/allow-ssh.inc +++ b/etc/inc/allow-ssh.inc | |||
@@ -2,7 +2,7 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-ssh.local | 3 | include allow-ssh.local |
4 | 4 | ||
5 | noblacklist ${HOME}/.ssh | 5 | nodeny ${HOME}/.ssh |
6 | noblacklist /etc/ssh | 6 | nodeny /etc/ssh |
7 | noblacklist /etc/ssh/ssh_config | 7 | nodeny /etc/ssh/ssh_config |
8 | noblacklist /tmp/ssh-* | 8 | nodeny /tmp/ssh-* |
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 2dc53d311..1283a3a3d 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -5,63 +5,63 @@ include disable-common.local | |||
5 | # The following block breaks trash functionality in file managers | 5 | # The following block breaks trash functionality in file managers |
6 | #read-only ${HOME}/.local | 6 | #read-only ${HOME}/.local |
7 | #read-write ${HOME}/.local/share | 7 | #read-write ${HOME}/.local/share |
8 | blacklist ${HOME}/.local/share/Trash | 8 | deny ${HOME}/.local/share/Trash |
9 | 9 | ||
10 | # History files in $HOME and clipboard managers | 10 | # History files in $HOME and clipboard managers |
11 | blacklist-nolog ${HOME}/.*_history | 11 | deny-nolog ${HOME}/.*_history |
12 | blacklist-nolog ${HOME}/.adobe | 12 | deny-nolog ${HOME}/.adobe |
13 | blacklist-nolog ${HOME}/.cache/greenclip* | 13 | deny-nolog ${HOME}/.cache/greenclip* |
14 | blacklist-nolog ${HOME}/.histfile | 14 | deny-nolog ${HOME}/.histfile |
15 | blacklist-nolog ${HOME}/.history | 15 | deny-nolog ${HOME}/.history |
16 | blacklist-nolog ${HOME}/.kde/share/apps/klipper | 16 | deny-nolog ${HOME}/.kde/share/apps/klipper |
17 | blacklist-nolog ${HOME}/.kde4/share/apps/klipper | 17 | deny-nolog ${HOME}/.kde4/share/apps/klipper |
18 | blacklist-nolog ${HOME}/.local/share/fish/fish_history | 18 | deny-nolog ${HOME}/.local/share/fish/fish_history |
19 | blacklist-nolog ${HOME}/.local/share/klipper | 19 | deny-nolog ${HOME}/.local/share/klipper |
20 | blacklist-nolog ${HOME}/.macromedia | 20 | deny-nolog ${HOME}/.macromedia |
21 | blacklist-nolog ${HOME}/.mupdf.history | 21 | deny-nolog ${HOME}/.mupdf.history |
22 | blacklist-nolog ${HOME}/.python-history | 22 | deny-nolog ${HOME}/.python-history |
23 | blacklist-nolog ${HOME}/.python_history | 23 | deny-nolog ${HOME}/.python_history |
24 | blacklist-nolog ${HOME}/.pythonhist | 24 | deny-nolog ${HOME}/.pythonhist |
25 | blacklist-nolog ${HOME}/.lesshst | 25 | deny-nolog ${HOME}/.lesshst |
26 | blacklist-nolog ${HOME}/.viminfo | 26 | deny-nolog ${HOME}/.viminfo |
27 | blacklist-nolog /tmp/clipmenu* | 27 | deny-nolog /tmp/clipmenu* |
28 | 28 | ||
29 | # X11 session autostart | 29 | # X11 session autostart |
30 | # blacklist ${HOME}/.xpra - this will kill --x11=xpra cmdline option for all programs | 30 | # blacklist ${HOME}/.xpra - this will kill --x11=xpra cmdline option for all programs |
31 | blacklist ${HOME}/.Xsession | 31 | deny ${HOME}/.Xsession |
32 | blacklist ${HOME}/.blackbox | 32 | deny ${HOME}/.blackbox |
33 | blacklist ${HOME}/.config/autostart | 33 | deny ${HOME}/.config/autostart |
34 | blacklist ${HOME}/.config/autostart-scripts | 34 | deny ${HOME}/.config/autostart-scripts |
35 | blacklist ${HOME}/.config/awesome | 35 | deny ${HOME}/.config/awesome |
36 | blacklist ${HOME}/.config/i3 | 36 | deny ${HOME}/.config/i3 |
37 | blacklist ${HOME}/.config/sway | 37 | deny ${HOME}/.config/sway |
38 | blacklist ${HOME}/.config/lxsession/LXDE/autostart | 38 | deny ${HOME}/.config/lxsession/LXDE/autostart |
39 | blacklist ${HOME}/.config/openbox | 39 | deny ${HOME}/.config/openbox |
40 | blacklist ${HOME}/.config/plasma-workspace | 40 | deny ${HOME}/.config/plasma-workspace |
41 | blacklist ${HOME}/.config/startupconfig | 41 | deny ${HOME}/.config/startupconfig |
42 | blacklist ${HOME}/.config/startupconfigkeys | 42 | deny ${HOME}/.config/startupconfigkeys |
43 | blacklist ${HOME}/.fluxbox | 43 | deny ${HOME}/.fluxbox |
44 | blacklist ${HOME}/.gnomerc | 44 | deny ${HOME}/.gnomerc |
45 | blacklist ${HOME}/.kde/Autostart | 45 | deny ${HOME}/.kde/Autostart |
46 | blacklist ${HOME}/.kde/env | 46 | deny ${HOME}/.kde/env |
47 | blacklist ${HOME}/.kde/share/autostart | 47 | deny ${HOME}/.kde/share/autostart |
48 | blacklist ${HOME}/.kde/share/config/startupconfig | 48 | deny ${HOME}/.kde/share/config/startupconfig |
49 | blacklist ${HOME}/.kde/share/config/startupconfigkeys | 49 | deny ${HOME}/.kde/share/config/startupconfigkeys |
50 | blacklist ${HOME}/.kde/shutdown | 50 | deny ${HOME}/.kde/shutdown |
51 | blacklist ${HOME}/.kde4/env | 51 | deny ${HOME}/.kde4/env |
52 | blacklist ${HOME}/.kde4/Autostart | 52 | deny ${HOME}/.kde4/Autostart |
53 | blacklist ${HOME}/.kde4/share/autostart | 53 | deny ${HOME}/.kde4/share/autostart |
54 | blacklist ${HOME}/.kde4/shutdown | 54 | deny ${HOME}/.kde4/shutdown |
55 | blacklist ${HOME}/.kde4/share/config/startupconfig | 55 | deny ${HOME}/.kde4/share/config/startupconfig |
56 | blacklist ${HOME}/.kde4/share/config/startupconfigkeys | 56 | deny ${HOME}/.kde4/share/config/startupconfigkeys |
57 | blacklist ${HOME}/.local/share/autostart | 57 | deny ${HOME}/.local/share/autostart |
58 | blacklist ${HOME}/.xinitrc | 58 | deny ${HOME}/.xinitrc |
59 | blacklist ${HOME}/.xprofile | 59 | deny ${HOME}/.xprofile |
60 | blacklist ${HOME}/.xserverrc | 60 | deny ${HOME}/.xserverrc |
61 | blacklist ${HOME}/.xsession | 61 | deny ${HOME}/.xsession |
62 | blacklist ${HOME}/.xsessionrc | 62 | deny ${HOME}/.xsessionrc |
63 | blacklist /etc/X11/Xsession.d | 63 | deny /etc/X11/Xsession.d |
64 | blacklist /etc/xdg/autostart | 64 | deny /etc/xdg/autostart |
65 | read-only ${HOME}/.Xauthority | 65 | read-only ${HOME}/.Xauthority |
66 | 66 | ||
67 | # Session manager | 67 | # Session manager |
@@ -70,46 +70,46 @@ read-only ${HOME}/.Xauthority | |||
70 | #?HAS_X11: blacklist /tmp/.ICE-unix | 70 | #?HAS_X11: blacklist /tmp/.ICE-unix |
71 | 71 | ||
72 | # KDE config | 72 | # KDE config |
73 | blacklist ${HOME}/.cache/konsole | 73 | deny ${HOME}/.cache/konsole |
74 | blacklist ${HOME}/.config/khotkeysrc | 74 | deny ${HOME}/.config/khotkeysrc |
75 | blacklist ${HOME}/.config/krunnerrc | 75 | deny ${HOME}/.config/krunnerrc |
76 | blacklist ${HOME}/.config/kscreenlockerrc | 76 | deny ${HOME}/.config/kscreenlockerrc |
77 | blacklist ${HOME}/.config/ksslcertificatemanager | 77 | deny ${HOME}/.config/ksslcertificatemanager |
78 | blacklist ${HOME}/.config/kwalletrc | 78 | deny ${HOME}/.config/kwalletrc |
79 | blacklist ${HOME}/.config/kwinrc | 79 | deny ${HOME}/.config/kwinrc |
80 | blacklist ${HOME}/.config/kwinrulesrc | 80 | deny ${HOME}/.config/kwinrulesrc |
81 | blacklist ${HOME}/.config/plasma-locale-settings.sh | 81 | deny ${HOME}/.config/plasma-locale-settings.sh |
82 | blacklist ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc | 82 | deny ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc |
83 | blacklist ${HOME}/.config/plasmashellrc | 83 | deny ${HOME}/.config/plasmashellrc |
84 | blacklist ${HOME}/.config/plasmavaultrc | 84 | deny ${HOME}/.config/plasmavaultrc |
85 | blacklist ${HOME}/.kde/share/apps/kwin | 85 | deny ${HOME}/.kde/share/apps/kwin |
86 | blacklist ${HOME}/.kde/share/apps/plasma | 86 | deny ${HOME}/.kde/share/apps/plasma |
87 | blacklist ${HOME}/.kde/share/apps/solid | 87 | deny ${HOME}/.kde/share/apps/solid |
88 | blacklist ${HOME}/.kde/share/config/khotkeysrc | 88 | deny ${HOME}/.kde/share/config/khotkeysrc |
89 | blacklist ${HOME}/.kde/share/config/krunnerrc | 89 | deny ${HOME}/.kde/share/config/krunnerrc |
90 | blacklist ${HOME}/.kde/share/config/kscreensaverrc | 90 | deny ${HOME}/.kde/share/config/kscreensaverrc |
91 | blacklist ${HOME}/.kde/share/config/ksslcertificatemanager | 91 | deny ${HOME}/.kde/share/config/ksslcertificatemanager |
92 | blacklist ${HOME}/.kde/share/config/kwalletrc | 92 | deny ${HOME}/.kde/share/config/kwalletrc |
93 | blacklist ${HOME}/.kde/share/config/kwinrc | 93 | deny ${HOME}/.kde/share/config/kwinrc |
94 | blacklist ${HOME}/.kde/share/config/kwinrulesrc | 94 | deny ${HOME}/.kde/share/config/kwinrulesrc |
95 | blacklist ${HOME}/.kde/share/config/plasma-desktop-appletsrc | 95 | deny ${HOME}/.kde/share/config/plasma-desktop-appletsrc |
96 | blacklist ${HOME}/.kde4/share/apps/kwin | 96 | deny ${HOME}/.kde4/share/apps/kwin |
97 | blacklist ${HOME}/.kde4/share/apps/plasma | 97 | deny ${HOME}/.kde4/share/apps/plasma |
98 | blacklist ${HOME}/.kde4/share/apps/solid | 98 | deny ${HOME}/.kde4/share/apps/solid |
99 | blacklist ${HOME}/.kde4/share/config/khotkeysrc | 99 | deny ${HOME}/.kde4/share/config/khotkeysrc |
100 | blacklist ${HOME}/.kde4/share/config/krunnerrc | 100 | deny ${HOME}/.kde4/share/config/krunnerrc |
101 | blacklist ${HOME}/.kde4/share/config/kscreensaverrc | 101 | deny ${HOME}/.kde4/share/config/kscreensaverrc |
102 | blacklist ${HOME}/.kde4/share/config/ksslcertificatemanager | 102 | deny ${HOME}/.kde4/share/config/ksslcertificatemanager |
103 | blacklist ${HOME}/.kde4/share/config/kwalletrc | 103 | deny ${HOME}/.kde4/share/config/kwalletrc |
104 | blacklist ${HOME}/.kde4/share/config/kwinrc | 104 | deny ${HOME}/.kde4/share/config/kwinrc |
105 | blacklist ${HOME}/.kde4/share/config/kwinrulesrc | 105 | deny ${HOME}/.kde4/share/config/kwinrulesrc |
106 | blacklist ${HOME}/.kde4/share/config/plasma-desktop-appletsrc | 106 | deny ${HOME}/.kde4/share/config/plasma-desktop-appletsrc |
107 | blacklist ${HOME}/.local/share/kglobalaccel | 107 | deny ${HOME}/.local/share/kglobalaccel |
108 | blacklist ${HOME}/.local/share/kwin | 108 | deny ${HOME}/.local/share/kwin |
109 | blacklist ${HOME}/.local/share/plasma | 109 | deny ${HOME}/.local/share/plasma |
110 | blacklist ${HOME}/.local/share/plasmashell | 110 | deny ${HOME}/.local/share/plasmashell |
111 | blacklist ${HOME}/.local/share/solid | 111 | deny ${HOME}/.local/share/solid |
112 | blacklist /tmp/konsole-*.history | 112 | deny /tmp/konsole-*.history |
113 | read-only ${HOME}/.cache/ksycoca5_* | 113 | read-only ${HOME}/.cache/ksycoca5_* |
114 | read-only ${HOME}/.config/*notifyrc | 114 | read-only ${HOME}/.config/*notifyrc |
115 | read-only ${HOME}/.config/kdeglobals | 115 | read-only ${HOME}/.config/kdeglobals |
@@ -138,124 +138,139 @@ read-only ${HOME}/.local/share/kservices5 | |||
138 | read-only ${HOME}/.local/share/kssl | 138 | read-only ${HOME}/.local/share/kssl |
139 | 139 | ||
140 | # KDE sockets | 140 | # KDE sockets |
141 | blacklist ${RUNUSER}/*.slave-socket | 141 | deny ${RUNUSER}/*.slave-socket |
142 | blacklist ${RUNUSER}/kdeinit5__* | 142 | deny ${RUNUSER}/kdeinit5__* |
143 | blacklist ${RUNUSER}/kdesud_* | 143 | deny ${RUNUSER}/kdesud_* |
144 | # see #3358 | 144 | # see #3358 |
145 | #?HAS_NODBUS: blacklist ${RUNUSER}/ksocket-* | 145 | #?HAS_NODBUS: blacklist ${RUNUSER}/ksocket-* |
146 | #?HAS_NODBUS: blacklist /tmp/ksocket-* | 146 | #?HAS_NODBUS: blacklist /tmp/ksocket-* |
147 | 147 | ||
148 | # gnome | 148 | # gnome |
149 | # contains extensions, last used times of applications, and notifications | 149 | # contains extensions, last used times of applications, and notifications |
150 | blacklist ${HOME}/.local/share/gnome-shell | 150 | deny ${HOME}/.local/share/gnome-shell |
151 | # contains recently used files and serials of static/removable storage | 151 | # contains recently used files and serials of static/removable storage |
152 | blacklist ${HOME}/.local/share/gvfs-metadata | 152 | deny ${HOME}/.local/share/gvfs-metadata |
153 | # no direct modification of dconf database | 153 | # no direct modification of dconf database |
154 | read-only ${HOME}/.config/dconf | 154 | read-only ${HOME}/.config/dconf |
155 | blacklist ${RUNUSER}/gnome-session-leader-fifo | 155 | deny ${RUNUSER}/gnome-session-leader-fifo |
156 | blacklist ${RUNUSER}/gnome-shell | 156 | deny ${RUNUSER}/gnome-shell |
157 | blacklist ${RUNUSER}/gsconnect | 157 | deny ${RUNUSER}/gsconnect |
158 | 158 | ||
159 | # systemd | 159 | # systemd |
160 | blacklist ${HOME}/.config/systemd | 160 | deny ${HOME}/.config/systemd |
161 | blacklist ${HOME}/.local/share/systemd | 161 | deny ${HOME}/.local/share/systemd |
162 | blacklist /var/lib/systemd | 162 | deny /var/lib/systemd |
163 | blacklist ${PATH}/systemd-run | 163 | deny ${PATH}/systemd-run |
164 | blacklist ${RUNUSER}/systemd | 164 | deny ${RUNUSER}/systemd |
165 | deny ${PATH}/systemctl | ||
166 | deny /etc/systemd/system | ||
167 | deny /etc/systemd/network | ||
165 | # creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf | 168 | # creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf |
166 | #blacklist /var/run/systemd | 169 | #blacklist /var/run/systemd |
167 | 170 | ||
168 | # openrc | 171 | # openrc |
169 | blacklist /etc/runlevels/ | 172 | deny /etc/runlevels/ |
170 | blacklist /etc/init.d/ | 173 | deny /etc/init.d/ |
171 | blacklist /etc/rc.conf | 174 | deny /etc/rc.conf |
172 | 175 | ||
173 | # VirtualBox | 176 | # VirtualBox |
174 | blacklist ${HOME}/.VirtualBox | 177 | deny ${HOME}/.VirtualBox |
175 | blacklist ${HOME}/.config/VirtualBox | 178 | deny ${HOME}/.config/VirtualBox |
176 | blacklist ${HOME}/VirtualBox VMs | 179 | deny ${HOME}/VirtualBox VMs |
177 | 180 | ||
178 | # GNOME Boxes | 181 | # GNOME Boxes |
179 | blacklist ${HOME}/.config/gnome-boxes | 182 | deny ${HOME}/.config/gnome-boxes |
180 | blacklist ${HOME}/.local/share/gnome-boxes | 183 | deny ${HOME}/.local/share/gnome-boxes |
181 | 184 | ||
182 | # libvirt | 185 | # libvirt |
183 | blacklist ${HOME}/.cache/libvirt | 186 | deny ${HOME}/.cache/libvirt |
184 | blacklist ${HOME}/.config/libvirt | 187 | deny ${HOME}/.config/libvirt |
185 | blacklist ${RUNUSER}/libvirt | 188 | deny ${RUNUSER}/libvirt |
186 | blacklist /var/cache/libvirt | 189 | deny /var/cache/libvirt |
187 | blacklist /var/lib/libvirt | 190 | deny /var/lib/libvirt |
188 | blacklist /var/log/libvirt | 191 | deny /var/log/libvirt |
189 | 192 | ||
190 | # OCI-Containers / Podman | 193 | # OCI-Containers / Podman |
191 | blacklist ${RUNUSER}/containers | 194 | deny ${RUNUSER}/containers |
192 | blacklist ${RUNUSER}/crun | 195 | deny ${RUNUSER}/crun |
193 | blacklist ${RUNUSER}/libpod | 196 | deny ${RUNUSER}/libpod |
194 | blacklist ${RUNUSER}/runc | 197 | deny ${RUNUSER}/runc |
195 | blacklist ${RUNUSER}/toolbox | 198 | deny ${RUNUSER}/toolbox |
196 | 199 | ||
197 | # VeraCrypt | 200 | # VeraCrypt |
198 | blacklist ${HOME}/.VeraCrypt | 201 | deny ${HOME}/.VeraCrypt |
199 | blacklist ${PATH}/veracrypt | 202 | deny ${PATH}/veracrypt |
200 | blacklist ${PATH}/veracrypt-uninstall.sh | 203 | deny ${PATH}/veracrypt-uninstall.sh |
201 | blacklist /usr/share/applications/veracrypt.* | 204 | deny /usr/share/applications/veracrypt.* |
202 | blacklist /usr/share/pixmaps/veracrypt.* | 205 | deny /usr/share/pixmaps/veracrypt.* |
203 | blacklist /usr/share/veracrypt | 206 | deny /usr/share/veracrypt |
204 | 207 | ||
205 | # TrueCrypt | 208 | # TrueCrypt |
206 | blacklist ${HOME}/.TrueCrypt | 209 | deny ${HOME}/.TrueCrypt |
207 | blacklist ${PATH}/truecrypt | 210 | deny ${PATH}/truecrypt |
208 | blacklist ${PATH}/truecrypt-uninstall.sh | 211 | deny ${PATH}/truecrypt-uninstall.sh |
209 | blacklist /usr/share/applications/truecrypt.* | 212 | deny /usr/share/applications/truecrypt.* |
210 | blacklist /usr/share/pixmaps/truecrypt.* | 213 | deny /usr/share/pixmaps/truecrypt.* |
211 | blacklist /usr/share/truecrypt | 214 | deny /usr/share/truecrypt |
212 | 215 | ||
213 | # zuluCrypt | 216 | # zuluCrypt |
214 | blacklist ${HOME}/.zuluCrypt | 217 | deny ${HOME}/.zuluCrypt |
215 | blacklist ${HOME}/.zuluCrypt-socket | 218 | deny ${HOME}/.zuluCrypt-socket |
216 | blacklist ${PATH}/zuluCrypt-cli | 219 | deny ${PATH}/zuluCrypt-cli |
217 | blacklist ${PATH}/zuluMount-cli | 220 | deny ${PATH}/zuluMount-cli |
218 | 221 | ||
219 | # var | 222 | # var |
220 | blacklist /var/cache/apt | 223 | deny /var/cache/apt |
221 | blacklist /var/cache/pacman | 224 | deny /var/cache/pacman |
222 | blacklist /var/lib/apt | 225 | deny /var/lib/apt |
223 | blacklist /var/lib/clamav | 226 | deny /var/lib/clamav |
224 | blacklist /var/lib/dkms | 227 | deny /var/lib/dkms |
225 | blacklist /var/lib/mysql/mysql.sock | 228 | deny /var/lib/mysql/mysql.sock |
226 | blacklist /var/lib/mysqld/mysql.sock | 229 | deny /var/lib/mysqld/mysql.sock |
227 | blacklist /var/lib/pacman | 230 | deny /var/lib/pacman |
228 | blacklist /var/lib/upower | 231 | deny /var/lib/upower |
229 | # blacklist /var/log - a virtual /var/log directory (mostly empty) is build up by default for | 232 | # blacklist /var/log - a virtual /var/log directory (mostly empty) is build up by default for |
230 | # every sandbox, unless --writable-var-log switch is activated | 233 | # every sandbox, unless --writable-var-log switch is activated |
231 | blacklist /var/mail | 234 | deny /var/mail |
232 | blacklist /var/opt | 235 | deny /var/opt |
233 | blacklist /var/run/acpid.socket | 236 | deny /var/run/acpid.socket |
234 | blacklist /var/run/docker.sock | 237 | deny /var/run/docker.sock |
235 | blacklist /var/run/minissdpd.sock | 238 | deny /var/run/minissdpd.sock |
236 | blacklist /var/run/mysql/mysqld.sock | 239 | deny /var/run/mysql/mysqld.sock |
237 | blacklist /var/run/mysqld/mysqld.sock | 240 | deny /var/run/mysqld/mysqld.sock |
238 | blacklist /var/run/rpcbind.sock | 241 | deny /var/run/rpcbind.sock |
239 | blacklist /var/run/screens | 242 | deny /var/run/screens |
240 | blacklist /var/spool/anacron | 243 | deny /var/spool/anacron |
241 | blacklist /var/spool/cron | 244 | deny /var/spool/cron |
242 | blacklist /var/spool/mail | 245 | deny /var/spool/mail |
243 | 246 | ||
244 | # etc | 247 | # etc |
245 | blacklist /etc/anacrontab | 248 | deny /etc/anacrontab |
246 | blacklist /etc/cron* | 249 | deny /etc/cron* |
247 | blacklist /etc/profile.d | 250 | deny /etc/profile.d |
248 | blacklist /etc/rc.local | 251 | deny /etc/rc.local |
249 | # rc1.d, rc2.d, ... | 252 | # rc1.d, rc2.d, ... |
250 | blacklist /etc/rc?.d | 253 | deny /etc/rc?.d |
251 | blacklist /etc/kernel* | 254 | deny /etc/kernel* |
252 | blacklist /etc/grub* | 255 | deny /etc/grub* |
253 | blacklist /etc/dkms | 256 | deny /etc/dkms |
254 | blacklist /etc/apparmor* | 257 | deny /etc/apparmor* |
255 | blacklist /etc/selinux | 258 | deny /etc/selinux |
256 | blacklist /etc/modules* | 259 | deny /etc/modules* |
257 | blacklist /etc/logrotate* | 260 | deny /etc/logrotate* |
258 | blacklist /etc/adduser.conf | 261 | deny /etc/adduser.conf |
262 | |||
263 | # hide config for various intrusion detection systems | ||
264 | deny /etc/rkhunter.conf | ||
265 | deny /var/lib/rkhunter | ||
266 | deny /etc/chkrootkit.conf | ||
267 | deny /etc/lynis | ||
268 | deny /etc/aide | ||
269 | deny /etc/logcheck | ||
270 | deny /etc/tripwire | ||
271 | deny /etc/snort | ||
272 | deny /etc/fail2ban.conf | ||
273 | deny /etc/suricata | ||
259 | 274 | ||
260 | # Startup files | 275 | # Startup files |
261 | read-only ${HOME}/.antigen | 276 | read-only ${HOME}/.antigen |
@@ -292,13 +307,13 @@ read-only ${HOME}/.zshrc | |||
292 | read-only ${HOME}/.zshrc.local | 307 | read-only ${HOME}/.zshrc.local |
293 | 308 | ||
294 | # Remote access | 309 | # Remote access |
295 | blacklist ${HOME}/.rhosts | 310 | deny ${HOME}/.rhosts |
296 | blacklist ${HOME}/.shosts | 311 | deny ${HOME}/.shosts |
297 | blacklist ${HOME}/.ssh/authorized_keys | 312 | deny ${HOME}/.ssh/authorized_keys |
298 | blacklist ${HOME}/.ssh/authorized_keys2 | 313 | deny ${HOME}/.ssh/authorized_keys2 |
299 | blacklist ${HOME}/.ssh/environment | 314 | deny ${HOME}/.ssh/environment |
300 | blacklist ${HOME}/.ssh/rc | 315 | deny ${HOME}/.ssh/rc |
301 | blacklist /etc/hosts.equiv | 316 | deny /etc/hosts.equiv |
302 | read-only ${HOME}/.ssh/config | 317 | read-only ${HOME}/.ssh/config |
303 | read-only ${HOME}/.ssh/config.d | 318 | read-only ${HOME}/.ssh/config.d |
304 | 319 | ||
@@ -359,200 +374,200 @@ read-only ${HOME}/.local/share/mime | |||
359 | read-only ${HOME}/.local/share/thumbnailers | 374 | read-only ${HOME}/.local/share/thumbnailers |
360 | 375 | ||
361 | # prevent access to ssh-agent | 376 | # prevent access to ssh-agent |
362 | blacklist /tmp/ssh-* | 377 | deny /tmp/ssh-* |
363 | 378 | ||
364 | # top secret | 379 | # top secret |
365 | blacklist ${HOME}/*.kdb | 380 | deny ${HOME}/*.kdb |
366 | blacklist ${HOME}/*.kdbx | 381 | deny ${HOME}/*.kdbx |
367 | blacklist ${HOME}/*.key | 382 | deny ${HOME}/*.key |
368 | blacklist ${HOME}/.Private | 383 | deny ${HOME}/.Private |
369 | blacklist ${HOME}/.caff | 384 | deny ${HOME}/.caff |
370 | blacklist ${HOME}/.cargo/credentials | 385 | deny ${HOME}/.cargo/credentials |
371 | blacklist ${HOME}/.cargo/credentials.toml | 386 | deny ${HOME}/.cargo/credentials.toml |
372 | blacklist ${HOME}/.cert | 387 | deny ${HOME}/.cert |
373 | blacklist ${HOME}/.config/keybase | 388 | deny ${HOME}/.config/keybase |
374 | blacklist ${HOME}/.davfs2/secrets | 389 | deny ${HOME}/.davfs2/secrets |
375 | blacklist ${HOME}/.ecryptfs | 390 | deny ${HOME}/.ecryptfs |
376 | blacklist ${HOME}/.fetchmailrc | 391 | deny ${HOME}/.fetchmailrc |
377 | blacklist ${HOME}/.fscrypt | 392 | deny ${HOME}/.fscrypt |
378 | blacklist ${HOME}/.git-credential-cache | 393 | deny ${HOME}/.git-credential-cache |
379 | blacklist ${HOME}/.git-credentials | 394 | deny ${HOME}/.git-credentials |
380 | blacklist ${HOME}/.gnome2/keyrings | 395 | deny ${HOME}/.gnome2/keyrings |
381 | blacklist ${HOME}/.gnupg | 396 | deny ${HOME}/.gnupg |
382 | blacklist ${HOME}/.config/hub | 397 | deny ${HOME}/.config/hub |
383 | blacklist ${HOME}/.kde/share/apps/kwallet | 398 | deny ${HOME}/.kde/share/apps/kwallet |
384 | blacklist ${HOME}/.kde4/share/apps/kwallet | 399 | deny ${HOME}/.kde4/share/apps/kwallet |
385 | blacklist ${HOME}/.local/share/keyrings | 400 | deny ${HOME}/.local/share/keyrings |
386 | blacklist ${HOME}/.local/share/kwalletd | 401 | deny ${HOME}/.local/share/kwalletd |
387 | blacklist ${HOME}/.local/share/plasma-vault | 402 | deny ${HOME}/.local/share/plasma-vault |
388 | blacklist ${HOME}/.msmtprc | 403 | deny ${HOME}/.msmtprc |
389 | blacklist ${HOME}/.mutt | 404 | deny ${HOME}/.mutt |
390 | blacklist ${HOME}/.muttrc | 405 | deny ${HOME}/.muttrc |
391 | blacklist ${HOME}/.netrc | 406 | deny ${HOME}/.netrc |
392 | blacklist ${HOME}/.nyx | 407 | deny ${HOME}/.nyx |
393 | blacklist ${HOME}/.pki | 408 | deny ${HOME}/.pki |
394 | blacklist ${HOME}/.local/share/pki | 409 | deny ${HOME}/.local/share/pki |
395 | blacklist ${HOME}/.smbcredentials | 410 | deny ${HOME}/.smbcredentials |
396 | blacklist ${HOME}/.ssh | 411 | deny ${HOME}/.ssh |
397 | blacklist ${HOME}/.vaults | 412 | deny ${HOME}/.vaults |
398 | blacklist /.fscrypt | 413 | deny /.fscrypt |
399 | blacklist /etc/davfs2/secrets | 414 | deny /etc/davfs2/secrets |
400 | blacklist /etc/group+ | 415 | deny /etc/group+ |
401 | blacklist /etc/group- | 416 | deny /etc/group- |
402 | blacklist /etc/gshadow | 417 | deny /etc/gshadow |
403 | blacklist /etc/gshadow+ | 418 | deny /etc/gshadow+ |
404 | blacklist /etc/gshadow- | 419 | deny /etc/gshadow- |
405 | blacklist /etc/passwd+ | 420 | deny /etc/passwd+ |
406 | blacklist /etc/passwd- | 421 | deny /etc/passwd- |
407 | blacklist /etc/shadow | 422 | deny /etc/shadow |
408 | blacklist /etc/shadow+ | 423 | deny /etc/shadow+ |
409 | blacklist /etc/shadow- | 424 | deny /etc/shadow- |
410 | blacklist /etc/ssh | 425 | deny /etc/ssh |
411 | blacklist /etc/ssh/* | 426 | deny /etc/ssh/* |
412 | blacklist /home/.ecryptfs | 427 | deny /home/.ecryptfs |
413 | blacklist /home/.fscrypt | 428 | deny /home/.fscrypt |
414 | blacklist /var/backup | 429 | deny /var/backup |
415 | 430 | ||
416 | # cloud provider configuration | 431 | # cloud provider configuration |
417 | blacklist ${HOME}/.aws | 432 | deny ${HOME}/.aws |
418 | blacklist ${HOME}/.boto | 433 | deny ${HOME}/.boto |
419 | blacklist ${HOME}/.config/gcloud | 434 | deny ${HOME}/.config/gcloud |
420 | blacklist ${HOME}/.kube | 435 | deny ${HOME}/.kube |
421 | blacklist ${HOME}/.passwd-s3fs | 436 | deny ${HOME}/.passwd-s3fs |
422 | blacklist ${HOME}/.s3cmd | 437 | deny ${HOME}/.s3cmd |
423 | blacklist /etc/boto.cfg | 438 | deny /etc/boto.cfg |
424 | 439 | ||
425 | # system directories | 440 | # system directories |
426 | blacklist /sbin | 441 | deny /sbin |
427 | blacklist /usr/local/sbin | 442 | deny /usr/local/sbin |
428 | blacklist /usr/sbin | 443 | deny /usr/sbin |
429 | 444 | ||
430 | # system management | 445 | # system management |
431 | blacklist ${PATH}/at | 446 | deny ${PATH}/at |
432 | blacklist ${PATH}/busybox | 447 | deny ${PATH}/busybox |
433 | blacklist ${PATH}/chage | 448 | deny ${PATH}/chage |
434 | blacklist ${PATH}/chfn | 449 | deny ${PATH}/chfn |
435 | blacklist ${PATH}/chsh | 450 | deny ${PATH}/chsh |
436 | blacklist ${PATH}/crontab | 451 | deny ${PATH}/crontab |
437 | blacklist ${PATH}/evtest | 452 | deny ${PATH}/evtest |
438 | blacklist ${PATH}/expiry | 453 | deny ${PATH}/expiry |
439 | blacklist ${PATH}/fusermount | 454 | deny ${PATH}/fusermount |
440 | blacklist ${PATH}/gksu | 455 | deny ${PATH}/gksu |
441 | blacklist ${PATH}/gksudo | 456 | deny ${PATH}/gksudo |
442 | blacklist ${PATH}/gpasswd | 457 | deny ${PATH}/gpasswd |
443 | blacklist ${PATH}/kdesudo | 458 | deny ${PATH}/kdesudo |
444 | blacklist ${PATH}/ksu | 459 | deny ${PATH}/ksu |
445 | blacklist ${PATH}/mount | 460 | deny ${PATH}/mount |
446 | blacklist ${PATH}/mount.ecryptfs_private | 461 | deny ${PATH}/mount.ecryptfs_private |
447 | blacklist ${PATH}/nc | 462 | deny ${PATH}/nc |
448 | blacklist ${PATH}/ncat | 463 | deny ${PATH}/ncat |
449 | blacklist ${PATH}/nmap | 464 | deny ${PATH}/nmap |
450 | blacklist ${PATH}/newgidmap | 465 | deny ${PATH}/newgidmap |
451 | blacklist ${PATH}/newgrp | 466 | deny ${PATH}/newgrp |
452 | blacklist ${PATH}/newuidmap | 467 | deny ${PATH}/newuidmap |
453 | blacklist ${PATH}/ntfs-3g | 468 | deny ${PATH}/ntfs-3g |
454 | blacklist ${PATH}/pkexec | 469 | deny ${PATH}/pkexec |
455 | blacklist ${PATH}/procmail | 470 | deny ${PATH}/procmail |
456 | blacklist ${PATH}/sg | 471 | deny ${PATH}/sg |
457 | blacklist ${PATH}/strace | 472 | deny ${PATH}/strace |
458 | blacklist ${PATH}/su | 473 | deny ${PATH}/su |
459 | blacklist ${PATH}/sudo | 474 | deny ${PATH}/sudo |
460 | blacklist ${PATH}/tcpdump | 475 | deny ${PATH}/tcpdump |
461 | blacklist ${PATH}/umount | 476 | deny ${PATH}/umount |
462 | blacklist ${PATH}/unix_chkpwd | 477 | deny ${PATH}/unix_chkpwd |
463 | blacklist ${PATH}/xev | 478 | deny ${PATH}/xev |
464 | blacklist ${PATH}/xinput | 479 | deny ${PATH}/xinput |
465 | 480 | ||
466 | # other SUID binaries | 481 | # other SUID binaries |
467 | blacklist /usr/lib/virtualbox | 482 | deny /usr/lib/virtualbox |
468 | blacklist /usr/lib64/virtualbox | 483 | deny /usr/lib64/virtualbox |
469 | 484 | ||
470 | # prevent lxterminal connecting to an existing lxterminal session | 485 | # prevent lxterminal connecting to an existing lxterminal session |
471 | blacklist /tmp/.lxterminal-socket* | 486 | deny /tmp/.lxterminal-socket* |
472 | # prevent tmux connecting to an existing session | 487 | # prevent tmux connecting to an existing session |
473 | blacklist /tmp/tmux-* | 488 | deny /tmp/tmux-* |
474 | 489 | ||
475 | # disable terminals running as server resulting in sandbox escape | 490 | # disable terminals running as server resulting in sandbox escape |
476 | blacklist ${PATH}/lxterminal | 491 | deny ${PATH}/lxterminal |
477 | blacklist ${PATH}/gnome-terminal | 492 | deny ${PATH}/gnome-terminal |
478 | blacklist ${PATH}/gnome-terminal.wrapper | 493 | deny ${PATH}/gnome-terminal.wrapper |
479 | blacklist ${PATH}/lilyterm | 494 | deny ${PATH}/lilyterm |
480 | blacklist ${PATH}/mate-terminal | 495 | deny ${PATH}/mate-terminal |
481 | blacklist ${PATH}/mate-terminal.wrapper | 496 | deny ${PATH}/mate-terminal.wrapper |
482 | blacklist ${PATH}/pantheon-terminal | 497 | deny ${PATH}/pantheon-terminal |
483 | blacklist ${PATH}/roxterm | 498 | deny ${PATH}/roxterm |
484 | blacklist ${PATH}/roxterm-config | 499 | deny ${PATH}/roxterm-config |
485 | blacklist ${PATH}/terminix | 500 | deny ${PATH}/terminix |
486 | blacklist ${PATH}/tilix | 501 | deny ${PATH}/tilix |
487 | blacklist ${PATH}/urxvtc | 502 | deny ${PATH}/urxvtc |
488 | blacklist ${PATH}/urxvtcd | 503 | deny ${PATH}/urxvtcd |
489 | blacklist ${PATH}/xfce4-terminal | 504 | deny ${PATH}/xfce4-terminal |
490 | blacklist ${PATH}/xfce4-terminal.wrapper | 505 | deny ${PATH}/xfce4-terminal.wrapper |
491 | # blacklist ${PATH}/konsole | 506 | # blacklist ${PATH}/konsole |
492 | # konsole doesn't seem to have this problem - last tested on Ubuntu 16.04 | 507 | # konsole doesn't seem to have this problem - last tested on Ubuntu 16.04 |
493 | 508 | ||
494 | # kernel files | 509 | # kernel files |
495 | blacklist /initrd* | 510 | deny /initrd* |
496 | blacklist /vmlinuz* | 511 | deny /vmlinuz* |
497 | 512 | ||
498 | # snapshot files | 513 | # snapshot files |
499 | blacklist /.snapshots | 514 | deny /.snapshots |
500 | 515 | ||
501 | # flatpak | 516 | # flatpak |
502 | blacklist ${HOME}/.cache/flatpak | 517 | deny ${HOME}/.cache/flatpak |
503 | blacklist ${HOME}/.config/flatpak | 518 | deny ${HOME}/.config/flatpak |
504 | noblacklist ${HOME}/.local/share/flatpak/exports | 519 | nodeny ${HOME}/.local/share/flatpak/exports |
505 | read-only ${HOME}/.local/share/flatpak/exports | 520 | read-only ${HOME}/.local/share/flatpak/exports |
506 | blacklist ${HOME}/.local/share/flatpak/* | 521 | deny ${HOME}/.local/share/flatpak/* |
507 | blacklist ${HOME}/.var | 522 | deny ${HOME}/.var |
508 | blacklist ${RUNUSER}/app | 523 | deny ${RUNUSER}/app |
509 | blacklist ${RUNUSER}/doc | 524 | deny ${RUNUSER}/doc |
510 | blacklist ${RUNUSER}/.dbus-proxy | 525 | deny ${RUNUSER}/.dbus-proxy |
511 | blacklist ${RUNUSER}/.flatpak | 526 | deny ${RUNUSER}/.flatpak |
512 | blacklist ${RUNUSER}/.flatpak-cache | 527 | deny ${RUNUSER}/.flatpak-cache |
513 | blacklist ${RUNUSER}/.flatpak-helper | 528 | deny ${RUNUSER}/.flatpak-helper |
514 | blacklist /usr/share/flatpak | 529 | deny /usr/share/flatpak |
515 | noblacklist /var/lib/flatpak/exports | 530 | nodeny /var/lib/flatpak/exports |
516 | blacklist /var/lib/flatpak/* | 531 | deny /var/lib/flatpak/* |
517 | # most of the time bwrap is SUID binary | 532 | # most of the time bwrap is SUID binary |
518 | blacklist ${PATH}/bwrap | 533 | deny ${PATH}/bwrap |
519 | 534 | ||
520 | # snap | 535 | # snap |
521 | blacklist ${RUNUSER}/snapd-session-agent.socket | 536 | deny ${RUNUSER}/snapd-session-agent.socket |
522 | 537 | ||
523 | # mail directories used by mutt | 538 | # mail directories used by mutt |
524 | blacklist ${HOME}/.Mail | 539 | deny ${HOME}/.Mail |
525 | blacklist ${HOME}/.mail | 540 | deny ${HOME}/.mail |
526 | blacklist ${HOME}/.signature | 541 | deny ${HOME}/.signature |
527 | blacklist ${HOME}/Mail | 542 | deny ${HOME}/Mail |
528 | blacklist ${HOME}/mail | 543 | deny ${HOME}/mail |
529 | blacklist ${HOME}/postponed | 544 | deny ${HOME}/postponed |
530 | blacklist ${HOME}/sent | 545 | deny ${HOME}/sent |
531 | 546 | ||
532 | # kernel configuration | 547 | # kernel configuration |
533 | blacklist /proc/config.gz | 548 | deny /proc/config.gz |
534 | 549 | ||
535 | # prevent DNS malware attempting to communicate with the server | 550 | # prevent DNS malware attempting to communicate with the server |
536 | # using regular DNS tools | 551 | # using regular DNS tools |
537 | blacklist ${PATH}/dig | 552 | deny ${PATH}/dig |
538 | blacklist ${PATH}/dlint | 553 | deny ${PATH}/dlint |
539 | blacklist ${PATH}/dns2tcp | 554 | deny ${PATH}/dns2tcp |
540 | blacklist ${PATH}/dnssec-* | 555 | deny ${PATH}/dnssec-* |
541 | blacklist ${PATH}/dnswalk | 556 | deny ${PATH}/dnswalk |
542 | blacklist ${PATH}/drill | 557 | deny ${PATH}/drill |
543 | blacklist ${PATH}/host | 558 | deny ${PATH}/host |
544 | blacklist ${PATH}/iodine | 559 | deny ${PATH}/iodine |
545 | blacklist ${PATH}/kdig | 560 | deny ${PATH}/kdig |
546 | blacklist ${PATH}/khost | 561 | deny ${PATH}/khost |
547 | blacklist ${PATH}/knsupdate | 562 | deny ${PATH}/knsupdate |
548 | blacklist ${PATH}/ldns-* | 563 | deny ${PATH}/ldns-* |
549 | blacklist ${PATH}/ldnsd | 564 | deny ${PATH}/ldnsd |
550 | blacklist ${PATH}/nslookup | 565 | deny ${PATH}/nslookup |
551 | blacklist ${PATH}/resolvectl | 566 | deny ${PATH}/resolvectl |
552 | blacklist ${PATH}/unbound-host | 567 | deny ${PATH}/unbound-host |
553 | 568 | ||
554 | # rest of ${RUNUSER} | 569 | # rest of ${RUNUSER} |
555 | blacklist ${RUNUSER}/*.lock | 570 | deny ${RUNUSER}/*.lock |
556 | blacklist ${RUNUSER}/inaccessible | 571 | deny ${RUNUSER}/inaccessible |
557 | blacklist ${RUNUSER}/pk-debconf-socket | 572 | deny ${RUNUSER}/pk-debconf-socket |
558 | blacklist ${RUNUSER}/update-notifier.pid | 573 | deny ${RUNUSER}/update-notifier.pid |
diff --git a/etc/inc/disable-devel.inc b/etc/inc/disable-devel.inc index e74b1b40b..a893eb3f3 100644 --- a/etc/inc/disable-devel.inc +++ b/etc/inc/disable-devel.inc | |||
@@ -5,65 +5,65 @@ include disable-devel.local | |||
5 | # development tools | 5 | # development tools |
6 | 6 | ||
7 | # clang/llvm | 7 | # clang/llvm |
8 | blacklist ${PATH}/clang* | 8 | deny ${PATH}/clang* |
9 | blacklist ${PATH}/lldb* | 9 | deny ${PATH}/lldb* |
10 | blacklist ${PATH}/llvm* | 10 | deny ${PATH}/llvm* |
11 | # see issue #2106 - it disables hardware acceleration in Firefox on Radeon GPU | 11 | # see issue #2106 - it disables hardware acceleration in Firefox on Radeon GPU |
12 | # blacklist /usr/lib/llvm* | 12 | # blacklist /usr/lib/llvm* |
13 | 13 | ||
14 | # GCC | 14 | # GCC |
15 | blacklist ${PATH}/as | 15 | deny ${PATH}/as |
16 | blacklist ${PATH}/cc | 16 | deny ${PATH}/cc |
17 | blacklist ${PATH}/c++* | 17 | deny ${PATH}/c++* |
18 | blacklist ${PATH}/c8* | 18 | deny ${PATH}/c8* |
19 | blacklist ${PATH}/c9* | 19 | deny ${PATH}/c9* |
20 | blacklist ${PATH}/cpp* | 20 | deny ${PATH}/cpp* |
21 | blacklist ${PATH}/g++* | 21 | deny ${PATH}/g++* |
22 | blacklist ${PATH}/gcc* | 22 | deny ${PATH}/gcc* |
23 | blacklist ${PATH}/gdb | 23 | deny ${PATH}/gdb |
24 | blacklist ${PATH}/ld | 24 | deny ${PATH}/ld |
25 | blacklist ${PATH}/*-gcc* | 25 | deny ${PATH}/*-gcc* |
26 | blacklist ${PATH}/*-g++* | 26 | deny ${PATH}/*-g++* |
27 | blacklist ${PATH}/*-gcc* | 27 | deny ${PATH}/*-gcc* |
28 | blacklist ${PATH}/*-g++* | 28 | deny ${PATH}/*-g++* |
29 | # seems to create problems on Gentoo | 29 | # seems to create problems on Gentoo |
30 | #blacklist /usr/lib/gcc | 30 | #blacklist /usr/lib/gcc |
31 | 31 | ||
32 | #Go | 32 | #Go |
33 | blacklist ${PATH}/gccgo | 33 | deny ${PATH}/gccgo |
34 | blacklist ${PATH}/go | 34 | deny ${PATH}/go |
35 | blacklist ${PATH}/gofmt | 35 | deny ${PATH}/gofmt |
36 | 36 | ||
37 | # Java | 37 | # Java |
38 | blacklist ${PATH}/java | 38 | deny ${PATH}/java |
39 | blacklist ${PATH}/javac | 39 | deny ${PATH}/javac |
40 | blacklist /etc/java | 40 | deny /etc/java |
41 | blacklist /usr/lib/java | 41 | deny /usr/lib/java |
42 | blacklist /usr/share/java | 42 | deny /usr/share/java |
43 | 43 | ||
44 | #OpenSSL | 44 | #OpenSSL |
45 | blacklist ${PATH}/openssl | 45 | deny ${PATH}/openssl |
46 | blacklist ${PATH}/openssl-1.0 | 46 | deny ${PATH}/openssl-1.0 |
47 | 47 | ||
48 | #Rust | 48 | #Rust |
49 | blacklist ${PATH}/rust-gdb | 49 | deny ${PATH}/rust-gdb |
50 | blacklist ${PATH}/rust-lldb | 50 | deny ${PATH}/rust-lldb |
51 | blacklist ${PATH}/rustc | 51 | deny ${PATH}/rustc |
52 | blacklist ${HOME}/.rustup | 52 | deny ${HOME}/.rustup |
53 | 53 | ||
54 | # tcc - Tiny C Compiler | 54 | # tcc - Tiny C Compiler |
55 | blacklist ${PATH}/tcc | 55 | deny ${PATH}/tcc |
56 | blacklist ${PATH}/x86_64-tcc | 56 | deny ${PATH}/x86_64-tcc |
57 | blacklist /usr/lib/tcc | 57 | deny /usr/lib/tcc |
58 | 58 | ||
59 | # Valgrind | 59 | # Valgrind |
60 | blacklist ${PATH}/valgrind* | 60 | deny ${PATH}/valgrind* |
61 | blacklist /usr/lib/valgrind | 61 | deny /usr/lib/valgrind |
62 | 62 | ||
63 | 63 | ||
64 | # Source-Code | 64 | # Source-Code |
65 | 65 | ||
66 | blacklist /usr/src | 66 | deny /usr/src |
67 | blacklist /usr/local/src | 67 | deny /usr/local/src |
68 | blacklist /usr/include | 68 | deny /usr/include |
69 | blacklist /usr/local/include | 69 | deny /usr/local/include |
diff --git a/etc/inc/disable-interpreters.inc b/etc/inc/disable-interpreters.inc index 5d8a236fb..c77d9a490 100644 --- a/etc/inc/disable-interpreters.inc +++ b/etc/inc/disable-interpreters.inc | |||
@@ -3,66 +3,66 @@ | |||
3 | include disable-interpreters.local | 3 | include disable-interpreters.local |
4 | 4 | ||
5 | # gjs | 5 | # gjs |
6 | blacklist ${PATH}/gjs | 6 | deny ${PATH}/gjs |
7 | blacklist ${PATH}/gjs-console | 7 | deny ${PATH}/gjs-console |
8 | blacklist /usr/lib/gjs | 8 | deny /usr/lib/gjs |
9 | blacklist /usr/lib/libgjs* | 9 | deny /usr/lib/libgjs* |
10 | blacklist /usr/lib64/gjs | 10 | deny /usr/lib64/gjs |
11 | blacklist /usr/lib64/libgjs* | 11 | deny /usr/lib64/libgjs* |
12 | 12 | ||
13 | # Lua | 13 | # Lua |
14 | blacklist ${PATH}/lua* | 14 | deny ${PATH}/lua* |
15 | blacklist /usr/include/lua* | 15 | deny /usr/include/lua* |
16 | blacklist /usr/lib/liblua* | 16 | deny /usr/lib/liblua* |
17 | blacklist /usr/lib/lua | 17 | deny /usr/lib/lua |
18 | blacklist /usr/lib64/liblua* | 18 | deny /usr/lib64/liblua* |
19 | blacklist /usr/lib64/lua | 19 | deny /usr/lib64/lua |
20 | blacklist /usr/share/lua* | 20 | deny /usr/share/lua* |
21 | 21 | ||
22 | # mozjs | 22 | # mozjs |
23 | blacklist /usr/lib/libmozjs-* | 23 | deny /usr/lib/libmozjs-* |
24 | blacklist /usr/lib64/libmozjs-* | 24 | deny /usr/lib64/libmozjs-* |
25 | 25 | ||
26 | # Node.js | 26 | # Node.js |
27 | blacklist ${PATH}/node | 27 | deny ${PATH}/node |
28 | blacklist /usr/include/node | 28 | deny /usr/include/node |
29 | 29 | ||
30 | # nvm | 30 | # nvm |
31 | blacklist ${HOME}/.nvm | 31 | deny ${HOME}/.nvm |
32 | 32 | ||
33 | # Perl | 33 | # Perl |
34 | blacklist ${PATH}/core_perl | 34 | deny ${PATH}/core_perl |
35 | blacklist ${PATH}/cpan* | 35 | deny ${PATH}/cpan* |
36 | blacklist ${PATH}/perl | 36 | deny ${PATH}/perl |
37 | blacklist ${PATH}/site_perl | 37 | deny ${PATH}/site_perl |
38 | blacklist ${PATH}/vendor_perl | 38 | deny ${PATH}/vendor_perl |
39 | blacklist /usr/lib/perl* | 39 | deny /usr/lib/perl* |
40 | blacklist /usr/lib64/perl* | 40 | deny /usr/lib64/perl* |
41 | blacklist /usr/share/perl* | 41 | deny /usr/share/perl* |
42 | 42 | ||
43 | # PHP | 43 | # PHP |
44 | blacklist ${PATH}/php* | 44 | deny ${PATH}/php* |
45 | blacklist /usr/lib/php* | 45 | deny /usr/lib/php* |
46 | blacklist /usr/share/php* | 46 | deny /usr/share/php* |
47 | 47 | ||
48 | # Ruby | 48 | # Ruby |
49 | blacklist ${PATH}/ruby | 49 | deny ${PATH}/ruby |
50 | blacklist /usr/lib/ruby | 50 | deny /usr/lib/ruby |
51 | 51 | ||
52 | # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus | 52 | # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus |
53 | # Python 2 | 53 | # Python 2 |
54 | blacklist ${PATH}/python2* | 54 | deny ${PATH}/python2* |
55 | blacklist /usr/include/python2* | 55 | deny /usr/include/python2* |
56 | blacklist /usr/lib/python2* | 56 | deny /usr/lib/python2* |
57 | blacklist /usr/local/lib/python2* | 57 | deny /usr/local/lib/python2* |
58 | blacklist /usr/share/python2* | 58 | deny /usr/share/python2* |
59 | 59 | ||
60 | # You will want to add noblacklist for python3 stuff in the firefox and/or chromium profiles if you use the Gnome connector (see Issue #2026) | 60 | # You will want to add noblacklist for python3 stuff in the firefox and/or chromium profiles if you use the Gnome connector (see Issue #2026) |
61 | 61 | ||
62 | # Python 3 | 62 | # Python 3 |
63 | blacklist ${PATH}/python3* | 63 | deny ${PATH}/python3* |
64 | blacklist /usr/include/python3* | 64 | deny /usr/include/python3* |
65 | blacklist /usr/lib/python3* | 65 | deny /usr/lib/python3* |
66 | blacklist /usr/lib64/python3* | 66 | deny /usr/lib64/python3* |
67 | blacklist /usr/local/lib/python3* | 67 | deny /usr/local/lib/python3* |
68 | blacklist /usr/share/python3* | 68 | deny /usr/share/python3* |
diff --git a/etc/inc/disable-passwdmgr.inc b/etc/inc/disable-passwdmgr.inc index 3ed9a1b14..0a61bc46f 100644 --- a/etc/inc/disable-passwdmgr.inc +++ b/etc/inc/disable-passwdmgr.inc | |||
@@ -2,18 +2,18 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include disable-passwdmgr.local | 3 | include disable-passwdmgr.local |
4 | 4 | ||
5 | blacklist ${HOME}/.config/Bitwarden | 5 | deny ${HOME}/.config/Bitwarden |
6 | blacklist ${HOME}/.config/KeePass | 6 | deny ${HOME}/.config/KeePass |
7 | blacklist ${HOME}/.config/keepass | 7 | deny ${HOME}/.config/keepass |
8 | blacklist ${HOME}/.config/keepassx | 8 | deny ${HOME}/.config/keepassx |
9 | blacklist ${HOME}/.config/keepassxc | 9 | deny ${HOME}/.config/keepassxc |
10 | blacklist ${HOME}/.config/KeePassXCrc | 10 | deny ${HOME}/.config/KeePassXCrc |
11 | blacklist ${HOME}/.config/Sinew Software Systems | 11 | deny ${HOME}/.config/Sinew Software Systems |
12 | blacklist ${HOME}/.fpm | 12 | deny ${HOME}/.fpm |
13 | blacklist ${HOME}/.keepass | 13 | deny ${HOME}/.keepass |
14 | blacklist ${HOME}/.keepassx | 14 | deny ${HOME}/.keepassx |
15 | blacklist ${HOME}/.keepassxc | 15 | deny ${HOME}/.keepassxc |
16 | blacklist ${HOME}/.lastpass | 16 | deny ${HOME}/.lastpass |
17 | blacklist ${HOME}/.local/share/KeePass | 17 | deny ${HOME}/.local/share/KeePass |
18 | blacklist ${HOME}/.local/share/keepass | 18 | deny ${HOME}/.local/share/keepass |
19 | blacklist ${HOME}/.password-store | 19 | deny ${HOME}/.password-store |
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 0e575e5eb..7b5bd0387 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -2,1094 +2,1105 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include disable-programs.local | 3 | include disable-programs.local |
4 | 4 | ||
5 | blacklist ${HOME}/Arduino | 5 | deny ${HOME}/.*coin |
6 | blacklist ${HOME}/i2p | 6 | deny ${HOME}/.8pecxstudios |
7 | blacklist ${HOME}/Monero/wallets | 7 | deny ${HOME}/.AndroidStudio* |
8 | blacklist ${HOME}/Nextcloud | 8 | deny ${HOME}/.Atom |
9 | blacklist ${HOME}/Nextcloud/Notes | 9 | deny ${HOME}/.CLion* |
10 | blacklist ${HOME}/SoftMaker | 10 | deny ${HOME}/.FBReader |
11 | blacklist ${HOME}/Standard Notes Backups | 11 | deny ${HOME}/.FontForge |
12 | blacklist ${HOME}/TeamSpeak3-Client-linux_x86 | 12 | deny ${HOME}/.IdeaIC* |
13 | blacklist ${HOME}/TeamSpeak3-Client-linux_amd64 | 13 | deny ${HOME}/.LuminanceHDR |
14 | blacklist ${HOME}/hyperrogue.ini | 14 | deny ${HOME}/.Mathematica |
15 | blacklist ${HOME}/mps | 15 | deny ${HOME}/.Natron |
16 | blacklist ${HOME}/wallet.dat | 16 | deny ${HOME}/.PlayOnLinux |
17 | blacklist ${HOME}/.*coin | 17 | deny ${HOME}/.PyCharm* |
18 | blacklist ${HOME}/.8pecxstudios | 18 | deny ${HOME}/.Sayonara |
19 | blacklist ${HOME}/.AndroidStudio* | 19 | deny ${HOME}/.Steam |
20 | blacklist ${HOME}/.Atom | 20 | deny ${HOME}/.Steampath |
21 | blacklist ${HOME}/.CLion* | 21 | deny ${HOME}/.Steampid |
22 | blacklist ${HOME}/.FBReader | 22 | deny ${HOME}/.TelegramDesktop |
23 | blacklist ${HOME}/.FontForge | 23 | deny ${HOME}/.VSCodium |
24 | blacklist ${HOME}/.IdeaIC* | 24 | deny ${HOME}/.ViberPC |
25 | blacklist ${HOME}/.LuminanceHDR | 25 | deny ${HOME}/.VirtualBox |
26 | blacklist ${HOME}/.Mathematica | 26 | deny ${HOME}/.WebStorm* |
27 | blacklist ${HOME}/.Natron | 27 | deny ${HOME}/.Wolfram Research |
28 | blacklist ${HOME}/.PlayOnLinux | 28 | deny ${HOME}/.ZAP |
29 | blacklist ${HOME}/.PyCharm* | 29 | deny ${HOME}/.aMule |
30 | blacklist ${HOME}/.Sayonara | 30 | deny ${HOME}/.abook |
31 | blacklist ${HOME}/.Steam | 31 | deny ${HOME}/.addressbook |
32 | blacklist ${HOME}/.Steampath | 32 | deny ${HOME}/.alpine-smime |
33 | blacklist ${HOME}/.Steampid | 33 | deny ${HOME}/.android |
34 | blacklist ${HOME}/.TelegramDesktop | 34 | deny ${HOME}/.anydesk |
35 | blacklist ${HOME}/.VSCodium | 35 | deny ${HOME}/.arduino15 |
36 | blacklist ${HOME}/.ViberPC | 36 | deny ${HOME}/.aria2 |
37 | blacklist ${HOME}/.VirtualBox | 37 | deny ${HOME}/.arm |
38 | blacklist ${HOME}/.WebStorm* | 38 | deny ${HOME}/.asunder_album_artist |
39 | blacklist ${HOME}/.Wolfram Research | 39 | deny ${HOME}/.asunder_album_genre |
40 | blacklist ${HOME}/.ZAP | 40 | deny ${HOME}/.asunder_album_title |
41 | blacklist ${HOME}/.abook | 41 | deny ${HOME}/.atom |
42 | blacklist ${HOME}/.addressbook | 42 | deny ${HOME}/.attic |
43 | blacklist ${HOME}/.alpine-smime | 43 | deny ${HOME}/.audacity-data |
44 | blacklist ${HOME}/.aMule | 44 | deny ${HOME}/.avidemux6 |
45 | blacklist ${HOME}/.android | 45 | deny ${HOME}/.ballbuster.hs |
46 | blacklist ${HOME}/.anydesk | 46 | deny ${HOME}/.balsa |
47 | blacklist ${HOME}/.arduino15 | 47 | deny ${HOME}/.bcast5 |
48 | blacklist ${HOME}/.aria2 | 48 | deny ${HOME}/.bibletime |
49 | blacklist ${HOME}/.arm | 49 | deny ${HOME}/.bitcoin |
50 | blacklist ${HOME}/.asunder_album_artist | 50 | deny ${HOME}/.blobby |
51 | blacklist ${HOME}/.asunder_album_genre | 51 | deny ${HOME}/.bogofilter |
52 | blacklist ${HOME}/.asunder_album_title | 52 | deny ${HOME}/.bzf |
53 | blacklist ${HOME}/.atom | 53 | deny ${HOME}/.cargo/* |
54 | blacklist ${HOME}/.attic | 54 | deny ${HOME}/.claws-mail |
55 | blacklist ${HOME}/.audacity-data | 55 | deny ${HOME}/.cliqz |
56 | blacklist ${HOME}/.avidemux6 | 56 | deny ${HOME}/.clion* |
57 | blacklist ${HOME}/.ballbuster.hs | 57 | deny ${HOME}/.clonk |
58 | blacklist ${HOME}/.balsa | 58 | deny ${HOME}/.config/0ad |
59 | blacklist ${HOME}/.bcast5 | 59 | deny ${HOME}/.config/2048-qt |
60 | blacklist ${HOME}/.bibletime | 60 | deny ${HOME}/.config/Atom |
61 | blacklist ${HOME}/.bitcoin | 61 | deny ${HOME}/.config/Audaciousrc |
62 | blacklist ${HOME}/.blobby | 62 | deny ${HOME}/.config/Authenticator |
63 | blacklist ${HOME}/.bogofilter | 63 | deny ${HOME}/.config/Beaker Browser |
64 | blacklist ${HOME}/.bzf | 64 | deny ${HOME}/.config/Bitcoin |
65 | blacklist ${HOME}/.cargo/* | 65 | deny ${HOME}/.config/Bitwarden |
66 | blacklist ${HOME}/.claws-mail | 66 | deny ${HOME}/.config/Brackets |
67 | blacklist ${HOME}/.cliqz | 67 | deny ${HOME}/.config/BraveSoftware |
68 | blacklist ${HOME}/.clonk | 68 | deny ${HOME}/.config/Clementine |
69 | blacklist ${HOME}/.config/0ad | 69 | deny ${HOME}/.config/Code |
70 | blacklist ${HOME}/.config/2048-qt | 70 | deny ${HOME}/.config/Code - OSS |
71 | blacklist ${HOME}/.config/Atom | 71 | deny ${HOME}/.config/Code Industry |
72 | blacklist ${HOME}/.config/Audaciousrc | 72 | deny ${HOME}/.config/Cryptocat |
73 | blacklist ${HOME}/.config/Authenticator | 73 | deny ${HOME}/.config/Debauchee/Barrier.conf |
74 | blacklist ${HOME}/.config/Beaker Browser | 74 | deny ${HOME}/.config/Dharkael |
75 | blacklist ${HOME}/.config/Bitcoin | 75 | deny ${HOME}/.config/ENCOM |
76 | blacklist ${HOME}/.config/Bitwarden | 76 | deny ${HOME}/.config/Element |
77 | blacklist ${HOME}/.config/Brackets | 77 | deny ${HOME}/.config/Element (Riot) |
78 | blacklist ${HOME}/.config/BraveSoftware | 78 | deny ${HOME}/.config/Enox |
79 | blacklist ${HOME}/.config/Clementine | 79 | deny ${HOME}/.config/Epic |
80 | blacklist ${HOME}/.config/Code | 80 | deny ${HOME}/.config/Ferdi |
81 | blacklist ${HOME}/.config/Code - OSS | 81 | deny ${HOME}/.config/Flavio Tordini |
82 | blacklist ${HOME}/.config/Code Industry | 82 | deny ${HOME}/.config/Franz |
83 | blacklist ${HOME}/.config/Cryptocat | 83 | deny ${HOME}/.config/FreeCAD |
84 | blacklist ${HOME}/.config/Debauchee/Barrier.conf | 84 | deny ${HOME}/.config/FreeTube |
85 | blacklist ${HOME}/.config/Dharkael | 85 | deny ${HOME}/.config/Fritzing |
86 | blacklist ${HOME}/.config/Element | 86 | deny ${HOME}/.config/GIMP |
87 | blacklist ${HOME}/.config/Element (Riot) | 87 | deny ${HOME}/.config/GitHub Desktop |
88 | blacklist ${HOME}/.config/ENCOM | 88 | deny ${HOME}/.config/Gitter |
89 | blacklist ${HOME}/.config/Enox | 89 | deny ${HOME}/.config/Google |
90 | blacklist ${HOME}/.config/Epic | 90 | deny ${HOME}/.config/Google Play Music Desktop Player |
91 | blacklist ${HOME}/.config/Ferdi | 91 | deny ${HOME}/.config/Gpredict |
92 | blacklist ${HOME}/.config/Flavio Tordini | 92 | deny ${HOME}/.config/INRIA |
93 | blacklist ${HOME}/.config/Franz | 93 | deny ${HOME}/.config/InSilmaril |
94 | blacklist ${HOME}/.config/FreeCAD | 94 | deny ${HOME}/.config/Jitsi Meet |
95 | blacklist ${HOME}/.config/FreeTube | 95 | deny ${HOME}/.config/JetBrains/CLion* |
96 | blacklist ${HOME}/.config/Fritzing | 96 | deny ${HOME}/.config/KDE/neochat |
97 | blacklist ${HOME}/.config/GIMP | 97 | deny ${HOME}/.config/Kid3 |
98 | blacklist ${HOME}/.config/GitHub Desktop | 98 | deny ${HOME}/.config/Kingsoft |
99 | blacklist ${HOME}/.config/Gitter | 99 | deny ${HOME}/.config/LibreCAD |
100 | blacklist ${HOME}/.config/Google | 100 | deny ${HOME}/.config/Loop_Hero |
101 | blacklist ${HOME}/.config/Google Play Music Desktop Player | 101 | deny ${HOME}/.config/Luminance |
102 | blacklist ${HOME}/.config/Gpredict | 102 | deny ${HOME}/.config/LyX |
103 | blacklist ${HOME}/.config/INRIA | 103 | deny ${HOME}/.config/Mattermost |
104 | blacklist ${HOME}/.config/InSilmaril | 104 | deny ${HOME}/.config/Meltytech |
105 | blacklist ${HOME}/.config/Jitsi Meet | 105 | deny ${HOME}/.config/Mendeley Ltd. |
106 | blacklist ${HOME}/.config/KDE/neochat | 106 | deny ${HOME}/.config/Microsoft |
107 | blacklist ${HOME}/.config/Kid3 | 107 | deny ${HOME}/.config/Min |
108 | blacklist ${HOME}/.config/Kingsoft | 108 | deny ${HOME}/.config/ModTheSpire |
109 | blacklist ${HOME}/.config/LibreCAD | 109 | deny ${HOME}/.config/Mousepad |
110 | blacklist ${HOME}/.config/Loop_Hero | 110 | deny ${HOME}/.config/Mumble |
111 | blacklist ${HOME}/.config/Luminance | 111 | deny ${HOME}/.config/MusE |
112 | blacklist ${HOME}/.config/LyX | 112 | deny ${HOME}/.config/MuseScore |
113 | blacklist ${HOME}/.config/Mattermost | 113 | deny ${HOME}/.config/MusicBrainz |
114 | blacklist ${HOME}/.config/Meltytech | 114 | deny ${HOME}/.config/Nathan Osman |
115 | blacklist ${HOME}/.config/Mendeley Ltd. | 115 | deny ${HOME}/.config/Nextcloud |
116 | blacklist ${HOME}/.config/Min | 116 | deny ${HOME}/.config/NitroShare |
117 | blacklist ${HOME}/.config/ModTheSpire | 117 | deny ${HOME}/.config/Nylas Mail |
118 | blacklist ${HOME}/.config/Mousepad | 118 | deny ${HOME}/.config/PBE |
119 | blacklist ${HOME}/.config/Mumble | 119 | deny ${HOME}/.config/PacmanLogViewer |
120 | blacklist ${HOME}/.config/MusE | 120 | deny ${HOME}/.config/PawelStolowski |
121 | blacklist ${HOME}/.config/MuseScore | 121 | deny ${HOME}/.config/Philipp Schmieder |
122 | blacklist ${HOME}/.config/MusicBrainz | 122 | deny ${HOME}/.config/Pinta |
123 | blacklist ${HOME}/.config/Nathan Osman | 123 | deny ${HOME}/.config/QGIS |
124 | blacklist ${HOME}/.config/Nextcloud | 124 | deny ${HOME}/.config/QMediathekView |
125 | blacklist ${HOME}/.config/Nylas Mail | 125 | deny ${HOME}/.config/Qlipper |
126 | blacklist ${HOME}/.config/PacmanLogViewer | 126 | deny ${HOME}/.config/QuiteRss |
127 | blacklist ${HOME}/.config/PawelStolowski | 127 | deny ${HOME}/.config/QuiteRssrc |
128 | blacklist ${HOME}/.config/PBE | 128 | deny ${HOME}/.config/Quotient |
129 | blacklist ${HOME}/.config/Philipp Schmieder | 129 | deny ${HOME}/.config/Rambox |
130 | blacklist ${HOME}/.config/QGIS | 130 | deny ${HOME}/.config/Riot |
131 | blacklist ${HOME}/.config/QMediathekView | 131 | deny ${HOME}/.config/Rocket.Chat |
132 | blacklist ${HOME}/.config/Qlipper | 132 | deny ${HOME}/.config/RogueLegacy |
133 | blacklist ${HOME}/.config/QuiteRss | 133 | deny ${HOME}/.config/RogueLegacyStorageContainer |
134 | blacklist ${HOME}/.config/QuiteRssrc | 134 | deny ${HOME}/.config/Signal |
135 | blacklist ${HOME}/.config/Quotient | 135 | deny ${HOME}/.config/Sinew Software Systems |
136 | blacklist ${HOME}/.config/Rambox | 136 | deny ${HOME}/.config/Slack |
137 | blacklist ${HOME}/.config/Riot | 137 | deny ${HOME}/.config/Standard Notes |
138 | blacklist ${HOME}/.config/Rocket.Chat | 138 | deny ${HOME}/.config/SubDownloader |
139 | blacklist ${HOME}/.config/RogueLegacy | 139 | deny ${HOME}/.config/Thunar |
140 | blacklist ${HOME}/.config/RogueLegacyStorageContainer | 140 | deny ${HOME}/.config/Twitch |
141 | blacklist ${HOME}/.config/Signal | 141 | deny ${HOME}/.config/Unknown Organization |
142 | blacklist ${HOME}/.config/Sinew Software Systems | 142 | deny ${HOME}/.config/VirtualBox |
143 | blacklist ${HOME}/.config/Slack | 143 | deny ${HOME}/.config/Whalebird |
144 | blacklist ${HOME}/.config/Standard Notes | 144 | deny ${HOME}/.config/Wire |
145 | blacklist ${HOME}/.config/SubDownloader | 145 | deny ${HOME}/.config/Youtube |
146 | blacklist ${HOME}/.config/Thunar | 146 | deny ${HOME}/.config/ZeGrapher Project |
147 | blacklist ${HOME}/.config/Twitch | 147 | deny ${HOME}/.config/Zeal |
148 | blacklist ${HOME}/.config/Unknown Organization | 148 | deny ${HOME}/.config/Zulip |
149 | blacklist ${HOME}/.config/VirtualBox | 149 | deny ${HOME}/.config/aacs |
150 | blacklist ${HOME}/.config/Wire | 150 | deny ${HOME}/.config/abiword |
151 | blacklist ${HOME}/.config/Youtube | 151 | deny ${HOME}/.config/agenda |
152 | blacklist ${HOME}/.config/Zeal | 152 | deny ${HOME}/.config/akonadi* |
153 | blacklist ${HOME}/.config/ZeGrapher Project | 153 | deny ${HOME}/.config/akregatorrc |
154 | blacklist ${HOME}/.config/aacs | 154 | deny ${HOME}/.config/alacritty |
155 | blacklist ${HOME}/.config/abiword | 155 | deny ${HOME}/.config/ardour4 |
156 | blacklist ${HOME}/.config/agenda | 156 | deny ${HOME}/.config/ardour5 |
157 | blacklist ${HOME}/.config/akonadi* | 157 | deny ${HOME}/.config/aria2 |
158 | blacklist ${HOME}/.config/akregatorrc | 158 | deny ${HOME}/.config/arkrc |
159 | blacklist ${HOME}/.config/alacritty | 159 | deny ${HOME}/.config/artha.conf |
160 | blacklist ${HOME}/.config/ardour4 | 160 | deny ${HOME}/.config/artha.log |
161 | blacklist ${HOME}/.config/ardour5 | 161 | deny ${HOME}/.config/asunder |
162 | blacklist ${HOME}/.config/aria2 | 162 | deny ${HOME}/.config/atril |
163 | blacklist ${HOME}/.config/arkrc | 163 | deny ${HOME}/.config/audacious |
164 | blacklist ${HOME}/.config/artha.conf | 164 | deny ${HOME}/.config/autokey |
165 | blacklist ${HOME}/.config/artha.log | 165 | deny ${HOME}/.config/avidemux3_qt5rc |
166 | blacklist ${HOME}/.config/asunder | 166 | deny ${HOME}/.config/aweather |
167 | blacklist ${HOME}/.config/atril | 167 | deny ${HOME}/.config/backintime |
168 | blacklist ${HOME}/.config/audacious | 168 | deny ${HOME}/.config/baloofilerc |
169 | blacklist ${HOME}/.config/autokey | 169 | deny ${HOME}/.config/baloorc |
170 | blacklist ${HOME}/.config/avidemux3_qt5rc | 170 | deny ${HOME}/.config/bcompare |
171 | blacklist ${HOME}/.config/aweather | 171 | deny ${HOME}/.config/blender |
172 | blacklist ${HOME}/.config/backintime | 172 | deny ${HOME}/.config/bless |
173 | blacklist ${HOME}/.config/baloofilerc | 173 | deny ${HOME}/.config/bnox |
174 | blacklist ${HOME}/.config/baloorc | 174 | deny ${HOME}/.config/borg |
175 | blacklist ${HOME}/.config/bcompare | 175 | deny ${HOME}/.config/brasero |
176 | blacklist ${HOME}/.config/blender | 176 | deny ${HOME}/.config/brave |
177 | blacklist ${HOME}/.config/bless | 177 | deny ${HOME}/.config/brave-flags.conf |
178 | blacklist ${HOME}/.config/bnox | 178 | deny ${HOME}/.config/caja |
179 | blacklist ${HOME}/.config/borg | 179 | deny ${HOME}/.config/calibre |
180 | blacklist ${HOME}/.config/brasero | 180 | deny ${HOME}/.config/cantata |
181 | blacklist ${HOME}/.config/brave | 181 | deny ${HOME}/.config/catfish |
182 | blacklist ${HOME}/.config/brave-flags.conf | 182 | deny ${HOME}/.config/cawbird |
183 | blacklist ${HOME}/.config/caja | 183 | deny ${HOME}/.config/celluloid |
184 | blacklist ${HOME}/.config/calibre | 184 | deny ${HOME}/.config/cherrytree |
185 | blacklist ${HOME}/.config/cantata | 185 | deny ${HOME}/.config/chrome-beta-flags.conf |
186 | blacklist ${HOME}/.config/catfish | 186 | deny ${HOME}/.config/chrome-beta-flags.config |
187 | blacklist ${HOME}/.config/cawbird | 187 | deny ${HOME}/.config/chrome-flags.conf |
188 | blacklist ${HOME}/.config/celluloid | 188 | deny ${HOME}/.config/chrome-flags.config |
189 | blacklist ${HOME}/.config/cherrytree | 189 | deny ${HOME}/.config/chrome-unstable-flags.conf |
190 | blacklist ${HOME}/.config/chrome-beta-flags.conf | 190 | deny ${HOME}/.config/chrome-unstable-flags.config |
191 | blacklist ${HOME}/.config/chrome-beta-flags.config | 191 | deny ${HOME}/.config/chromium |
192 | blacklist ${HOME}/.config/chrome-flags.conf | 192 | deny ${HOME}/.config/chromium-dev |
193 | blacklist ${HOME}/.config/chrome-flags.config | 193 | deny ${HOME}/.config/chromium-flags.conf |
194 | blacklist ${HOME}/.config/chrome-unstable-flags.conf | 194 | deny ${HOME}/.config/clipit |
195 | blacklist ${HOME}/.config/chrome-unstable-flags.config | 195 | deny ${HOME}/.config/cliqz |
196 | blacklist ${HOME}/.config/chromium | 196 | deny ${HOME}/.config/cmus |
197 | blacklist ${HOME}/.config/chromium-dev | 197 | deny ${HOME}/.config/com.github.bleakgrey.tootle |
198 | blacklist ${HOME}/.config/chromium-flags.conf | 198 | deny ${HOME}/.config/corebird |
199 | blacklist ${HOME}/.config/clipit | 199 | deny ${HOME}/.config/cower |
200 | blacklist ${HOME}/.config/cliqz | 200 | deny ${HOME}/.config/coyim |
201 | blacklist ${HOME}/.config/cmus | 201 | deny ${HOME}/.config/d-feet |
202 | blacklist ${HOME}/.config/com.github.bleakgrey.tootle | 202 | deny ${HOME}/.config/darktable |
203 | blacklist ${HOME}/.config/corebird | 203 | deny ${HOME}/.config/deadbeef |
204 | blacklist ${HOME}/.config/cower | 204 | deny ${HOME}/.config/deluge |
205 | blacklist ${HOME}/.config/coyim | 205 | deny ${HOME}/.config/devilspie2 |
206 | blacklist ${HOME}/.config/darktable | 206 | deny ${HOME}/.config/digikam |
207 | blacklist ${HOME}/.config/deadbeef | 207 | deny ${HOME}/.config/digikamrc |
208 | blacklist ${HOME}/.config/deluge | 208 | deny ${HOME}/.config/discord |
209 | blacklist ${HOME}/.config/devilspie2 | 209 | deny ${HOME}/.config/discordcanary |
210 | blacklist ${HOME}/.config/digikam | 210 | deny ${HOME}/.config/dkl |
211 | blacklist ${HOME}/.config/digikamrc | 211 | deny ${HOME}/.config/dnox |
212 | blacklist ${HOME}/.config/discord | 212 | deny ${HOME}/.config/dolphin-emu |
213 | blacklist ${HOME}/.config/discordcanary | 213 | deny ${HOME}/.config/dolphinrc |
214 | blacklist ${HOME}/.config/dkl | 214 | deny ${HOME}/.config/dragonplayerrc |
215 | blacklist ${HOME}/.config/dnox | 215 | deny ${HOME}/.config/draw.io |
216 | blacklist ${HOME}/.config/dolphin-emu | 216 | deny ${HOME}/.config/electron-mail |
217 | blacklist ${HOME}/.config/dolphinrc | 217 | deny ${HOME}/.config/emaildefaults |
218 | blacklist ${HOME}/.config/dragonplayerrc | 218 | deny ${HOME}/.config/emailidentities |
219 | blacklist ${HOME}/.config/draw.io | 219 | deny ${HOME}/.config/emilia |
220 | blacklist ${HOME}/.config/d-feet | 220 | deny ${HOME}/.config/enchant |
221 | blacklist ${HOME}/.config/electron-mail | 221 | deny ${HOME}/.config/eog |
222 | blacklist ${HOME}/.config/emaildefaults | 222 | deny ${HOME}/.config/epiphany |
223 | blacklist ${HOME}/.config/emailidentities | 223 | deny ${HOME}/.config/equalx |
224 | blacklist ${HOME}/.config/emilia | 224 | deny ${HOME}/.config/evince |
225 | blacklist ${HOME}/.config/enchant | 225 | deny ${HOME}/.config/evolution |
226 | blacklist ${HOME}/.config/eog | 226 | deny ${HOME}/.config/falkon |
227 | blacklist ${HOME}/.config/epiphany | 227 | deny ${HOME}/.config/filezilla |
228 | blacklist ${HOME}/.config/equalx | 228 | deny ${HOME}/.config/flameshot |
229 | blacklist ${HOME}/.config/evince | 229 | deny ${HOME}/.config/flaska.net |
230 | blacklist ${HOME}/.config/evolution | 230 | deny ${HOME}/.config/flowblade |
231 | blacklist ${HOME}/.config/falkon | 231 | deny ${HOME}/.config/font-manager |
232 | blacklist ${HOME}/.config/filezilla | 232 | deny ${HOME}/.config/freecol |
233 | blacklist ${HOME}/.config/flameshot | 233 | deny ${HOME}/.config/gajim |
234 | blacklist ${HOME}/.config/flaska.net | 234 | deny ${HOME}/.config/galculator |
235 | blacklist ${HOME}/.config/flowblade | 235 | deny ${HOME}/.config/gconf |
236 | blacklist ${HOME}/.config/font-manager | 236 | deny ${HOME}/.config/geany |
237 | blacklist ${HOME}/.config/freecol | 237 | deny ${HOME}/.config/geary |
238 | blacklist ${HOME}/.config/gajim | 238 | deny ${HOME}/.config/gedit |
239 | blacklist ${HOME}/.config/galculator | 239 | deny ${HOME}/.config/geeqie |
240 | blacklist ${HOME}/.config/gconf | 240 | deny ${HOME}/.config/ghb |
241 | blacklist ${HOME}/.config/geany | 241 | deny ${HOME}/.config/ghostwriter |
242 | blacklist ${HOME}/.config/geary | 242 | deny ${HOME}/.config/git |
243 | blacklist ${HOME}/.config/gedit | 243 | deny ${HOME}/.config/git-cola |
244 | blacklist ${HOME}/.config/geeqie | 244 | deny ${HOME}/.config/glade.conf |
245 | blacklist ${HOME}/.config/ghb | 245 | deny ${HOME}/.config/globaltime |
246 | blacklist ${HOME}/.config/ghostwriter | 246 | deny ${HOME}/.config/gmpc |
247 | blacklist ${HOME}/.config/git | 247 | deny ${HOME}/.config/gnome-builder |
248 | blacklist ${HOME}/.config/git-cola | 248 | deny ${HOME}/.config/gnome-chess |
249 | blacklist ${HOME}/.config/glade.conf | 249 | deny ${HOME}/.config/gnome-control-center |
250 | blacklist ${HOME}/.config/globaltime | 250 | deny ${HOME}/.config/gnome-initial-setup-done |
251 | blacklist ${HOME}/.config/gmpc | 251 | deny ${HOME}/.config/gnome-latex |
252 | blacklist ${HOME}/.config/gnome-builder | 252 | deny ${HOME}/.config/gnome-mplayer |
253 | blacklist ${HOME}/.config/gnome-chess | 253 | deny ${HOME}/.config/gnome-mpv |
254 | blacklist ${HOME}/.config/gnome-control-center | 254 | deny ${HOME}/.config/gnome-pie |
255 | blacklist ${HOME}/.config/gnome-initial-setup-done | 255 | deny ${HOME}/.config/gnome-session |
256 | blacklist ${HOME}/.config/gnome-latex | 256 | deny ${HOME}/.config/gnote |
257 | blacklist ${HOME}/.config/gnome-mplayer | 257 | deny ${HOME}/.config/godot |
258 | blacklist ${HOME}/.config/gnome-mpv | 258 | deny ${HOME}/.config/google-chrome |
259 | blacklist ${HOME}/.config/gnome-pie | 259 | deny ${HOME}/.config/google-chrome-beta |
260 | blacklist ${HOME}/.config/gnome-session | 260 | deny ${HOME}/.config/google-chrome-unstable |
261 | blacklist ${HOME}/.config/gnote | 261 | deny ${HOME}/.config/gpicview |
262 | blacklist ${HOME}/.config/godot | 262 | deny ${HOME}/.config/gthumb |
263 | blacklist ${HOME}/.config/google-chrome | 263 | deny ${HOME}/.config/gummi |
264 | blacklist ${HOME}/.config/google-chrome-beta | 264 | deny ${HOME}/.config/guvcview2 |
265 | blacklist ${HOME}/.config/google-chrome-unstable | 265 | deny ${HOME}/.config/gwenviewrc |
266 | blacklist ${HOME}/.config/gpicview | 266 | deny ${HOME}/.config/hexchat |
267 | blacklist ${HOME}/.config/gthumb | 267 | deny ${HOME}/.config/homebank |
268 | blacklist ${HOME}/.config/gummi | 268 | deny ${HOME}/.config/i2p |
269 | blacklist ${HOME}/.config/guvcview2 | 269 | deny ${HOME}/.config/inkscape |
270 | blacklist ${HOME}/.config/gwenviewrc | 270 | deny ${HOME}/.config/inox |
271 | blacklist ${HOME}/.config/hexchat | 271 | deny ${HOME}/.config/iridium |
272 | blacklist ${HOME}/.config/homebank | 272 | deny ${HOME}/.config/itch |
273 | blacklist ${HOME}/.config/i2p | 273 | deny ${HOME}/.config/jami |
274 | blacklist ${HOME}/.config/inkscape | 274 | deny ${HOME}/.config/jd-gui.cfg |
275 | blacklist ${HOME}/.config/inox | 275 | deny ${HOME}/.config/k3brc |
276 | blacklist ${HOME}/.config/iridium | 276 | deny ${HOME}/.config/kaffeinerc |
277 | blacklist ${HOME}/.config/itch | 277 | deny ${HOME}/.config/kalgebrarc |
278 | blacklist ${HOME}/.config/jami | 278 | deny ${HOME}/.config/katemetainfos |
279 | blacklist ${HOME}/.config/jd-gui.cfg | 279 | deny ${HOME}/.config/katepartrc |
280 | blacklist ${HOME}/.config/k3brc | 280 | deny ${HOME}/.config/katerc |
281 | blacklist ${HOME}/.config/kaffeinerc | 281 | deny ${HOME}/.config/kateschemarc |
282 | blacklist ${HOME}/.config/kalgebrarc | 282 | deny ${HOME}/.config/katesyntaxhighlightingrc |
283 | blacklist ${HOME}/.config/katemetainfos | 283 | deny ${HOME}/.config/katevirc |
284 | blacklist ${HOME}/.config/katepartrc | 284 | deny ${HOME}/.config/kazam |
285 | blacklist ${HOME}/.config/katerc | 285 | deny ${HOME}/.config/kdeconnect |
286 | blacklist ${HOME}/.config/kateschemarc | 286 | deny ${HOME}/.config/kdenliverc |
287 | blacklist ${HOME}/.config/katesyntaxhighlightingrc | 287 | deny ${HOME}/.config/kdiff3fileitemactionrc |
288 | blacklist ${HOME}/.config/katevirc | 288 | deny ${HOME}/.config/kdiff3rc |
289 | blacklist ${HOME}/.config/kazam | 289 | deny ${HOME}/.config/kfindrc |
290 | blacklist ${HOME}/.config/kdeconnect | 290 | deny ${HOME}/.config/kgetrc |
291 | blacklist ${HOME}/.config/kdenliverc | 291 | deny ${HOME}/.config/kid3rc |
292 | blacklist ${HOME}/.config/kdiff3fileitemactionrc | 292 | deny ${HOME}/.config/klavaro |
293 | blacklist ${HOME}/.config/kdiff3rc | 293 | deny ${HOME}/.config/klipperrc |
294 | blacklist ${HOME}/.config/kfindrc | 294 | deny ${HOME}/.config/kmail2rc |
295 | blacklist ${HOME}/.config/kgetrc | 295 | deny ${HOME}/.config/kmailsearchindexingrc |
296 | blacklist ${HOME}/.config/kid3rc | 296 | deny ${HOME}/.config/kmplayerrc |
297 | blacklist ${HOME}/.config/klavaro | 297 | deny ${HOME}/.config/knotesrc |
298 | blacklist ${HOME}/.config/klipperrc | 298 | deny ${HOME}/.config/konversation.notifyrc |
299 | blacklist ${HOME}/.config/kmail2rc | 299 | deny ${HOME}/.config/konversationrc |
300 | blacklist ${HOME}/.config/kmailsearchindexingrc | 300 | deny ${HOME}/.config/kritarc |
301 | blacklist ${HOME}/.config/kmplayerrc | 301 | deny ${HOME}/.config/ktorrentrc |
302 | blacklist ${HOME}/.config/knotesrc | 302 | deny ${HOME}/.config/ktouch2rc |
303 | blacklist ${HOME}/.config/konversationrc | 303 | deny ${HOME}/.config/kube |
304 | blacklist ${HOME}/.config/konversation.notifyrc | 304 | deny ${HOME}/.config/kwriterc |
305 | blacklist ${HOME}/.config/kritarc | 305 | deny ${HOME}/.config/leafpad |
306 | blacklist ${HOME}/.config/ktorrentrc | 306 | deny ${HOME}/.config/libreoffice |
307 | blacklist ${HOME}/.config/ktouch2rc | 307 | deny ${HOME}/.config/liferea |
308 | blacklist ${HOME}/.config/kube | 308 | deny ${HOME}/.config/linphone |
309 | blacklist ${HOME}/.config/kwriterc | 309 | deny ${HOME}/.config/lugaru |
310 | blacklist ${HOME}/.config/leafpad | 310 | deny ${HOME}/.config/lutris |
311 | blacklist ${HOME}/.config/libreoffice | 311 | deny ${HOME}/.config/lximage-qt |
312 | blacklist ${HOME}/.config/liferea | 312 | deny ${HOME}/.config/mailtransports |
313 | blacklist ${HOME}/.config/linphone | 313 | deny ${HOME}/.config/mana |
314 | blacklist ${HOME}/.config/lugaru | 314 | deny ${HOME}/.config/mate-calc |
315 | blacklist ${HOME}/.config/lutris | 315 | deny ${HOME}/.config/mate/eom |
316 | blacklist ${HOME}/.config/lximage-qt | 316 | deny ${HOME}/.config/mate/mate-dictionary |
317 | blacklist ${HOME}/.config/mailtransports | 317 | deny ${HOME}/.config/matrix-mirage |
318 | blacklist ${HOME}/.config/mana | 318 | deny ${HOME}/.config/mcomix |
319 | blacklist ${HOME}/.config/mate-calc | 319 | deny ${HOME}/.config/meld |
320 | blacklist ${HOME}/.config/mate/eom | 320 | deny ${HOME}/.config/menulibre.cfg |
321 | blacklist ${HOME}/.config/mate/mate-dictionary | 321 | deny ${HOME}/.config/meteo-qt |
322 | blacklist ${HOME}/.config/matrix-mirage | 322 | deny ${HOME}/.config/mfusion |
323 | blacklist ${HOME}/.config/mcomix | 323 | deny ${HOME}/.config/microsoft-edge-beta |
324 | blacklist ${HOME}/.config/meld | 324 | deny ${HOME}/.config/microsoft-edge-dev |
325 | blacklist ${HOME}/.config/meteo-qt | 325 | deny ${HOME}/.config/midori |
326 | blacklist ${HOME}/.config/menulibre.cfg | 326 | deny ${HOME}/.config/mirage |
327 | blacklist ${HOME}/.config/mfusion | 327 | deny ${HOME}/.config/mono |
328 | blacklist ${HOME}/.config/Microsoft | 328 | deny ${HOME}/.config/mpDris2 |
329 | blacklist ${HOME}/.config/microsoft-edge-dev | 329 | deny ${HOME}/.config/mpd |
330 | blacklist ${HOME}/.config/midori | 330 | deny ${HOME}/.config/mps-youtube |
331 | blacklist ${HOME}/.config/mirage | 331 | deny ${HOME}/.config/mpv |
332 | blacklist ${HOME}/.config/mono | 332 | deny ${HOME}/.config/mupen64plus |
333 | blacklist ${HOME}/.config/mpDris2 | 333 | deny ${HOME}/.config/mutt |
334 | blacklist ${HOME}/.config/mpd | 334 | deny ${HOME}/.config/mutter |
335 | blacklist ${HOME}/.config/mps-youtube | 335 | deny ${HOME}/.config/mypaint |
336 | blacklist ${HOME}/.config/mpv | 336 | deny ${HOME}/.config/nano |
337 | blacklist ${HOME}/.config/mupen64plus | 337 | deny ${HOME}/.config/nautilus |
338 | blacklist ${HOME}/.config/mutt | 338 | deny ${HOME}/.config/nemo |
339 | blacklist ${HOME}/.config/mutter | 339 | deny ${HOME}/.config/neochat.notifyrc |
340 | blacklist ${HOME}/.config/mypaint | 340 | deny ${HOME}/.config/neochatrc |
341 | blacklist ${HOME}/.config/nano | 341 | deny ${HOME}/.config/neomutt |
342 | blacklist ${HOME}/.config/nautilus | 342 | deny ${HOME}/.config/netsurf |
343 | blacklist ${HOME}/.config/nemo | 343 | deny ${HOME}/.config/newsbeuter |
344 | blacklist ${HOME}/.config/neochatrc | 344 | deny ${HOME}/.config/newsboat |
345 | blacklist ${HOME}/.config/neochat.notifyrc | 345 | deny ${HOME}/.config/newsflash |
346 | blacklist ${HOME}/.config/neomutt | 346 | deny ${HOME}/.config/nheko |
347 | blacklist ${HOME}/.config/netsurf | 347 | deny ${HOME}/.config/nomacs |
348 | blacklist ${HOME}/.config/newsbeuter | 348 | deny ${HOME}/.config/nuclear |
349 | blacklist ${HOME}/.config/newsboat | 349 | deny ${HOME}/.config/obs-studio |
350 | blacklist ${HOME}/.config/newsflash | 350 | deny ${HOME}/.config/okularpartrc |
351 | blacklist ${HOME}/.config/nheko | 351 | deny ${HOME}/.config/okularrc |
352 | blacklist ${HOME}/.config/NitroShare | 352 | deny ${HOME}/.config/onboard |
353 | blacklist ${HOME}/.config/nomacs | 353 | deny ${HOME}/.config/onionshare |
354 | blacklist ${HOME}/.config/nuclear | 354 | deny ${HOME}/.config/onlyoffice |
355 | blacklist ${HOME}/.config/obs-studio | 355 | deny ${HOME}/.config/openmw |
356 | blacklist ${HOME}/.config/okularpartrc | 356 | deny ${HOME}/.config/opera |
357 | blacklist ${HOME}/.config/okularrc | 357 | deny ${HOME}/.config/opera-beta |
358 | blacklist ${HOME}/.config/onboard | 358 | deny ${HOME}/.config/orage |
359 | blacklist ${HOME}/.config/onionshare | 359 | deny ${HOME}/.config/org.gabmus.gfeeds.json |
360 | blacklist ${HOME}/.config/onlyoffice | 360 | deny ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
361 | blacklist ${HOME}/.config/openmw | 361 | deny ${HOME}/.config/org.kde.gwenviewrc |
362 | blacklist ${HOME}/.config/opera | 362 | deny ${HOME}/.config/otter |
363 | blacklist ${HOME}/.config/opera-beta | 363 | deny ${HOME}/.config/pavucontrol-qt |
364 | blacklist ${HOME}/.config/orage | 364 | deny ${HOME}/.config/pavucontrol.ini |
365 | blacklist ${HOME}/.config/org.gabmus.gfeeds.json | 365 | deny ${HOME}/.config/pcmanfm |
366 | blacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 366 | deny ${HOME}/.config/pdfmod |
367 | blacklist ${HOME}/.config/org.kde.gwenviewrc | 367 | deny ${HOME}/.config/pipe-viewer |
368 | blacklist ${HOME}/.config/otter | 368 | deny ${HOME}/.config/pitivi |
369 | blacklist ${HOME}/.config/pavucontrol-qt | 369 | deny ${HOME}/.config/pix |
370 | blacklist ${HOME}/.config/pavucontrol.ini | 370 | deny ${HOME}/.config/pluma |
371 | blacklist ${HOME}/.config/pcmanfm | 371 | deny ${HOME}/.config/ppsspp |
372 | blacklist ${HOME}/.config/pdfmod | 372 | deny ${HOME}/.config/pragha |
373 | blacklist ${HOME}/.config/Pinta | 373 | deny ${HOME}/.config/profanity |
374 | blacklist ${HOME}/.config/pipe-viewer | 374 | deny ${HOME}/.config/psi |
375 | blacklist ${HOME}/.config/pitivi | 375 | deny ${HOME}/.config/psi+ |
376 | blacklist ${HOME}/.config/pix | 376 | deny ${HOME}/.config/qBittorrent |
377 | blacklist ${HOME}/.config/pluma | 377 | deny ${HOME}/.config/qBittorrentrc |
378 | blacklist ${HOME}/.config/ppsspp | 378 | deny ${HOME}/.config/qnapi.ini |
379 | blacklist ${HOME}/.config/pragha | 379 | deny ${HOME}/.config/qpdfview |
380 | blacklist ${HOME}/.config/profanity | 380 | deny ${HOME}/.config/quodlibet |
381 | blacklist ${HOME}/.config/psi | 381 | deny ${HOME}/.config/qupzilla |
382 | blacklist ${HOME}/.config/psi+ | 382 | deny ${HOME}/.config/qutebrowser |
383 | blacklist ${HOME}/.config/qBittorrent | 383 | deny ${HOME}/.config/ranger |
384 | blacklist ${HOME}/.config/qBittorrentrc | 384 | deny ${HOME}/.config/redshift |
385 | blacklist ${HOME}/.config/qnapi.ini | 385 | deny ${HOME}/.config/redshift.conf |
386 | blacklist ${HOME}/.config/qpdfview | 386 | deny ${HOME}/.config/remmina |
387 | blacklist ${HOME}/.config/quodlibet | 387 | deny ${HOME}/.config/ristretto |
388 | blacklist ${HOME}/.config/qupzilla | 388 | deny ${HOME}/.config/rtv |
389 | blacklist ${HOME}/.config/qutebrowser | 389 | deny ${HOME}/.config/scribus |
390 | blacklist ${HOME}/.config/ranger | 390 | deny ${HOME}/.config/scribusrc |
391 | blacklist ${HOME}/.config/redshift | 391 | deny ${HOME}/.config/sinew.in |
392 | blacklist ${HOME}/.config/redshift.conf | 392 | deny ${HOME}/.config/sink |
393 | blacklist ${HOME}/.config/remmina | 393 | deny ${HOME}/.config/skypeforlinux |
394 | blacklist ${HOME}/.config/ristretto | 394 | deny ${HOME}/.config/slimjet |
395 | blacklist ${HOME}/.config/rtv | 395 | deny ${HOME}/.config/smplayer |
396 | blacklist ${HOME}/.config/scribus | 396 | deny ${HOME}/.config/smtube |
397 | blacklist ${HOME}/.config/scribusrc | 397 | deny ${HOME}/.config/smuxi |
398 | blacklist ${HOME}/.config/sinew.in | 398 | deny ${HOME}/.config/snox |
399 | blacklist ${HOME}/.config/sink | 399 | deny ${HOME}/.config/sound-juicer |
400 | blacklist ${HOME}/.config/skypeforlinux | 400 | deny ${HOME}/.config/specialmailcollectionsrc |
401 | blacklist ${HOME}/.config/slimjet | 401 | deny ${HOME}/.config/spectaclerc |
402 | blacklist ${HOME}/.config/smplayer | 402 | deny ${HOME}/.config/spotify |
403 | blacklist ${HOME}/.config/smtube | 403 | deny ${HOME}/.config/sqlitebrowser |
404 | blacklist ${HOME}/.config/smuxi | 404 | deny ${HOME}/.config/stellarium |
405 | blacklist ${HOME}/.config/snox | 405 | deny ${HOME}/.config/straw-viewer |
406 | blacklist ${HOME}/.config/sound-juicer | 406 | deny ${HOME}/.config/strawberry |
407 | blacklist ${HOME}/.config/specialmailcollectionsrc | 407 | deny ${HOME}/.config/supertuxkart |
408 | blacklist ${HOME}/.config/spectaclerc | 408 | deny ${HOME}/.config/synfig |
409 | blacklist ${HOME}/.config/spotify | 409 | deny ${HOME}/.config/teams |
410 | blacklist ${HOME}/.config/sqlitebrowser | 410 | deny ${HOME}/.config/teams-for-linux |
411 | blacklist ${HOME}/.config/stellarium | 411 | deny ${HOME}/.config/telepathy-account-widgets |
412 | blacklist ${HOME}/.config/strawberry | 412 | deny ${HOME}/.config/torbrowser |
413 | blacklist ${HOME}/.config/straw-viewer | 413 | deny ${HOME}/.config/totem |
414 | blacklist ${HOME}/.config/supertuxkart | 414 | deny ${HOME}/.config/tox |
415 | blacklist ${HOME}/.config/synfig | 415 | deny ${HOME}/.config/transgui |
416 | blacklist ${HOME}/.config/teams | 416 | deny ${HOME}/.config/transmission |
417 | blacklist ${HOME}/.config/teams-for-linux | 417 | deny ${HOME}/.config/truecraft |
418 | blacklist ${HOME}/.config/telepathy-account-widgets | 418 | deny ${HOME}/.config/tuta_integration |
419 | blacklist ${HOME}/.config/torbrowser | 419 | deny ${HOME}/.config/tutanota-desktop |
420 | blacklist ${HOME}/.config/totem | 420 | deny ${HOME}/.config/tvbrowser |
421 | blacklist ${HOME}/.config/tox | 421 | deny ${HOME}/.config/uGet |
422 | blacklist ${HOME}/.config/transgui | 422 | deny ${HOME}/.config/ungoogled-chromium |
423 | blacklist ${HOME}/.config/transmission | 423 | deny ${HOME}/.config/uzbl |
424 | blacklist ${HOME}/.config/truecraft | 424 | deny ${HOME}/.config/viewnior |
425 | blacklist ${HOME}/.config/tuta_integration | 425 | deny ${HOME}/.config/vivaldi |
426 | blacklist ${HOME}/.config/tutanota-desktop | 426 | deny ${HOME}/.config/vivaldi-snapshot |
427 | blacklist ${HOME}/.config/tvbrowser | 427 | deny ${HOME}/.config/vlc |
428 | blacklist ${HOME}/.config/uGet | 428 | deny ${HOME}/.config/wesnoth |
429 | blacklist ${HOME}/.config/ungoogled-chromium | 429 | deny ${HOME}/.config/wireshark |
430 | blacklist ${HOME}/.config/uzbl | 430 | deny ${HOME}/.config/wormux |
431 | blacklist ${HOME}/.config/viewnior | 431 | deny ${HOME}/.config/xchat |
432 | blacklist ${HOME}/.config/vivaldi | 432 | deny ${HOME}/.config/xed |
433 | blacklist ${HOME}/.config/vivaldi-snapshot | 433 | deny ${HOME}/.config/xfburn |
434 | blacklist ${HOME}/.config/vlc | 434 | deny ${HOME}/.config/xfce4-dict |
435 | blacklist ${HOME}/.config/wesnoth | 435 | deny ${HOME}/.config/xfce4/xfce4-notes.gtkrc |
436 | blacklist ${HOME}/.config/wormux | 436 | deny ${HOME}/.config/xfce4/xfce4-notes.rc |
437 | blacklist ${HOME}/.config/Whalebird | 437 | deny ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml |
438 | blacklist ${HOME}/.config/wireshark | 438 | deny ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml |
439 | blacklist ${HOME}/.config/xchat | 439 | deny ${HOME}/.config/xiaoyong |
440 | blacklist ${HOME}/.config/xed | 440 | deny ${HOME}/.config/xmms2 |
441 | blacklist ${HOME}/.config/xfburn | 441 | deny ${HOME}/.config/xplayer |
442 | blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc | 442 | deny ${HOME}/.config/xreader |
443 | blacklist ${HOME}/.config/xfce4/xfce4-notes.rc | 443 | deny ${HOME}/.config/xviewer |
444 | blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml | 444 | deny ${HOME}/.config/yandex-browser |
445 | blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml | 445 | deny ${HOME}/.config/yandex-browser-beta |
446 | blacklist ${HOME}/.config/xfce4-dict | 446 | deny ${HOME}/.config/yelp |
447 | blacklist ${HOME}/.config/xiaoyong | 447 | deny ${HOME}/.config/youtube-dl |
448 | blacklist ${HOME}/.config/xmms2 | 448 | deny ${HOME}/.config/youtube-dlg |
449 | blacklist ${HOME}/.config/xplayer | 449 | deny ${HOME}/.config/youtube-music-desktop-app |
450 | blacklist ${HOME}/.config/xreader | 450 | deny ${HOME}/.config/youtube-viewer |
451 | blacklist ${HOME}/.config/xviewer | 451 | deny ${HOME}/.config/youtubemusic-nativefier-040164 |
452 | blacklist ${HOME}/.config/yandex-browser | 452 | deny ${HOME}/.config/zathura |
453 | blacklist ${HOME}/.config/yandex-browser-beta | 453 | deny ${HOME}/.config/zim |
454 | blacklist ${HOME}/.config/yelp | 454 | deny ${HOME}/.config/zoomus.conf |
455 | blacklist ${HOME}/.config/youtube-dl | 455 | deny ${HOME}/.conkeror.mozdev.org |
456 | blacklist ${HOME}/.config/youtube-dlg | 456 | deny ${HOME}/.crawl |
457 | blacklist ${HOME}/.config/youtubemusic-nativefier-040164 | 457 | deny ${HOME}/.cups |
458 | blacklist ${HOME}/.config/youtube-music-desktop-app | 458 | deny ${HOME}/.curl-hsts |
459 | blacklist ${HOME}/.config/youtube-viewer | 459 | deny ${HOME}/.curlrc |
460 | blacklist ${HOME}/.config/zathura | 460 | deny ${HOME}/.dashcore |
461 | blacklist ${HOME}/.config/zoomus.conf | 461 | deny ${HOME}/.devilspie |
462 | blacklist ${HOME}/.config/Zulip | 462 | deny ${HOME}/.dia |
463 | blacklist ${HOME}/.conkeror.mozdev.org | 463 | deny ${HOME}/.digrc |
464 | blacklist ${HOME}/.crawl | 464 | deny ${HOME}/.dillo |
465 | blacklist ${HOME}/.cups | 465 | deny ${HOME}/.dooble |
466 | blacklist ${HOME}/.curl-hsts | 466 | deny ${HOME}/.dosbox |
467 | blacklist ${HOME}/.curlrc | 467 | deny ${HOME}/.dropbox* |
468 | blacklist ${HOME}/.dashcore | 468 | deny ${HOME}/.easystroke |
469 | blacklist ${HOME}/.devilspie | 469 | deny ${HOME}/.electron-cache |
470 | blacklist ${HOME}/.dia | 470 | deny ${HOME}/.electrum* |
471 | blacklist ${HOME}/.digrc | 471 | deny ${HOME}/.elinks |
472 | blacklist ${HOME}/.dillo | 472 | deny ${HOME}/.emacs |
473 | blacklist ${HOME}/.dooble | 473 | deny ${HOME}/.emacs.d |
474 | blacklist ${HOME}/.dosbox | 474 | deny ${HOME}/.equalx |
475 | blacklist ${HOME}/.dropbox* | 475 | deny ${HOME}/.ethereum |
476 | blacklist ${HOME}/.easystroke | 476 | deny ${HOME}/.etr |
477 | blacklist ${HOME}/.electron-cache | 477 | deny ${HOME}/.filezilla |
478 | blacklist ${HOME}/.electrum* | 478 | deny ${HOME}/.firedragon |
479 | blacklist ${HOME}/.elinks | 479 | deny ${HOME}/.flowblade |
480 | blacklist ${HOME}/.emacs | 480 | deny ${HOME}/.fltk |
481 | blacklist ${HOME}/.emacs.d | 481 | deny ${HOME}/.fossamail |
482 | blacklist ${HOME}/.equalx | 482 | deny ${HOME}/.freeciv |
483 | blacklist ${HOME}/.ethereum | 483 | deny ${HOME}/.freecol |
484 | blacklist ${HOME}/.etr | 484 | deny ${HOME}/.freemind |
485 | blacklist ${HOME}/.filezilla | 485 | deny ${HOME}/.frogatto |
486 | blacklist ${HOME}/.firedragon | 486 | deny ${HOME}/.frozen-bubble |
487 | blacklist ${HOME}/.flowblade | 487 | deny ${HOME}/.funnyboat |
488 | blacklist ${HOME}/.fltk | 488 | deny ${HOME}/.gimp* |
489 | blacklist ${HOME}/.fossamail | 489 | deny ${HOME}/.gist |
490 | blacklist ${HOME}/.freeciv | 490 | deny ${HOME}/.gitconfig |
491 | blacklist ${HOME}/.freecol | 491 | deny ${HOME}/.gl-117 |
492 | blacklist ${HOME}/.freemind | 492 | deny ${HOME}/.glaxiumrc |
493 | blacklist ${HOME}/.frogatto | 493 | deny ${HOME}/.gnome/gnome-schedule |
494 | blacklist ${HOME}/.frozen-bubble | 494 | deny ${HOME}/.googleearth |
495 | blacklist ${HOME}/.funnyboat | 495 | deny ${HOME}/.gradle |
496 | blacklist ${HOME}/.gimp* | 496 | deny ${HOME}/.gramps |
497 | blacklist ${HOME}/.gist | 497 | deny ${HOME}/.guayadeque |
498 | blacklist ${HOME}/.gitconfig | 498 | deny ${HOME}/.hashcat |
499 | blacklist ${HOME}/.gl-117 | 499 | deny ${HOME}/.hedgewars |
500 | blacklist ${HOME}/.glaxiumrc | 500 | deny ${HOME}/.hex-a-hop |
501 | blacklist ${HOME}/.gnome/gnome-schedule | 501 | deny ${HOME}/.hugin |
502 | blacklist ${HOME}/.googleearth | 502 | deny ${HOME}/.i2p |
503 | blacklist ${HOME}/.gradle | 503 | deny ${HOME}/.icedove |
504 | blacklist ${HOME}/.gramps | 504 | deny ${HOME}/.imagej |
505 | blacklist ${HOME}/.guayadeque | 505 | deny ${HOME}/.inkscape |
506 | blacklist ${HOME}/.hashcat | 506 | deny ${HOME}/.itch |
507 | blacklist ${HOME}/.hex-a-hop | 507 | deny ${HOME}/.jack-server |
508 | blacklist ${HOME}/.hedgewars | 508 | deny ${HOME}/.jack-settings |
509 | blacklist ${HOME}/.hugin | 509 | deny ${HOME}/.jak |
510 | blacklist ${HOME}/.i2p | 510 | deny ${HOME}/.java |
511 | blacklist ${HOME}/.icedove | 511 | deny ${HOME}/.jd |
512 | blacklist ${HOME}/.imagej | 512 | deny ${HOME}/.jitsi |
513 | blacklist ${HOME}/.inkscape | 513 | deny ${HOME}/.jumpnbump |
514 | blacklist ${HOME}/.itch | 514 | deny ${HOME}/.kde/share/apps/digikam |
515 | blacklist ${HOME}/.jack-server | 515 | deny ${HOME}/.kde/share/apps/gwenview |
516 | blacklist ${HOME}/.jack-settings | 516 | deny ${HOME}/.kde/share/apps/kaffeine |
517 | blacklist ${HOME}/.jak | 517 | deny ${HOME}/.kde/share/apps/kcookiejar |
518 | blacklist ${HOME}/.java | 518 | deny ${HOME}/.kde/share/apps/kget |
519 | blacklist ${HOME}/.jd | 519 | deny ${HOME}/.kde/share/apps/khtml |
520 | blacklist ${HOME}/.jitsi | 520 | deny ${HOME}/.kde/share/apps/klatexformula |
521 | blacklist ${HOME}/.jumpnbump | 521 | deny ${HOME}/.kde/share/apps/konqsidebartng |
522 | blacklist ${HOME}/.kde/share/apps/digikam | 522 | deny ${HOME}/.kde/share/apps/konqueror |
523 | blacklist ${HOME}/.kde/share/apps/gwenview | 523 | deny ${HOME}/.kde/share/apps/kopete |
524 | blacklist ${HOME}/.kde/share/apps/kaffeine | 524 | deny ${HOME}/.kde/share/apps/ktorrent |
525 | blacklist ${HOME}/.kde/share/apps/kcookiejar | 525 | deny ${HOME}/.kde/share/apps/okular |
526 | blacklist ${HOME}/.kde/share/apps/kget | 526 | deny ${HOME}/.kde/share/config/baloofilerc |
527 | blacklist ${HOME}/.kde/share/apps/khtml | 527 | deny ${HOME}/.kde/share/config/baloorc |
528 | blacklist ${HOME}/.kde/share/apps/klatexformula | 528 | deny ${HOME}/.kde/share/config/digikam |
529 | blacklist ${HOME}/.kde/share/apps/konqsidebartng | 529 | deny ${HOME}/.kde/share/config/gwenviewrc |
530 | blacklist ${HOME}/.kde/share/apps/konqueror | 530 | deny ${HOME}/.kde/share/config/k3brc |
531 | blacklist ${HOME}/.kde/share/apps/kopete | 531 | deny ${HOME}/.kde/share/config/kaffeinerc |
532 | blacklist ${HOME}/.kde/share/apps/ktorrent | 532 | deny ${HOME}/.kde/share/config/kcookiejarrc |
533 | blacklist ${HOME}/.kde/share/apps/okular | 533 | deny ${HOME}/.kde/share/config/kfindrc |
534 | blacklist ${HOME}/.kde/share/config/baloofilerc | 534 | deny ${HOME}/.kde/share/config/kgetrc |
535 | blacklist ${HOME}/.kde/share/config/baloorc | 535 | deny ${HOME}/.kde/share/config/khtmlrc |
536 | blacklist ${HOME}/.kde/share/config/digikam | 536 | deny ${HOME}/.kde/share/config/klipperrc |
537 | blacklist ${HOME}/.kde/share/config/gwenviewrc | 537 | deny ${HOME}/.kde/share/config/kmplayerrc |
538 | blacklist ${HOME}/.kde/share/config/k3brc | 538 | deny ${HOME}/.kde/share/config/konq_history |
539 | blacklist ${HOME}/.kde/share/config/kaffeinerc | 539 | deny ${HOME}/.kde/share/config/konqsidebartngrc |
540 | blacklist ${HOME}/.kde/share/config/kcookiejarrc | 540 | deny ${HOME}/.kde/share/config/konquerorrc |
541 | blacklist ${HOME}/.kde/share/config/kfindrc | 541 | deny ${HOME}/.kde/share/config/konversationrc |
542 | blacklist ${HOME}/.kde/share/config/kgetrc | 542 | deny ${HOME}/.kde/share/config/kopeterc |
543 | blacklist ${HOME}/.kde/share/config/khtmlrc | 543 | deny ${HOME}/.kde/share/config/ktorrentrc |
544 | blacklist ${HOME}/.kde/share/config/klipperrc | 544 | deny ${HOME}/.kde/share/config/okularpartrc |
545 | blacklist ${HOME}/.kde/share/config/kmplayerrc | 545 | deny ${HOME}/.kde/share/config/okularrc |
546 | blacklist ${HOME}/.kde/share/config/konq_history | 546 | deny ${HOME}/.kde4/share/apps/digikam |
547 | blacklist ${HOME}/.kde/share/config/konqsidebartngrc | 547 | deny ${HOME}/.kde4/share/apps/gwenview |
548 | blacklist ${HOME}/.kde/share/config/konquerorrc | 548 | deny ${HOME}/.kde4/share/apps/kaffeine |
549 | blacklist ${HOME}/.kde/share/config/konversationrc | 549 | deny ${HOME}/.kde4/share/apps/kcookiejar |
550 | blacklist ${HOME}/.kde/share/config/kopeterc | 550 | deny ${HOME}/.kde4/share/apps/kget |
551 | blacklist ${HOME}/.kde/share/config/ktorrentrc | 551 | deny ${HOME}/.kde4/share/apps/khtml |
552 | blacklist ${HOME}/.kde/share/config/okularpartrc | 552 | deny ${HOME}/.kde4/share/apps/konqsidebartng |
553 | blacklist ${HOME}/.kde/share/config/okularrc | 553 | deny ${HOME}/.kde4/share/apps/konqueror |
554 | blacklist ${HOME}/.kde4/share/apps/digikam | 554 | deny ${HOME}/.kde4/share/apps/kopete |
555 | blacklist ${HOME}/.kde4/share/apps/gwenview | 555 | deny ${HOME}/.kde4/share/apps/ktorrent |
556 | blacklist ${HOME}/.kde4/share/apps/kaffeine | 556 | deny ${HOME}/.kde4/share/apps/okular |
557 | blacklist ${HOME}/.kde4/share/apps/kcookiejar | 557 | deny ${HOME}/.kde4/share/config/baloofilerc |
558 | blacklist ${HOME}/.kde4/share/apps/kget | 558 | deny ${HOME}/.kde4/share/config/baloorc |
559 | blacklist ${HOME}/.kde4/share/apps/khtml | 559 | deny ${HOME}/.kde4/share/config/digikam |
560 | blacklist ${HOME}/.kde4/share/apps/konqsidebartng | 560 | deny ${HOME}/.kde4/share/config/gwenviewrc |
561 | blacklist ${HOME}/.kde4/share/apps/konqueror | 561 | deny ${HOME}/.kde4/share/config/k3brc |
562 | blacklist ${HOME}/.kde4/share/apps/kopete | 562 | deny ${HOME}/.kde4/share/config/kaffeinerc |
563 | blacklist ${HOME}/.kde4/share/apps/ktorrent | 563 | deny ${HOME}/.kde4/share/config/kcookiejarrc |
564 | blacklist ${HOME}/.kde4/share/apps/okular | 564 | deny ${HOME}/.kde4/share/config/kfindrc |
565 | blacklist ${HOME}/.kde4/share/config/baloofilerc | 565 | deny ${HOME}/.kde4/share/config/kgetrc |
566 | blacklist ${HOME}/.kde4/share/config/baloorc | 566 | deny ${HOME}/.kde4/share/config/khtmlrc |
567 | blacklist ${HOME}/.kde4/share/config/digikam | 567 | deny ${HOME}/.kde4/share/config/klipperrc |
568 | blacklist ${HOME}/.kde4/share/config/gwenviewrc | 568 | deny ${HOME}/.kde4/share/config/konq_history |
569 | blacklist ${HOME}/.kde4/share/config/k3brc | 569 | deny ${HOME}/.kde4/share/config/konqsidebartngrc |
570 | blacklist ${HOME}/.kde4/share/config/kaffeinerc | 570 | deny ${HOME}/.kde4/share/config/konquerorrc |
571 | blacklist ${HOME}/.kde4/share/config/kcookiejarrc | 571 | deny ${HOME}/.kde4/share/config/konversationrc |
572 | blacklist ${HOME}/.kde4/share/config/kfindrc | 572 | deny ${HOME}/.kde4/share/config/kopeterc |
573 | blacklist ${HOME}/.kde4/share/config/kgetrc | 573 | deny ${HOME}/.kde4/share/config/ktorrentrc |
574 | blacklist ${HOME}/.kde4/share/config/khtmlrc | 574 | deny ${HOME}/.kde4/share/config/okularpartrc |
575 | blacklist ${HOME}/.kde4/share/config/klipperrc | 575 | deny ${HOME}/.kde4/share/config/okularrc |
576 | blacklist ${HOME}/.kde4/share/config/konq_history | 576 | deny ${HOME}/.killingfloor |
577 | blacklist ${HOME}/.kde4/share/config/konqsidebartngrc | 577 | deny ${HOME}/.kingsoft |
578 | blacklist ${HOME}/.kde4/share/config/konquerorrc | 578 | deny ${HOME}/.kino-history |
579 | blacklist ${HOME}/.kde4/share/config/konversationrc | 579 | deny ${HOME}/.kinorc |
580 | blacklist ${HOME}/.kde4/share/config/kopeterc | 580 | deny ${HOME}/.klatexformula |
581 | blacklist ${HOME}/.kde4/share/config/ktorrentrc | 581 | deny ${HOME}/.klei |
582 | blacklist ${HOME}/.kde4/share/config/okularpartrc | 582 | deny ${HOME}/.kodi |
583 | blacklist ${HOME}/.kde4/share/config/okularrc | 583 | deny ${HOME}/.librewolf |
584 | blacklist ${HOME}/.killingfloor | 584 | deny ${HOME}/.lincity-ng |
585 | blacklist ${HOME}/.kingsoft | 585 | deny ${HOME}/.links |
586 | blacklist ${HOME}/.kino-history | 586 | deny ${HOME}/.links2 |
587 | blacklist ${HOME}/.kinorc | 587 | deny ${HOME}/.linphone-history.db |
588 | blacklist ${HOME}/.klatexformula | 588 | deny ${HOME}/.linphonerc |
589 | blacklist ${HOME}/.klei | 589 | deny ${HOME}/.lmmsrc.xml |
590 | blacklist ${HOME}/.kodi | 590 | deny ${HOME}/.local/lib/vivaldi |
591 | blacklist ${HOME}/.librewolf | 591 | deny ${HOME}/.local/share/0ad |
592 | blacklist ${HOME}/.lincity-ng | 592 | deny ${HOME}/.local/share/3909/PapersPlease |
593 | blacklist ${HOME}/.links | 593 | deny ${HOME}/.local/share/Anki2 |
594 | blacklist ${HOME}/.links2 | 594 | deny ${HOME}/.local/share/Dredmor |
595 | blacklist ${HOME}/.linphone-history.db | 595 | deny ${HOME}/.local/share/Empathy |
596 | blacklist ${HOME}/.linphonerc | 596 | deny ${HOME}/.local/share/Enpass |
597 | blacklist ${HOME}/.lmmsrc.xml | 597 | deny ${HOME}/.local/share/FasterThanLight |
598 | blacklist ${HOME}/.local/lib/vivaldi | 598 | deny ${HOME}/.local/share/Flavio Tordini |
599 | blacklist ${HOME}/.local/share/0ad | 599 | deny ${HOME}/.local/share/IntoTheBreach |
600 | blacklist ${HOME}/.local/share/3909/PapersPlease | 600 | deny ${HOME}/.local/share/JetBrains |
601 | blacklist ${HOME}/.local/share/Anki2 | 601 | deny ${HOME}/.local/share/KDE/neochat |
602 | blacklist ${HOME}/.local/share/Dredmor | 602 | deny ${HOME}/.local/share/Kingsoft |
603 | blacklist ${HOME}/.local/share/Empathy | 603 | deny ${HOME}/.local/share/LibreCAD |
604 | blacklist ${HOME}/.local/share/Enpass | 604 | deny ${HOME}/.local/share/Mendeley Ltd. |
605 | blacklist ${HOME}/.local/share/Flavio Tordini | 605 | deny ${HOME}/.local/share/Mumble |
606 | blacklist ${HOME}/.local/share/JetBrains | 606 | deny ${HOME}/.local/share/Nextcloud |
607 | blacklist ${HOME}/.local/share/KDE/neochat | 607 | deny ${HOME}/.local/share/PBE |
608 | blacklist ${HOME}/.local/share/Kingsoft | 608 | deny ${HOME}/.local/share/Paradox Interactive |
609 | blacklist ${HOME}/.local/share/LibreCAD | 609 | deny ${HOME}/.local/share/PawelStolowski |
610 | blacklist ${HOME}/.local/share/Mendeley Ltd. | 610 | deny ${HOME}/.local/share/PillarsOfEternity |
611 | blacklist ${HOME}/.local/share/Mumble | 611 | deny ${HOME}/.local/share/Psi |
612 | blacklist ${HOME}/.local/share/Nextcloud | 612 | deny ${HOME}/.local/share/QGIS |
613 | blacklist ${HOME}/.local/share/PBE | 613 | deny ${HOME}/.local/share/QMediathekView |
614 | blacklist ${HOME}/.local/share/PawelStolowski | 614 | deny ${HOME}/.local/share/QuiteRss |
615 | blacklist ${HOME}/.local/share/PillarsOfEternity | 615 | deny ${HOME}/.local/share/Ricochet |
616 | blacklist ${HOME}/.local/share/Psi | 616 | deny ${HOME}/.local/share/RogueLegacy |
617 | blacklist ${HOME}/.local/share/QGIS | 617 | deny ${HOME}/.local/share/RogueLegacyStorageContainer |
618 | blacklist ${HOME}/.local/share/QMediathekView | 618 | deny ${HOME}/.local/share/Shortwave |
619 | blacklist ${HOME}/.local/share/QuiteRss | 619 | deny ${HOME}/.local/share/Steam |
620 | blacklist ${HOME}/.local/share/Ricochet | 620 | deny ${HOME}/.local/share/SteamWorld Dig 2 |
621 | blacklist ${HOME}/.local/share/RogueLegacy | 621 | deny ${HOME}/.local/share/SteamWorldDig |
622 | blacklist ${HOME}/.local/share/RogueLegacyStorageContainer | 622 | deny ${HOME}/.local/share/SuperHexagon |
623 | blacklist ${HOME}/.local/share/Shortwave | 623 | deny ${HOME}/.local/share/TelegramDesktop |
624 | blacklist ${HOME}/.local/share/Steam | 624 | deny ${HOME}/.local/share/Terraria |
625 | blacklist ${HOME}/.local/share/SteamWorldDig | 625 | deny ${HOME}/.local/share/TpLogger |
626 | blacklist ${HOME}/.local/share/SteamWorld Dig 2 | 626 | deny ${HOME}/.local/share/Zeal |
627 | blacklist ${HOME}/.local/share/SuperHexagon | 627 | deny ${HOME}/.local/share/agenda |
628 | blacklist ${HOME}/.local/share/TelegramDesktop | 628 | deny ${HOME}/.local/share/akonadi* |
629 | blacklist ${HOME}/.local/share/Terraria | 629 | deny ${HOME}/.local/share/akregator |
630 | blacklist ${HOME}/.local/share/TpLogger | 630 | deny ${HOME}/.local/share/apps/korganizer |
631 | blacklist ${HOME}/.local/share/Zeal | 631 | deny ${HOME}/.local/share/aspyr-media |
632 | blacklist ${HOME}/.local/share/akonadi* | 632 | deny ${HOME}/.local/share/authenticator-rs |
633 | blacklist ${HOME}/.local/share/akregator | 633 | deny ${HOME}/.local/share/autokey |
634 | blacklist ${HOME}/.local/share/agenda | 634 | deny ${HOME}/.local/share/backintime |
635 | blacklist ${HOME}/.local/share/apps/korganizer | 635 | deny ${HOME}/.local/share/baloo |
636 | blacklist ${HOME}/.local/share/aspyr-media | 636 | deny ${HOME}/.local/share/barrier |
637 | blacklist ${HOME}/.local/share/autokey | 637 | deny ${HOME}/.local/share/bibletime |
638 | blacklist ${HOME}/.local/share/authenticator-rs | 638 | deny ${HOME}/.local/share/bijiben |
639 | blacklist ${HOME}/.local/share/backintime | 639 | deny ${HOME}/.local/share/bohemiainteractive |
640 | blacklist ${HOME}/.local/share/baloo | 640 | deny ${HOME}/.local/share/caja-python |
641 | blacklist ${HOME}/.local/share/barrier | 641 | deny ${HOME}/.local/share/calligragemini |
642 | blacklist ${HOME}/.local/share/bibletime | 642 | deny ${HOME}/.local/share/cantata |
643 | blacklist ${HOME}/.local/share/bijiben | 643 | deny ${HOME}/.local/share/cdprojektred |
644 | blacklist ${HOME}/.local/share/bohemiainteractive | 644 | deny ${HOME}/.local/share/clipit |
645 | blacklist ${HOME}/.local/share/caja-python | 645 | deny ${HOME}/.local/share/com.github.johnfactotum.Foliate |
646 | blacklist ${HOME}/.local/share/calligragemini | 646 | deny ${HOME}/.local/share/contacts |
647 | blacklist ${HOME}/.local/share/cantata | 647 | deny ${HOME}/.local/share/cor-games |
648 | blacklist ${HOME}/.local/share/cdprojektred | 648 | deny ${HOME}/.local/share/data/Mendeley Ltd. |
649 | blacklist ${HOME}/.local/share/clipit | 649 | deny ${HOME}/.local/share/data/Mumble |
650 | blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate | 650 | deny ${HOME}/.local/share/data/MusE |
651 | blacklist ${HOME}/.local/share/contacts | 651 | deny ${HOME}/.local/share/data/MuseScore |
652 | blacklist ${HOME}/.local/share/cor-games | 652 | deny ${HOME}/.local/share/data/nomacs |
653 | blacklist ${HOME}/.local/share/data/Mendeley Ltd. | 653 | deny ${HOME}/.local/share/data/qBittorrent |
654 | blacklist ${HOME}/.local/share/data/Mumble | 654 | deny ${HOME}/.local/share/dino |
655 | blacklist ${HOME}/.local/share/data/MusE | 655 | deny ${HOME}/.local/share/dolphin |
656 | blacklist ${HOME}/.local/share/data/MuseScore | 656 | deny ${HOME}/.local/share/dolphin-emu |
657 | blacklist ${HOME}/.local/share/data/nomacs | 657 | deny ${HOME}/.local/share/emailidentities |
658 | blacklist ${HOME}/.local/share/data/qBittorrent | 658 | deny ${HOME}/.local/share/epiphany |
659 | blacklist ${HOME}/.local/share/dino | 659 | deny ${HOME}/.local/share/evolution |
660 | blacklist ${HOME}/.local/share/dolphin | 660 | deny ${HOME}/.local/share/feedreader |
661 | blacklist ${HOME}/.local/share/dolphin-emu | 661 | deny ${HOME}/.local/share/feral-interactive |
662 | blacklist ${HOME}/.local/share/emailidentities | 662 | deny ${HOME}/.local/share/five-or-more |
663 | blacklist ${HOME}/.local/share/epiphany | 663 | deny ${HOME}/.local/share/freecol |
664 | blacklist ${HOME}/.local/share/evolution | 664 | deny ${HOME}/.local/share/gajim |
665 | blacklist ${HOME}/.local/share/FasterThanLight | 665 | deny ${HOME}/.local/share/geary |
666 | blacklist ${HOME}/.local/share/feedreader | 666 | deny ${HOME}/.local/share/geeqie |
667 | blacklist ${HOME}/.local/share/feral-interactive | 667 | deny ${HOME}/.local/share/ghostwriter |
668 | blacklist ${HOME}/.local/share/five-or-more | 668 | deny ${HOME}/.local/share/gitg |
669 | blacklist ${HOME}/.local/share/freecol | 669 | deny ${HOME}/.local/share/gnome-2048 |
670 | blacklist ${HOME}/.local/share/gajim | 670 | deny ${HOME}/.local/share/gnome-boxes |
671 | blacklist ${HOME}/.local/share/geary | 671 | deny ${HOME}/.local/share/gnome-builder |
672 | blacklist ${HOME}/.local/share/geeqie | 672 | deny ${HOME}/.local/share/gnome-chess |
673 | blacklist ${HOME}/.local/share/ghostwriter | 673 | deny ${HOME}/.local/share/gnome-klotski |
674 | blacklist ${HOME}/.local/share/gitg | 674 | deny ${HOME}/.local/share/gnome-latex |
675 | blacklist ${HOME}/.local/share/gnome-2048 | 675 | deny ${HOME}/.local/share/gnome-mines |
676 | blacklist ${HOME}/.local/share/gnome-boxes | 676 | deny ${HOME}/.local/share/gnome-music |
677 | blacklist ${HOME}/.local/share/gnome-builder | 677 | deny ${HOME}/.local/share/gnome-nibbles |
678 | blacklist ${HOME}/.local/share/gnome-chess | 678 | deny ${HOME}/.local/share/gnome-photos |
679 | blacklist ${HOME}/.local/share/gnome-klotski | 679 | deny ${HOME}/.local/share/gnome-pomodoro |
680 | blacklist ${HOME}/.local/share/gnome-latex | 680 | deny ${HOME}/.local/share/gnome-recipes |
681 | blacklist ${HOME}/.local/share/gnome-mines | 681 | deny ${HOME}/.local/share/gnome-ring |
682 | blacklist ${HOME}/.local/share/gnome-music | 682 | deny ${HOME}/.local/share/gnome-sudoku |
683 | blacklist ${HOME}/.local/share/gnome-nibbles | 683 | deny ${HOME}/.local/share/gnome-twitch |
684 | blacklist ${HOME}/.local/share/gnome-photos | 684 | deny ${HOME}/.local/share/gnote |
685 | blacklist ${HOME}/.local/share/gnome-pomodoro | 685 | deny ${HOME}/.local/share/godot |
686 | blacklist ${HOME}/.local/share/gnome-recipes | 686 | deny ${HOME}/.local/share/gradio |
687 | blacklist ${HOME}/.local/share/gnome-ring | 687 | deny ${HOME}/.local/share/gwenview |
688 | blacklist ${HOME}/.local/share/gnome-sudoku | 688 | deny ${HOME}/.local/share/i2p |
689 | blacklist ${HOME}/.local/share/gnome-twitch | 689 | deny ${HOME}/.local/share/io.github.lainsce.Notejot |
690 | blacklist ${HOME}/.local/share/gnote | 690 | deny ${HOME}/.local/share/jami |
691 | blacklist ${HOME}/.local/share/godot | 691 | deny ${HOME}/.local/share/kaffeine |
692 | blacklist ${HOME}/.local/share/gradio | 692 | deny ${HOME}/.local/share/kalgebra |
693 | blacklist ${HOME}/.local/share/gwenview | 693 | deny ${HOME}/.local/share/kate |
694 | blacklist ${HOME}/.local/share/i2p | 694 | deny ${HOME}/.local/share/kdenlive |
695 | blacklist ${HOME}/.local/share/IntoTheBreach | 695 | deny ${HOME}/.local/share/kget |
696 | blacklist ${HOME}/.local/share/jami | 696 | deny ${HOME}/.local/share/kiwix |
697 | blacklist ${HOME}/.local/share/kaffeine | 697 | deny ${HOME}/.local/share/kiwix-desktop |
698 | blacklist ${HOME}/.local/share/kalgebra | 698 | deny ${HOME}/.local/share/klavaro |
699 | blacklist ${HOME}/.local/share/kate | 699 | deny ${HOME}/.local/share/kmail2 |
700 | blacklist ${HOME}/.local/share/kdenlive | 700 | deny ${HOME}/.local/share/kmplayer |
701 | blacklist ${HOME}/.local/share/kget | 701 | deny ${HOME}/.local/share/knotes |
702 | blacklist ${HOME}/.local/share/kiwix | 702 | deny ${HOME}/.local/share/krita |
703 | blacklist ${HOME}/.local/share/kiwix-desktop | 703 | deny ${HOME}/.local/share/ktorrent |
704 | blacklist ${HOME}/.local/share/klavaro | 704 | deny ${HOME}/.local/share/ktorrentrc |
705 | blacklist ${HOME}/.local/share/kmail2 | 705 | deny ${HOME}/.local/share/ktouch |
706 | blacklist ${HOME}/.local/share/kmplayer | 706 | deny ${HOME}/.local/share/kube |
707 | blacklist ${HOME}/.local/share/knotes | 707 | deny ${HOME}/.local/share/kwrite |
708 | blacklist ${HOME}/.local/share/krita | 708 | deny ${HOME}/.local/share/kxmlgui5/* |
709 | blacklist ${HOME}/.local/share/ktorrent | 709 | deny ${HOME}/.local/share/liferea |
710 | blacklist ${HOME}/.local/share/ktorrentrc | 710 | deny ${HOME}/.local/share/linphone |
711 | blacklist ${HOME}/.local/share/ktouch | 711 | deny ${HOME}/.local/share/local-mail |
712 | blacklist ${HOME}/.local/share/kube | 712 | deny ${HOME}/.local/share/lollypop |
713 | blacklist ${HOME}/.local/share/kwrite | 713 | deny ${HOME}/.local/share/love |
714 | blacklist ${HOME}/.local/share/kxmlgui5/* | 714 | deny ${HOME}/.local/share/lugaru |
715 | blacklist ${HOME}/.local/share/liferea | 715 | deny ${HOME}/.local/share/lutris |
716 | blacklist ${HOME}/.local/share/linphone | 716 | deny ${HOME}/.local/share/man |
717 | blacklist ${HOME}/.local/share/local-mail | 717 | deny ${HOME}/.local/share/mana |
718 | blacklist ${HOME}/.local/share/lollypop | 718 | deny ${HOME}/.local/share/maps-places.json |
719 | blacklist ${HOME}/.local/share/love | 719 | deny ${HOME}/.local/share/matrix-mirage |
720 | blacklist ${HOME}/.local/share/lugaru | 720 | deny ${HOME}/.local/share/mcomix |
721 | blacklist ${HOME}/.local/share/lutris | 721 | deny ${HOME}/.local/share/meld |
722 | blacklist ${HOME}/.local/share/man | 722 | deny ${HOME}/.local/share/midori |
723 | blacklist ${HOME}/.local/share/mana | 723 | deny ${HOME}/.local/share/minder |
724 | blacklist ${HOME}/.local/share/maps-places.json | 724 | deny ${HOME}/.local/share/mirage |
725 | blacklist ${HOME}/.local/share/matrix-mirage | 725 | deny ${HOME}/.local/share/multimc |
726 | blacklist ${HOME}/.local/share/mcomix | 726 | deny ${HOME}/.local/share/multimc5 |
727 | blacklist ${HOME}/.local/share/meld | 727 | deny ${HOME}/.local/share/mupen64plus |
728 | blacklist ${HOME}/.local/share/midori | 728 | deny ${HOME}/.local/share/mypaint |
729 | blacklist ${HOME}/.local/share/minder | 729 | deny ${HOME}/.local/share/nautilus |
730 | blacklist ${HOME}/.local/share/mirage | 730 | deny ${HOME}/.local/share/nautilus-python |
731 | blacklist ${HOME}/.local/share/multimc | 731 | deny ${HOME}/.local/share/nemo |
732 | blacklist ${HOME}/.local/share/multimc5 | 732 | deny ${HOME}/.local/share/nemo-python |
733 | blacklist ${HOME}/.local/share/mupen64plus | 733 | deny ${HOME}/.local/share/news-flash |
734 | blacklist ${HOME}/.local/share/mypaint | 734 | deny ${HOME}/.local/share/newsbeuter |
735 | blacklist ${HOME}/.local/share/nautilus | 735 | deny ${HOME}/.local/share/newsboat |
736 | blacklist ${HOME}/.local/share/nautilus-python | 736 | deny ${HOME}/.local/share/nheko |
737 | blacklist ${HOME}/.local/share/nemo | 737 | deny ${HOME}/.local/share/nomacs |
738 | blacklist ${HOME}/.local/share/nemo-python | 738 | deny ${HOME}/.local/share/notes |
739 | blacklist ${HOME}/.local/share/news-flash | 739 | deny ${HOME}/.local/share/ocenaudio |
740 | blacklist ${HOME}/.local/share/newsbeuter | 740 | deny ${HOME}/.local/share/okular |
741 | blacklist ${HOME}/.local/share/newsboat | 741 | deny ${HOME}/.local/share/onlyoffice |
742 | blacklist ${HOME}/.local/share/nheko | 742 | deny ${HOME}/.local/share/openmw |
743 | blacklist ${HOME}/.local/share/nomacs | 743 | deny ${HOME}/.local/share/orage |
744 | blacklist ${HOME}/.local/share/notes | 744 | deny ${HOME}/.local/share/org.kde.gwenview |
745 | blacklist ${HOME}/.local/share/ocenaudio | 745 | deny ${HOME}/.local/share/pix |
746 | blacklist ${HOME}/.local/share/okular | 746 | deny ${HOME}/.local/share/plasma_notes |
747 | blacklist ${HOME}/.local/share/onlyoffice | 747 | deny ${HOME}/.local/share/profanity |
748 | blacklist ${HOME}/.local/share/openmw | 748 | deny ${HOME}/.local/share/psi |
749 | blacklist ${HOME}/.local/share/orage | 749 | deny ${HOME}/.local/share/psi+ |
750 | blacklist ${HOME}/.local/share/org.kde.gwenview | 750 | deny ${HOME}/.local/share/qpdfview |
751 | blacklist ${HOME}/.local/share/Paradox Interactive | 751 | deny ${HOME}/.local/share/quadrapassel |
752 | blacklist ${HOME}/.local/share/pix | 752 | deny ${HOME}/.local/share/qutebrowser |
753 | blacklist ${HOME}/.local/share/plasma_notes | 753 | deny ${HOME}/.local/share/remmina |
754 | blacklist ${HOME}/.local/share/profanity | 754 | deny ${HOME}/.local/share/rhythmbox |
755 | blacklist ${HOME}/.local/share/psi | 755 | deny ${HOME}/.local/share/rtv |
756 | blacklist ${HOME}/.local/share/psi+ | 756 | deny ${HOME}/.local/share/scribus |
757 | blacklist ${HOME}/.local/share/quadrapassel | 757 | deny ${HOME}/.local/share/shotwell |
758 | blacklist ${HOME}/.local/share/qpdfview | 758 | deny ${HOME}/.local/share/signal-cli |
759 | blacklist ${HOME}/.local/share/qutebrowser | 759 | deny ${HOME}/.local/share/sink |
760 | blacklist ${HOME}/.local/share/remmina | 760 | deny ${HOME}/.local/share/smuxi |
761 | blacklist ${HOME}/.local/share/rhythmbox | 761 | deny ${HOME}/.local/share/spotify |
762 | blacklist ${HOME}/.local/share/rtv | 762 | deny ${HOME}/.local/share/steam |
763 | blacklist ${HOME}/.local/share/scribus | 763 | deny ${HOME}/.local/share/strawberry |
764 | blacklist ${HOME}/.local/share/shotwell | 764 | deny ${HOME}/.local/share/supertux2 |
765 | blacklist ${HOME}/.local/share/signal-cli | 765 | deny ${HOME}/.local/share/supertuxkart |
766 | blacklist ${HOME}/.local/share/sink | 766 | deny ${HOME}/.local/share/swell-foop |
767 | blacklist ${HOME}/.local/share/smuxi | 767 | deny ${HOME}/.local/share/telepathy |
768 | blacklist ${HOME}/.local/share/spotify | 768 | deny ${HOME}/.local/share/terasology |
769 | blacklist ${HOME}/.local/share/steam | 769 | deny ${HOME}/.local/share/torbrowser |
770 | blacklist ${HOME}/.local/share/strawberry | 770 | deny ${HOME}/.local/share/totem |
771 | blacklist ${HOME}/.local/share/supertux2 | 771 | deny ${HOME}/.local/share/uzbl |
772 | blacklist ${HOME}/.local/share/supertuxkart | 772 | deny ${HOME}/.local/share/vlc |
773 | blacklist ${HOME}/.local/share/swell-foop | 773 | deny ${HOME}/.local/share/vpltd |
774 | blacklist ${HOME}/.local/share/telepathy | 774 | deny ${HOME}/.local/share/vulkan |
775 | blacklist ${HOME}/.local/share/terasology | 775 | deny ${HOME}/.local/share/warsow-2.1 |
776 | blacklist ${HOME}/.local/share/torbrowser | 776 | deny ${HOME}/.local/share/wesnoth |
777 | blacklist ${HOME}/.local/share/totem | 777 | deny ${HOME}/.local/share/wormux |
778 | blacklist ${HOME}/.local/share/uzbl | 778 | deny ${HOME}/.local/share/xplayer |
779 | blacklist ${HOME}/.local/share/vlc | 779 | deny ${HOME}/.local/share/xreader |
780 | blacklist ${HOME}/.local/share/vpltd | 780 | deny ${HOME}/.local/share/zathura |
781 | blacklist ${HOME}/.local/share/vulkan | 781 | deny ${HOME}/.lv2 |
782 | blacklist ${HOME}/.local/share/warsow-2.1 | 782 | deny ${HOME}/.lyx |
783 | blacklist ${HOME}/.local/share/wesnoth | 783 | deny ${HOME}/.magicor |
784 | blacklist ${HOME}/.local/share/wormux | 784 | deny ${HOME}/.masterpdfeditor |
785 | blacklist ${HOME}/.local/share/xplayer | 785 | deny ${HOME}/.mbwarband |
786 | blacklist ${HOME}/.local/share/xreader | 786 | deny ${HOME}/.mcabber |
787 | blacklist ${HOME}/.local/share/zathura | 787 | deny ${HOME}/.mcabberrc |
788 | blacklist ${HOME}/.lv2 | 788 | deny ${HOME}/.mediathek3 |
789 | blacklist ${HOME}/.lyx | 789 | deny ${HOME}/.megaglest |
790 | blacklist ${HOME}/.magicor | 790 | deny ${HOME}/.minecraft |
791 | blacklist ${HOME}/.masterpdfeditor | 791 | deny ${HOME}/.minetest |
792 | blacklist ${HOME}/.mbwarband | 792 | deny ${HOME}/.mirrormagic |
793 | blacklist ${HOME}/.mcabber | 793 | deny ${HOME}/.moc |
794 | blacklist ${HOME}/.mcabberrc | 794 | deny ${HOME}/.moonchild productions/basilisk |
795 | blacklist ${HOME}/.mediathek3 | 795 | deny ${HOME}/.moonchild productions/pale moon |
796 | blacklist ${HOME}/.megaglest | 796 | deny ${HOME}/.mozilla |
797 | blacklist ${HOME}/.minecraft | 797 | deny ${HOME}/.mp3splt-gtk |
798 | blacklist ${HOME}/.minetest | 798 | deny ${HOME}/.mpd |
799 | blacklist ${HOME}/.mirrormagic | 799 | deny ${HOME}/.mpdconf |
800 | blacklist ${HOME}/.moc | 800 | deny ${HOME}/.mplayer |
801 | blacklist ${HOME}/.moonchild productions/basilisk | 801 | deny ${HOME}/.msmtprc |
802 | blacklist ${HOME}/.moonchild productions/pale moon | 802 | deny ${HOME}/.multimc5 |
803 | blacklist ${HOME}/.mozilla | 803 | deny ${HOME}/.nanorc |
804 | blacklist ${HOME}/.mp3splt-gtk | 804 | deny ${HOME}/.netactview |
805 | blacklist ${HOME}/.mpd | 805 | deny ${HOME}/.neverball |
806 | blacklist ${HOME}/.mpdconf | 806 | deny ${HOME}/.newsbeuter |
807 | blacklist ${HOME}/.mplayer | 807 | deny ${HOME}/.newsboat |
808 | blacklist ${HOME}/.msmtprc | 808 | deny ${HOME}/.newsrc |
809 | blacklist ${HOME}/.multimc5 | 809 | deny ${HOME}/.nicotine |
810 | blacklist ${HOME}/.nanorc | 810 | deny ${HOME}/.node-gyp |
811 | blacklist ${HOME}/.netactview | 811 | deny ${HOME}/.npm |
812 | blacklist ${HOME}/.neverball | 812 | deny ${HOME}/.npmrc |
813 | blacklist ${HOME}/.newsbeuter | 813 | deny ${HOME}/.nv |
814 | blacklist ${HOME}/.newsboat | 814 | deny ${HOME}/.nvm |
815 | blacklist ${HOME}/.newsrc | 815 | deny ${HOME}/.nylas-mail |
816 | blacklist ${HOME}/.nicotine | 816 | deny ${HOME}/.openarena |
817 | blacklist ${HOME}/.node-gyp | 817 | deny ${HOME}/.opencity |
818 | blacklist ${HOME}/.npm | 818 | deny ${HOME}/.openinvaders |
819 | blacklist ${HOME}/.npmrc | 819 | deny ${HOME}/.openshot |
820 | blacklist ${HOME}/.nv | 820 | deny ${HOME}/.openshot_qt |
821 | blacklist ${HOME}/.nvm | 821 | deny ${HOME}/.openttd |
822 | blacklist ${HOME}/.nylas-mail | 822 | deny ${HOME}/.opera |
823 | blacklist ${HOME}/.openarena | 823 | deny ${HOME}/.opera-beta |
824 | blacklist ${HOME}/.opencity | 824 | deny ${HOME}/.ostrichriders |
825 | blacklist ${HOME}/.openinvaders | 825 | deny ${HOME}/.paradoxinteractive |
826 | blacklist ${HOME}/.openshot | 826 | deny ${HOME}/.parallelrealities/blobwars |
827 | blacklist ${HOME}/.openshot_qt | 827 | deny ${HOME}/.pcsxr |
828 | blacklist ${HOME}/.openttd | 828 | deny ${HOME}/.penguin-command |
829 | blacklist ${HOME}/.opera | 829 | deny ${HOME}/.pine-crash |
830 | blacklist ${HOME}/.opera-beta | 830 | deny ${HOME}/.pine-debug1 |
831 | blacklist ${HOME}/.ostrichriders | 831 | deny ${HOME}/.pine-debug2 |
832 | blacklist ${HOME}/.paradoxinteractive | 832 | deny ${HOME}/.pine-debug3 |
833 | blacklist ${HOME}/.parallelrealities/blobwars | 833 | deny ${HOME}/.pine-debug4 |
834 | blacklist ${HOME}/.pcsxr | 834 | deny ${HOME}/.pine-interrupted-mail |
835 | blacklist ${HOME}/.penguin-command | 835 | deny ${HOME}/.pinerc |
836 | blacklist ${HOME}/.pine-crash | 836 | deny ${HOME}/.pinercex |
837 | blacklist ${HOME}/.pine-debug1 | 837 | deny ${HOME}/.pingus |
838 | blacklist ${HOME}/.pine-debug2 | 838 | deny ${HOME}/.pioneer |
839 | blacklist ${HOME}/.pine-debug3 | 839 | deny ${HOME}/.purple |
840 | blacklist ${HOME}/.pine-debug4 | 840 | deny ${HOME}/.pylint.d |
841 | blacklist ${HOME}/.pine-interrupted-mail | 841 | deny ${HOME}/.qemu-launcher |
842 | blacklist ${HOME}/.pinerc | 842 | deny ${HOME}/.qgis2 |
843 | blacklist ${HOME}/.pinercex | 843 | deny ${HOME}/.qmmp |
844 | blacklist ${HOME}/.pingus | 844 | deny ${HOME}/.quodlibet |
845 | blacklist ${HOME}/.pioneer | 845 | deny ${HOME}/.redeclipse |
846 | blacklist ${HOME}/.purple | 846 | deny ${HOME}/.rednotebook |
847 | blacklist ${HOME}/.pylint.d | 847 | deny ${HOME}/.remmina |
848 | blacklist ${HOME}/.qemu-launcher | 848 | deny ${HOME}/.repo_.gitconfig.json |
849 | blacklist ${HOME}/.qgis2 | 849 | deny ${HOME}/.repoconfig |
850 | blacklist ${HOME}/.qmmp | 850 | deny ${HOME}/.retroshare |
851 | blacklist ${HOME}/.quodlibet | 851 | deny ${HOME}/.ripperXrc |
852 | blacklist ${HOME}/.redeclipse | 852 | deny ${HOME}/.scorched3d |
853 | blacklist ${HOME}/.remmina | 853 | deny ${HOME}/.scribus |
854 | blacklist ${HOME}/.repo_.gitconfig.json | 854 | deny ${HOME}/.scribusrc |
855 | blacklist ${HOME}/.repoconfig | 855 | deny ${HOME}/.simutrans |
856 | blacklist ${HOME}/.retroshare | 856 | deny ${HOME}/.smartgit/*/passwords |
857 | blacklist ${HOME}/.ripperXrc | 857 | deny ${HOME}/.ssr |
858 | blacklist ${HOME}/.scorched3d | 858 | deny ${HOME}/.steam |
859 | blacklist ${HOME}/.scribus | 859 | deny ${HOME}/.steampath |
860 | blacklist ${HOME}/.scribusrc | 860 | deny ${HOME}/.steampid |
861 | blacklist ${HOME}/.simutrans | 861 | deny ${HOME}/.stellarium |
862 | blacklist ${HOME}/.smartgit/*/passwords | 862 | deny ${HOME}/.subversion |
863 | blacklist ${HOME}/.ssr | 863 | deny ${HOME}/.surf |
864 | blacklist ${HOME}/.steam | 864 | deny ${HOME}/.suve/colorful |
865 | blacklist ${HOME}/.steampath | 865 | deny ${HOME}/.swb.ini |
866 | blacklist ${HOME}/.steampid | 866 | deny ${HOME}/.sword |
867 | blacklist ${HOME}/.stellarium | 867 | deny ${HOME}/.sylpheed-2.0 |
868 | blacklist ${HOME}/.subversion | 868 | deny ${HOME}/.synfig |
869 | blacklist ${HOME}/.surf | 869 | deny ${HOME}/.tb |
870 | blacklist ${HOME}/.suve/colorful | 870 | deny ${HOME}/.tconn |
871 | blacklist ${HOME}/.swb.ini | 871 | deny ${HOME}/.teeworlds |
872 | blacklist ${HOME}/.sword | 872 | deny ${HOME}/.texlive20* |
873 | blacklist ${HOME}/.sylpheed-2.0 | 873 | deny ${HOME}/.thunderbird |
874 | blacklist ${HOME}/.synfig | 874 | deny ${HOME}/.tilp |
875 | blacklist ${HOME}/.tb | 875 | deny ${HOME}/.tin |
876 | blacklist ${HOME}/.tconn | 876 | deny ${HOME}/.tooling |
877 | blacklist ${HOME}/.teeworlds | 877 | deny ${HOME}/.tor-browser* |
878 | blacklist ${HOME}/.texlive20* | 878 | deny ${HOME}/.torcs |
879 | blacklist ${HOME}/.thunderbird | 879 | deny ${HOME}/.tremulous |
880 | blacklist ${HOME}/.tilp | 880 | deny ${HOME}/.ts3client |
881 | blacklist ${HOME}/.tin | 881 | deny ${HOME}/.tuxguitar* |
882 | blacklist ${HOME}/.tooling | 882 | deny ${HOME}/.tvbrowser |
883 | blacklist ${HOME}/.tor-browser* | 883 | deny ${HOME}/.unknown-horizons |
884 | blacklist ${HOME}/.torcs | 884 | deny ${HOME}/.viking |
885 | blacklist ${HOME}/.tremulous | 885 | deny ${HOME}/.viking-maps |
886 | blacklist ${HOME}/.ts3client | 886 | deny ${HOME}/.vim |
887 | blacklist ${HOME}/.tuxguitar* | 887 | deny ${HOME}/.vimrc |
888 | blacklist ${HOME}/.tvbrowser | 888 | deny ${HOME}/.vmware |
889 | blacklist ${HOME}/.unknown-horizons | 889 | deny ${HOME}/.vscode |
890 | blacklist ${HOME}/.viking | 890 | deny ${HOME}/.vscode-oss |
891 | blacklist ${HOME}/.viking-maps | 891 | deny ${HOME}/.vst |
892 | blacklist ${HOME}/.vim | 892 | deny ${HOME}/.vultures |
893 | blacklist ${HOME}/.vimrc | 893 | deny ${HOME}/.w3m |
894 | blacklist ${HOME}/.vmware | 894 | deny ${HOME}/.warzone2100-3.* |
895 | blacklist ${HOME}/.vscode | 895 | deny ${HOME}/.waterfox |
896 | blacklist ${HOME}/.vscode-oss | 896 | deny ${HOME}/.weechat |
897 | blacklist ${HOME}/.vst | 897 | deny ${HOME}/.wget-hsts |
898 | blacklist ${HOME}/.vultures | 898 | deny ${HOME}/.wgetrc |
899 | blacklist ${HOME}/.w3m | 899 | deny ${HOME}/.widelands |
900 | blacklist ${HOME}/.warzone2100-3.* | 900 | deny ${HOME}/.wine |
901 | blacklist ${HOME}/.waterfox | 901 | deny ${HOME}/.wine64 |
902 | blacklist ${HOME}/.weechat | 902 | deny ${HOME}/.wireshark |
903 | blacklist ${HOME}/.wget-hsts | 903 | deny ${HOME}/.wordwarvi |
904 | blacklist ${HOME}/.wgetrc | 904 | deny ${HOME}/.wormux |
905 | blacklist ${HOME}/.widelands | 905 | deny ${HOME}/.xiphos |
906 | blacklist ${HOME}/.wine | 906 | deny ${HOME}/.xmind |
907 | blacklist ${HOME}/.wine64 | 907 | deny ${HOME}/.xmms |
908 | blacklist ${HOME}/.wireshark | 908 | deny ${HOME}/.xmr-stak |
909 | blacklist ${HOME}/.wordwarvi | 909 | deny ${HOME}/.xonotic |
910 | blacklist ${HOME}/.wormux | 910 | deny ${HOME}/.xournalpp |
911 | blacklist ${HOME}/.xiphos | 911 | deny ${HOME}/.xpdfrc |
912 | blacklist ${HOME}/.xmind | 912 | deny ${HOME}/.yarn |
913 | blacklist ${HOME}/.xmms | 913 | deny ${HOME}/.yarn-config |
914 | blacklist ${HOME}/.xmr-stak | 914 | deny ${HOME}/.yarncache |
915 | blacklist ${HOME}/.xonotic | 915 | deny ${HOME}/.yarnrc |
916 | blacklist ${HOME}/.xournalpp | 916 | deny ${HOME}/.zoom |
917 | blacklist ${HOME}/.xpdfrc | 917 | deny ${HOME}/Arduino |
918 | blacklist ${HOME}/.yarn | 918 | deny ${HOME}/Monero/wallets |
919 | blacklist ${HOME}/.yarn-config | 919 | deny ${HOME}/Nextcloud |
920 | blacklist ${HOME}/.yarncache | 920 | deny ${HOME}/Nextcloud/Notes |
921 | blacklist ${HOME}/.yarnrc | 921 | deny ${HOME}/SoftMaker |
922 | blacklist ${HOME}/.zoom | 922 | deny ${HOME}/Standard Notes Backups |
923 | blacklist /tmp/akonadi-* | 923 | deny ${HOME}/TeamSpeak3-Client-linux_amd64 |
924 | blacklist /tmp/.wine-* | 924 | deny ${HOME}/TeamSpeak3-Client-linux_x86 |
925 | blacklist /var/games/nethack | 925 | deny ${HOME}/hyperrogue.ini |
926 | blacklist /var/games/slashem | 926 | deny ${HOME}/i2p |
927 | blacklist /var/games/vulturesclaw | 927 | deny ${HOME}/mps |
928 | blacklist /var/games/vultureseye | 928 | deny ${HOME}/wallet.dat |
929 | blacklist /var/lib/games/Maelstrom-Scores | 929 | deny /tmp/.wine-* |
930 | deny /tmp/akonadi-* | ||
931 | deny /var/games/nethack | ||
932 | deny /var/games/slashem | ||
933 | deny /var/games/vulturesclaw | ||
934 | deny /var/games/vultureseye | ||
935 | deny /var/lib/games/Maelstrom-Scores | ||
930 | 936 | ||
931 | # ${HOME}/.cache directory | 937 | # ${HOME}/.cache directory |
932 | blacklist ${HOME}/.cache/0ad | 938 | deny ${HOME}/.cache/0ad |
933 | blacklist ${HOME}/.cache/8pecxstudios | 939 | deny ${HOME}/.cache/8pecxstudios |
934 | blacklist ${HOME}/.cache/Authenticator | 940 | deny ${HOME}/.cache/Authenticator |
935 | blacklist ${HOME}/.cache/BraveSoftware | 941 | deny ${HOME}/.cache/BraveSoftware |
936 | blacklist ${HOME}/.cache/Clementine | 942 | deny ${HOME}/.cache/Clementine |
937 | blacklist ${HOME}/.cache/ENCOM/Spectral | 943 | deny ${HOME}/.cache/ENCOM/Spectral |
938 | blacklist ${HOME}/.cache/Enox | 944 | deny ${HOME}/.cache/Enox |
939 | blacklist ${HOME}/.cache/Enpass | 945 | deny ${HOME}/.cache/Enpass |
940 | blacklist ${HOME}/.cache/Ferdi | 946 | deny ${HOME}/.cache/Ferdi |
941 | blacklist ${HOME}/.cache/Flavio Tordini | 947 | deny ${HOME}/.cache/Flavio Tordini |
942 | blacklist ${HOME}/.cache/Franz | 948 | deny ${HOME}/.cache/Franz |
943 | blacklist ${HOME}/.cache/INRIA | 949 | deny ${HOME}/.cache/INRIA |
944 | blacklist ${HOME}/.cache/MusicBrainz | 950 | deny ${HOME}/.cache/INRIA/Natron |
945 | blacklist ${HOME}/.cache/NewsFlashGTK | 951 | deny ${HOME}/.cache/KDE/neochat |
946 | blacklist ${HOME}/.cache/Otter | 952 | deny ${HOME}/.cache/Mendeley Ltd. |
947 | blacklist ${HOME}/.cache/PawelStolowski | 953 | deny ${HOME}/.cache/MusicBrainz |
948 | blacklist ${HOME}/.cache/Psi | 954 | deny ${HOME}/.cache/NewsFlashGTK |
949 | blacklist ${HOME}/.cache/QuiteRss | 955 | deny ${HOME}/.cache/Otter |
950 | blacklist ${HOME}/.cache/quodlibet | 956 | deny ${HOME}/.cache/PawelStolowski |
951 | blacklist ${HOME}/.cache/Quotient/quaternion | 957 | deny ${HOME}/.cache/Psi |
952 | blacklist ${HOME}/.cache/Shortwave | 958 | deny ${HOME}/.cache/QuiteRss |
953 | blacklist ${HOME}/.cache/Tox | 959 | deny ${HOME}/.cache/Quotient/quaternion |
954 | blacklist ${HOME}/.cache/Zeal | 960 | deny ${HOME}/.cache/Shortwave |
955 | blacklist ${HOME}/.cache/agenda | 961 | deny ${HOME}/.cache/Tox |
956 | blacklist ${HOME}/.cache/akonadi* | 962 | deny ${HOME}/.cache/Zeal |
957 | blacklist ${HOME}/.cache/atril | 963 | deny ${HOME}/.cache/agenda |
958 | blacklist ${HOME}/.cache/attic | 964 | deny ${HOME}/.cache/akonadi* |
959 | blacklist ${HOME}/.cache/babl | 965 | deny ${HOME}/.cache/atril |
960 | blacklist ${HOME}/.cache/bnox | 966 | deny ${HOME}/.cache/attic |
961 | blacklist ${HOME}/.cache/borg | 967 | deny ${HOME}/.cache/babl |
962 | blacklist ${HOME}/.cache/calibre | 968 | deny ${HOME}/.cache/bnox |
963 | blacklist ${HOME}/.cache/cantata | 969 | deny ${HOME}/.cache/borg |
964 | blacklist ${HOME}/.cache/champlain | 970 | deny ${HOME}/.cache/calibre |
965 | blacklist ${HOME}/.cache/chromium | 971 | deny ${HOME}/.cache/cantata |
966 | blacklist ${HOME}/.cache/chromium-dev | 972 | deny ${HOME}/.cache/champlain |
967 | blacklist ${HOME}/.cache/cliqz | 973 | deny ${HOME}/.cache/chromium |
968 | blacklist ${HOME}/.cache/com.github.johnfactotum.Foliate | 974 | deny ${HOME}/.cache/chromium-dev |
969 | blacklist ${HOME}/.cache/darktable | 975 | deny ${HOME}/.cache/cliqz |
970 | blacklist ${HOME}/.cache/deja-dup | 976 | deny ${HOME}/.cache/com.github.johnfactotum.Foliate |
971 | blacklist ${HOME}/.cache/discover | 977 | deny ${HOME}/.cache/darktable |
972 | blacklist ${HOME}/.cache/dnox | 978 | deny ${HOME}/.cache/deja-dup |
973 | blacklist ${HOME}/.cache/dolphin | 979 | deny ${HOME}/.cache/discover |
974 | blacklist ${HOME}/.cache/dolphin-emu | 980 | deny ${HOME}/.cache/dnox |
975 | blacklist ${HOME}/.cache/ephemeral | 981 | deny ${HOME}/.cache/dolphin |
976 | blacklist ${HOME}/.cache/epiphany | 982 | deny ${HOME}/.cache/dolphin-emu |
977 | blacklist ${HOME}/.cache/evolution | 983 | deny ${HOME}/.cache/ephemeral |
978 | blacklist ${HOME}/.cache/falkon | 984 | deny ${HOME}/.cache/epiphany |
979 | blacklist ${HOME}/.cache/feedreader | 985 | deny ${HOME}/.cache/evolution |
980 | blacklist ${HOME}/.cache/firedragon | 986 | deny ${HOME}/.cache/falkon |
981 | blacklist ${HOME}/.cache/flaska.net/trojita | 987 | deny ${HOME}/.cache/feedreader |
982 | blacklist ${HOME}/.cache/folks | 988 | deny ${HOME}/.cache/firedragon |
983 | blacklist ${HOME}/.cache/font-manager | 989 | deny ${HOME}/.cache/flaska.net/trojita |
984 | blacklist ${HOME}/.cache/fossamail | 990 | deny ${HOME}/.cache/folks |
985 | blacklist ${HOME}/.cache/fractal | 991 | deny ${HOME}/.cache/font-manager |
986 | blacklist ${HOME}/.cache/freecol | 992 | deny ${HOME}/.cache/fossamail |
987 | blacklist ${HOME}/.cache/gajim | 993 | deny ${HOME}/.cache/fractal |
988 | blacklist ${HOME}/.cache/geary | 994 | deny ${HOME}/.cache/freecol |
989 | blacklist ${HOME}/.cache/gegl-0.4 | 995 | deny ${HOME}/.cache/gajim |
990 | blacklist ${HOME}/.cache/geeqie | 996 | deny ${HOME}/.cache/geary |
991 | blacklist ${HOME}/.cache/gfeeds | 997 | deny ${HOME}/.cache/geeqie |
992 | blacklist ${HOME}/.cache/gimp | 998 | deny ${HOME}/.cache/gegl-0.4 |
993 | blacklist ${HOME}/.cache/gnome-boxes | 999 | deny ${HOME}/.cache/gfeeds |
994 | blacklist ${HOME}/.cache/gnome-builder | 1000 | deny ${HOME}/.cache/gimp |
995 | blacklist ${HOME}/.cache/gnome-control-center | 1001 | deny ${HOME}/.cache/gnome-boxes |
996 | blacklist ${HOME}/.cache/gnome-recipes | 1002 | deny ${HOME}/.cache/gnome-builder |
997 | blacklist ${HOME}/.cache/gnome-screenshot | 1003 | deny ${HOME}/.cache/gnome-control-center |
998 | blacklist ${HOME}/.cache/gnome-software | 1004 | deny ${HOME}/.cache/gnome-recipes |
999 | blacklist ${HOME}/.cache/gnome-twitch | 1005 | deny ${HOME}/.cache/gnome-screenshot |
1000 | blacklist ${HOME}/.cache/godot | 1006 | deny ${HOME}/.cache/gnome-software |
1001 | blacklist ${HOME}/.cache/google-chrome | 1007 | deny ${HOME}/.cache/gnome-twitch |
1002 | blacklist ${HOME}/.cache/google-chrome-beta | 1008 | deny ${HOME}/.cache/godot |
1003 | blacklist ${HOME}/.cache/google-chrome-unstable | 1009 | deny ${HOME}/.cache/google-chrome |
1004 | blacklist ${HOME}/.cache/gradio | 1010 | deny ${HOME}/.cache/google-chrome-beta |
1005 | blacklist ${HOME}/.cache/gummi | 1011 | deny ${HOME}/.cache/google-chrome-unstable |
1006 | blacklist ${HOME}/.cache/icedove | 1012 | deny ${HOME}/.cache/gradio |
1007 | blacklist ${HOME}/.cache/INRIA/Natron | 1013 | deny ${HOME}/.cache/gummi |
1008 | blacklist ${HOME}/.cache/inkscape | 1014 | deny ${HOME}/.cache/icedove |
1009 | blacklist ${HOME}/.cache/inox | 1015 | deny ${HOME}/.cache/inkscape |
1010 | blacklist ${HOME}/.cache/iridium | 1016 | deny ${HOME}/.cache/inox |
1011 | blacklist ${HOME}/.cache/kcmshell5 | 1017 | deny ${HOME}/.cache/io.github.lainsce.Notejot |
1012 | blacklist ${HOME}/.cache/KDE/neochat | 1018 | deny ${HOME}/.cache/iridium |
1013 | blacklist ${HOME}/.cache/kdenlive | 1019 | deny ${HOME}/.cache/JetBrains/CLion* |
1014 | blacklist ${HOME}/.cache/keepassxc | 1020 | deny ${HOME}/.cache/kcmshell5 |
1015 | blacklist ${HOME}/.cache/kfind | 1021 | deny ${HOME}/.cache/kdenlive |
1016 | blacklist ${HOME}/.cache/kinfocenter | 1022 | deny ${HOME}/.cache/keepassxc |
1017 | blacklist ${HOME}/.cache/kmail2 | 1023 | deny ${HOME}/.cache/kfind |
1018 | blacklist ${HOME}/.cache/krunner | 1024 | deny ${HOME}/.cache/kinfocenter |
1019 | blacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* | 1025 | deny ${HOME}/.cache/kmail2 |
1020 | blacklist ${HOME}/.cache/kscreenlocker_greet | 1026 | deny ${HOME}/.cache/krunner |
1021 | blacklist ${HOME}/.cache/ksmserver-logout-greeter | 1027 | deny ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* |
1022 | blacklist ${HOME}/.cache/ksplashqml | 1028 | deny ${HOME}/.cache/kscreenlocker_greet |
1023 | blacklist ${HOME}/.cache/kube | 1029 | deny ${HOME}/.cache/ksmserver-logout-greeter |
1024 | blacklist ${HOME}/.cache/kwin | 1030 | deny ${HOME}/.cache/ksplashqml |
1025 | blacklist ${HOME}/.cache/libgweather | 1031 | deny ${HOME}/.cache/kube |
1026 | blacklist ${HOME}/.cache/librewolf | 1032 | deny ${HOME}/.cache/kwin |
1027 | blacklist ${HOME}/.cache/liferea | 1033 | deny ${HOME}/.cache/libgweather |
1028 | blacklist ${HOME}/.cache/lutris | 1034 | deny ${HOME}/.cache/librewolf |
1029 | blacklist ${HOME}/.cache/Mendeley Ltd. | 1035 | deny ${HOME}/.cache/liferea |
1030 | blacklist ${HOME}/.cache/marker | 1036 | deny ${HOME}/.cache/lutris |
1031 | blacklist ${HOME}/.cache/matrix-mirage | 1037 | deny ${HOME}/.cache/marker |
1032 | blacklist ${HOME}/.cache/microsoft-edge-dev | 1038 | deny ${HOME}/.cache/matrix-mirage |
1033 | blacklist ${HOME}/.cache/midori | 1039 | deny ${HOME}/.cache/microsoft-edge-beta |
1034 | blacklist ${HOME}/.cache/minetest | 1040 | deny ${HOME}/.cache/microsoft-edge-dev |
1035 | blacklist ${HOME}/.cache/mirage | 1041 | deny ${HOME}/.cache/midori |
1036 | blacklist ${HOME}/.cache/moonchild productions/basilisk | 1042 | deny ${HOME}/.cache/minetest |
1037 | blacklist ${HOME}/.cache/moonchild productions/pale moon | 1043 | deny ${HOME}/.cache/mirage |
1038 | blacklist ${HOME}/.cache/mozilla | 1044 | deny ${HOME}/.cache/moonchild productions/basilisk |
1039 | blacklist ${HOME}/.cache/ms-excel-online | 1045 | deny ${HOME}/.cache/moonchild productions/pale moon |
1040 | blacklist ${HOME}/.cache/ms-office-online | 1046 | deny ${HOME}/.cache/mozilla |
1041 | blacklist ${HOME}/.cache/ms-onenote-online | 1047 | deny ${HOME}/.cache/ms-excel-online |
1042 | blacklist ${HOME}/.cache/ms-outlook-online | 1048 | deny ${HOME}/.cache/ms-office-online |
1043 | blacklist ${HOME}/.cache/ms-powerpoint-online | 1049 | deny ${HOME}/.cache/ms-onenote-online |
1044 | blacklist ${HOME}/.cache/ms-skype-online | 1050 | deny ${HOME}/.cache/ms-outlook-online |
1045 | blacklist ${HOME}/.cache/ms-word-online | 1051 | deny ${HOME}/.cache/ms-powerpoint-online |
1046 | blacklist ${HOME}/.cache/mutt | 1052 | deny ${HOME}/.cache/ms-skype-online |
1047 | blacklist ${HOME}/.cache/mypaint | 1053 | deny ${HOME}/.cache/ms-word-online |
1048 | blacklist ${HOME}/.cache/nheko | 1054 | deny ${HOME}/.cache/mutt |
1049 | blacklist ${HOME}/.cache/netsurf | 1055 | deny ${HOME}/.cache/mypaint |
1050 | blacklist ${HOME}/.cache/okular | 1056 | deny ${HOME}/.cache/netsurf |
1051 | blacklist ${HOME}/.cache/opera | 1057 | deny ${HOME}/.cache/nheko |
1052 | blacklist ${HOME}/.cache/opera-beta | 1058 | deny ${HOME}/.cache/okular |
1053 | blacklist ${HOME}/.cache/org.gabmus.gfeeds | 1059 | deny ${HOME}/.cache/opera |
1054 | blacklist ${HOME}/.cache/org.gnome.Books | 1060 | deny ${HOME}/.cache/opera-beta |
1055 | blacklist ${HOME}/.cache/org.gnome.Maps | 1061 | deny ${HOME}/.cache/org.gabmus.gfeeds |
1056 | blacklist ${HOME}/.cache/pdfmod | 1062 | deny ${HOME}/.cache/org.gnome.Books |
1057 | blacklist ${HOME}/.cache/peek | 1063 | deny ${HOME}/.cache/org.gnome.Maps |
1058 | blacklist ${HOME}/.cache/pip | 1064 | deny ${HOME}/.cache/pdfmod |
1059 | blacklist ${HOME}/.cache/pipe-viewer | 1065 | deny ${HOME}/.cache/peek |
1060 | blacklist ${HOME}/.cache/plasmashell | 1066 | deny ${HOME}/.cache/pip |
1061 | blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite* | 1067 | deny ${HOME}/.cache/pipe-viewer |
1062 | blacklist ${HOME}/.cache/psi | 1068 | deny ${HOME}/.cache/plasmashell |
1063 | blacklist ${HOME}/.cache/qBittorrent | 1069 | deny ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite* |
1064 | blacklist ${HOME}/.cache/qupzilla | 1070 | deny ${HOME}/.cache/psi |
1065 | blacklist ${HOME}/.cache/qutebrowser | 1071 | deny ${HOME}/.cache/qBittorrent |
1066 | blacklist ${HOME}/.cache/rhythmbox | 1072 | deny ${HOME}/.cache/quodlibet |
1067 | blacklist ${HOME}/.cache/shotwell | 1073 | deny ${HOME}/.cache/qupzilla |
1068 | blacklist ${HOME}/.cache/simple-scan | 1074 | deny ${HOME}/.cache/qutebrowser |
1069 | blacklist ${HOME}/.cache/slimjet | 1075 | deny ${HOME}/.cache/rednotebook |
1070 | blacklist ${HOME}/.cache/smuxi | 1076 | deny ${HOME}/.cache/rhythmbox |
1071 | blacklist ${HOME}/.cache/snox | 1077 | deny ${HOME}/.cache/shotwell |
1072 | blacklist ${HOME}/.cache/spotify | 1078 | deny ${HOME}/.cache/simple-scan |
1073 | blacklist ${HOME}/.cache/strawberry | 1079 | deny ${HOME}/.cache/slimjet |
1074 | blacklist ${HOME}/.cache/straw-viewer | 1080 | deny ${HOME}/.cache/smuxi |
1075 | blacklist ${HOME}/.cache/supertuxkart | 1081 | deny ${HOME}/.cache/snox |
1076 | blacklist ${HOME}/.cache/systemsettings | 1082 | deny ${HOME}/.cache/spotify |
1077 | blacklist ${HOME}/.cache/telepathy | 1083 | deny ${HOME}/.cache/straw-viewer |
1078 | blacklist ${HOME}/.cache/thunderbird | 1084 | deny ${HOME}/.cache/strawberry |
1079 | blacklist ${HOME}/.cache/torbrowser | 1085 | deny ${HOME}/.cache/supertuxkart |
1080 | blacklist ${HOME}/.cache/transmission | 1086 | deny ${HOME}/.cache/systemsettings |
1081 | blacklist ${HOME}/.cache/ungoogled-chromium | 1087 | deny ${HOME}/.cache/telepathy |
1082 | blacklist ${HOME}/.cache/vivaldi | 1088 | deny ${HOME}/.cache/thunderbird |
1083 | blacklist ${HOME}/.cache/vivaldi-snapshot | 1089 | deny ${HOME}/.cache/torbrowser |
1084 | blacklist ${HOME}/.cache/vlc | 1090 | deny ${HOME}/.cache/transmission |
1085 | blacklist ${HOME}/.cache/vmware | 1091 | deny ${HOME}/.cache/ungoogled-chromium |
1086 | blacklist ${HOME}/.cache/warsow-2.1 | 1092 | deny ${HOME}/.cache/vivaldi |
1087 | blacklist ${HOME}/.cache/waterfox | 1093 | deny ${HOME}/.cache/vivaldi-snapshot |
1088 | blacklist ${HOME}/.cache/wesnoth | 1094 | deny ${HOME}/.cache/vlc |
1089 | blacklist ${HOME}/.cache/winetricks | 1095 | deny ${HOME}/.cache/vmware |
1090 | blacklist ${HOME}/.cache/xmms2 | 1096 | deny ${HOME}/.cache/warsow-2.1 |
1091 | blacklist ${HOME}/.cache/xreader | 1097 | deny ${HOME}/.cache/waterfox |
1092 | blacklist ${HOME}/.cache/yandex-browser | 1098 | deny ${HOME}/.cache/wesnoth |
1093 | blacklist ${HOME}/.cache/yandex-browser-beta | 1099 | deny ${HOME}/.cache/winetricks |
1094 | blacklist ${HOME}/.cache/youtube-dl | 1100 | deny ${HOME}/.cache/xmms2 |
1095 | blacklist ${HOME}/.cache/youtube-viewer | 1101 | deny ${HOME}/.cache/xreader |
1102 | deny ${HOME}/.cache/yandex-browser | ||
1103 | deny ${HOME}/.cache/yandex-browser-beta | ||
1104 | deny ${HOME}/.cache/youtube-dl | ||
1105 | deny ${HOME}/.cache/youtube-viewer | ||
1106 | deny ${HOME}/.cache/zim | ||
diff --git a/etc/inc/disable-shell.inc b/etc/inc/disable-shell.inc index 8274b0215..da6fb31a3 100644 --- a/etc/inc/disable-shell.inc +++ b/etc/inc/disable-shell.inc | |||
@@ -2,14 +2,14 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include disable-shell.local | 3 | include disable-shell.local |
4 | 4 | ||
5 | blacklist ${PATH}/bash | 5 | deny ${PATH}/bash |
6 | blacklist ${PATH}/csh | 6 | deny ${PATH}/csh |
7 | blacklist ${PATH}/dash | 7 | deny ${PATH}/dash |
8 | blacklist ${PATH}/fish | 8 | deny ${PATH}/fish |
9 | blacklist ${PATH}/ksh | 9 | deny ${PATH}/ksh |
10 | blacklist ${PATH}/mksh | 10 | deny ${PATH}/mksh |
11 | blacklist ${PATH}/oksh | 11 | deny ${PATH}/oksh |
12 | blacklist ${PATH}/sh | 12 | deny ${PATH}/sh |
13 | blacklist ${PATH}/tclsh | 13 | deny ${PATH}/tclsh |
14 | blacklist ${PATH}/tcsh | 14 | deny ${PATH}/tcsh |
15 | blacklist ${PATH}/zsh | 15 | deny ${PATH}/zsh |
diff --git a/etc/inc/disable-xdg.inc b/etc/inc/disable-xdg.inc index 22acf272d..32aa8c7f6 100644 --- a/etc/inc/disable-xdg.inc +++ b/etc/inc/disable-xdg.inc | |||
@@ -2,10 +2,10 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include disable-xdg.local | 3 | include disable-xdg.local |
4 | 4 | ||
5 | blacklist ${DOCUMENTS} | 5 | deny ${DOCUMENTS} |
6 | blacklist ${MUSIC} | 6 | deny ${MUSIC} |
7 | blacklist ${PICTURES} | 7 | deny ${PICTURES} |
8 | blacklist ${VIDEOS} | 8 | deny ${VIDEOS} |
9 | 9 | ||
10 | # The following should be considered catch-all directories | 10 | # The following should be considered catch-all directories |
11 | #blacklist ${DESKTOP} | 11 | #blacklist ${DESKTOP} |
diff --git a/etc/inc/whitelist-1793-workaround.inc b/etc/inc/whitelist-1793-workaround.inc index 862837f12..06a424440 100644 --- a/etc/inc/whitelist-1793-workaround.inc +++ b/etc/inc/whitelist-1793-workaround.inc | |||
@@ -3,27 +3,27 @@ | |||
3 | include whitelist-1793-workaround.local | 3 | include whitelist-1793-workaround.local |
4 | # This works around bug 1793, and allows whitelisting to be used for some KDE applications. | 4 | # This works around bug 1793, and allows whitelisting to be used for some KDE applications. |
5 | 5 | ||
6 | noblacklist ${HOME}/.config/ibus | 6 | nodeny ${HOME}/.config/ibus |
7 | noblacklist ${HOME}/.config/mimeapps.list | 7 | nodeny ${HOME}/.config/mimeapps.list |
8 | noblacklist ${HOME}/.config/pkcs11 | 8 | nodeny ${HOME}/.config/pkcs11 |
9 | noblacklist ${HOME}/.config/user-dirs.dirs | 9 | nodeny ${HOME}/.config/user-dirs.dirs |
10 | noblacklist ${HOME}/.config/user-dirs.locale | 10 | nodeny ${HOME}/.config/user-dirs.locale |
11 | noblacklist ${HOME}/.config/dconf | 11 | nodeny ${HOME}/.config/dconf |
12 | noblacklist ${HOME}/.config/fontconfig | 12 | nodeny ${HOME}/.config/fontconfig |
13 | noblacklist ${HOME}/.config/gtk-2.0 | 13 | nodeny ${HOME}/.config/gtk-2.0 |
14 | noblacklist ${HOME}/.config/gtk-3.0 | 14 | nodeny ${HOME}/.config/gtk-3.0 |
15 | noblacklist ${HOME}/.config/gtk-4.0 | 15 | nodeny ${HOME}/.config/gtk-4.0 |
16 | noblacklist ${HOME}/.config/gtkrc | 16 | nodeny ${HOME}/.config/gtkrc |
17 | noblacklist ${HOME}/.config/gtkrc-2.0 | 17 | nodeny ${HOME}/.config/gtkrc-2.0 |
18 | noblacklist ${HOME}/.config/Kvantum | 18 | nodeny ${HOME}/.config/Kvantum |
19 | noblacklist ${HOME}/.config/Trolltech.conf | 19 | nodeny ${HOME}/.config/Trolltech.conf |
20 | noblacklist ${HOME}/.config/QtProject.conf | 20 | nodeny ${HOME}/.config/QtProject.conf |
21 | noblacklist ${HOME}/.config/kdeglobals | 21 | nodeny ${HOME}/.config/kdeglobals |
22 | noblacklist ${HOME}/.config/kio_httprc | 22 | nodeny ${HOME}/.config/kio_httprc |
23 | noblacklist ${HOME}/.config/kioslaverc | 23 | nodeny ${HOME}/.config/kioslaverc |
24 | noblacklist ${HOME}/.config/ksslcablacklist | 24 | nodeny ${HOME}/.config/ksslcablacklist |
25 | noblacklist ${HOME}/.config/qt5ct | 25 | nodeny ${HOME}/.config/qt5ct |
26 | noblacklist ${HOME}/.config/qtcurve | 26 | nodeny ${HOME}/.config/qtcurve |
27 | 27 | ||
28 | blacklist ${HOME}/.config/* | 28 | deny ${HOME}/.config/* |
29 | whitelist ${HOME}/.config | 29 | allow ${HOME}/.config |
diff --git a/etc/inc/whitelist-common.inc b/etc/inc/whitelist-common.inc index 1d3728521..11070e372 100644 --- a/etc/inc/whitelist-common.inc +++ b/etc/inc/whitelist-common.inc | |||
@@ -4,81 +4,82 @@ include whitelist-common.local | |||
4 | 4 | ||
5 | # common whitelist for all profiles | 5 | # common whitelist for all profiles |
6 | 6 | ||
7 | whitelist ${HOME}/.XCompose | 7 | allow ${HOME}/.XCompose |
8 | whitelist ${HOME}/.alsaequal.bin | 8 | allow ${HOME}/.alsaequal.bin |
9 | whitelist ${HOME}/.asoundrc | 9 | allow ${HOME}/.asoundrc |
10 | whitelist ${HOME}/.config/ibus | 10 | allow ${HOME}/.config/ibus |
11 | whitelist ${HOME}/.config/mimeapps.list | 11 | allow ${HOME}/.config/mimeapps.list |
12 | whitelist ${HOME}/.config/pkcs11 | 12 | allow ${HOME}/.config/pkcs11 |
13 | read-only ${HOME}/.config/pkcs11 | 13 | read-only ${HOME}/.config/pkcs11 |
14 | whitelist ${HOME}/.config/user-dirs.dirs | 14 | allow ${HOME}/.config/user-dirs.dirs |
15 | read-only ${HOME}/.config/user-dirs.dirs | 15 | read-only ${HOME}/.config/user-dirs.dirs |
16 | whitelist ${HOME}/.config/user-dirs.locale | 16 | allow ${HOME}/.config/user-dirs.locale |
17 | read-only ${HOME}/.config/user-dirs.locale | 17 | read-only ${HOME}/.config/user-dirs.locale |
18 | whitelist ${HOME}/.drirc | 18 | allow ${HOME}/.drirc |
19 | whitelist ${HOME}/.icons | 19 | allow ${HOME}/.icons |
20 | ?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit | 20 | ?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit |
21 | whitelist ${HOME}/.local/share/applications | 21 | allow ${HOME}/.local/share/applications |
22 | read-only ${HOME}/.local/share/applications | 22 | read-only ${HOME}/.local/share/applications |
23 | whitelist ${HOME}/.local/share/icons | 23 | allow ${HOME}/.local/share/icons |
24 | whitelist ${HOME}/.local/share/mime | 24 | allow ${HOME}/.local/share/mime |
25 | whitelist ${HOME}/.mime.types | 25 | allow ${HOME}/.mime.types |
26 | whitelist ${HOME}/.uim.d | 26 | allow ${HOME}/.sndio/cookie |
27 | allow ${HOME}/.uim.d | ||
27 | 28 | ||
28 | # dconf | 29 | # dconf |
29 | mkdir ${HOME}/.config/dconf | 30 | mkdir ${HOME}/.config/dconf |
30 | whitelist ${HOME}/.config/dconf | 31 | allow ${HOME}/.config/dconf |
31 | 32 | ||
32 | # fonts | 33 | # fonts |
33 | whitelist ${HOME}/.cache/fontconfig | 34 | allow ${HOME}/.cache/fontconfig |
34 | whitelist ${HOME}/.config/fontconfig | 35 | allow ${HOME}/.config/fontconfig |
35 | whitelist ${HOME}/.fontconfig | 36 | allow ${HOME}/.fontconfig |
36 | whitelist ${HOME}/.fonts | 37 | allow ${HOME}/.fonts |
37 | whitelist ${HOME}/.fonts.conf | 38 | allow ${HOME}/.fonts.conf |
38 | whitelist ${HOME}/.fonts.conf.d | 39 | allow ${HOME}/.fonts.conf.d |
39 | whitelist ${HOME}/.fonts.d | 40 | allow ${HOME}/.fonts.d |
40 | whitelist ${HOME}/.local/share/fonts | 41 | allow ${HOME}/.local/share/fonts |
41 | whitelist ${HOME}/.pangorc | 42 | allow ${HOME}/.pangorc |
42 | 43 | ||
43 | # gtk | 44 | # gtk |
44 | whitelist ${HOME}/.config/gtk-2.0 | 45 | allow ${HOME}/.config/gtk-2.0 |
45 | whitelist ${HOME}/.config/gtk-3.0 | 46 | allow ${HOME}/.config/gtk-3.0 |
46 | whitelist ${HOME}/.config/gtk-4.0 | 47 | allow ${HOME}/.config/gtk-4.0 |
47 | whitelist ${HOME}/.config/gtkrc | 48 | allow ${HOME}/.config/gtkrc |
48 | whitelist ${HOME}/.config/gtkrc-2.0 | 49 | allow ${HOME}/.config/gtkrc-2.0 |
49 | whitelist ${HOME}/.gnome2 | 50 | allow ${HOME}/.gnome2 |
50 | whitelist ${HOME}/.gnome2-private | 51 | allow ${HOME}/.gnome2-private |
51 | whitelist ${HOME}/.gtk-2.0 | 52 | allow ${HOME}/.gtk-2.0 |
52 | whitelist ${HOME}/.gtkrc | 53 | allow ${HOME}/.gtkrc |
53 | whitelist ${HOME}/.gtkrc-2.0 | 54 | allow ${HOME}/.gtkrc-2.0 |
54 | whitelist ${HOME}/.kde/share/config/gtkrc | 55 | allow ${HOME}/.kde/share/config/gtkrc |
55 | whitelist ${HOME}/.kde/share/config/gtkrc-2.0 | 56 | allow ${HOME}/.kde/share/config/gtkrc-2.0 |
56 | whitelist ${HOME}/.kde4/share/config/gtkrc | 57 | allow ${HOME}/.kde4/share/config/gtkrc |
57 | whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 | 58 | allow ${HOME}/.kde4/share/config/gtkrc-2.0 |
58 | whitelist ${HOME}/.local/share/themes | 59 | allow ${HOME}/.local/share/themes |
59 | whitelist ${HOME}/.themes | 60 | allow ${HOME}/.themes |
60 | 61 | ||
61 | # qt/kde | 62 | # qt/kde |
62 | whitelist ${HOME}/.cache/kioexec/krun | 63 | allow ${HOME}/.cache/kioexec/krun |
63 | whitelist ${HOME}/.config/Kvantum | 64 | allow ${HOME}/.config/Kvantum |
64 | whitelist ${HOME}/.config/Trolltech.conf | 65 | allow ${HOME}/.config/Trolltech.conf |
65 | whitelist ${HOME}/.config/QtProject.conf | 66 | allow ${HOME}/.config/QtProject.conf |
66 | whitelist ${HOME}/.config/kdeglobals | 67 | allow ${HOME}/.config/kdeglobals |
67 | whitelist ${HOME}/.config/kio_httprc | 68 | allow ${HOME}/.config/kio_httprc |
68 | whitelist ${HOME}/.config/kioslaverc | 69 | allow ${HOME}/.config/kioslaverc |
69 | whitelist ${HOME}/.config/ksslcablacklist | 70 | allow ${HOME}/.config/ksslcablacklist |
70 | whitelist ${HOME}/.config/qt5ct | 71 | allow ${HOME}/.config/qt5ct |
71 | whitelist ${HOME}/.config/qtcurve | 72 | allow ${HOME}/.config/qtcurve |
72 | whitelist ${HOME}/.kde/share/config/kdeglobals | 73 | allow ${HOME}/.kde/share/config/kdeglobals |
73 | whitelist ${HOME}/.kde/share/config/kio_httprc | 74 | allow ${HOME}/.kde/share/config/kio_httprc |
74 | whitelist ${HOME}/.kde/share/config/kioslaverc | 75 | allow ${HOME}/.kde/share/config/kioslaverc |
75 | whitelist ${HOME}/.kde/share/config/ksslcablacklist | 76 | allow ${HOME}/.kde/share/config/ksslcablacklist |
76 | whitelist ${HOME}/.kde/share/config/oxygenrc | 77 | allow ${HOME}/.kde/share/config/oxygenrc |
77 | whitelist ${HOME}/.kde/share/icons | 78 | allow ${HOME}/.kde/share/icons |
78 | whitelist ${HOME}/.kde4/share/config/kdeglobals | 79 | allow ${HOME}/.kde4/share/config/kdeglobals |
79 | whitelist ${HOME}/.kde4/share/config/kio_httprc | 80 | allow ${HOME}/.kde4/share/config/kio_httprc |
80 | whitelist ${HOME}/.kde4/share/config/kioslaverc | 81 | allow ${HOME}/.kde4/share/config/kioslaverc |
81 | whitelist ${HOME}/.kde4/share/config/ksslcablacklist | 82 | allow ${HOME}/.kde4/share/config/ksslcablacklist |
82 | whitelist ${HOME}/.kde4/share/config/oxygenrc | 83 | allow ${HOME}/.kde4/share/config/oxygenrc |
83 | whitelist ${HOME}/.kde4/share/icons | 84 | allow ${HOME}/.kde4/share/icons |
84 | whitelist ${HOME}/.local/share/qt5ct | 85 | allow ${HOME}/.local/share/qt5ct |
diff --git a/etc/inc/whitelist-player-common.inc b/etc/inc/whitelist-player-common.inc index e5bf36804..d6ae8eab6 100644 --- a/etc/inc/whitelist-player-common.inc +++ b/etc/inc/whitelist-player-common.inc | |||
@@ -4,8 +4,8 @@ include whitelist-player-common.local | |||
4 | 4 | ||
5 | # common whitelist for all media players | 5 | # common whitelist for all media players |
6 | 6 | ||
7 | whitelist ${DESKTOP} | 7 | allow ${DESKTOP} |
8 | whitelist ${DOWNLOADS} | 8 | allow ${DOWNLOADS} |
9 | whitelist ${MUSIC} | 9 | allow ${MUSIC} |
10 | whitelist ${PICTURES} | 10 | allow ${PICTURES} |
11 | whitelist ${VIDEOS} | 11 | allow ${VIDEOS} |
diff --git a/etc/inc/whitelist-run-common.inc b/etc/inc/whitelist-run-common.inc new file mode 100644 index 000000000..a1345eb43 --- /dev/null +++ b/etc/inc/whitelist-run-common.inc | |||
@@ -0,0 +1,9 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include whitelist-run-common.local | ||
4 | |||
5 | whitelist /run/NetworkManager/resolv.conf | ||
6 | whitelist /run/cups/cups.sock | ||
7 | whitelist /run/dbus/system_bus_socket | ||
8 | whitelist /run/systemd/resolve/resolv.conf | ||
9 | whitelist /run/systemd/resolve/stub-resolv.conf | ||
diff --git a/etc/inc/whitelist-runuser-common.inc b/etc/inc/whitelist-runuser-common.inc index 48309ffe3..86e5264b9 100644 --- a/etc/inc/whitelist-runuser-common.inc +++ b/etc/inc/whitelist-runuser-common.inc | |||
@@ -4,13 +4,13 @@ include whitelist-runuser-common.local | |||
4 | 4 | ||
5 | # common ${RUNUSER} (=/run/user/$UID) whitelist for all profiles | 5 | # common ${RUNUSER} (=/run/user/$UID) whitelist for all profiles |
6 | 6 | ||
7 | whitelist ${RUNUSER}/bus | 7 | allow ${RUNUSER}/bus |
8 | whitelist ${RUNUSER}/dconf | 8 | allow ${RUNUSER}/dconf |
9 | whitelist ${RUNUSER}/gdm/Xauthority | 9 | allow ${RUNUSER}/gdm/Xauthority |
10 | whitelist ${RUNUSER}/ICEauthority | 10 | allow ${RUNUSER}/ICEauthority |
11 | whitelist ${RUNUSER}/.mutter-Xwaylandauth.* | 11 | allow ${RUNUSER}/.mutter-Xwaylandauth.* |
12 | whitelist ${RUNUSER}/pulse/native | 12 | allow ${RUNUSER}/pulse/native |
13 | whitelist ${RUNUSER}/wayland-0 | 13 | allow ${RUNUSER}/wayland-0 |
14 | whitelist ${RUNUSER}/wayland-1 | 14 | allow ${RUNUSER}/wayland-1 |
15 | whitelist ${RUNUSER}/xauth_* | 15 | allow ${RUNUSER}/xauth_* |
16 | whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] | 16 | allow ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] |
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc index fe0097934..64296da15 100644 --- a/etc/inc/whitelist-usr-share-common.inc +++ b/etc/inc/whitelist-usr-share-common.inc | |||
@@ -4,66 +4,66 @@ include whitelist-usr-share-common.local | |||
4 | 4 | ||
5 | # common /usr/share whitelist for all profiles | 5 | # common /usr/share whitelist for all profiles |
6 | 6 | ||
7 | whitelist /usr/share/alsa | 7 | allow /usr/share/alsa |
8 | whitelist /usr/share/applications | 8 | allow /usr/share/applications |
9 | whitelist /usr/share/ca-certificates | 9 | allow /usr/share/ca-certificates |
10 | whitelist /usr/share/crypto-policies | 10 | allow /usr/share/crypto-policies |
11 | whitelist /usr/share/cursors | 11 | allow /usr/share/cursors |
12 | whitelist /usr/share/dconf | 12 | allow /usr/share/dconf |
13 | whitelist /usr/share/distro-info | 13 | allow /usr/share/distro-info |
14 | whitelist /usr/share/drirc.d | 14 | allow /usr/share/drirc.d |
15 | whitelist /usr/share/enchant | 15 | allow /usr/share/enchant |
16 | whitelist /usr/share/enchant-2 | 16 | allow /usr/share/enchant-2 |
17 | whitelist /usr/share/file | 17 | allow /usr/share/file |
18 | whitelist /usr/share/fontconfig | 18 | allow /usr/share/fontconfig |
19 | whitelist /usr/share/fonts | 19 | allow /usr/share/fonts |
20 | whitelist /usr/share/fonts-config | 20 | allow /usr/share/fonts-config |
21 | whitelist /usr/share/gir-1.0 | 21 | allow /usr/share/gir-1.0 |
22 | whitelist /usr/share/gjs-1.0 | 22 | allow /usr/share/gjs-1.0 |
23 | whitelist /usr/share/glib-2.0 | 23 | allow /usr/share/glib-2.0 |
24 | whitelist /usr/share/glvnd | 24 | allow /usr/share/glvnd |
25 | whitelist /usr/share/gtk-2.0 | 25 | allow /usr/share/gtk-2.0 |
26 | whitelist /usr/share/gtk-3.0 | 26 | allow /usr/share/gtk-3.0 |
27 | whitelist /usr/share/gtk-engines | 27 | allow /usr/share/gtk-engines |
28 | whitelist /usr/share/gtksourceview-3.0 | 28 | allow /usr/share/gtksourceview-3.0 |
29 | whitelist /usr/share/gtksourceview-4 | 29 | allow /usr/share/gtksourceview-4 |
30 | whitelist /usr/share/hunspell | 30 | allow /usr/share/hunspell |
31 | whitelist /usr/share/hwdata | 31 | allow /usr/share/hwdata |
32 | whitelist /usr/share/icons | 32 | allow /usr/share/icons |
33 | whitelist /usr/share/icu | 33 | allow /usr/share/icu |
34 | whitelist /usr/share/knotifications5 | 34 | allow /usr/share/knotifications5 |
35 | whitelist /usr/share/kservices5 | 35 | allow /usr/share/kservices5 |
36 | whitelist /usr/share/Kvantum | 36 | allow /usr/share/Kvantum |
37 | whitelist /usr/share/kxmlgui5 | 37 | allow /usr/share/kxmlgui5 |
38 | whitelist /usr/share/libdrm | 38 | allow /usr/share/libdrm |
39 | whitelist /usr/share/libthai | 39 | allow /usr/share/libthai |
40 | whitelist /usr/share/locale | 40 | allow /usr/share/locale |
41 | whitelist /usr/share/mime | 41 | allow /usr/share/mime |
42 | whitelist /usr/share/misc | 42 | allow /usr/share/misc |
43 | whitelist /usr/share/Modules | 43 | allow /usr/share/Modules |
44 | whitelist /usr/share/myspell | 44 | allow /usr/share/myspell |
45 | whitelist /usr/share/p11-kit | 45 | allow /usr/share/p11-kit |
46 | whitelist /usr/share/perl | 46 | allow /usr/share/perl |
47 | whitelist /usr/share/perl5 | 47 | allow /usr/share/perl5 |
48 | whitelist /usr/share/pixmaps | 48 | allow /usr/share/pixmaps |
49 | whitelist /usr/share/pki | 49 | allow /usr/share/pki |
50 | whitelist /usr/share/plasma | 50 | allow /usr/share/plasma |
51 | whitelist /usr/share/publicsuffix | 51 | allow /usr/share/publicsuffix |
52 | whitelist /usr/share/qt | 52 | allow /usr/share/qt |
53 | whitelist /usr/share/qt4 | 53 | allow /usr/share/qt4 |
54 | whitelist /usr/share/qt5 | 54 | allow /usr/share/qt5 |
55 | whitelist /usr/share/qt5ct | 55 | allow /usr/share/qt5ct |
56 | whitelist /usr/share/sounds | 56 | allow /usr/share/sounds |
57 | whitelist /usr/share/tcl8.6 | 57 | allow /usr/share/tcl8.6 |
58 | whitelist /usr/share/tcltk | 58 | allow /usr/share/tcltk |
59 | whitelist /usr/share/terminfo | 59 | allow /usr/share/terminfo |
60 | whitelist /usr/share/texlive | 60 | allow /usr/share/texlive |
61 | whitelist /usr/share/texmf | 61 | allow /usr/share/texmf |
62 | whitelist /usr/share/themes | 62 | allow /usr/share/themes |
63 | whitelist /usr/share/thumbnail.so | 63 | allow /usr/share/thumbnail.so |
64 | whitelist /usr/share/uim | 64 | allow /usr/share/uim |
65 | whitelist /usr/share/vulkan | 65 | allow /usr/share/vulkan |
66 | whitelist /usr/share/X11 | 66 | allow /usr/share/X11 |
67 | whitelist /usr/share/xml | 67 | allow /usr/share/xml |
68 | whitelist /usr/share/zenity | 68 | allow /usr/share/zenity |
69 | whitelist /usr/share/zoneinfo | 69 | allow /usr/share/zoneinfo |
diff --git a/etc/inc/whitelist-var-common.inc b/etc/inc/whitelist-var-common.inc index d8ba84ad0..c449e8905 100644 --- a/etc/inc/whitelist-var-common.inc +++ b/etc/inc/whitelist-var-common.inc | |||
@@ -4,12 +4,12 @@ include whitelist-var-common.local | |||
4 | 4 | ||
5 | # common /var whitelist for all profiles | 5 | # common /var whitelist for all profiles |
6 | 6 | ||
7 | whitelist /var/lib/aspell | 7 | allow /var/lib/aspell |
8 | whitelist /var/lib/ca-certificates | 8 | allow /var/lib/ca-certificates |
9 | whitelist /var/lib/dbus | 9 | allow /var/lib/dbus |
10 | whitelist /var/lib/menu-xdg | 10 | allow /var/lib/menu-xdg |
11 | whitelist /var/lib/uim | 11 | allow /var/lib/uim |
12 | whitelist /var/cache/fontconfig | 12 | allow /var/cache/fontconfig |
13 | whitelist /var/tmp | 13 | allow /var/tmp |
14 | whitelist /var/run | 14 | allow /var/run |
15 | whitelist /var/lock | 15 | allow /var/lock |
diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile index 4009853d3..6f493fff1 100644 --- a/etc/profile-a-l/0ad.profile +++ b/etc/profile-a-l/0ad.profile | |||
@@ -6,11 +6,11 @@ include 0ad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/0ad | 9 | nodeny ${HOME}/.cache/0ad |
10 | noblacklist ${HOME}/.config/0ad | 10 | nodeny ${HOME}/.config/0ad |
11 | noblacklist ${HOME}/.local/share/0ad | 11 | nodeny ${HOME}/.local/share/0ad |
12 | 12 | ||
13 | blacklist /usr/libexec | 13 | deny /usr/libexec |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -23,11 +23,11 @@ include disable-xdg.inc | |||
23 | mkdir ${HOME}/.cache/0ad | 23 | mkdir ${HOME}/.cache/0ad |
24 | mkdir ${HOME}/.config/0ad | 24 | mkdir ${HOME}/.config/0ad |
25 | mkdir ${HOME}/.local/share/0ad | 25 | mkdir ${HOME}/.local/share/0ad |
26 | whitelist ${HOME}/.cache/0ad | 26 | allow ${HOME}/.cache/0ad |
27 | whitelist ${HOME}/.config/0ad | 27 | allow ${HOME}/.config/0ad |
28 | whitelist ${HOME}/.local/share/0ad | 28 | allow ${HOME}/.local/share/0ad |
29 | whitelist /usr/share/0ad | 29 | allow /usr/share/0ad |
30 | whitelist /usr/share/games | 30 | allow /usr/share/games |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/2048-qt.profile b/etc/profile-a-l/2048-qt.profile index 1d787cba7..3a7b331a7 100644 --- a/etc/profile-a-l/2048-qt.profile +++ b/etc/profile-a-l/2048-qt.profile | |||
@@ -6,8 +6,8 @@ include 2048-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/2048-qt | 9 | nodeny ${HOME}/.config/2048-qt |
10 | noblacklist ${HOME}/.config/xiaoyong | 10 | nodeny ${HOME}/.config/xiaoyong |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.config/2048-qt | 19 | mkdir ${HOME}/.config/2048-qt |
20 | mkdir ${HOME}/.config/xiaoyong | 20 | mkdir ${HOME}/.config/xiaoyong |
21 | whitelist ${HOME}/.config/2048-qt | 21 | allow ${HOME}/.config/2048-qt |
22 | whitelist ${HOME}/.config/xiaoyong | 22 | allow ${HOME}/.config/xiaoyong |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-a-l/Cryptocat.profile b/etc/profile-a-l/Cryptocat.profile index 1d86b0fbf..def0ec111 100644 --- a/etc/profile-a-l/Cryptocat.profile +++ b/etc/profile-a-l/Cryptocat.profile | |||
@@ -5,7 +5,7 @@ include Cryptocat.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Cryptocat | 8 | nodeny ${HOME}/.config/Cryptocat |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/Discord.profile b/etc/profile-a-l/Discord.profile index 3f274b21c..1d3ae49ca 100644 --- a/etc/profile-a-l/Discord.profile +++ b/etc/profile-a-l/Discord.profile | |||
@@ -5,10 +5,10 @@ include Discord.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/discord | 8 | nodeny ${HOME}/.config/discord |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discord | 10 | mkdir ${HOME}/.config/discord |
11 | whitelist ${HOME}/.config/discord | 11 | allow ${HOME}/.config/discord |
12 | 12 | ||
13 | private-bin Discord | 13 | private-bin Discord |
14 | private-opt Discord | 14 | private-opt Discord |
diff --git a/etc/profile-a-l/DiscordCanary.profile b/etc/profile-a-l/DiscordCanary.profile index d24e73ed8..3c85f187b 100644 --- a/etc/profile-a-l/DiscordCanary.profile +++ b/etc/profile-a-l/DiscordCanary.profile | |||
@@ -5,10 +5,10 @@ include DiscordCanary.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/discordcanary | 8 | nodeny ${HOME}/.config/discordcanary |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discordcanary | 10 | mkdir ${HOME}/.config/discordcanary |
11 | whitelist ${HOME}/.config/discordcanary | 11 | allow ${HOME}/.config/discordcanary |
12 | 12 | ||
13 | private-bin DiscordCanary | 13 | private-bin DiscordCanary |
14 | private-opt DiscordCanary | 14 | private-opt DiscordCanary |
diff --git a/etc/profile-a-l/Fritzing.profile b/etc/profile-a-l/Fritzing.profile index 7dc6b5ff0..8f746581f 100644 --- a/etc/profile-a-l/Fritzing.profile +++ b/etc/profile-a-l/Fritzing.profile | |||
@@ -6,8 +6,8 @@ include Fritzing.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Fritzing | 9 | nodeny ${HOME}/.config/Fritzing |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/JDownloader.profile b/etc/profile-a-l/JDownloader.profile index d10b70796..9a00c3230 100644 --- a/etc/profile-a-l/JDownloader.profile +++ b/etc/profile-a-l/JDownloader.profile | |||
@@ -5,7 +5,7 @@ include JDownloader.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.jd | 8 | nodeny ${HOME}/.jd |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
@@ -19,8 +19,8 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.jd | 21 | mkdir ${HOME}/.jd |
22 | whitelist ${HOME}/.jd | 22 | allow ${HOME}/.jd |
23 | whitelist ${DOWNLOADS} | 23 | allow ${DOWNLOADS} |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile index 75da9a956..2a92c7db4 100644 --- a/etc/profile-a-l/abiword.profile +++ b/etc/profile-a-l/abiword.profile | |||
@@ -6,7 +6,7 @@ include abiword.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/abiword | 9 | nodeny ${HOME}/.config/abiword |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | whitelist /usr/share/abiword-3.0 | 19 | allow /usr/share/abiword-3.0 |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/abrowser.profile b/etc/profile-a-l/abrowser.profile index 2e6e8f1af..70ddcec20 100644 --- a/etc/profile-a-l/abrowser.profile +++ b/etc/profile-a-l/abrowser.profile | |||
@@ -5,13 +5,13 @@ include abrowser.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/mozilla | 8 | nodeny ${HOME}/.cache/mozilla |
9 | noblacklist ${HOME}/.mozilla | 9 | nodeny ${HOME}/.mozilla |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/mozilla/abrowser | 11 | mkdir ${HOME}/.cache/mozilla/abrowser |
12 | mkdir ${HOME}/.mozilla | 12 | mkdir ${HOME}/.mozilla |
13 | whitelist ${HOME}/.cache/mozilla/abrowser | 13 | allow ${HOME}/.cache/mozilla/abrowser |
14 | whitelist ${HOME}/.mozilla | 14 | allow ${HOME}/.mozilla |
15 | 15 | ||
16 | # private-etc must first be enabled in firefox-common.profile | 16 | # private-etc must first be enabled in firefox-common.profile |
17 | #private-etc abrowser | 17 | #private-etc abrowser |
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile index 34f59769e..d32586c5b 100644 --- a/etc/profile-a-l/agetpkg.profile +++ b/etc/profile-a-l/agetpkg.profile | |||
@@ -7,8 +7,8 @@ include agetpkg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | #include allow-python2.inc | 14 | #include allow-python2.inc |
@@ -23,7 +23,7 @@ include disable-programs.inc | |||
23 | include disable-shell.inc | 23 | include disable-shell.inc |
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | whitelist ${DOWNLOADS} | 26 | allow ${DOWNLOADS} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile index 37fdb38b5..7b1d1445f 100644 --- a/etc/profile-a-l/akonadi_control.profile +++ b/etc/profile-a-l/akonadi_control.profile | |||
@@ -4,22 +4,22 @@ include akonadi_control.local | |||
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include globals.local | 5 | include globals.local |
6 | 6 | ||
7 | noblacklist ${HOME}/.cache/akonadi* | 7 | nodeny ${HOME}/.cache/akonadi* |
8 | noblacklist ${HOME}/.config/akonadi* | 8 | nodeny ${HOME}/.config/akonadi* |
9 | noblacklist ${HOME}/.config/baloorc | 9 | nodeny ${HOME}/.config/baloorc |
10 | noblacklist ${HOME}/.config/emaildefaults | 10 | nodeny ${HOME}/.config/emaildefaults |
11 | noblacklist ${HOME}/.config/emailidentities | 11 | nodeny ${HOME}/.config/emailidentities |
12 | noblacklist ${HOME}/.config/kmail2rc | 12 | nodeny ${HOME}/.config/kmail2rc |
13 | noblacklist ${HOME}/.config/mailtransports | 13 | nodeny ${HOME}/.config/mailtransports |
14 | noblacklist ${HOME}/.config/specialmailcollectionsrc | 14 | nodeny ${HOME}/.config/specialmailcollectionsrc |
15 | noblacklist ${HOME}/.local/share/akonadi* | 15 | nodeny ${HOME}/.local/share/akonadi* |
16 | noblacklist ${HOME}/.local/share/apps/korganizer | 16 | nodeny ${HOME}/.local/share/apps/korganizer |
17 | noblacklist ${HOME}/.local/share/contacts | 17 | nodeny ${HOME}/.local/share/contacts |
18 | noblacklist ${HOME}/.local/share/local-mail | 18 | nodeny ${HOME}/.local/share/local-mail |
19 | noblacklist ${HOME}/.local/share/notes | 19 | nodeny ${HOME}/.local/share/notes |
20 | noblacklist /sbin | 20 | nodeny /sbin |
21 | noblacklist /tmp/akonadi-* | 21 | nodeny /tmp/akonadi-* |
22 | noblacklist /usr/sbin | 22 | nodeny /usr/sbin |
23 | 23 | ||
24 | include disable-common.inc | 24 | include disable-common.inc |
25 | include disable-devel.inc | 25 | include disable-devel.inc |
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile index 38fcd2dc1..b2323547c 100644 --- a/etc/profile-a-l/akregator.profile +++ b/etc/profile-a-l/akregator.profile | |||
@@ -6,9 +6,9 @@ include akregator.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/akregatorrc | 9 | nodeny ${HOME}/.config/akregatorrc |
10 | noblacklist ${HOME}/.local/share/akregator | 10 | nodeny ${HOME}/.local/share/akregator |
11 | noblacklist ${HOME}/.local/share/kxmlgui5/akregator | 11 | nodeny ${HOME}/.local/share/kxmlgui5/akregator |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,10 +21,10 @@ include disable-shell.inc | |||
21 | mkfile ${HOME}/.config/akregatorrc | 21 | mkfile ${HOME}/.config/akregatorrc |
22 | mkdir ${HOME}/.local/share/akregator | 22 | mkdir ${HOME}/.local/share/akregator |
23 | mkdir ${HOME}/.local/share/kxmlgui5/akregator | 23 | mkdir ${HOME}/.local/share/kxmlgui5/akregator |
24 | whitelist ${HOME}/.config/akregatorrc | 24 | allow ${HOME}/.config/akregatorrc |
25 | whitelist ${HOME}/.local/share/akregator | 25 | allow ${HOME}/.local/share/akregator |
26 | whitelist ${HOME}/.local/share/kssl | 26 | allow ${HOME}/.local/share/kssl |
27 | whitelist ${HOME}/.local/share/kxmlgui5/akregator | 27 | allow ${HOME}/.local/share/kxmlgui5/akregator |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile index 4c6d68020..ca6c8d887 100644 --- a/etc/profile-a-l/alacarte.profile +++ b/etc/profile-a-l/alacarte.profile | |||
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | # Whitelist your system icon directory,varies by distro | 21 | # Whitelist your system icon directory,varies by distro |
22 | whitelist /usr/share/alacarte | 22 | allow /usr/share/alacarte |
23 | whitelist /usr/share/app-info | 23 | allow /usr/share/app-info |
24 | whitelist /usr/share/desktop-directories | 24 | allow /usr/share/desktop-directories |
25 | whitelist /usr/share/icons | 25 | allow /usr/share/icons |
26 | whitelist /var/lib/app-info/icons | 26 | allow /var/lib/app-info/icons |
27 | whitelist /var/lib/flatpak/exports/share/applications | 27 | allow /var/lib/flatpak/exports/share/applications |
28 | whitelist /var/lib/flatpak/exports/share/icons | 28 | allow /var/lib/flatpak/exports/share/icons |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile index 81ee6bd46..220c3345d 100644 --- a/etc/profile-a-l/alienarena.profile +++ b/etc/profile-a-l/alienarena.profile | |||
@@ -6,7 +6,7 @@ include alienarena.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/cor-games | 9 | nodeny ${HOME}/.local/share/cor-games |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/cor-games | 20 | mkdir ${HOME}/.local/share/cor-games |
21 | whitelist ${HOME}/.local/share/cor-games | 21 | allow ${HOME}/.local/share/cor-games |
22 | whitelist /usr/share/alienarena | 22 | allow /usr/share/alienarena |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile index 0b5cf0df0..6fa3edfa1 100644 --- a/etc/profile-a-l/alpine.profile +++ b/etc/profile-a-l/alpine.profile | |||
@@ -10,28 +10,28 @@ include globals.local | |||
10 | # Workaround for bug https://github.com/netblue30/firejail/issues/2747 | 10 | # Workaround for bug https://github.com/netblue30/firejail/issues/2747 |
11 | # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)' | 11 | # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)' |
12 | 12 | ||
13 | noblacklist /var/mail | 13 | nodeny /var/mail |
14 | noblacklist /var/spool/mail | 14 | nodeny /var/spool/mail |
15 | noblacklist ${DOCUMENTS} | 15 | nodeny ${DOCUMENTS} |
16 | noblacklist ${HOME}/.addressbook | 16 | nodeny ${HOME}/.addressbook |
17 | noblacklist ${HOME}/.alpine-smime | 17 | nodeny ${HOME}/.alpine-smime |
18 | noblacklist ${HOME}/.mailcap | 18 | nodeny ${HOME}/.mailcap |
19 | noblacklist ${HOME}/.mh_profile | 19 | nodeny ${HOME}/.mh_profile |
20 | noblacklist ${HOME}/.mime.types | 20 | nodeny ${HOME}/.mime.types |
21 | noblacklist ${HOME}/.newsrc | 21 | nodeny ${HOME}/.newsrc |
22 | noblacklist ${HOME}/.pine-crash | 22 | nodeny ${HOME}/.pine-crash |
23 | noblacklist ${HOME}/.pine-debug1 | 23 | nodeny ${HOME}/.pine-debug1 |
24 | noblacklist ${HOME}/.pine-debug2 | 24 | nodeny ${HOME}/.pine-debug2 |
25 | noblacklist ${HOME}/.pine-debug3 | 25 | nodeny ${HOME}/.pine-debug3 |
26 | noblacklist ${HOME}/.pine-debug4 | 26 | nodeny ${HOME}/.pine-debug4 |
27 | noblacklist ${HOME}/.pine-interrupted-mail | 27 | nodeny ${HOME}/.pine-interrupted-mail |
28 | noblacklist ${HOME}/.pinerc | 28 | nodeny ${HOME}/.pinerc |
29 | noblacklist ${HOME}/.pinercex | 29 | nodeny ${HOME}/.pinercex |
30 | noblacklist ${HOME}/.signature | 30 | nodeny ${HOME}/.signature |
31 | noblacklist ${HOME}/mail | 31 | nodeny ${HOME}/mail |
32 | 32 | ||
33 | blacklist /tmp/.X11-unix | 33 | deny /tmp/.X11-unix |
34 | blacklist ${RUNUSER}/wayland-* | 34 | deny ${RUNUSER}/wayland-* |
35 | 35 | ||
36 | include disable-common.inc | 36 | include disable-common.inc |
37 | include disable-devel.inc | 37 | include disable-devel.inc |
@@ -60,8 +60,8 @@ include disable-xdg.inc | |||
60 | #whitelist ${HOME}/.pine-debug4 | 60 | #whitelist ${HOME}/.pine-debug4 |
61 | #whitelist ${HOME}/.signature | 61 | #whitelist ${HOME}/.signature |
62 | #whitelist ${HOME}/mail | 62 | #whitelist ${HOME}/mail |
63 | whitelist /var/mail | 63 | allow /var/mail |
64 | whitelist /var/spool/mail | 64 | allow /var/spool/mail |
65 | #include whitelist-common.inc | 65 | #include whitelist-common.inc |
66 | include whitelist-runuser-common.inc | 66 | include whitelist-runuser-common.inc |
67 | include whitelist-usr-share-common.inc | 67 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile index a7caddc4c..03aba36e4 100644 --- a/etc/profile-a-l/amarok.profile +++ b/etc/profile-a-l/amarok.profile | |||
@@ -6,7 +6,7 @@ include amarok.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/amule.profile b/etc/profile-a-l/amule.profile index e3c4164ee..00039a7e9 100644 --- a/etc/profile-a-l/amule.profile +++ b/etc/profile-a-l/amule.profile | |||
@@ -6,7 +6,7 @@ include amule.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.aMule | 9 | nodeny ${HOME}/.aMule |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.aMule | 18 | mkdir ${HOME}/.aMule |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.aMule | 20 | allow ${HOME}/.aMule |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile index 5a21744cf..5bf6ed773 100644 --- a/etc/profile-a-l/android-studio.profile +++ b/etc/profile-a-l/android-studio.profile | |||
@@ -5,13 +5,13 @@ include android-studio.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Google | 8 | nodeny ${HOME}/.config/Google |
9 | noblacklist ${HOME}/.AndroidStudio* | 9 | nodeny ${HOME}/.AndroidStudio* |
10 | noblacklist ${HOME}/.android | 10 | nodeny ${HOME}/.android |
11 | noblacklist ${HOME}/.jack-server | 11 | nodeny ${HOME}/.jack-server |
12 | noblacklist ${HOME}/.jack-settings | 12 | nodeny ${HOME}/.jack-settings |
13 | noblacklist ${HOME}/.local/share/JetBrains | 13 | nodeny ${HOME}/.local/share/JetBrains |
14 | noblacklist ${HOME}/.tooling | 14 | nodeny ${HOME}/.tooling |
15 | 15 | ||
16 | # Allows files commonly used by IDEs | 16 | # Allows files commonly used by IDEs |
17 | include allow-common-devel.inc | 17 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile index ef60e91c2..c1aa18ff3 100644 --- a/etc/profile-a-l/anki.profile +++ b/etc/profile-a-l/anki.profile | |||
@@ -6,8 +6,8 @@ include anki.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${HOME}/.local/share/Anki2 | 10 | nodeny ${HOME}/.local/share/Anki2 |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -23,8 +23,8 @@ include disable-shell.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.local/share/Anki2 | 25 | mkdir ${HOME}/.local/share/Anki2 |
26 | whitelist ${DOCUMENTS} | 26 | allow ${DOCUMENTS} |
27 | whitelist ${HOME}/.local/share/Anki2 | 27 | allow ${HOME}/.local/share/Anki2 |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
@@ -46,7 +46,6 @@ protocol unix,inet,inet6 | |||
46 | # QtWebengine needs chroot to set up its own sandbox | 46 | # QtWebengine needs chroot to set up its own sandbox |
47 | seccomp !chroot | 47 | seccomp !chroot |
48 | shell none | 48 | shell none |
49 | tracelog | ||
50 | 49 | ||
51 | disable-mnt | 50 | disable-mnt |
52 | private-bin anki,python* | 51 | private-bin anki,python* |
diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile index fdaf10259..cb30ed8da 100644 --- a/etc/profile-a-l/anydesk.profile +++ b/etc/profile-a-l/anydesk.profile | |||
@@ -5,7 +5,7 @@ include anydesk.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.anydesk | 8 | nodeny ${HOME}/.anydesk |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.anydesk | 17 | mkdir ${HOME}/.anydesk |
18 | whitelist ${HOME}/.anydesk | 18 | allow ${HOME}/.anydesk |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile index e7b09283e..d647a4657 100644 --- a/etc/profile-a-l/aosp.profile +++ b/etc/profile-a-l/aosp.profile | |||
@@ -5,13 +5,13 @@ include aosp.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.android | 8 | nodeny ${HOME}/.android |
9 | noblacklist ${HOME}/.bash_history | 9 | nodeny ${HOME}/.bash_history |
10 | noblacklist ${HOME}/.jack-server | 10 | nodeny ${HOME}/.jack-server |
11 | noblacklist ${HOME}/.jack-settings | 11 | nodeny ${HOME}/.jack-settings |
12 | noblacklist ${HOME}/.repo_.gitconfig.json | 12 | nodeny ${HOME}/.repo_.gitconfig.json |
13 | noblacklist ${HOME}/.repoconfig | 13 | nodeny ${HOME}/.repoconfig |
14 | noblacklist ${HOME}/.tooling | 14 | nodeny ${HOME}/.tooling |
15 | 15 | ||
16 | # Allows files commonly used by IDEs | 16 | # Allows files commonly used by IDEs |
17 | include allow-common-devel.inc | 17 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile index 01566314f..020ae2812 100644 --- a/etc/profile-a-l/apostrophe.profile +++ b/etc/profile-a-l/apostrophe.profile | |||
@@ -6,9 +6,9 @@ include apostrophe.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.texlive20* | 9 | nodeny ${HOME}/.texlive20* |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -31,12 +31,12 @@ include disable-programs.inc | |||
31 | include disable-shell.inc | 31 | include disable-shell.inc |
32 | include disable-xdg.inc | 32 | include disable-xdg.inc |
33 | 33 | ||
34 | whitelist /usr/libexec/webkit2gtk-4.0 | 34 | allow /usr/libexec/webkit2gtk-4.0 |
35 | whitelist /usr/share/apostrophe | 35 | allow /usr/share/apostrophe |
36 | whitelist /usr/share/texlive | 36 | allow /usr/share/texlive |
37 | whitelist /usr/share/texmf | 37 | allow /usr/share/texmf |
38 | whitelist /usr/share/pandoc-* | 38 | allow /usr/share/pandoc-* |
39 | whitelist /usr/share/perl5 | 39 | allow /usr/share/perl5 |
40 | include whitelist-runuser-common.inc | 40 | include whitelist-runuser-common.inc |
41 | include whitelist-usr-share-common.inc | 41 | include whitelist-usr-share-common.inc |
42 | include whitelist-var-common.inc | 42 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile index accabb6f5..8c71dd574 100644 --- a/etc/profile-a-l/arch-audit.profile +++ b/etc/profile-a-l/arch-audit.profile | |||
@@ -7,7 +7,7 @@ include arch-audit.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist /var/lib/pacman | 10 | nodeny /var/lib/pacman |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist /usr/share/arch-audit | 21 | allow /usr/share/arch-audit |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | 23 | ||
24 | apparmor | 24 | apparmor |
diff --git a/etc/profile-a-l/archaudit-report.profile b/etc/profile-a-l/archaudit-report.profile index 19c37f90e..0915ede33 100644 --- a/etc/profile-a-l/archaudit-report.profile +++ b/etc/profile-a-l/archaudit-report.profile | |||
@@ -6,7 +6,7 @@ include archaudit-report.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /var/lib/pacman | 9 | nodeny /var/lib/pacman |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile index 1fab4606b..5b859ceb1 100644 --- a/etc/profile-a-l/archiver-common.profile +++ b/etc/profile-a-l/archiver-common.profile | |||
@@ -4,7 +4,7 @@ include archiver-common.local | |||
4 | 4 | ||
5 | # common profile for archiver/compression tools | 5 | # common profile for archiver/compression tools |
6 | 6 | ||
7 | blacklist ${RUNUSER} | 7 | deny ${RUNUSER} |
8 | 8 | ||
9 | # Comment/uncomment the relevant include file(s) in your archiver-common.local | 9 | # Comment/uncomment the relevant include file(s) in your archiver-common.local |
10 | # to (un)restrict file access for **all** archivers. Another option is to do this **per archiver** | 10 | # to (un)restrict file access for **all** archivers. Another option is to do this **per archiver** |
diff --git a/etc/profile-a-l/ardour5.profile b/etc/profile-a-l/ardour5.profile index 84b1d6c18..960948afc 100644 --- a/etc/profile-a-l/ardour5.profile +++ b/etc/profile-a-l/ardour5.profile | |||
@@ -5,12 +5,12 @@ include ardour5.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/ardour4 | 8 | nodeny ${HOME}/.config/ardour4 |
9 | noblacklist ${HOME}/.config/ardour5 | 9 | nodeny ${HOME}/.config/ardour5 |
10 | noblacklist ${HOME}/.lv2 | 10 | nodeny ${HOME}/.lv2 |
11 | noblacklist ${HOME}/.vst | 11 | nodeny ${HOME}/.vst |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | noblacklist ${MUSIC} | 13 | nodeny ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/arduino.profile b/etc/profile-a-l/arduino.profile index fd1ca9a09..88f14fbfe 100644 --- a/etc/profile-a-l/arduino.profile +++ b/etc/profile-a-l/arduino.profile | |||
@@ -6,9 +6,9 @@ include arduino.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.arduino15 | 9 | nodeny ${HOME}/.arduino15 |
10 | noblacklist ${HOME}/Arduino | 10 | nodeny ${HOME}/Arduino |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | # Allow java (blacklisted by disable-devel.inc) | 13 | # Allow java (blacklisted by disable-devel.inc) |
14 | include allow-java.inc | 14 | include allow-java.inc |
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile index 22b8ecd65..be56011f0 100644 --- a/etc/profile-a-l/aria2c.profile +++ b/etc/profile-a-l/aria2c.profile | |||
@@ -6,12 +6,12 @@ include aria2c.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.aria2 | 9 | nodeny ${HOME}/.aria2 |
10 | noblacklist ${HOME}/.config/aria2 | 10 | nodeny ${HOME}/.config/aria2 |
11 | noblacklist ${HOME}/.netrc | 11 | nodeny ${HOME}/.netrc |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | deny /tmp/.X11-unix |
14 | blacklist ${RUNUSER}/wayland-* | 14 | deny ${RUNUSER}/wayland-* |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile index a63dd8f5f..031c57080 100644 --- a/etc/profile-a-l/ark.profile +++ b/etc/profile-a-l/ark.profile | |||
@@ -6,8 +6,8 @@ include ark.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/arkrc | 9 | nodeny ${HOME}/.config/arkrc |
10 | noblacklist ${HOME}/.local/share/kxmlgui5/ark | 10 | nodeny ${HOME}/.local/share/kxmlgui5/ark |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-interpreters.inc | |||
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | whitelist /usr/share/ark | 19 | allow /usr/share/ark |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile index 2c8b630ce..9ed8076be 100644 --- a/etc/profile-a-l/arm.profile +++ b/etc/profile-a-l/arm.profile | |||
@@ -6,7 +6,7 @@ include arm.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.arm | 9 | nodeny ${HOME}/.arm |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.arm | 22 | mkdir ${HOME}/.arm |
23 | whitelist ${HOME}/.arm | 23 | allow ${HOME}/.arm |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile index fab72b7d3..7cfac4915 100644 --- a/etc/profile-a-l/artha.profile +++ b/etc/profile-a-l/artha.profile | |||
@@ -6,12 +6,12 @@ include artha.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/artha.conf | 9 | nodeny ${HOME}/.config/artha.conf |
10 | noblacklist ${HOME}/.config/artha.log | 10 | nodeny ${HOME}/.config/artha.log |
11 | noblacklist ${HOME}/.config/enchant | 11 | nodeny ${HOME}/.config/enchant |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | deny /tmp/.X11-unix |
14 | blacklist ${RUNUSER}/wayland-* | 14 | deny ${RUNUSER}/wayland-* |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -28,8 +28,8 @@ include disable-xdg.inc | |||
28 | #whitelist ${HOME}/.config/artha.conf | 28 | #whitelist ${HOME}/.config/artha.conf |
29 | #whitelist ${HOME}/.config/artha.log | 29 | #whitelist ${HOME}/.config/artha.log |
30 | #whitelist ${HOME}/.config/enchant | 30 | #whitelist ${HOME}/.config/enchant |
31 | whitelist /usr/share/artha | 31 | allow /usr/share/artha |
32 | whitelist /usr/share/wordnet | 32 | allow /usr/share/wordnet |
33 | #include whitelist-common.inc | 33 | #include whitelist-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile index 977fe30a4..f2251c210 100644 --- a/etc/profile-a-l/assogiate.profile +++ b/etc/profile-a-l/assogiate.profile | |||
@@ -6,7 +6,7 @@ include assogiate.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist ${PICTURES} | 20 | allow ${PICTURES} |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/asunder.profile b/etc/profile-a-l/asunder.profile index c97fd691a..e65072266 100644 --- a/etc/profile-a-l/asunder.profile +++ b/etc/profile-a-l/asunder.profile | |||
@@ -6,11 +6,11 @@ include asunder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/asunder | 9 | nodeny ${HOME}/.config/asunder |
10 | noblacklist ${HOME}/.asunder_album_genre | 10 | nodeny ${HOME}/.asunder_album_genre |
11 | noblacklist ${HOME}/.asunder_album_title | 11 | nodeny ${HOME}/.asunder_album_title |
12 | noblacklist ${HOME}/.asunder_album_artist | 12 | nodeny ${HOME}/.asunder_album_artist |
13 | noblacklist ${MUSIC} | 13 | nodeny ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/atom.profile b/etc/profile-a-l/atom.profile index 5f237ac59..ea3038537 100644 --- a/etc/profile-a-l/atom.profile +++ b/etc/profile-a-l/atom.profile | |||
@@ -18,8 +18,8 @@ ignore include whitelist-var-common.inc | |||
18 | ignore apparmor | 18 | ignore apparmor |
19 | ignore disable-mnt | 19 | ignore disable-mnt |
20 | 20 | ||
21 | noblacklist ${HOME}/.atom | 21 | nodeny ${HOME}/.atom |
22 | noblacklist ${HOME}/.config/Atom | 22 | nodeny ${HOME}/.config/Atom |
23 | 23 | ||
24 | # Allows files commonly used by IDEs | 24 | # Allows files commonly used by IDEs |
25 | include allow-common-devel.inc | 25 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile index 1c3ed66ff..8ae8617cf 100644 --- a/etc/profile-a-l/atril.profile +++ b/etc/profile-a-l/atril.profile | |||
@@ -6,9 +6,9 @@ include atril.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/atril | 9 | nodeny ${HOME}/.cache/atril |
10 | noblacklist ${HOME}/.config/atril | 10 | nodeny ${HOME}/.config/atril |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | #noblacklist ${HOME}/.local/share | 13 | #noblacklist ${HOME}/.local/share |
14 | # it seems to use only ${HOME}/.local/share/webkitgtk | 14 | # it seems to use only ${HOME}/.local/share/webkitgtk |
diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile index f9f209786..53baf0a2a 100644 --- a/etc/profile-a-l/audacious.profile +++ b/etc/profile-a-l/audacious.profile | |||
@@ -6,9 +6,9 @@ include audacious.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Audaciousrc | 9 | nodeny ${HOME}/.config/Audaciousrc |
10 | noblacklist ${HOME}/.config/audacious | 10 | nodeny ${HOME}/.config/audacious |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile index a2de8436a..c244846e1 100644 --- a/etc/profile-a-l/audacity.profile +++ b/etc/profile-a-l/audacity.profile | |||
@@ -6,9 +6,9 @@ include audacity.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.audacity-data | 9 | nodeny ${HOME}/.audacity-data |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile index 2c7fdc812..534792cc6 100644 --- a/etc/profile-a-l/audio-recorder.profile +++ b/etc/profile-a-l/audio-recorder.profile | |||
@@ -7,7 +7,7 @@ include audio-recorder.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,10 +17,10 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist ${MUSIC} | 20 | allow ${MUSIC} |
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | whitelist /usr/share/audio-recorder | 22 | allow /usr/share/audio-recorder |
23 | whitelist /usr/share/gstreamer-1.0 | 23 | allow /usr/share/gstreamer-1.0 |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile index 2ebe35dd5..0d6eb6a21 100644 --- a/etc/profile-a-l/authenticator-rs.profile +++ b/etc/profile-a-l/authenticator-rs.profile | |||
@@ -6,7 +6,7 @@ include authenticator-rs.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/authenticator-rs | 9 | nodeny ${HOME}/.local/share/authenticator-rs |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/authenticator-rs | 20 | mkdir ${HOME}/.local/share/authenticator-rs |
21 | whitelist ${HOME}/.local/share/authenticator-rs | 21 | allow ${HOME}/.local/share/authenticator-rs |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist /usr/share/uk.co.grumlimited.authenticator-rs | 23 | allow /usr/share/uk.co.grumlimited.authenticator-rs |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile index 42d9cd56a..55d967e3e 100644 --- a/etc/profile-a-l/authenticator.profile +++ b/etc/profile-a-l/authenticator.profile | |||
@@ -6,8 +6,8 @@ include authenticator.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Authenticator | 9 | nodeny ${HOME}/.cache/Authenticator |
10 | noblacklist ${HOME}/.config/Authenticator | 10 | nodeny ${HOME}/.config/Authenticator |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | #include allow-python2.inc | 13 | #include allow-python2.inc |
diff --git a/etc/profile-a-l/autokey-common.profile b/etc/profile-a-l/autokey-common.profile index 891928e5a..a5b3b22f6 100644 --- a/etc/profile-a-l/autokey-common.profile +++ b/etc/profile-a-l/autokey-common.profile | |||
@@ -7,8 +7,8 @@ include autokey-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/autokey | 10 | nodeny ${HOME}/.config/autokey |
11 | noblacklist ${HOME}/.local/share/autokey | 11 | nodeny ${HOME}/.local/share/autokey |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-a-l/avidemux.profile b/etc/profile-a-l/avidemux.profile index 1ecc03da1..023ed1ce2 100644 --- a/etc/profile-a-l/avidemux.profile +++ b/etc/profile-a-l/avidemux.profile | |||
@@ -5,9 +5,9 @@ include avidemux.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.avidemux6 | 8 | nodeny ${HOME}/.avidemux6 |
9 | noblacklist ${HOME}/.config/avidemux3_qt5rc | 9 | nodeny ${HOME}/.config/avidemux3_qt5rc |
10 | noblacklist ${VIDEOS} | 10 | nodeny ${VIDEOS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,10 +19,10 @@ include disable-shell.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.avidemux6 | 21 | mkdir ${HOME}/.avidemux6 |
22 | mkdir ${HOME}/.config/avidemux3_qt5rc | 22 | mkfile ${HOME}/.config/avidemux3_qt5rc |
23 | whitelist ${HOME}/.avidemux6 | 23 | allow ${HOME}/.avidemux6 |
24 | whitelist ${HOME}/.config/avidemux3_qt5rc | 24 | allow ${HOME}/.config/avidemux3_qt5rc |
25 | whitelist ${VIDEOS} | 25 | allow ${VIDEOS} |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile index a57ad4014..abe9fdb24 100644 --- a/etc/profile-a-l/aweather.profile +++ b/etc/profile-a-l/aweather.profile | |||
@@ -6,7 +6,7 @@ include aweather.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/aweather | 9 | nodeny ${HOME}/.config/aweather |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/aweather | 18 | mkdir ${HOME}/.config/aweather |
19 | whitelist ${HOME}/.config/aweather | 19 | allow ${HOME}/.config/aweather |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile index 5d1bf5071..58f4f5e96 100644 --- a/etc/profile-a-l/awesome.profile +++ b/etc/profile-a-l/awesome.profile | |||
@@ -7,7 +7,7 @@ include awesome.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in awesome will run in this profile | 9 | # all applications started in awesome will run in this profile |
10 | noblacklist ${HOME}/.config/awesome | 10 | nodeny ${HOME}/.config/awesome |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile index 3952921a3..46bb0b44e 100644 --- a/etc/profile-a-l/ballbuster.profile +++ b/etc/profile-a-l/ballbuster.profile | |||
@@ -6,7 +6,7 @@ include ballbuster.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.ballbuster.hs | 9 | nodeny ${HOME}/.ballbuster.hs |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/.ballbuster.hs | 20 | mkfile ${HOME}/.ballbuster.hs |
21 | whitelist ${HOME}/.ballbuster.hs | 21 | allow ${HOME}/.ballbuster.hs |
22 | whitelist /usr/share/ballbuster | 22 | allow /usr/share/ballbuster |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile index fe86d9b80..2b10883f7 100644 --- a/etc/profile-a-l/baloo_file.profile +++ b/etc/profile-a-l/baloo_file.profile | |||
@@ -12,12 +12,12 @@ include globals.local | |||
12 | # read-write ${HOME}/.local/share/baloo | 12 | # read-write ${HOME}/.local/share/baloo |
13 | # ignore read-write | 13 | # ignore read-write |
14 | 14 | ||
15 | noblacklist ${HOME}/.config/baloofilerc | 15 | nodeny ${HOME}/.config/baloofilerc |
16 | noblacklist ${HOME}/.kde/share/config/baloofilerc | 16 | nodeny ${HOME}/.kde/share/config/baloofilerc |
17 | noblacklist ${HOME}/.kde/share/config/baloorc | 17 | nodeny ${HOME}/.kde/share/config/baloorc |
18 | noblacklist ${HOME}/.kde4/share/config/baloofilerc | 18 | nodeny ${HOME}/.kde4/share/config/baloofilerc |
19 | noblacklist ${HOME}/.kde4/share/config/baloorc | 19 | nodeny ${HOME}/.kde4/share/config/baloorc |
20 | noblacklist ${HOME}/.local/share/baloo | 20 | nodeny ${HOME}/.local/share/baloo |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile index 8c69652c5..1e74443aa 100644 --- a/etc/profile-a-l/balsa.profile +++ b/etc/profile-a-l/balsa.profile | |||
@@ -6,13 +6,13 @@ include balsa.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.balsa | 9 | nodeny ${HOME}/.balsa |
10 | noblacklist ${HOME}/.gnupg | 10 | nodeny ${HOME}/.gnupg |
11 | noblacklist ${HOME}/.mozilla | 11 | nodeny ${HOME}/.mozilla |
12 | noblacklist ${HOME}/.signature | 12 | nodeny ${HOME}/.signature |
13 | noblacklist ${HOME}/mail | 13 | nodeny ${HOME}/mail |
14 | noblacklist /var/mail | 14 | nodeny /var/mail |
15 | noblacklist /var/spool/mail | 15 | nodeny /var/spool/mail |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -27,17 +27,17 @@ mkdir ${HOME}/.balsa | |||
27 | mkdir ${HOME}/.gnupg | 27 | mkdir ${HOME}/.gnupg |
28 | mkfile ${HOME}/.signature | 28 | mkfile ${HOME}/.signature |
29 | mkdir ${HOME}/mail | 29 | mkdir ${HOME}/mail |
30 | whitelist ${HOME}/.balsa | 30 | allow ${HOME}/.balsa |
31 | whitelist ${HOME}/.gnupg | 31 | allow ${HOME}/.gnupg |
32 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 32 | allow ${HOME}/.mozilla/firefox/profiles.ini |
33 | whitelist ${HOME}/.signature | 33 | allow ${HOME}/.signature |
34 | whitelist ${HOME}/mail | 34 | allow ${HOME}/mail |
35 | whitelist ${RUNUSER}/gnupg | 35 | allow ${RUNUSER}/gnupg |
36 | whitelist /usr/share/balsa | 36 | allow /usr/share/balsa |
37 | whitelist /usr/share/gnupg | 37 | allow /usr/share/gnupg |
38 | whitelist /usr/share/gnupg2 | 38 | allow /usr/share/gnupg2 |
39 | whitelist /var/mail | 39 | allow /var/mail |
40 | whitelist /var/spool/mail | 40 | allow /var/spool/mail |
41 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-runuser-common.inc | 42 | include whitelist-runuser-common.inc |
43 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/barrier.profile b/etc/profile-a-l/barrier.profile index 7b50e9199..fcea9b3ba 100644 --- a/etc/profile-a-l/barrier.profile +++ b/etc/profile-a-l/barrier.profile | |||
@@ -6,9 +6,9 @@ include barrier.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Debauchee/Barrier.conf | 9 | nodeny ${HOME}/.config/Debauchee/Barrier.conf |
10 | noblacklist ${HOME}/.local/share/barrier | 10 | nodeny ${HOME}/.local/share/barrier |
11 | noblacklist ${PATH}/openssl | 11 | nodeny ${PATH}/openssl |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile index 8dc3847a0..547c67fc8 100644 --- a/etc/profile-a-l/basilisk.profile +++ b/etc/profile-a-l/basilisk.profile | |||
@@ -5,13 +5,13 @@ include basilisk.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/moonchild productions/basilisk | 8 | nodeny ${HOME}/.cache/moonchild productions/basilisk |
9 | noblacklist ${HOME}/.moonchild productions/basilisk | 9 | nodeny ${HOME}/.moonchild productions/basilisk |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/moonchild productions/basilisk | 11 | mkdir ${HOME}/.cache/moonchild productions/basilisk |
12 | mkdir ${HOME}/.moonchild productions | 12 | mkdir ${HOME}/.moonchild productions |
13 | whitelist ${HOME}/.cache/moonchild productions/basilisk | 13 | allow ${HOME}/.cache/moonchild productions/basilisk |
14 | whitelist ${HOME}/.moonchild productions | 14 | allow ${HOME}/.moonchild productions |
15 | 15 | ||
16 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) | 16 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) |
17 | seccomp | 17 | seccomp |
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile index 3ecaea7fe..a1d2b1e73 100644 --- a/etc/profile-a-l/bcompare.profile +++ b/etc/profile-a-l/bcompare.profile | |||
@@ -7,10 +7,10 @@ include bcompare.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/bcompare | 10 | nodeny ${HOME}/.config/bcompare |
11 | # In case the user decides to include disable-programs.inc, still allow | 11 | # In case the user decides to include disable-programs.inc, still allow |
12 | # KDE's Gwenview to view images via right click -> Open With -> Associated Application | 12 | # KDE's Gwenview to view images via right click -> Open With -> Associated Application |
13 | noblacklist ${HOME}/.config/gwenviewrc | 13 | nodeny ${HOME}/.config/gwenviewrc |
14 | 14 | ||
15 | # Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc. | 15 | # Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc. |
16 | #include disable-common.inc | 16 | #include disable-common.inc |
diff --git a/etc/profile-a-l/beaker.profile b/etc/profile-a-l/beaker.profile index f3a9568bd..588f460a8 100644 --- a/etc/profile-a-l/beaker.profile +++ b/etc/profile-a-l/beaker.profile | |||
@@ -19,10 +19,10 @@ ignore private-cache | |||
19 | ignore private-dev | 19 | ignore private-dev |
20 | ignore private-tmp | 20 | ignore private-tmp |
21 | 21 | ||
22 | noblacklist ${HOME}/.config/Beaker Browser | 22 | nodeny ${HOME}/.config/Beaker Browser |
23 | 23 | ||
24 | mkdir ${HOME}/.config/Beaker Browser | 24 | mkdir ${HOME}/.config/Beaker Browser |
25 | whitelist ${HOME}/.config/Beaker Browser | 25 | allow ${HOME}/.config/Beaker Browser |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include electron.profile | 28 | include electron.profile |
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile index c7a82afbd..717d7258d 100644 --- a/etc/profile-a-l/bibletime.profile +++ b/etc/profile-a-l/bibletime.profile | |||
@@ -6,11 +6,11 @@ include bibletime.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.bibletime | 9 | nodeny ${HOME}/.bibletime |
10 | noblacklist ${HOME}/.sword | 10 | nodeny ${HOME}/.sword |
11 | noblacklist ${HOME}/.local/share/bibletime | 11 | nodeny ${HOME}/.local/share/bibletime |
12 | 12 | ||
13 | blacklist ${HOME}/.bashrc | 13 | deny ${HOME}/.bashrc |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,12 +22,12 @@ include disable-programs.inc | |||
22 | mkdir ${HOME}/.bibletime | 22 | mkdir ${HOME}/.bibletime |
23 | mkdir ${HOME}/.sword | 23 | mkdir ${HOME}/.sword |
24 | mkdir ${HOME}/.local/share/bibletime | 24 | mkdir ${HOME}/.local/share/bibletime |
25 | whitelist ${HOME}/.bibletime | 25 | allow ${HOME}/.bibletime |
26 | whitelist ${HOME}/.sword | 26 | allow ${HOME}/.sword |
27 | whitelist ${HOME}/.local/share/bibletime | 27 | allow ${HOME}/.local/share/bibletime |
28 | whitelist /usr/share/bibletime | 28 | allow /usr/share/bibletime |
29 | whitelist /usr/share/doc/bibletime | 29 | allow /usr/share/doc/bibletime |
30 | whitelist /usr/share/sword | 30 | allow /usr/share/sword |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile index 854fe5cb9..b02fcc3e0 100644 --- a/etc/profile-a-l/bijiben.profile +++ b/etc/profile-a-l/bijiben.profile | |||
@@ -6,7 +6,7 @@ include bijiben.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/bijiben | 9 | nodeny ${HOME}/.local/share/bijiben |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,12 +18,12 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/bijiben | 20 | mkdir ${HOME}/.local/share/bijiben |
21 | whitelist ${HOME}/.local/share/bijiben | 21 | allow ${HOME}/.local/share/bijiben |
22 | whitelist ${HOME}/.cache/tracker | 22 | allow ${HOME}/.cache/tracker |
23 | whitelist /usr/libexec/webkit2gtk-4.0 | 23 | allow /usr/libexec/webkit2gtk-4.0 |
24 | whitelist /usr/share/bijiben | 24 | allow /usr/share/bijiben |
25 | whitelist /usr/share/tracker | 25 | allow /usr/share/tracker |
26 | whitelist /usr/share/tracker3 | 26 | allow /usr/share/tracker3 |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile index 932db9b73..c4ec0f820 100644 --- a/etc/profile-a-l/bitcoin-qt.profile +++ b/etc/profile-a-l/bitcoin-qt.profile | |||
@@ -6,8 +6,8 @@ include bitcoin-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.bitcoin | 9 | nodeny ${HOME}/.bitcoin |
10 | noblacklist ${HOME}/.config/Bitcoin | 10 | nodeny ${HOME}/.config/Bitcoin |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-shell.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.bitcoin | 20 | mkdir ${HOME}/.bitcoin |
21 | mkdir ${HOME}/.config/Bitcoin | 21 | mkdir ${HOME}/.config/Bitcoin |
22 | whitelist ${HOME}/.bitcoin | 22 | allow ${HOME}/.bitcoin |
23 | whitelist ${HOME}/.config/Bitcoin | 23 | allow ${HOME}/.config/Bitcoin |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/bitlbee.profile b/etc/profile-a-l/bitlbee.profile index dd7651979..0f000b26b 100644 --- a/etc/profile-a-l/bitlbee.profile +++ b/etc/profile-a-l/bitlbee.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist /sbin | 11 | nodeny /sbin |
12 | noblacklist /usr/sbin | 12 | nodeny /usr/sbin |
13 | # noblacklist /var/log | 13 | # noblacklist /var/log |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile index bef25276d..4b292d72a 100644 --- a/etc/profile-a-l/bitwarden.profile +++ b/etc/profile-a-l/bitwarden.profile | |||
@@ -6,54 +6,25 @@ include bitwarden.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Disabled until someone reported positive feedback | ||
10 | ignore include whitelist-usr-share-common.inc | ||
11 | |||
9 | ignore noexec /tmp | 12 | ignore noexec /tmp |
10 | 13 | ||
11 | noblacklist ${HOME}/.config/Bitwarden | 14 | nodeny ${HOME}/.config/Bitwarden |
12 | 15 | ||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | include disable-shell.inc | 16 | include disable-shell.inc |
20 | include disable-xdg.inc | ||
21 | 17 | ||
22 | mkdir ${HOME}/.config/Bitwarden | 18 | mkdir ${HOME}/.config/Bitwarden |
23 | whitelist ${HOME}/.config/Bitwarden | 19 | allow ${HOME}/.config/Bitwarden |
24 | whitelist ${DOWNLOADS} | ||
25 | include whitelist-common.inc | ||
26 | include whitelist-var-common.inc | ||
27 | 20 | ||
28 | apparmor | ||
29 | caps.drop all | ||
30 | machine-id | 21 | machine-id |
31 | netfilter | ||
32 | no3d | 22 | no3d |
33 | nodvd | ||
34 | nogroups | ||
35 | noinput | ||
36 | nonewprivs | ||
37 | noroot | ||
38 | nosound | 23 | nosound |
39 | notv | 24 | |
40 | nou2f | ||
41 | novideo | ||
42 | protocol unix,inet,inet6,netlink | ||
43 | seccomp !chroot | ||
44 | shell none | ||
45 | #tracelog - breaks on Arch | ||
46 | |||
47 | private-bin bitwarden | ||
48 | private-cache | ||
49 | ?HAS_APPIMAGE: ignore private-dev | 25 | ?HAS_APPIMAGE: ignore private-dev |
50 | private-dev | ||
51 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,nsswitch.conf,pki,resolv.conf,ssl | 26 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,nsswitch.conf,pki,resolv.conf,ssl |
52 | private-opt Bitwarden | 27 | private-opt Bitwarden |
53 | private-tmp | ||
54 | |||
55 | # breaks appindicator (tray) functionality | ||
56 | # dbus-user none | ||
57 | # dbus-system none | ||
58 | 28 | ||
59 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 29 | # Redirect |
30 | include electron.profile | ||
diff --git a/etc/profile-a-l/blackbox.profile b/etc/profile-a-l/blackbox.profile index 233f9a96f..616ad6801 100644 --- a/etc/profile-a-l/blackbox.profile +++ b/etc/profile-a-l/blackbox.profile | |||
@@ -7,7 +7,7 @@ include blackbox.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in blackbox will run in this profile | 9 | # all applications started in blackbox will run in this profile |
10 | noblacklist ${HOME}/.blackbox | 10 | nodeny ${HOME}/.blackbox |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/blender.profile b/etc/profile-a-l/blender.profile index 701ae431e..8d0b5616f 100644 --- a/etc/profile-a-l/blender.profile +++ b/etc/profile-a-l/blender.profile | |||
@@ -6,7 +6,7 @@ include blender.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/blender | 9 | nodeny ${HOME}/.config/blender |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | # Allow usage of AMD GPU by OpenCL | 22 | # Allow usage of AMD GPU by OpenCL |
23 | noblacklist /sys/module | 23 | nodeny /sys/module |
24 | whitelist /sys/module/amdgpu | 24 | allow /sys/module/amdgpu |
25 | read-only /sys/module/amdgpu | 25 | read-only /sys/module/amdgpu |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile index 80dc750f7..ca5f96eee 100644 --- a/etc/profile-a-l/bless.profile +++ b/etc/profile-a-l/bless.profile | |||
@@ -6,7 +6,7 @@ include bless.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/bless | 9 | nodeny ${HOME}/.config/bless |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile index 229c20293..ee2a73b54 100644 --- a/etc/profile-a-l/blobby.profile +++ b/etc/profile-a-l/blobby.profile | |||
@@ -4,7 +4,7 @@ include blobby.local | |||
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include globals.local | 5 | include globals.local |
6 | 6 | ||
7 | noblacklist ${HOME}/.blobby | 7 | nodeny ${HOME}/.blobby |
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
10 | include disable-devel.inc | 10 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-shell.inc | |||
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.blobby | 18 | mkdir ${HOME}/.blobby |
19 | whitelist ${HOME}/.blobby | 19 | allow ${HOME}/.blobby |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | whitelist /usr/share/blobby | 21 | allow /usr/share/blobby |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile index 904710cb5..e0be5261e 100644 --- a/etc/profile-a-l/blobwars.profile +++ b/etc/profile-a-l/blobwars.profile | |||
@@ -6,7 +6,7 @@ include blobwars.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.parallelrealities/blobwars | 9 | nodeny ${HOME}/.parallelrealities/blobwars |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.parallelrealities/blobwars | 20 | mkdir ${HOME}/.parallelrealities/blobwars |
21 | whitelist ${HOME}/.parallelrealities/blobwars | 21 | allow ${HOME}/.parallelrealities/blobwars |
22 | whitelist /usr/share/blobwars | 22 | allow /usr/share/blobwars |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/bnox.profile b/etc/profile-a-l/bnox.profile index 6e8f0d7d1..dcfd5d8d2 100644 --- a/etc/profile-a-l/bnox.profile +++ b/etc/profile-a-l/bnox.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/bnox | 13 | nodeny ${HOME}/.cache/bnox |
14 | noblacklist ${HOME}/.config/bnox | 14 | nodeny ${HOME}/.config/bnox |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/bnox | 16 | mkdir ${HOME}/.cache/bnox |
17 | mkdir ${HOME}/.config/bnox | 17 | mkdir ${HOME}/.config/bnox |
18 | whitelist ${HOME}/.cache/bnox | 18 | allow ${HOME}/.cache/bnox |
19 | whitelist ${HOME}/.config/bnox | 19 | allow ${HOME}/.config/bnox |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/brackets.profile b/etc/profile-a-l/brackets.profile index 0cbac049a..a14bb8fef 100644 --- a/etc/profile-a-l/brackets.profile +++ b/etc/profile-a-l/brackets.profile | |||
@@ -5,7 +5,7 @@ include brackets.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Brackets | 8 | nodeny ${HOME}/.config/Brackets |
9 | #noblacklist /opt/brackets | 9 | #noblacklist /opt/brackets |
10 | #noblacklist /opt/google | 10 | #noblacklist /opt/google |
11 | 11 | ||
diff --git a/etc/profile-a-l/brasero.profile b/etc/profile-a-l/brasero.profile index 417a6b3e0..a78882409 100644 --- a/etc/profile-a-l/brasero.profile +++ b/etc/profile-a-l/brasero.profile | |||
@@ -6,7 +6,7 @@ include brasero.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/brasero | 9 | nodeny ${HOME}/.config/brasero |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile index 09548c761..bc2d7a6a1 100644 --- a/etc/profile-a-l/brave.profile +++ b/etc/profile-a-l/brave.profile | |||
@@ -14,24 +14,24 @@ ignore noexec /tmp | |||
14 | # Alternatively you can add 'ignore apparmor' to your brave.local. | 14 | # Alternatively you can add 'ignore apparmor' to your brave.local. |
15 | ignore noexec ${HOME} | 15 | ignore noexec ${HOME} |
16 | 16 | ||
17 | noblacklist ${HOME}/.cache/BraveSoftware | 17 | nodeny ${HOME}/.cache/BraveSoftware |
18 | noblacklist ${HOME}/.config/BraveSoftware | 18 | nodeny ${HOME}/.config/BraveSoftware |
19 | noblacklist ${HOME}/.config/brave | 19 | nodeny ${HOME}/.config/brave |
20 | noblacklist ${HOME}/.config/brave-flags.conf | 20 | nodeny ${HOME}/.config/brave-flags.conf |
21 | # brave uses gpg for built-in password manager | 21 | # brave uses gpg for built-in password manager |
22 | noblacklist ${HOME}/.gnupg | 22 | nodeny ${HOME}/.gnupg |
23 | 23 | ||
24 | mkdir ${HOME}/.cache/BraveSoftware | 24 | mkdir ${HOME}/.cache/BraveSoftware |
25 | mkdir ${HOME}/.config/BraveSoftware | 25 | mkdir ${HOME}/.config/BraveSoftware |
26 | mkdir ${HOME}/.config/brave | 26 | mkdir ${HOME}/.config/brave |
27 | whitelist ${HOME}/.cache/BraveSoftware | 27 | allow ${HOME}/.cache/BraveSoftware |
28 | whitelist ${HOME}/.config/BraveSoftware | 28 | allow ${HOME}/.config/BraveSoftware |
29 | whitelist ${HOME}/.config/brave | 29 | allow ${HOME}/.config/brave |
30 | whitelist ${HOME}/.config/brave-flags.conf | 30 | allow ${HOME}/.config/brave-flags.conf |
31 | whitelist ${HOME}/.gnupg | 31 | allow ${HOME}/.gnupg |
32 | 32 | ||
33 | # Brave sandbox needs read access to /proc/config.gz | 33 | # Brave sandbox needs read access to /proc/config.gz |
34 | noblacklist /proc/config.gz | 34 | nodeny /proc/config.gz |
35 | 35 | ||
36 | # Redirect | 36 | # Redirect |
37 | include chromium-common.profile | 37 | include chromium-common.profile |
diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile index bda96bbb3..62ca041c2 100644 --- a/etc/profile-a-l/bzflag.profile +++ b/etc/profile-a-l/bzflag.profile | |||
@@ -6,7 +6,7 @@ include bzflag.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.bzf | 9 | nodeny ${HOME}/.bzf |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.bzf | 20 | mkdir ${HOME}/.bzf |
21 | whitelist ${HOME}/.bzf | 21 | allow ${HOME}/.bzf |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/calibre.profile b/etc/profile-a-l/calibre.profile index 83571397b..99706620c 100644 --- a/etc/profile-a-l/calibre.profile +++ b/etc/profile-a-l/calibre.profile | |||
@@ -6,9 +6,9 @@ include calibre.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/calibre | 9 | nodeny ${HOME}/.cache/calibre |
10 | noblacklist ${HOME}/.config/calibre | 10 | nodeny ${HOME}/.config/calibre |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile index fcff47662..36ecc06a0 100644 --- a/etc/profile-a-l/calligra.profile +++ b/etc/profile-a-l/calligra.profile | |||
@@ -6,7 +6,7 @@ include calligra.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligra | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligra |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/calligragemini.profile b/etc/profile-a-l/calligragemini.profile index 006c307ab..76123c96a 100644 --- a/etc/profile-a-l/calligragemini.profile +++ b/etc/profile-a-l/calligragemini.profile | |||
@@ -6,7 +6,7 @@ include calligragemini.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/calligragemini | 9 | nodeny ${HOME}/.local/share/calligragemini |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligraplan.profile b/etc/profile-a-l/calligraplan.profile index 81dbd4dcd..5fb1e16da 100644 --- a/etc/profile-a-l/calligraplan.profile +++ b/etc/profile-a-l/calligraplan.profile | |||
@@ -6,7 +6,7 @@ include calligraplan.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligraplan | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligraplan |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligraplanwork.profile b/etc/profile-a-l/calligraplanwork.profile index bba91b66b..c176bfea1 100644 --- a/etc/profile-a-l/calligraplanwork.profile +++ b/etc/profile-a-l/calligraplanwork.profile | |||
@@ -6,7 +6,7 @@ include calligraplanwork.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligraplanwork | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligraplanwork |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligrasheets.profile b/etc/profile-a-l/calligrasheets.profile index 7bc296047..b7ac68945 100644 --- a/etc/profile-a-l/calligrasheets.profile +++ b/etc/profile-a-l/calligrasheets.profile | |||
@@ -6,7 +6,7 @@ include calligrasheets.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligrasheets | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligrasheets |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligrastage.profile b/etc/profile-a-l/calligrastage.profile index 7694abbe4..1258fec56 100644 --- a/etc/profile-a-l/calligrastage.profile +++ b/etc/profile-a-l/calligrastage.profile | |||
@@ -6,7 +6,7 @@ include calligrastage.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligrastage | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligrastage |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligrawords.profile b/etc/profile-a-l/calligrawords.profile index d69d56a95..c2b6c8041 100644 --- a/etc/profile-a-l/calligrawords.profile +++ b/etc/profile-a-l/calligrawords.profile | |||
@@ -6,7 +6,7 @@ include calligrawords.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligrawords | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligrawords |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile index 74c7cc34b..390ae383c 100644 --- a/etc/profile-a-l/cameramonitor.profile +++ b/etc/profile-a-l/cameramonitor.profile | |||
@@ -20,7 +20,7 @@ include disable-programs.inc | |||
20 | include disable-shell.inc | 20 | include disable-shell.inc |
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | whitelist /usr/share/cameramonitor | 23 | allow /usr/share/cameramonitor |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile index 96f88a7c4..77bdc09e0 100644 --- a/etc/profile-a-l/cantata.profile +++ b/etc/profile-a-l/cantata.profile | |||
@@ -6,10 +6,10 @@ include cantata.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/cantata | 9 | nodeny ${HOME}/.cache/cantata |
10 | noblacklist ${HOME}/.config/cantata | 10 | nodeny ${HOME}/.config/cantata |
11 | noblacklist ${HOME}/.local/share/cantata | 11 | nodeny ${HOME}/.local/share/cantata |
12 | noblacklist ${MUSIC} | 12 | nodeny ${MUSIC} |
13 | 13 | ||
14 | # Allow perl (blacklisted by disable-interpreters.inc) | 14 | # Allow perl (blacklisted by disable-interpreters.inc) |
15 | include allow-perl.inc | 15 | include allow-perl.inc |
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile index 7cf04c550..9c53af84f 100644 --- a/etc/profile-a-l/cargo.profile +++ b/etc/profile-a-l/cargo.profile | |||
@@ -10,11 +10,11 @@ include globals.local | |||
10 | ignore noexec ${HOME} | 10 | ignore noexec ${HOME} |
11 | ignore noexec /tmp | 11 | ignore noexec /tmp |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | deny /tmp/.X11-unix |
14 | blacklist ${RUNUSER} | 14 | deny ${RUNUSER} |
15 | 15 | ||
16 | noblacklist ${HOME}/.cargo/credentials | 16 | nodeny ${HOME}/.cargo/credentials |
17 | noblacklist ${HOME}/.cargo/credentials.toml | 17 | nodeny ${HOME}/.cargo/credentials.toml |
18 | 18 | ||
19 | # Allows files commonly used by IDEs | 19 | # Allows files commonly used by IDEs |
20 | include allow-common-devel.inc | 20 | include allow-common-devel.inc |
@@ -34,7 +34,7 @@ include disable-xdg.inc | |||
34 | #whitelist ${HOME}/.cargo | 34 | #whitelist ${HOME}/.cargo |
35 | #whitelist ${HOME}/.rustup | 35 | #whitelist ${HOME}/.rustup |
36 | #include whitelist-common.inc | 36 | #include whitelist-common.inc |
37 | whitelist /usr/share/pkgconfig | 37 | allow /usr/share/pkgconfig |
38 | include whitelist-runuser-common.inc | 38 | include whitelist-runuser-common.inc |
39 | include whitelist-usr-share-common.inc | 39 | include whitelist-usr-share-common.inc |
40 | include whitelist-var-common.inc | 40 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/catfish.profile b/etc/profile-a-l/catfish.profile index 009d3a049..4ea53ea6b 100644 --- a/etc/profile-a-l/catfish.profile +++ b/etc/profile-a-l/catfish.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | # We can't blacklist much since catfish | 9 | # We can't blacklist much since catfish |
10 | # is for finding files/content | 10 | # is for finding files/content |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/catfish | 12 | nodeny ${HOME}/.config/catfish |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
@@ -21,7 +21,7 @@ include disable-interpreters.inc | |||
21 | include disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | # include disable-programs.inc | 22 | # include disable-programs.inc |
23 | 23 | ||
24 | whitelist /var/lib/mlocate | 24 | allow /var/lib/mlocate |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
27 | apparmor | 27 | apparmor |
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile index 6e137010c..d7aee1902 100644 --- a/etc/profile-a-l/cawbird.profile +++ b/etc/profile-a-l/cawbird.profile | |||
@@ -6,7 +6,7 @@ include cawbird.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/cawbird | 9 | nodeny ${HOME}/.config/cawbird |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile index 1c539cc93..d6f4306ba 100644 --- a/etc/profile-a-l/celluloid.profile +++ b/etc/profile-a-l/celluloid.profile | |||
@@ -6,9 +6,9 @@ include celluloid.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/celluloid | 9 | nodeny ${HOME}/.config/celluloid |
10 | noblacklist ${HOME}/.config/gnome-mpv | 10 | nodeny ${HOME}/.config/gnome-mpv |
11 | noblacklist ${HOME}/.config/youtube-dl | 11 | nodeny ${HOME}/.config/youtube-dl |
12 | 12 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -17,7 +17,7 @@ include allow-lua.inc | |||
17 | include allow-python2.inc | 17 | include allow-python2.inc |
18 | include allow-python3.inc | 18 | include allow-python3.inc |
19 | 19 | ||
20 | blacklist /usr/libexec | 20 | deny /usr/libexec |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
@@ -30,9 +30,9 @@ read-only ${DESKTOP} | |||
30 | mkdir ${HOME}/.config/celluloid | 30 | mkdir ${HOME}/.config/celluloid |
31 | mkdir ${HOME}/.config/gnome-mpv | 31 | mkdir ${HOME}/.config/gnome-mpv |
32 | mkdir ${HOME}/.config/youtube-dl | 32 | mkdir ${HOME}/.config/youtube-dl |
33 | whitelist ${HOME}/.config/celluloid | 33 | allow ${HOME}/.config/celluloid |
34 | whitelist ${HOME}/.config/gnome-mpv | 34 | allow ${HOME}/.config/gnome-mpv |
35 | whitelist ${HOME}/.config/youtube-dl | 35 | allow ${HOME}/.config/youtube-dl |
36 | include whitelist-common.inc | 36 | include whitelist-common.inc |
37 | include whitelist-player-common.inc | 37 | include whitelist-player-common.inc |
38 | include whitelist-runuser-common.inc | 38 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile index 24939fc70..0f61084e0 100644 --- a/etc/profile-a-l/checkbashisms.profile +++ b/etc/profile-a-l/checkbashisms.profile | |||
@@ -7,9 +7,9 @@ include checkbashisms.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | # Allow perl (blacklisted by disable-interpreters.inc) | 14 | # Allow perl (blacklisted by disable-interpreters.inc) |
15 | include allow-perl.inc | 15 | include allow-perl.inc |
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile index aca1f5876..bde3e1311 100644 --- a/etc/profile-a-l/cheese.profile +++ b/etc/profile-a-l/cheese.profile | |||
@@ -6,8 +6,8 @@ include cheese.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${VIDEOS} | 9 | nodeny ${VIDEOS} |
10 | noblacklist ${PICTURES} | 10 | nodeny ${PICTURES} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist ${VIDEOS} | 20 | allow ${VIDEOS} |
21 | whitelist ${PICTURES} | 21 | allow ${PICTURES} |
22 | whitelist /usr/share/gnome-video-effects | 22 | allow /usr/share/gnome-video-effects |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/cherrytree.profile b/etc/profile-a-l/cherrytree.profile index 7621b3c8c..d5dedd81d 100644 --- a/etc/profile-a-l/cherrytree.profile +++ b/etc/profile-a-l/cherrytree.profile | |||
@@ -6,8 +6,8 @@ include cherrytree.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/cherrytree | 9 | nodeny ${HOME}/.config/cherrytree |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/chromium-browser-privacy.profile b/etc/profile-a-l/chromium-browser-privacy.profile index 8803a4d9d..64c45772a 100644 --- a/etc/profile-a-l/chromium-browser-privacy.profile +++ b/etc/profile-a-l/chromium-browser-privacy.profile | |||
@@ -3,15 +3,15 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include chromium-browser-privacy.local | 4 | include chromium-browser-privacy.local |
5 | 5 | ||
6 | noblacklist ${HOME}/.cache/ungoogled-chromium | 6 | nodeny ${HOME}/.cache/ungoogled-chromium |
7 | noblacklist ${HOME}/.config/ungoogled-chromium | 7 | nodeny ${HOME}/.config/ungoogled-chromium |
8 | 8 | ||
9 | blacklist /usr/libexec | 9 | deny /usr/libexec |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/ungoogled-chromium | 11 | mkdir ${HOME}/.cache/ungoogled-chromium |
12 | mkdir ${HOME}/.config/ungoogled-chromium | 12 | mkdir ${HOME}/.config/ungoogled-chromium |
13 | whitelist ${HOME}/.cache/ungoogled-chromium | 13 | allow ${HOME}/.cache/ungoogled-chromium |
14 | whitelist ${HOME}/.config/ungoogled-chromium | 14 | allow ${HOME}/.config/ungoogled-chromium |
15 | 15 | ||
16 | # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings | 16 | # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings |
17 | 17 | ||
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile index b0e0254d4..dbeb715d4 100644 --- a/etc/profile-a-l/chromium-common.profile +++ b/etc/profile-a-l/chromium-common.profile | |||
@@ -9,8 +9,8 @@ include chromium-common.local | |||
9 | # noexec ${HOME} breaks DRM binaries. | 9 | # noexec ${HOME} breaks DRM binaries. |
10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
11 | 11 | ||
12 | noblacklist ${HOME}/.pki | 12 | nodeny ${HOME}/.pki |
13 | noblacklist ${HOME}/.local/share/pki | 13 | nodeny ${HOME}/.local/share/pki |
14 | 14 | ||
15 | # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser | 15 | # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser |
16 | # to have access to Gnome extensions (extensions.gnome.org) via browser connector | 16 | # to have access to Gnome extensions (extensions.gnome.org) via browser connector |
@@ -26,9 +26,9 @@ include disable-xdg.inc | |||
26 | 26 | ||
27 | mkdir ${HOME}/.pki | 27 | mkdir ${HOME}/.pki |
28 | mkdir ${HOME}/.local/share/pki | 28 | mkdir ${HOME}/.local/share/pki |
29 | whitelist ${DOWNLOADS} | 29 | allow ${DOWNLOADS} |
30 | whitelist ${HOME}/.pki | 30 | allow ${HOME}/.pki |
31 | whitelist ${HOME}/.local/share/pki | 31 | allow ${HOME}/.local/share/pki |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/chromium.profile b/etc/profile-a-l/chromium.profile index 9ac33aa1c..ea92e90a8 100644 --- a/etc/profile-a-l/chromium.profile +++ b/etc/profile-a-l/chromium.profile | |||
@@ -6,17 +6,17 @@ include chromium.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/chromium | 9 | nodeny ${HOME}/.cache/chromium |
10 | noblacklist ${HOME}/.config/chromium | 10 | nodeny ${HOME}/.config/chromium |
11 | noblacklist ${HOME}/.config/chromium-flags.conf | 11 | nodeny ${HOME}/.config/chromium-flags.conf |
12 | 12 | ||
13 | mkdir ${HOME}/.cache/chromium | 13 | mkdir ${HOME}/.cache/chromium |
14 | mkdir ${HOME}/.config/chromium | 14 | mkdir ${HOME}/.config/chromium |
15 | whitelist ${HOME}/.cache/chromium | 15 | allow ${HOME}/.cache/chromium |
16 | whitelist ${HOME}/.config/chromium | 16 | allow ${HOME}/.config/chromium |
17 | whitelist ${HOME}/.config/chromium-flags.conf | 17 | allow ${HOME}/.config/chromium-flags.conf |
18 | whitelist /usr/share/chromium | 18 | allow /usr/share/chromium |
19 | whitelist /usr/share/mozilla/extensions | 19 | allow /usr/share/mozilla/extensions |
20 | 20 | ||
21 | # private-bin chromium,chromium-browser,chromedriver | 21 | # private-bin chromium,chromium-browser,chromedriver |
22 | 22 | ||
diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile index e1f9523c4..c967e1c96 100644 --- a/etc/profile-a-l/cin.profile +++ b/etc/profile-a-l/cin.profile | |||
@@ -5,7 +5,7 @@ include cin.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.bcast5 | 8 | nodeny ${HOME}/.bcast5 |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/clamav.profile b/etc/profile-a-l/clamav.profile index e403c2c41..0efbcd4f2 100644 --- a/etc/profile-a-l/clamav.profile +++ b/etc/profile-a-l/clamav.profile | |||
@@ -7,7 +7,7 @@ include clamav.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-exec.inc | 12 | include disable-exec.inc |
13 | 13 | ||
diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile index 691657fa0..3e4e1f2a1 100644 --- a/etc/profile-a-l/claws-mail.profile +++ b/etc/profile-a-l/claws-mail.profile | |||
@@ -6,17 +6,17 @@ include claws-mail.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.claws-mail | 9 | nodeny ${HOME}/.claws-mail |
10 | 10 | ||
11 | mkdir ${HOME}/.claws-mail | 11 | mkdir ${HOME}/.claws-mail |
12 | whitelist ${HOME}/.claws-mail | 12 | allow ${HOME}/.claws-mail |
13 | 13 | ||
14 | # Add the below lines to your claws-mail.local if you use python-based plugins. | 14 | # Add the below lines to your claws-mail.local if you use python-based plugins. |
15 | # Allow python (blacklisted by disable-interpreters.inc) | 15 | # Allow python (blacklisted by disable-interpreters.inc) |
16 | #include allow-python2.inc | 16 | #include allow-python2.inc |
17 | #include allow-python3.inc | 17 | #include allow-python3.inc |
18 | 18 | ||
19 | whitelist /usr/share/doc/claws-mail | 19 | allow /usr/share/doc/claws-mail |
20 | 20 | ||
21 | # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2 | 21 | # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2 |
22 | 22 | ||
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile index 9b62a1f73..ee64391d9 100644 --- a/etc/profile-a-l/clawsker.profile +++ b/etc/profile-a-l/clawsker.profile | |||
@@ -6,7 +6,7 @@ include clawsker.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.claws-mail | 9 | nodeny ${HOME}/.claws-mail |
10 | 10 | ||
11 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
12 | include allow-perl.inc | 12 | include allow-perl.inc |
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.claws-mail | 21 | mkdir ${HOME}/.claws-mail |
22 | whitelist ${HOME}/.claws-mail | 22 | allow ${HOME}/.claws-mail |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile index fa33795c1..f9c0006f9 100644 --- a/etc/profile-a-l/clementine.profile +++ b/etc/profile-a-l/clementine.profile | |||
@@ -6,9 +6,9 @@ include clementine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Clementine | 9 | nodeny ${HOME}/.cache/Clementine |
10 | noblacklist ${HOME}/.config/Clementine | 10 | nodeny ${HOME}/.config/Clementine |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/clion-eap.profile b/etc/profile-a-l/clion-eap.profile new file mode 100644 index 000000000..3602c3e7b --- /dev/null +++ b/etc/profile-a-l/clion-eap.profile | |||
@@ -0,0 +1,10 @@ | |||
1 | # Firejail profile for CLion EAP | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include clion-eap.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | # Redirect | ||
10 | include clion.profile | ||
diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile index 22cecff09..5c5399069 100644 --- a/etc/profile-a-l/clion.profile +++ b/etc/profile-a-l/clion.profile | |||
@@ -5,13 +5,16 @@ include clion.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.CLion* | 8 | nodeny ${HOME}/.config/JetBrains/CLion* |
9 | noblacklist ${HOME}/.config/git | 9 | nodeny ${HOME}/.cache/JetBrains/CLion* |
10 | noblacklist ${HOME}/.gitconfig | 10 | nodeny ${HOME}/.clion* |
11 | noblacklist ${HOME}/.git-credentials | 11 | nodeny ${HOME}/.CLion* |
12 | noblacklist ${HOME}/.java | 12 | nodeny ${HOME}/.config/git |
13 | noblacklist ${HOME}/.local/share/JetBrains | 13 | nodeny ${HOME}/.gitconfig |
14 | noblacklist ${HOME}/.tooling | 14 | nodeny ${HOME}/.git-credentials |
15 | nodeny ${HOME}/.java | ||
16 | nodeny ${HOME}/.local/share/JetBrains | ||
17 | nodeny ${HOME}/.tooling | ||
15 | 18 | ||
16 | # Allow ssh (blacklisted by disable-common.inc) | 19 | # Allow ssh (blacklisted by disable-common.inc) |
17 | include allow-ssh.inc | 20 | include allow-ssh.inc |
diff --git a/etc/profile-a-l/clipgrab.profile b/etc/profile-a-l/clipgrab.profile index c8258da07..89f8d96f0 100644 --- a/etc/profile-a-l/clipgrab.profile +++ b/etc/profile-a-l/clipgrab.profile | |||
@@ -6,9 +6,9 @@ include clipgrab.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Philipp Schmieder | 9 | nodeny ${HOME}/.config/Philipp Schmieder |
10 | noblacklist ${HOME}/.pki | 10 | nodeny ${HOME}/.pki |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile index d421903a3..4a2a5171b 100644 --- a/etc/profile-a-l/clipit.profile +++ b/etc/profile-a-l/clipit.profile | |||
@@ -6,8 +6,8 @@ include clipit.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/clipit | 9 | nodeny ${HOME}/.config/clipit |
10 | noblacklist ${HOME}/.local/share/clipit | 10 | nodeny ${HOME}/.local/share/clipit |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.config/clipit | 20 | mkdir ${HOME}/.config/clipit |
21 | mkdir ${HOME}/.local/share/clipit | 21 | mkdir ${HOME}/.local/share/clipit |
22 | whitelist ${HOME}/.config/clipit | 22 | allow ${HOME}/.config/clipit |
23 | whitelist ${HOME}/.local/share/clipit | 23 | allow ${HOME}/.local/share/clipit |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/cliqz.profile b/etc/profile-a-l/cliqz.profile index d0b8cc0ef..22c6ef882 100644 --- a/etc/profile-a-l/cliqz.profile +++ b/etc/profile-a-l/cliqz.profile | |||
@@ -5,16 +5,16 @@ include cliqz.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/cliqz | 8 | nodeny ${HOME}/.cache/cliqz |
9 | noblacklist ${HOME}/.cliqz | 9 | nodeny ${HOME}/.cliqz |
10 | noblacklist ${HOME}/.config/cliqz | 10 | nodeny ${HOME}/.config/cliqz |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/cliqz | 12 | mkdir ${HOME}/.cache/cliqz |
13 | mkdir ${HOME}/.cliqz | 13 | mkdir ${HOME}/.cliqz |
14 | mkdir ${HOME}/.config/cliqz | 14 | mkdir ${HOME}/.config/cliqz |
15 | whitelist ${HOME}/.cache/cliqz | 15 | allow ${HOME}/.cache/cliqz |
16 | whitelist ${HOME}/.cliqz | 16 | allow ${HOME}/.cliqz |
17 | whitelist ${HOME}/.config/cliqz | 17 | allow ${HOME}/.config/cliqz |
18 | 18 | ||
19 | # private-etc must first be enabled in firefox-common.profile | 19 | # private-etc must first be enabled in firefox-common.profile |
20 | #private-etc cliqz | 20 | #private-etc cliqz |
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile index bcd557787..51e53209f 100644 --- a/etc/profile-a-l/cmus.profile +++ b/etc/profile-a-l/cmus.profile | |||
@@ -6,8 +6,8 @@ include cmus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/cmus | 9 | nodeny ${HOME}/.config/cmus |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/code.profile b/etc/profile-a-l/code.profile index e19b78908..1933c66fa 100644 --- a/etc/profile-a-l/code.profile +++ b/etc/profile-a-l/code.profile | |||
@@ -5,10 +5,10 @@ include code.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Code | 8 | nodeny ${HOME}/.config/Code |
9 | noblacklist ${HOME}/.config/Code - OSS | 9 | nodeny ${HOME}/.config/Code - OSS |
10 | noblacklist ${HOME}/.vscode | 10 | nodeny ${HOME}/.vscode |
11 | noblacklist ${HOME}/.vscode-oss | 11 | nodeny ${HOME}/.vscode-oss |
12 | 12 | ||
13 | # Allows files commonly used by IDEs | 13 | # Allows files commonly used by IDEs |
14 | include allow-common-devel.inc | 14 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile index bd6d8f5b0..efa7f516c 100644 --- a/etc/profile-a-l/colorful.profile +++ b/etc/profile-a-l/colorful.profile | |||
@@ -6,7 +6,7 @@ include colorful.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.suve/colorful | 9 | nodeny ${HOME}/.suve/colorful |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.suve/colorful | 20 | mkdir ${HOME}/.suve/colorful |
21 | whitelist ${HOME}/.suve/colorful | 21 | allow ${HOME}/.suve/colorful |
22 | whitelist /usr/share/suve | 22 | allow /usr/share/suve |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile index c8bdfec23..34b662959 100644 --- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile +++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile | |||
@@ -6,7 +6,7 @@ include com.github.bleakgrey.tootle.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/com.github.bleakgrey.tootle | 9 | nodeny ${HOME}/.config/com.github.bleakgrey.tootle |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/com.github.bleakgrey.tootle | 20 | mkdir ${HOME}/.config/com.github.bleakgrey.tootle |
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | whitelist ${HOME}/.config/com.github.bleakgrey.tootle | 22 | allow ${HOME}/.config/com.github.bleakgrey.tootle |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile index b467a0f7a..4e26e4925 100644 --- a/etc/profile-a-l/com.github.dahenson.agenda.profile +++ b/etc/profile-a-l/com.github.dahenson.agenda.profile | |||
@@ -6,9 +6,9 @@ include com.github.dahenson.agenda.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/agenda | 9 | nodeny ${HOME}/.cache/agenda |
10 | noblacklist ${HOME}/.config/agenda | 10 | nodeny ${HOME}/.config/agenda |
11 | noblacklist ${HOME}/.local/share/agenda | 11 | nodeny ${HOME}/.local/share/agenda |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,9 +22,9 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.cache/agenda | 22 | mkdir ${HOME}/.cache/agenda |
23 | mkdir ${HOME}/.config/agenda | 23 | mkdir ${HOME}/.config/agenda |
24 | mkdir ${HOME}/.local/share/agenda | 24 | mkdir ${HOME}/.local/share/agenda |
25 | whitelist ${HOME}/.cache/agenda | 25 | allow ${HOME}/.cache/agenda |
26 | whitelist ${HOME}/.config/agenda | 26 | allow ${HOME}/.config/agenda |
27 | whitelist ${HOME}/.local/share/agenda | 27 | allow ${HOME}/.local/share/agenda |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile index c13f9618b..bbfc1fe41 100644 --- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile +++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile | |||
@@ -6,9 +6,9 @@ include foliate.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate | 10 | nodeny ${HOME}/.cache/com.github.johnfactotum.Foliate |
11 | noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate | 11 | nodeny ${HOME}/.local/share/com.github.johnfactotum.Foliate |
12 | 12 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | 13 | # Allow gjs (blacklisted by disable-interpreters.inc) |
14 | include allow-gjs.inc | 14 | include allow-gjs.inc |
@@ -24,12 +24,12 @@ include disable-xdg.inc | |||
24 | 24 | ||
25 | mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate | 25 | mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate |
26 | mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate | 26 | mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate |
27 | whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate | 27 | allow ${HOME}/.cache/com.github.johnfactotum.Foliate |
28 | whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate | 28 | allow ${HOME}/.local/share/com.github.johnfactotum.Foliate |
29 | whitelist ${DOCUMENTS} | 29 | allow ${DOCUMENTS} |
30 | whitelist ${DOWNLOADS} | 30 | allow ${DOWNLOADS} |
31 | whitelist /usr/share/com.github.johnfactotum.Foliate | 31 | allow /usr/share/com.github.johnfactotum.Foliate |
32 | whitelist /usr/share/hyphen | 32 | allow /usr/share/hyphen |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile index d0402d188..3e9acc6c8 100644 --- a/etc/profile-a-l/com.github.phase1geo.minder.profile +++ b/etc/profile-a-l/com.github.phase1geo.minder.profile | |||
@@ -6,9 +6,9 @@ include com.github.phase1geo.minder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/minder | 9 | nodeny ${HOME}/.local/share/minder |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,10 +20,10 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.local/share/minder | 22 | mkdir ${HOME}/.local/share/minder |
23 | whitelist ${HOME}/.local/share/minder | 23 | allow ${HOME}/.local/share/minder |
24 | whitelist ${DOCUMENTS} | 24 | allow ${DOCUMENTS} |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | whitelist ${PICTURES} | 26 | allow ${PICTURES} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/conkeror.profile b/etc/profile-a-l/conkeror.profile index 38edf0d21..6cc9ec551 100644 --- a/etc/profile-a-l/conkeror.profile +++ b/etc/profile-a-l/conkeror.profile | |||
@@ -5,23 +5,23 @@ include conkeror.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.conkeror.mozdev.org | 8 | nodeny ${HOME}/.conkeror.mozdev.org |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-programs.inc | 11 | include disable-programs.inc |
12 | 12 | ||
13 | mkdir ${HOME}/.conkeror.mozdev.org | 13 | mkdir ${HOME}/.conkeror.mozdev.org |
14 | mkfile ${HOME}/.conkerorrc | 14 | mkfile ${HOME}/.conkerorrc |
15 | whitelist ${HOME}/.conkeror.mozdev.org | 15 | allow ${HOME}/.conkeror.mozdev.org |
16 | whitelist ${HOME}/.conkerorrc | 16 | allow ${HOME}/.conkerorrc |
17 | whitelist ${HOME}/.lastpass | 17 | allow ${HOME}/.lastpass |
18 | whitelist ${HOME}/.pentadactyl | 18 | allow ${HOME}/.pentadactyl |
19 | whitelist ${HOME}/.pentadactylrc | 19 | allow ${HOME}/.pentadactylrc |
20 | whitelist ${HOME}/.vimperator | 20 | allow ${HOME}/.vimperator |
21 | whitelist ${HOME}/.vimperatorrc | 21 | allow ${HOME}/.vimperatorrc |
22 | whitelist ${HOME}/.zotero | 22 | allow ${HOME}/.zotero |
23 | whitelist ${HOME}/dwhelper | 23 | allow ${HOME}/dwhelper |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-a-l/conky.profile b/etc/profile-a-l/conky.profile index eaa18739d..1b3fe6651 100644 --- a/etc/profile-a-l/conky.profile +++ b/etc/profile-a-l/conky.profile | |||
@@ -6,7 +6,7 @@ include conky.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | 10 | ||
11 | # Allow lua (blacklisted by disable-interpreters.inc) | 11 | # Allow lua (blacklisted by disable-interpreters.inc) |
12 | include allow-lua.inc | 12 | include allow-lua.inc |
diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile index 2fb446e2a..266c404ee 100644 --- a/etc/profile-a-l/corebird.profile +++ b/etc/profile-a-l/corebird.profile | |||
@@ -6,7 +6,7 @@ include corebird.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/corebird | 9 | nodeny ${HOME}/.config/corebird |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile index 1635995dc..0a1353e40 100644 --- a/etc/profile-a-l/cower.profile +++ b/etc/profile-a-l/cower.profile | |||
@@ -7,8 +7,8 @@ include cower.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/cower | 10 | nodeny ${HOME}/.config/cower |
11 | noblacklist /var/lib/pacman | 11 | nodeny /var/lib/pacman |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile index 7ece35c2b..5e48c8022 100644 --- a/etc/profile-a-l/coyim.profile +++ b/etc/profile-a-l/coyim.profile | |||
@@ -6,7 +6,7 @@ include coyim.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/coyim | 9 | nodeny ${HOME}/.config/coyim |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/coyim | 20 | mkdir ${HOME}/.config/coyim |
21 | whitelist ${HOME}/.config/coyim | 21 | allow ${HOME}/.config/coyim |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/cpio.profile b/etc/profile-a-l/cpio.profile index bdc4f21a6..dec8c086b 100644 --- a/etc/profile-a-l/cpio.profile +++ b/etc/profile-a-l/cpio.profile | |||
@@ -7,8 +7,8 @@ include cpio.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist /sbin | 10 | nodeny /sbin |
11 | noblacklist /usr/sbin | 11 | nodeny /usr/sbin |
12 | 12 | ||
13 | # Redirect | 13 | # Redirect |
14 | include archiver-common.profile | 14 | include archiver-common.profile |
diff --git a/etc/profile-a-l/crawl.profile b/etc/profile-a-l/crawl.profile index b10216895..81292c01c 100644 --- a/etc/profile-a-l/crawl.profile +++ b/etc/profile-a-l/crawl.profile | |||
@@ -6,7 +6,7 @@ include crawl-tiles.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.crawl | 9 | nodeny ${HOME}/.crawl |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.crawl | 19 | mkdir ${HOME}/.crawl |
20 | whitelist ${HOME}/.crawl | 20 | allow ${HOME}/.crawl |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile index 02b15ecc2..36bd93778 100644 --- a/etc/profile-a-l/crow.profile +++ b/etc/profile-a-l/crow.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | mkdir ${HOME}/.config/crow | 9 | mkdir ${HOME}/.config/crow |
10 | mkdir ${HOME}/.cache/gstreamer-1.0 | 10 | mkdir ${HOME}/.cache/gstreamer-1.0 |
11 | whitelist ${HOME}/.config/crow | 11 | allow ${HOME}/.config/crow |
12 | whitelist ${HOME}/.cache/gstreamer-1.0 | 12 | allow ${HOME}/.cache/gstreamer-1.0 |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile index c9867c5d7..4950b7a4c 100644 --- a/etc/profile-a-l/curl.profile +++ b/etc/profile-a-l/curl.profile | |||
@@ -12,11 +12,11 @@ include globals.local | |||
12 | # Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts. | 12 | # Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts. |
13 | # If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local | 13 | # If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local |
14 | # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact. | 14 | # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact. |
15 | noblacklist ${HOME}/.curl-hsts | 15 | nodeny ${HOME}/.curl-hsts |
16 | noblacklist ${HOME}/.curlrc | 16 | nodeny ${HOME}/.curlrc |
17 | 17 | ||
18 | blacklist /tmp/.X11-unix | 18 | deny /tmp/.X11-unix |
19 | blacklist ${RUNUSER} | 19 | deny ${RUNUSER} |
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-exec.inc | 22 | include disable-exec.inc |
diff --git a/etc/profile-a-l/cyberfox.profile b/etc/profile-a-l/cyberfox.profile index d1fff0004..49f972e4a 100644 --- a/etc/profile-a-l/cyberfox.profile +++ b/etc/profile-a-l/cyberfox.profile | |||
@@ -5,13 +5,13 @@ include cyberfox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.8pecxstudios | 8 | nodeny ${HOME}/.8pecxstudios |
9 | noblacklist ${HOME}/.cache/8pecxstudios | 9 | nodeny ${HOME}/.cache/8pecxstudios |
10 | 10 | ||
11 | mkdir ${HOME}/.8pecxstudios | 11 | mkdir ${HOME}/.8pecxstudios |
12 | mkdir ${HOME}/.cache/8pecxstudios | 12 | mkdir ${HOME}/.cache/8pecxstudios |
13 | whitelist ${HOME}/.8pecxstudios | 13 | allow ${HOME}/.8pecxstudios |
14 | whitelist ${HOME}/.cache/8pecxstudios | 14 | allow ${HOME}/.cache/8pecxstudios |
15 | 15 | ||
16 | # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which | 16 | # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which |
17 | # private-etc must first be enabled in firefox-common.profile | 17 | # private-etc must first be enabled in firefox-common.profile |
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile index ba1e7adad..c7ce1730a 100644 --- a/etc/profile-a-l/d-feet.profile +++ b/etc/profile-a-l/d-feet.profile | |||
@@ -6,7 +6,7 @@ include d-feet.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/d-feet | 9 | nodeny ${HOME}/.config/d-feet |
10 | 10 | ||
11 | # Allow python (disabled by disable-interpreters.inc) | 11 | # Allow python (disabled by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,8 +22,8 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.config/d-feet | 24 | mkdir ${HOME}/.config/d-feet |
25 | whitelist ${HOME}/.config/d-feet | 25 | allow ${HOME}/.config/d-feet |
26 | whitelist /usr/share/d-feet | 26 | allow /usr/share/d-feet |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/darktable.profile b/etc/profile-a-l/darktable.profile index 61fa52928..4d51c255e 100644 --- a/etc/profile-a-l/darktable.profile +++ b/etc/profile-a-l/darktable.profile | |||
@@ -6,9 +6,9 @@ include darktable.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/darktable | 9 | nodeny ${HOME}/.cache/darktable |
10 | noblacklist ${HOME}/.config/darktable | 10 | nodeny ${HOME}/.config/darktable |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile index 67a61bb60..745042d6f 100644 --- a/etc/profile-a-l/dbus-send.profile +++ b/etc/profile-a-l/dbus-send.profile | |||
@@ -7,8 +7,8 @@ include dbus-send.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile index 0c221850a..c1231c6cf 100644 --- a/etc/profile-a-l/dconf-editor.profile +++ b/etc/profile-a-l/dconf-editor.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist ${HOME}/.local/share/glib-2.0 | 18 | allow ${HOME}/.local/share/glib-2.0 |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile index be7514cbf..b9d385adf 100644 --- a/etc/profile-a-l/dconf.profile +++ b/etc/profile-a-l/dconf.profile | |||
@@ -6,7 +6,7 @@ include dconf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist ${HOME}/.local/share/glib-2.0 | 19 | allow ${HOME}/.local/share/glib-2.0 |
20 | # dconf paths are whitelisted by the following | 20 | # dconf paths are whitelisted by the following |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile index 5b95b74be..09fa7a07a 100644 --- a/etc/profile-a-l/ddgtk.profile +++ b/etc/profile-a-l/ddgtk.profile | |||
@@ -18,8 +18,8 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | whitelist /usr/share/ddgtk | 22 | allow /usr/share/ddgtk |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/deadbeef.profile b/etc/profile-a-l/deadbeef.profile index a221ebbd7..25fa944a1 100644 --- a/etc/profile-a-l/deadbeef.profile +++ b/etc/profile-a-l/deadbeef.profile | |||
@@ -6,8 +6,8 @@ include deadbeef.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/deadbeef | 9 | nodeny ${HOME}/.config/deadbeef |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile index ad7aa6ed5..d41a4a023 100644 --- a/etc/profile-a-l/deluge.profile +++ b/etc/profile-a-l/deluge.profile | |||
@@ -6,7 +6,7 @@ include deluge.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/deluge | 9 | nodeny ${HOME}/.config/deluge |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.config/deluge | 22 | mkdir ${HOME}/.config/deluge |
23 | whitelist ${DOWNLOADS} | 23 | allow ${DOWNLOADS} |
24 | whitelist ${HOME}/.config/deluge | 24 | allow ${HOME}/.config/deluge |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/desktopeditors.profile b/etc/profile-a-l/desktopeditors.profile index 212cdab60..aed4355d5 100644 --- a/etc/profile-a-l/desktopeditors.profile +++ b/etc/profile-a-l/desktopeditors.profile | |||
@@ -6,9 +6,9 @@ include desktopeditors.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/onlyoffice | 9 | nodeny ${HOME}/.config/onlyoffice |
10 | noblacklist ${HOME}/.local/share/onlyoffice | 10 | nodeny ${HOME}/.local/share/onlyoffice |
11 | noblacklist ${HOME}/.pki | 11 | nodeny ${HOME}/.pki |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile index 5007f8e74..dc0f290fb 100644 --- a/etc/profile-a-l/devhelp.profile +++ b/etc/profile-a-l/devhelp.profile | |||
@@ -16,9 +16,9 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist /usr/share/devhelp | 19 | allow /usr/share/devhelp |
20 | whitelist /usr/share/doc | 20 | allow /usr/share/doc |
21 | whitelist /usr/share/gtk-doc/html | 21 | allow /usr/share/gtk-doc/html |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile index 6267b5709..631f15f93 100644 --- a/etc/profile-a-l/devilspie.profile +++ b/etc/profile-a-l/devilspie.profile | |||
@@ -6,9 +6,9 @@ include devilspie.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | noblacklist ${HOME}/.devilspie | 11 | nodeny ${HOME}/.devilspie |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.devilspie | 21 | mkdir ${HOME}/.devilspie |
22 | whitelist ${HOME}/.devilspie | 22 | allow ${HOME}/.devilspie |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/devilspie2.profile b/etc/profile-a-l/devilspie2.profile index 9eab3f536..140c9da0f 100644 --- a/etc/profile-a-l/devilspie2.profile +++ b/etc/profile-a-l/devilspie2.profile | |||
@@ -6,17 +6,17 @@ include devilspie2.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | blacklist ${HOME}/.devilspie | 9 | deny ${HOME}/.devilspie |
10 | 10 | ||
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | noblacklist ${HOME}/.config/devilspie2 | 13 | nodeny ${HOME}/.config/devilspie2 |
14 | 14 | ||
15 | # Allow lua (blacklisted by disable-interpreters.inc) | 15 | # Allow lua (blacklisted by disable-interpreters.inc) |
16 | include allow-lua.inc | 16 | include allow-lua.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/devilspie2 | 18 | mkdir ${HOME}/.config/devilspie2 |
19 | whitelist ${HOME}/.config/devilspie2 | 19 | allow ${HOME}/.config/devilspie2 |
20 | 20 | ||
21 | private-bin devilspie2 | 21 | private-bin devilspie2 |
22 | 22 | ||
diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile index 531734b7d..2a808238b 100644 --- a/etc/profile-a-l/dia.profile +++ b/etc/profile-a-l/dia.profile | |||
@@ -6,8 +6,8 @@ include dia.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.dia | 9 | nodeny ${HOME}/.dia |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -25,7 +25,7 @@ include disable-xdg.inc | |||
25 | #whitelist ${HOME}/.dia | 25 | #whitelist ${HOME}/.dia |
26 | #whitelist ${DOCUMENTS} | 26 | #whitelist ${DOCUMENTS} |
27 | #include whitelist-common.inc | 27 | #include whitelist-common.inc |
28 | whitelist /usr/share/dia | 28 | allow /usr/share/dia |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile index 247159a8a..2d683b811 100644 --- a/etc/profile-a-l/dig.profile +++ b/etc/profile-a-l/dig.profile | |||
@@ -7,11 +7,11 @@ include dig.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.digrc | 10 | nodeny ${HOME}/.digrc |
11 | noblacklist ${PATH}/dig | 11 | nodeny ${PATH}/dig |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | deny /tmp/.X11-unix |
14 | blacklist ${RUNUSER} | 14 | deny ${RUNUSER} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | # include disable-devel.inc | 17 | # include disable-devel.inc |
@@ -22,7 +22,7 @@ include disable-programs.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | #mkfile ${HOME}/.digrc - see #903 | 24 | #mkfile ${HOME}/.digrc - see #903 |
25 | whitelist ${HOME}/.digrc | 25 | allow ${HOME}/.digrc |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile index 2ca7bd400..124b50952 100644 --- a/etc/profile-a-l/digikam.profile +++ b/etc/profile-a-l/digikam.profile | |||
@@ -6,12 +6,12 @@ include digikam.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/digikam | 9 | nodeny ${HOME}/.config/digikam |
10 | noblacklist ${HOME}/.config/digikamrc | 10 | nodeny ${HOME}/.config/digikamrc |
11 | noblacklist ${HOME}/.kde/share/apps/digikam | 11 | nodeny ${HOME}/.kde/share/apps/digikam |
12 | noblacklist ${HOME}/.kde4/share/apps/digikam | 12 | nodeny ${HOME}/.kde4/share/apps/digikam |
13 | noblacklist ${HOME}/.local/share/kxmlgui5/digikam | 13 | nodeny ${HOME}/.local/share/kxmlgui5/digikam |
14 | noblacklist ${PICTURES} | 14 | nodeny ${PICTURES} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dillo.profile b/etc/profile-a-l/dillo.profile index 9871a6095..883466f4d 100644 --- a/etc/profile-a-l/dillo.profile +++ b/etc/profile-a-l/dillo.profile | |||
@@ -6,7 +6,7 @@ include dillo.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.dillo | 9 | nodeny ${HOME}/.dillo |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-programs.inc | |||
16 | 16 | ||
17 | mkdir ${HOME}/.dillo | 17 | mkdir ${HOME}/.dillo |
18 | mkdir ${HOME}/.fltk | 18 | mkdir ${HOME}/.fltk |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.dillo | 20 | allow ${HOME}/.dillo |
21 | whitelist ${HOME}/.fltk | 21 | allow ${HOME}/.fltk |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile index c3174b35f..3078bef71 100644 --- a/etc/profile-a-l/dino.profile +++ b/etc/profile-a-l/dino.profile | |||
@@ -6,7 +6,7 @@ include dino.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/dino | 9 | nodeny ${HOME}/.local/share/dino |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.local/share/dino | 19 | mkdir ${HOME}/.local/share/dino |
20 | whitelist ${HOME}/.local/share/dino | 20 | allow ${HOME}/.local/share/dino |
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/discord-canary.profile b/etc/profile-a-l/discord-canary.profile index 43db95b8a..1c53cd211 100644 --- a/etc/profile-a-l/discord-canary.profile +++ b/etc/profile-a-l/discord-canary.profile | |||
@@ -5,10 +5,10 @@ include discord-canary.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/discordcanary | 8 | nodeny ${HOME}/.config/discordcanary |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discordcanary | 10 | mkdir ${HOME}/.config/discordcanary |
11 | whitelist ${HOME}/.config/discordcanary | 11 | allow ${HOME}/.config/discordcanary |
12 | 12 | ||
13 | private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9] | 13 | private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9] |
14 | private-opt discord-canary | 14 | private-opt discord-canary |
diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile index 19e7bd9ab..6bee1901c 100644 --- a/etc/profile-a-l/discord-common.profile +++ b/etc/profile-a-l/discord-common.profile | |||
@@ -20,8 +20,8 @@ ignore dbus-system none | |||
20 | ignore noexec ${HOME} | 20 | ignore noexec ${HOME} |
21 | ignore novideo | 21 | ignore novideo |
22 | 22 | ||
23 | whitelist ${HOME}/.config/BetterDiscord | 23 | allow ${HOME}/.config/BetterDiscord |
24 | whitelist ${HOME}/.local/share/betterdiscordctl | 24 | allow ${HOME}/.local/share/betterdiscordctl |
25 | 25 | ||
26 | private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh | 26 | private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh |
27 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl | 27 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl |
diff --git a/etc/profile-a-l/discord.profile b/etc/profile-a-l/discord.profile index 8ef02a30f..658d3fc83 100644 --- a/etc/profile-a-l/discord.profile +++ b/etc/profile-a-l/discord.profile | |||
@@ -5,10 +5,10 @@ include discord.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/discord | 8 | nodeny ${HOME}/.config/discord |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discord | 10 | mkdir ${HOME}/.config/discord |
11 | whitelist ${HOME}/.config/discord | 11 | allow ${HOME}/.config/discord |
12 | 12 | ||
13 | private-bin discord | 13 | private-bin discord |
14 | private-opt discord | 14 | private-opt discord |
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile index 11f3fd36e..4474b97d2 100644 --- a/etc/profile-a-l/display.profile +++ b/etc/profile-a-l/display.profile | |||
@@ -5,7 +5,7 @@ include display.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${PICTURES} | 8 | nodeny ${PICTURES} |
9 | 9 | ||
10 | # Allow python (blacklisted by disable-interpreters.inc) | 10 | # Allow python (blacklisted by disable-interpreters.inc) |
11 | include allow-python2.inc | 11 | include allow-python2.inc |
diff --git a/etc/profile-a-l/dnox.profile b/etc/profile-a-l/dnox.profile index 51ba6f8b7..8c3d6211b 100644 --- a/etc/profile-a-l/dnox.profile +++ b/etc/profile-a-l/dnox.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/dnox | 13 | nodeny ${HOME}/.cache/dnox |
14 | noblacklist ${HOME}/.config/dnox | 14 | nodeny ${HOME}/.config/dnox |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/dnox | 16 | mkdir ${HOME}/.cache/dnox |
17 | mkdir ${HOME}/.config/dnox | 17 | mkdir ${HOME}/.config/dnox |
18 | whitelist ${HOME}/.cache/dnox | 18 | allow ${HOME}/.cache/dnox |
19 | whitelist ${HOME}/.config/dnox | 19 | allow ${HOME}/.config/dnox |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile index f8fb1a331..dbcef36f8 100644 --- a/etc/profile-a-l/dnscrypt-proxy.profile +++ b/etc/profile-a-l/dnscrypt-proxy.profile | |||
@@ -7,11 +7,11 @@ include dnscrypt-proxy.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | noblacklist /sbin | 13 | nodeny /sbin |
14 | noblacklist /usr/sbin | 14 | nodeny /usr/sbin |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc | |||
21 | include disable-programs.inc | 21 | include disable-programs.inc |
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | whitelist /usr/share/dnscrypt-proxy | 24 | allow /usr/share/dnscrypt-proxy |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile index 01398c2b2..b1acbf392 100644 --- a/etc/profile-a-l/dnsmasq.profile +++ b/etc/profile-a-l/dnsmasq.profile | |||
@@ -7,11 +7,11 @@ include dnsmasq.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist /sbin | 10 | nodeny /sbin |
11 | noblacklist /usr/sbin | 11 | nodeny /usr/sbin |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | deny /tmp/.X11-unix |
14 | blacklist ${RUNUSER}/wayland-* | 14 | deny ${RUNUSER}/wayland-* |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile index 49feec32e..15b312ecb 100644 --- a/etc/profile-a-l/dolphin-emu.profile +++ b/etc/profile-a-l/dolphin-emu.profile | |||
@@ -8,9 +8,9 @@ include globals.local | |||
8 | 8 | ||
9 | # Note: you must whitelist your games folder in your dolphin-emu.local. | 9 | # Note: you must whitelist your games folder in your dolphin-emu.local. |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/dolphin-emu | 11 | nodeny ${HOME}/.cache/dolphin-emu |
12 | noblacklist ${HOME}/.config/dolphin-emu | 12 | nodeny ${HOME}/.config/dolphin-emu |
13 | noblacklist ${HOME}/.local/share/dolphin-emu | 13 | nodeny ${HOME}/.local/share/dolphin-emu |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -24,10 +24,10 @@ include disable-xdg.inc | |||
24 | mkdir ${HOME}/.cache/dolphin-emu | 24 | mkdir ${HOME}/.cache/dolphin-emu |
25 | mkdir ${HOME}/.config/dolphin-emu | 25 | mkdir ${HOME}/.config/dolphin-emu |
26 | mkdir ${HOME}/.local/share/dolphin-emu | 26 | mkdir ${HOME}/.local/share/dolphin-emu |
27 | whitelist ${HOME}/.cache/dolphin-emu | 27 | allow ${HOME}/.cache/dolphin-emu |
28 | whitelist ${HOME}/.config/dolphin-emu | 28 | allow ${HOME}/.config/dolphin-emu |
29 | whitelist ${HOME}/.local/share/dolphin-emu | 29 | allow ${HOME}/.local/share/dolphin-emu |
30 | whitelist /usr/share/dolphin-emu | 30 | allow /usr/share/dolphin-emu |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
33 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/dooble.profile b/etc/profile-a-l/dooble.profile index 37a4113cb..3b0adcc36 100644 --- a/etc/profile-a-l/dooble.profile +++ b/etc/profile-a-l/dooble.profile | |||
@@ -7,7 +7,7 @@ include dooble-qt4.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.dooble | 10 | nodeny ${HOME}/.dooble |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.dooble | 19 | mkdir ${HOME}/.dooble |
20 | whitelist ${DOWNLOADS} | 20 | allow ${DOWNLOADS} |
21 | whitelist ${HOME}/.dooble | 21 | allow ${HOME}/.dooble |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile index 988f66f28..29e506764 100644 --- a/etc/profile-a-l/dosbox.profile +++ b/etc/profile-a-l/dosbox.profile | |||
@@ -6,8 +6,8 @@ include dosbox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.dosbox | 9 | nodeny ${HOME}/.dosbox |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile index 8fa01d504..90ca11774 100644 --- a/etc/profile-a-l/dragon.profile +++ b/etc/profile-a-l/dragon.profile | |||
@@ -6,9 +6,9 @@ include dragon.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/dragonplayerrc | 9 | nodeny ${HOME}/.config/dragonplayerrc |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist /usr/share/dragonplayer | 22 | allow /usr/share/dragonplayer |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile index 82d96e405..84a77ce34 100644 --- a/etc/profile-a-l/drawio.profile +++ b/etc/profile-a-l/drawio.profile | |||
@@ -6,7 +6,7 @@ include drawio.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/draw.io | 9 | nodeny ${HOME}/.config/draw.io |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/draw.io | 20 | mkdir ${HOME}/.config/draw.io |
21 | whitelist ${HOME}/.config/draw.io | 21 | allow ${HOME}/.config/draw.io |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile index 068bd88d8..e177fd60e 100644 --- a/etc/profile-a-l/drill.profile +++ b/etc/profile-a-l/drill.profile | |||
@@ -7,10 +7,10 @@ include drill.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${PATH}/drill | 10 | nodeny ${PATH}/drill |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | deny /tmp/.X11-unix |
13 | blacklist ${RUNUSER} | 13 | deny ${RUNUSER} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | # include disable-devel.inc | 16 | # include disable-devel.inc |
diff --git a/etc/profile-a-l/dropbox.profile b/etc/profile-a-l/dropbox.profile index b3b2aaf40..274cdd478 100644 --- a/etc/profile-a-l/dropbox.profile +++ b/etc/profile-a-l/dropbox.profile | |||
@@ -5,9 +5,9 @@ include dropbox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/autostart | 8 | nodeny ${HOME}/.config/autostart |
9 | noblacklist ${HOME}/.dropbox | 9 | nodeny ${HOME}/.dropbox |
10 | noblacklist ${HOME}/.dropbox-dist | 10 | nodeny ${HOME}/.dropbox-dist |
11 | 11 | ||
12 | # Allow python3 (blacklisted by disable-interpreters.inc) | 12 | # Allow python3 (blacklisted by disable-interpreters.inc) |
13 | include allow-python3.inc | 13 | include allow-python3.inc |
@@ -22,10 +22,10 @@ mkdir ${HOME}/.dropbox | |||
22 | mkdir ${HOME}/.dropbox-dist | 22 | mkdir ${HOME}/.dropbox-dist |
23 | mkdir ${HOME}/Dropbox | 23 | mkdir ${HOME}/Dropbox |
24 | mkfile ${HOME}/.config/autostart/dropbox.desktop | 24 | mkfile ${HOME}/.config/autostart/dropbox.desktop |
25 | whitelist ${HOME}/.config/autostart/dropbox.desktop | 25 | allow ${HOME}/.config/autostart/dropbox.desktop |
26 | whitelist ${HOME}/.dropbox | 26 | allow ${HOME}/.dropbox |
27 | whitelist ${HOME}/.dropbox-dist | 27 | allow ${HOME}/.dropbox-dist |
28 | whitelist ${HOME}/Dropbox | 28 | allow ${HOME}/Dropbox |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | 30 | ||
31 | caps.drop all | 31 | caps.drop all |
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile index 38e4b16f7..da54fec34 100644 --- a/etc/profile-a-l/easystroke.profile +++ b/etc/profile-a-l/easystroke.profile | |||
@@ -6,7 +6,7 @@ include easystroke.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.easystroke | 9 | nodeny ${HOME}/.easystroke |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.easystroke | 19 | mkdir ${HOME}/.easystroke |
20 | whitelist ${HOME}/.easystroke | 20 | allow ${HOME}/.easystroke |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile index 278dd6cbd..10e57371e 100644 --- a/etc/profile-a-l/electron-mail.profile +++ b/etc/profile-a-l/electron-mail.profile | |||
@@ -6,7 +6,7 @@ include electron-mail.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/electron-mail | 9 | nodeny ${HOME}/.config/electron-mail |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/electron-mail | 20 | mkdir ${HOME}/.config/electron-mail |
21 | whitelist ${HOME}/.config/electron-mail | 21 | allow ${HOME}/.config/electron-mail |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | 23 | ||
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile index 493af79d4..e8d8d35c4 100644 --- a/etc/profile-a-l/electron.profile +++ b/etc/profile-a-l/electron.profile | |||
@@ -12,7 +12,7 @@ include disable-passwdmgr.inc | |||
12 | include disable-programs.inc | 12 | include disable-programs.inc |
13 | include disable-xdg.inc | 13 | include disable-xdg.inc |
14 | 14 | ||
15 | whitelist ${DOWNLOADS} | 15 | allow ${DOWNLOADS} |
16 | include whitelist-common.inc | 16 | include whitelist-common.inc |
17 | include whitelist-runuser-common.inc | 17 | include whitelist-runuser-common.inc |
18 | include whitelist-usr-share-common.inc | 18 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile index ad636d71a..f6691017c 100644 --- a/etc/profile-a-l/electrum.profile +++ b/etc/profile-a-l/electrum.profile | |||
@@ -6,7 +6,7 @@ include electrum.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.electrum | 9 | nodeny ${HOME}/.electrum |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,7 +22,7 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.electrum | 24 | mkdir ${HOME}/.electrum |
25 | whitelist ${HOME}/.electrum | 25 | allow ${HOME}/.electrum |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-a-l/element-desktop.profile b/etc/profile-a-l/element-desktop.profile index 48a826f2e..ec28866b8 100644 --- a/etc/profile-a-l/element-desktop.profile +++ b/etc/profile-a-l/element-desktop.profile | |||
@@ -9,11 +9,11 @@ include element-desktop.local | |||
9 | 9 | ||
10 | ignore dbus-user none | 10 | ignore dbus-user none |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/Element | 12 | nodeny ${HOME}/.config/Element |
13 | 13 | ||
14 | mkdir ${HOME}/.config/Element | 14 | mkdir ${HOME}/.config/Element |
15 | whitelist ${HOME}/.config/Element | 15 | allow ${HOME}/.config/Element |
16 | whitelist /opt/Element | 16 | allow /opt/Element |
17 | 17 | ||
18 | private-opt Element | 18 | private-opt Element |
19 | 19 | ||
diff --git a/etc/profile-a-l/elinks.profile b/etc/profile-a-l/elinks.profile index 5a29eb24b..30dca05cb 100644 --- a/etc/profile-a-l/elinks.profile +++ b/etc/profile-a-l/elinks.profile | |||
@@ -7,10 +7,10 @@ include elinks.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.elinks | 10 | nodeny ${HOME}/.elinks |
11 | 11 | ||
12 | mkdir ${HOME}/.elinks | 12 | mkdir ${HOME}/.elinks |
13 | whitelist ${HOME}/.elinks | 13 | allow ${HOME}/.elinks |
14 | 14 | ||
15 | private-bin elinks | 15 | private-bin elinks |
16 | 16 | ||
diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile index 55bf743ef..f0e0e2830 100644 --- a/etc/profile-a-l/emacs.profile +++ b/etc/profile-a-l/emacs.profile | |||
@@ -6,8 +6,8 @@ include emacs.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.emacs | 9 | nodeny ${HOME}/.emacs |
10 | noblacklist ${HOME}/.emacs.d | 10 | nodeny ${HOME}/.emacs.d |
11 | # Add the next line to your emacs.local if you need gpg support. | 11 | # Add the next line to your emacs.local if you need gpg support. |
12 | #noblacklist ${HOME}/.gnupg | 12 | #noblacklist ${HOME}/.gnupg |
13 | 13 | ||
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 6c9a8a6ea..5fc72d340 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile | |||
@@ -7,14 +7,14 @@ include email-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.gnupg | 10 | nodeny ${HOME}/.gnupg |
11 | noblacklist ${HOME}/.mozilla | 11 | nodeny ${HOME}/.mozilla |
12 | noblacklist ${HOME}/.signature | 12 | nodeny ${HOME}/.signature |
13 | # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local | 13 | # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local |
14 | # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications | 14 | # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications |
15 | noblacklist ${HOME}/Mail | 15 | nodeny ${HOME}/Mail |
16 | 16 | ||
17 | noblacklist ${DOCUMENTS} | 17 | nodeny ${DOCUMENTS} |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
@@ -27,17 +27,17 @@ include disable-xdg.inc | |||
27 | mkdir ${HOME}/.gnupg | 27 | mkdir ${HOME}/.gnupg |
28 | mkfile ${HOME}/.config/mimeapps.list | 28 | mkfile ${HOME}/.config/mimeapps.list |
29 | mkfile ${HOME}/.signature | 29 | mkfile ${HOME}/.signature |
30 | whitelist ${HOME}/.config/mimeapps.list | 30 | allow ${HOME}/.config/mimeapps.list |
31 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 31 | allow ${HOME}/.mozilla/firefox/profiles.ini |
32 | whitelist ${HOME}/.gnupg | 32 | allow ${HOME}/.gnupg |
33 | whitelist ${HOME}/.signature | 33 | allow ${HOME}/.signature |
34 | whitelist ${DOCUMENTS} | 34 | allow ${DOCUMENTS} |
35 | whitelist ${DOWNLOADS} | 35 | allow ${DOWNLOADS} |
36 | # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local | 36 | # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local |
37 | whitelist ${HOME}/Mail | 37 | allow ${HOME}/Mail |
38 | whitelist ${RUNUSER}/gnupg | 38 | allow ${RUNUSER}/gnupg |
39 | whitelist /usr/share/gnupg | 39 | allow /usr/share/gnupg |
40 | whitelist /usr/share/gnupg2 | 40 | allow /usr/share/gnupg2 |
41 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-runuser-common.inc | 42 | include whitelist-runuser-common.inc |
43 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile index ac17b1726..36015b702 100644 --- a/etc/profile-a-l/enchant.profile +++ b/etc/profile-a-l/enchant.profile | |||
@@ -6,9 +6,9 @@ include enchant.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/enchant | 11 | nodeny ${HOME}/.config/enchant |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.config/enchant | 21 | mkdir ${HOME}/.config/enchant |
22 | whitelist ${HOME}/.config/enchant | 22 | allow ${HOME}/.config/enchant |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/enox.profile b/etc/profile-a-l/enox.profile index d982433e2..9a1d89bba 100644 --- a/etc/profile-a-l/enox.profile +++ b/etc/profile-a-l/enox.profile | |||
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/Enox | 13 | nodeny ${HOME}/.cache/Enox |
14 | noblacklist ${HOME}/.config/Enox | 14 | nodeny ${HOME}/.config/Enox |
15 | 15 | ||
16 | #mkdir ${HOME}/.cache/dnox | 16 | #mkdir ${HOME}/.cache/dnox |
17 | #mkdir ${HOME}/.config/dnox | 17 | #mkdir ${HOME}/.config/dnox |
18 | mkdir ${HOME}/.cache/Enox | 18 | mkdir ${HOME}/.cache/Enox |
19 | mkdir ${HOME}/.config/Enox | 19 | mkdir ${HOME}/.config/Enox |
20 | whitelist ${HOME}/.cache/Enox | 20 | allow ${HOME}/.cache/Enox |
21 | whitelist ${HOME}/.config/Enox | 21 | allow ${HOME}/.config/Enox |
22 | 22 | ||
23 | # Redirect | 23 | # Redirect |
24 | include chromium-common.profile | 24 | include chromium-common.profile |
diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile index c4123b4c2..5d8f8a0b9 100644 --- a/etc/profile-a-l/enpass.profile +++ b/etc/profile-a-l/enpass.profile | |||
@@ -6,11 +6,11 @@ include enpass.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Enpass | 9 | nodeny ${HOME}/.cache/Enpass |
10 | noblacklist ${HOME}/.config/sinew.in | 10 | nodeny ${HOME}/.config/sinew.in |
11 | noblacklist ${HOME}/.config/Sinew Software Systems | 11 | nodeny ${HOME}/.config/Sinew Software Systems |
12 | noblacklist ${HOME}/.local/share/Enpass | 12 | nodeny ${HOME}/.local/share/Enpass |
13 | noblacklist ${DOCUMENTS} | 13 | nodeny ${DOCUMENTS} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -24,11 +24,11 @@ mkdir ${HOME}/.cache/Enpass | |||
24 | mkfile ${HOME}/.config/sinew.in | 24 | mkfile ${HOME}/.config/sinew.in |
25 | mkdir ${HOME}/.config/Sinew Software Systems | 25 | mkdir ${HOME}/.config/Sinew Software Systems |
26 | mkdir ${HOME}/.local/share/Enpass | 26 | mkdir ${HOME}/.local/share/Enpass |
27 | whitelist ${HOME}/.cache/Enpass | 27 | allow ${HOME}/.cache/Enpass |
28 | whitelist ${HOME}/.config/sinew.in | 28 | allow ${HOME}/.config/sinew.in |
29 | whitelist ${HOME}/.config/Sinew Software Systems | 29 | allow ${HOME}/.config/Sinew Software Systems |
30 | whitelist ${HOME}/.local/share/Enpass | 30 | allow ${HOME}/.local/share/Enpass |
31 | whitelist ${DOCUMENTS} | 31 | allow ${DOCUMENTS} |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile index fe7913e77..ff7040e5c 100644 --- a/etc/profile-a-l/eo-common.profile +++ b/etc/profile-a-l/eo-common.profile | |||
@@ -7,11 +7,11 @@ include eo-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.local/share/Trash | 10 | nodeny ${HOME}/.local/share/Trash |
11 | noblacklist ${HOME}/.Steam | 11 | nodeny ${HOME}/.Steam |
12 | noblacklist ${HOME}/.steam | 12 | nodeny ${HOME}/.steam |
13 | 13 | ||
14 | blacklist /usr/libexec | 14 | deny /usr/libexec |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/eog.profile b/etc/profile-a-l/eog.profile index 5892374bd..e8592c7df 100644 --- a/etc/profile-a-l/eog.profile +++ b/etc/profile-a-l/eog.profile | |||
@@ -6,9 +6,9 @@ include eog.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/eog | 9 | nodeny ${HOME}/.config/eog |
10 | 10 | ||
11 | whitelist /usr/share/eog | 11 | allow /usr/share/eog |
12 | 12 | ||
13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. | 13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. |
14 | # Add the next lines to your eog.local if you need that functionality. | 14 | # Add the next lines to your eog.local if you need that functionality. |
diff --git a/etc/profile-a-l/eom.profile b/etc/profile-a-l/eom.profile index 7143a8e03..323f5ade2 100644 --- a/etc/profile-a-l/eom.profile +++ b/etc/profile-a-l/eom.profile | |||
@@ -6,9 +6,9 @@ include eom.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mate/eom | 9 | nodeny ${HOME}/.config/mate/eom |
10 | 10 | ||
11 | whitelist /usr/share/eom | 11 | allow /usr/share/eom |
12 | 12 | ||
13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. | 13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. |
14 | # Add the next lines to your eom.local if you need that functionality. | 14 | # Add the next lines to your eom.local if you need that functionality. |
diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile index 131d68951..3657742b9 100644 --- a/etc/profile-a-l/ephemeral.profile +++ b/etc/profile-a-l/ephemeral.profile | |||
@@ -9,8 +9,8 @@ include globals.local | |||
9 | # enforce private-cache | 9 | # enforce private-cache |
10 | #noblacklist ${HOME}/.cache/ephemeral | 10 | #noblacklist ${HOME}/.cache/ephemeral |
11 | 11 | ||
12 | noblacklist ${HOME}/.pki | 12 | nodeny ${HOME}/.pki |
13 | noblacklist ${HOME}/.local/share/pki | 13 | nodeny ${HOME}/.local/share/pki |
14 | 14 | ||
15 | # noexec ${HOME} breaks DRM binaries. | 15 | # noexec ${HOME} breaks DRM binaries. |
16 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 16 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
@@ -27,9 +27,9 @@ mkdir ${HOME}/.pki | |||
27 | mkdir ${HOME}/.local/share/pki | 27 | mkdir ${HOME}/.local/share/pki |
28 | # enforce private-cache | 28 | # enforce private-cache |
29 | #whitelist ${HOME}/.cache/ephemeral | 29 | #whitelist ${HOME}/.cache/ephemeral |
30 | whitelist ${HOME}/.pki | 30 | allow ${HOME}/.pki |
31 | whitelist ${HOME}/.local/share/pki | 31 | allow ${HOME}/.local/share/pki |
32 | whitelist ${DOWNLOADS} | 32 | allow ${DOWNLOADS} |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/epiphany.profile b/etc/profile-a-l/epiphany.profile index 225811226..daedb2193 100644 --- a/etc/profile-a-l/epiphany.profile +++ b/etc/profile-a-l/epiphany.profile | |||
@@ -9,9 +9,9 @@ include globals.local | |||
9 | # Note: Epiphany use bwrap since 3.34 and can not be firejailed any more. | 9 | # Note: Epiphany use bwrap since 3.34 and can not be firejailed any more. |
10 | # See https://github.com/netblue30/firejail/issues/2995 | 10 | # See https://github.com/netblue30/firejail/issues/2995 |
11 | 11 | ||
12 | noblacklist ${HOME}/.cache/epiphany | 12 | nodeny ${HOME}/.cache/epiphany |
13 | noblacklist ${HOME}/.config/epiphany | 13 | nodeny ${HOME}/.config/epiphany |
14 | noblacklist ${HOME}/.local/share/epiphany | 14 | nodeny ${HOME}/.local/share/epiphany |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -21,10 +21,10 @@ include disable-programs.inc | |||
21 | mkdir ${HOME}/.cache/epiphany | 21 | mkdir ${HOME}/.cache/epiphany |
22 | mkdir ${HOME}/.config/epiphany | 22 | mkdir ${HOME}/.config/epiphany |
23 | mkdir ${HOME}/.local/share/epiphany | 23 | mkdir ${HOME}/.local/share/epiphany |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | whitelist ${HOME}/.cache/epiphany | 25 | allow ${HOME}/.cache/epiphany |
26 | whitelist ${HOME}/.config/epiphany | 26 | allow ${HOME}/.config/epiphany |
27 | whitelist ${HOME}/.local/share/epiphany | 27 | allow ${HOME}/.local/share/epiphany |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | 29 | ||
30 | caps.drop all | 30 | caps.drop all |
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile index 964d3b7ca..ac957870c 100644 --- a/etc/profile-a-l/equalx.profile +++ b/etc/profile-a-l/equalx.profile | |||
@@ -6,8 +6,8 @@ include equalx.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/equalx | 9 | nodeny ${HOME}/.config/equalx |
10 | noblacklist ${HOME}/.equalx | 10 | nodeny ${HOME}/.equalx |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,13 +20,13 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.config/equalx | 21 | mkdir ${HOME}/.config/equalx |
22 | mkdir ${HOME}/.equalx | 22 | mkdir ${HOME}/.equalx |
23 | whitelist ${HOME}/.config/equalx | 23 | allow ${HOME}/.config/equalx |
24 | whitelist ${HOME}/.equalx | 24 | allow ${HOME}/.equalx |
25 | whitelist /usr/share/poppler | 25 | allow /usr/share/poppler |
26 | whitelist /usr/share/ghostscript | 26 | allow /usr/share/ghostscript |
27 | whitelist /usr/share/texlive | 27 | allow /usr/share/texlive |
28 | whitelist /usr/share/equalx | 28 | allow /usr/share/equalx |
29 | whitelist /var/lib/texmf | 29 | allow /var/lib/texmf |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile index fdff1e4b5..a2f46b757 100644 --- a/etc/profile-a-l/etr.profile +++ b/etc/profile-a-l/etr.profile | |||
@@ -6,9 +6,9 @@ include etr.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.etr | 9 | nodeny ${HOME}/.etr |
10 | 10 | ||
11 | blacklist /usr/libexec | 11 | deny /usr/libexec |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,10 +20,10 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.etr | 22 | mkdir ${HOME}/.etr |
23 | whitelist ${HOME}/.etr | 23 | allow ${HOME}/.etr |
24 | whitelist /usr/share/etr | 24 | allow /usr/share/etr |
25 | # Debian version | 25 | # Debian version |
26 | whitelist /usr/share/games/etr | 26 | allow /usr/share/games/etr |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile index a9e39b15c..ce2617ad6 100644 --- a/etc/profile-a-l/evince.profile +++ b/etc/profile-a-l/evince.profile | |||
@@ -10,10 +10,10 @@ include globals.local | |||
10 | # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below). | 10 | # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below). |
11 | #noblacklist ${HOME}/.local/share/gvfs-metadata | 11 | #noblacklist ${HOME}/.local/share/gvfs-metadata |
12 | 12 | ||
13 | noblacklist ${HOME}/.config/evince | 13 | nodeny ${HOME}/.config/evince |
14 | noblacklist ${DOCUMENTS} | 14 | nodeny ${DOCUMENTS} |
15 | 15 | ||
16 | blacklist /usr/libexec | 16 | deny /usr/libexec |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -24,10 +24,10 @@ include disable-programs.inc | |||
24 | include disable-shell.inc | 24 | include disable-shell.inc |
25 | include disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | whitelist /usr/share/doc | 27 | allow /usr/share/doc |
28 | whitelist /usr/share/evince | 28 | allow /usr/share/evince |
29 | whitelist /usr/share/poppler | 29 | allow /usr/share/poppler |
30 | whitelist /usr/share/tracker | 30 | allow /usr/share/tracker |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile index 7222493ac..142498a28 100644 --- a/etc/profile-a-l/evolution.profile +++ b/etc/profile-a-l/evolution.profile | |||
@@ -6,15 +6,15 @@ include evolution.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /var/mail | 9 | nodeny /var/mail |
10 | noblacklist /var/spool/mail | 10 | nodeny /var/spool/mail |
11 | noblacklist ${HOME}/.bogofilter | 11 | nodeny ${HOME}/.bogofilter |
12 | noblacklist ${HOME}/.cache/evolution | 12 | nodeny ${HOME}/.cache/evolution |
13 | noblacklist ${HOME}/.config/evolution | 13 | nodeny ${HOME}/.config/evolution |
14 | noblacklist ${HOME}/.gnupg | 14 | nodeny ${HOME}/.gnupg |
15 | noblacklist ${HOME}/.local/share/evolution | 15 | nodeny ${HOME}/.local/share/evolution |
16 | noblacklist ${HOME}/.pki | 16 | nodeny ${HOME}/.pki |
17 | noblacklist ${HOME}/.local/share/pki | 17 | nodeny ${HOME}/.local/share/pki |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile index 7b09a2c64..216814989 100644 --- a/etc/profile-a-l/exiftool.profile +++ b/etc/profile-a-l/exiftool.profile | |||
@@ -6,7 +6,7 @@ include exiftool.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
12 | include allow-perl.inc | 12 | include allow-perl.inc |
@@ -18,7 +18,7 @@ include disable-interpreters.inc | |||
18 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | whitelist /usr/share/perl-image-exiftool | 21 | allow /usr/share/perl-image-exiftool |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile index b2061db79..9bb42945b 100644 --- a/etc/profile-a-l/falkon.profile +++ b/etc/profile-a-l/falkon.profile | |||
@@ -6,8 +6,8 @@ include falkon.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/falkon | 9 | nodeny ${HOME}/.cache/falkon |
10 | noblacklist ${HOME}/.config/falkon | 10 | nodeny ${HOME}/.config/falkon |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,10 +19,10 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.cache/falkon | 20 | mkdir ${HOME}/.cache/falkon |
21 | mkdir ${HOME}/.config/falkon | 21 | mkdir ${HOME}/.config/falkon |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist ${HOME}/.cache/falkon | 23 | allow ${HOME}/.cache/falkon |
24 | whitelist ${HOME}/.config/falkon | 24 | allow ${HOME}/.config/falkon |
25 | whitelist /usr/share/falkon | 25 | allow /usr/share/falkon |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile index 8e81000fd..d141c6ed5 100644 --- a/etc/profile-a-l/fbreader.profile +++ b/etc/profile-a-l/fbreader.profile | |||
@@ -6,8 +6,8 @@ include fbreader.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.FBReader | 9 | nodeny ${HOME}/.FBReader |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile index 31cb1776c..17a365053 100644 --- a/etc/profile-a-l/fdns.profile +++ b/etc/profile-a-l/fdns.profile | |||
@@ -5,11 +5,11 @@ include fdns.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist /sbin | 8 | nodeny /sbin |
9 | noblacklist /usr/sbin | 9 | nodeny /usr/sbin |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | deny /tmp/.X11-unix |
12 | blacklist ${RUNUSER}/wayland-* | 12 | deny ${RUNUSER}/wayland-* |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile index 664ec2da6..359be083e 100644 --- a/etc/profile-a-l/feedreader.profile +++ b/etc/profile-a-l/feedreader.profile | |||
@@ -6,8 +6,8 @@ include feedreader.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/feedreader | 9 | nodeny ${HOME}/.cache/feedreader |
10 | noblacklist ${HOME}/.local/share/feedreader | 10 | nodeny ${HOME}/.local/share/feedreader |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.cache/feedreader | 21 | mkdir ${HOME}/.cache/feedreader |
22 | mkdir ${HOME}/.local/share/feedreader | 22 | mkdir ${HOME}/.local/share/feedreader |
23 | whitelist ${HOME}/.cache/feedreader | 23 | allow ${HOME}/.cache/feedreader |
24 | whitelist ${HOME}/.local/share/feedreader | 24 | allow ${HOME}/.local/share/feedreader |
25 | whitelist /usr/share/feedreader | 25 | allow /usr/share/feedreader |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/ferdi.profile b/etc/profile-a-l/ferdi.profile index a2372ec8a..f60055f37 100644 --- a/etc/profile-a-l/ferdi.profile +++ b/etc/profile-a-l/ferdi.profile | |||
@@ -7,10 +7,10 @@ include globals.local | |||
7 | 7 | ||
8 | ignore noexec /tmp | 8 | ignore noexec /tmp |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/Ferdi | 10 | nodeny ${HOME}/.cache/Ferdi |
11 | noblacklist ${HOME}/.config/Ferdi | 11 | nodeny ${HOME}/.config/Ferdi |
12 | noblacklist ${HOME}/.pki | 12 | nodeny ${HOME}/.pki |
13 | noblacklist ${HOME}/.local/share/pki | 13 | nodeny ${HOME}/.local/share/pki |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Ferdi | |||
22 | mkdir ${HOME}/.config/Ferdi | 22 | mkdir ${HOME}/.config/Ferdi |
23 | mkdir ${HOME}/.pki | 23 | mkdir ${HOME}/.pki |
24 | mkdir ${HOME}/.local/share/pki | 24 | mkdir ${HOME}/.local/share/pki |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | whitelist ${HOME}/.cache/Ferdi | 26 | allow ${HOME}/.cache/Ferdi |
27 | whitelist ${HOME}/.config/Ferdi | 27 | allow ${HOME}/.config/Ferdi |
28 | whitelist ${HOME}/.pki | 28 | allow ${HOME}/.pki |
29 | whitelist ${HOME}/.local/share/pki | 29 | allow ${HOME}/.local/share/pki |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | 31 | ||
32 | caps.drop all | 32 | caps.drop all |
diff --git a/etc/profile-a-l/fetchmail.profile b/etc/profile-a-l/fetchmail.profile index 7358ed5c7..1e06ec29a 100644 --- a/etc/profile-a-l/fetchmail.profile +++ b/etc/profile-a-l/fetchmail.profile | |||
@@ -6,8 +6,8 @@ include fetchmail.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.fetchmailrc | 9 | nodeny ${HOME}/.fetchmailrc |
10 | noblacklist ${HOME}/.netrc | 10 | nodeny ${HOME}/.netrc |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile index 13ef1beb9..1a64183ab 100644 --- a/etc/profile-a-l/ffmpeg.profile +++ b/etc/profile-a-l/ffmpeg.profile | |||
@@ -7,8 +7,8 @@ include ffmpeg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist /usr/share/devedeng | 22 | allow /usr/share/devedeng |
23 | whitelist /usr/share/ffmpeg | 23 | allow /usr/share/ffmpeg |
24 | whitelist /usr/share/qtchooser | 24 | allow /usr/share/qtchooser |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile index 4e651ed61..f7a938f24 100644 --- a/etc/profile-a-l/file-roller.profile +++ b/etc/profile-a-l/file-roller.profile | |||
@@ -13,8 +13,9 @@ include disable-interpreters.inc | |||
13 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | whitelist /usr/libexec/file-roller | 16 | allow /usr/libexec/file-roller |
17 | whitelist /usr/share/file-roller | 17 | allow /usr/libexec/p7zip |
18 | allow /usr/share/file-roller | ||
18 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
19 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
20 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/file.profile b/etc/profile-a-l/file.profile index 5c7583605..426d1e72d 100644 --- a/etc/profile-a-l/file.profile +++ b/etc/profile-a-l/file.profile | |||
@@ -7,7 +7,7 @@ include file.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile index dc5def54f..d9e0e9da0 100644 --- a/etc/profile-a-l/filezilla.profile +++ b/etc/profile-a-l/filezilla.profile | |||
@@ -6,8 +6,8 @@ include filezilla.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/filezilla | 9 | nodeny ${HOME}/.config/filezilla |
10 | noblacklist ${HOME}/.filezilla | 10 | nodeny ${HOME}/.filezilla |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/firedragon.profile b/etc/profile-a-l/firedragon.profile index 77487161e..e22424794 100644 --- a/etc/profile-a-l/firedragon.profile +++ b/etc/profile-a-l/firedragon.profile | |||
@@ -6,13 +6,13 @@ include firedragon.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/firedragon | 9 | nodeny ${HOME}/.cache/firedragon |
10 | noblacklist ${HOME}/.firedragon | 10 | nodeny ${HOME}/.firedragon |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/firedragon | 12 | mkdir ${HOME}/.cache/firedragon |
13 | mkdir ${HOME}/.firedragon | 13 | mkdir ${HOME}/.firedragon |
14 | whitelist ${HOME}/.cache/firedragon | 14 | allow ${HOME}/.cache/firedragon |
15 | whitelist ${HOME}/.firedragon | 15 | allow ${HOME}/.firedragon |
16 | 16 | ||
17 | # Add the next lines to your firedragon.local if you want to use the migration wizard. | 17 | # Add the next lines to your firedragon.local if you want to use the migration wizard. |
18 | #noblacklist ${HOME}/.mozilla | 18 | #noblacklist ${HOME}/.mozilla |
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile index d282f9a60..7e2e8760d 100644 --- a/etc/profile-a-l/firefox-common-addons.profile +++ b/etc/profile-a-l/firefox-common-addons.profile | |||
@@ -5,74 +5,74 @@ include firefox-common-addons.local | |||
5 | ignore include whitelist-runuser-common.inc | 5 | ignore include whitelist-runuser-common.inc |
6 | ignore private-cache | 6 | ignore private-cache |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/youtube-dl | 8 | nodeny ${HOME}/.cache/youtube-dl |
9 | noblacklist ${HOME}/.config/kgetrc | 9 | nodeny ${HOME}/.config/kgetrc |
10 | noblacklist ${HOME}/.config/mpv | 10 | nodeny ${HOME}/.config/mpv |
11 | noblacklist ${HOME}/.config/okularpartrc | 11 | nodeny ${HOME}/.config/okularpartrc |
12 | noblacklist ${HOME}/.config/okularrc | 12 | nodeny ${HOME}/.config/okularrc |
13 | noblacklist ${HOME}/.config/qpdfview | 13 | nodeny ${HOME}/.config/qpdfview |
14 | noblacklist ${HOME}/.config/youtube-dl | 14 | nodeny ${HOME}/.config/youtube-dl |
15 | noblacklist ${HOME}/.kde/share/apps/kget | 15 | nodeny ${HOME}/.kde/share/apps/kget |
16 | noblacklist ${HOME}/.kde/share/apps/okular | 16 | nodeny ${HOME}/.kde/share/apps/okular |
17 | noblacklist ${HOME}/.kde/share/config/kgetrc | 17 | nodeny ${HOME}/.kde/share/config/kgetrc |
18 | noblacklist ${HOME}/.kde/share/config/okularpartrc | 18 | nodeny ${HOME}/.kde/share/config/okularpartrc |
19 | noblacklist ${HOME}/.kde/share/config/okularrc | 19 | nodeny ${HOME}/.kde/share/config/okularrc |
20 | noblacklist ${HOME}/.kde4/share/apps/kget | 20 | nodeny ${HOME}/.kde4/share/apps/kget |
21 | noblacklist ${HOME}/.kde4/share/apps/okular | 21 | nodeny ${HOME}/.kde4/share/apps/okular |
22 | noblacklist ${HOME}/.kde4/share/config/kgetrc | 22 | nodeny ${HOME}/.kde4/share/config/kgetrc |
23 | noblacklist ${HOME}/.kde4/share/config/okularpartrc | 23 | nodeny ${HOME}/.kde4/share/config/okularpartrc |
24 | noblacklist ${HOME}/.kde4/share/config/okularrc | 24 | nodeny ${HOME}/.kde4/share/config/okularrc |
25 | noblacklist ${HOME}/.local/share/kget | 25 | nodeny ${HOME}/.local/share/kget |
26 | noblacklist ${HOME}/.local/share/kxmlgui5/okular | 26 | nodeny ${HOME}/.local/share/kxmlgui5/okular |
27 | noblacklist ${HOME}/.local/share/okular | 27 | nodeny ${HOME}/.local/share/okular |
28 | noblacklist ${HOME}/.local/share/qpdfview | 28 | nodeny ${HOME}/.local/share/qpdfview |
29 | noblacklist ${HOME}/.netrc | 29 | nodeny ${HOME}/.netrc |
30 | 30 | ||
31 | whitelist ${HOME}/.cache/gnome-mplayer/plugin | 31 | allow ${HOME}/.cache/gnome-mplayer/plugin |
32 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs | 32 | allow ${HOME}/.cache/youtube-dl/youtube-sigfuncs |
33 | whitelist ${HOME}/.config/gnome-mplayer | 33 | allow ${HOME}/.config/gnome-mplayer |
34 | whitelist ${HOME}/.config/kgetrc | 34 | allow ${HOME}/.config/kgetrc |
35 | whitelist ${HOME}/.config/mpv | 35 | allow ${HOME}/.config/mpv |
36 | whitelist ${HOME}/.config/okularpartrc | 36 | allow ${HOME}/.config/okularpartrc |
37 | whitelist ${HOME}/.config/okularrc | 37 | allow ${HOME}/.config/okularrc |
38 | whitelist ${HOME}/.config/pipelight-silverlight5.1 | 38 | allow ${HOME}/.config/pipelight-silverlight5.1 |
39 | whitelist ${HOME}/.config/pipelight-widevine | 39 | allow ${HOME}/.config/pipelight-widevine |
40 | whitelist ${HOME}/.config/qpdfview | 40 | allow ${HOME}/.config/qpdfview |
41 | whitelist ${HOME}/.config/youtube-dl | 41 | allow ${HOME}/.config/youtube-dl |
42 | whitelist ${HOME}/.kde/share/apps/kget | 42 | allow ${HOME}/.kde/share/apps/kget |
43 | whitelist ${HOME}/.kde/share/apps/okular | 43 | allow ${HOME}/.kde/share/apps/okular |
44 | whitelist ${HOME}/.kde/share/config/kgetrc | 44 | allow ${HOME}/.kde/share/config/kgetrc |
45 | whitelist ${HOME}/.kde/share/config/okularpartrc | 45 | allow ${HOME}/.kde/share/config/okularpartrc |
46 | whitelist ${HOME}/.kde/share/config/okularrc | 46 | allow ${HOME}/.kde/share/config/okularrc |
47 | whitelist ${HOME}/.kde4/share/apps/kget | 47 | allow ${HOME}/.kde4/share/apps/kget |
48 | whitelist ${HOME}/.kde4/share/apps/okular | 48 | allow ${HOME}/.kde4/share/apps/okular |
49 | whitelist ${HOME}/.kde4/share/config/kgetrc | 49 | allow ${HOME}/.kde4/share/config/kgetrc |
50 | whitelist ${HOME}/.kde4/share/config/okularpartrc | 50 | allow ${HOME}/.kde4/share/config/okularpartrc |
51 | whitelist ${HOME}/.kde4/share/config/okularrc | 51 | allow ${HOME}/.kde4/share/config/okularrc |
52 | whitelist ${HOME}/.keysnail.js | 52 | allow ${HOME}/.keysnail.js |
53 | whitelist ${HOME}/.lastpass | 53 | allow ${HOME}/.lastpass |
54 | whitelist ${HOME}/.local/share/kget | 54 | allow ${HOME}/.local/share/kget |
55 | whitelist ${HOME}/.local/share/kxmlgui5/okular | 55 | allow ${HOME}/.local/share/kxmlgui5/okular |
56 | whitelist ${HOME}/.local/share/okular | 56 | allow ${HOME}/.local/share/okular |
57 | whitelist ${HOME}/.local/share/qpdfview | 57 | allow ${HOME}/.local/share/qpdfview |
58 | whitelist ${HOME}/.local/share/tridactyl | 58 | allow ${HOME}/.local/share/tridactyl |
59 | whitelist ${HOME}/.netrc | 59 | allow ${HOME}/.netrc |
60 | whitelist ${HOME}/.pentadactyl | 60 | allow ${HOME}/.pentadactyl |
61 | whitelist ${HOME}/.pentadactylrc | 61 | allow ${HOME}/.pentadactylrc |
62 | whitelist ${HOME}/.tridactylrc | 62 | allow ${HOME}/.tridactylrc |
63 | whitelist ${HOME}/.vimperator | 63 | allow ${HOME}/.vimperator |
64 | whitelist ${HOME}/.vimperatorrc | 64 | allow ${HOME}/.vimperatorrc |
65 | whitelist ${HOME}/.wine-pipelight | 65 | allow ${HOME}/.wine-pipelight |
66 | whitelist ${HOME}/.wine-pipelight64 | 66 | allow ${HOME}/.wine-pipelight64 |
67 | whitelist ${HOME}/.zotero | 67 | allow ${HOME}/.zotero |
68 | whitelist ${HOME}/dwhelper | 68 | allow ${HOME}/dwhelper |
69 | whitelist /usr/share/lua | 69 | allow /usr/share/lua |
70 | whitelist /usr/share/lua* | 70 | allow /usr/share/lua* |
71 | whitelist /usr/share/vulkan | 71 | allow /usr/share/vulkan |
72 | 72 | ||
73 | # GNOME Shell integration (chrome-gnome-shell) needs dbus and python | 73 | # GNOME Shell integration (chrome-gnome-shell) needs dbus and python |
74 | noblacklist ${HOME}/.local/share/gnome-shell | 74 | nodeny ${HOME}/.local/share/gnome-shell |
75 | whitelist ${HOME}/.local/share/gnome-shell | 75 | allow ${HOME}/.local/share/gnome-shell |
76 | dbus-user.talk ca.desrt.dconf | 76 | dbus-user.talk ca.desrt.dconf |
77 | dbus-user.talk org.gnome.ChromeGnomeShell | 77 | dbus-user.talk org.gnome.ChromeGnomeShell |
78 | dbus-user.talk org.gnome.Shell | 78 | dbus-user.talk org.gnome.Shell |
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index 8b74ed979..cb0fae5dc 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile | |||
@@ -12,8 +12,8 @@ include firefox-common.local | |||
12 | # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins. | 12 | # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins. |
13 | #include firefox-common-addons.profile | 13 | #include firefox-common-addons.profile |
14 | 14 | ||
15 | noblacklist ${HOME}/.pki | 15 | nodeny ${HOME}/.pki |
16 | noblacklist ${HOME}/.local/share/pki | 16 | nodeny ${HOME}/.local/share/pki |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -23,9 +23,9 @@ include disable-programs.inc | |||
23 | 23 | ||
24 | mkdir ${HOME}/.pki | 24 | mkdir ${HOME}/.pki |
25 | mkdir ${HOME}/.local/share/pki | 25 | mkdir ${HOME}/.local/share/pki |
26 | whitelist ${DOWNLOADS} | 26 | allow ${DOWNLOADS} |
27 | whitelist ${HOME}/.pki | 27 | allow ${HOME}/.pki |
28 | whitelist ${HOME}/.local/share/pki | 28 | allow ${HOME}/.local/share/pki |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/firefox-esr.profile b/etc/profile-a-l/firefox-esr.profile index 5e69fdb51..4fd315fdf 100644 --- a/etc/profile-a-l/firefox-esr.profile +++ b/etc/profile-a-l/firefox-esr.profile | |||
@@ -6,7 +6,7 @@ include firefox-esr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | whitelist /usr/share/firefox-esr | 9 | allow /usr/share/firefox-esr |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include firefox.profile | 12 | include firefox.profile |
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile index 3ad67734d..8acfe7c2a 100644 --- a/etc/profile-a-l/firefox.profile +++ b/etc/profile-a-l/firefox.profile | |||
@@ -14,27 +14,27 @@ include globals.local | |||
14 | # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox | 14 | # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox |
15 | # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968 | 15 | # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968 |
16 | 16 | ||
17 | noblacklist ${HOME}/.cache/mozilla | 17 | nodeny ${HOME}/.cache/mozilla |
18 | noblacklist ${HOME}/.mozilla | 18 | nodeny ${HOME}/.mozilla |
19 | 19 | ||
20 | blacklist /usr/libexec | 20 | deny /usr/libexec |
21 | 21 | ||
22 | mkdir ${HOME}/.cache/mozilla/firefox | 22 | mkdir ${HOME}/.cache/mozilla/firefox |
23 | mkdir ${HOME}/.mozilla | 23 | mkdir ${HOME}/.mozilla |
24 | whitelist ${HOME}/.cache/mozilla/firefox | 24 | allow ${HOME}/.cache/mozilla/firefox |
25 | whitelist ${HOME}/.mozilla | 25 | allow ${HOME}/.mozilla |
26 | 26 | ||
27 | # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support. | 27 | # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support. |
28 | # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them. | 28 | # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them. |
29 | #whitelist ${RUNUSER}/kpxc_server | 29 | #whitelist ${RUNUSER}/kpxc_server |
30 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | 30 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer |
31 | 31 | ||
32 | whitelist /usr/share/doc | 32 | allow /usr/share/doc |
33 | whitelist /usr/share/firefox | 33 | allow /usr/share/firefox |
34 | whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini | 34 | allow /usr/share/gnome-shell/search-providers/firefox-search-provider.ini |
35 | whitelist /usr/share/gtk-doc/html | 35 | allow /usr/share/gtk-doc/html |
36 | whitelist /usr/share/mozilla | 36 | allow /usr/share/mozilla |
37 | whitelist /usr/share/webext | 37 | allow /usr/share/webext |
38 | include whitelist-usr-share-common.inc | 38 | include whitelist-usr-share-common.inc |
39 | 39 | ||
40 | # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin. | 40 | # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin. |
diff --git a/etc/profile-a-l/five-or-more.profile b/etc/profile-a-l/five-or-more.profile index 2c86d3ac7..bd1becaf0 100644 --- a/etc/profile-a-l/five-or-more.profile +++ b/etc/profile-a-l/five-or-more.profile | |||
@@ -6,12 +6,12 @@ include five-or-more.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/five-or-more | 9 | nodeny ${HOME}/.local/share/five-or-more |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/five-or-more | 11 | mkdir ${HOME}/.local/share/five-or-more |
12 | whitelist ${HOME}/.local/share/five-or-more | 12 | allow ${HOME}/.local/share/five-or-more |
13 | 13 | ||
14 | whitelist /usr/share/five-or-more | 14 | allow /usr/share/five-or-more |
15 | 15 | ||
16 | private-bin five-or-more | 16 | private-bin five-or-more |
17 | 17 | ||
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile index 55af96c84..f16a65536 100644 --- a/etc/profile-a-l/flameshot.profile +++ b/etc/profile-a-l/flameshot.profile | |||
@@ -7,9 +7,9 @@ include flameshot.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${PICTURES} | 10 | nodeny ${PICTURES} |
11 | noblacklist ${HOME}/.config/Dharkael | 11 | nodeny ${HOME}/.config/Dharkael |
12 | noblacklist ${HOME}/.config/flameshot | 12 | nodeny ${HOME}/.config/flameshot |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -25,7 +25,7 @@ include disable-xdg.inc | |||
25 | #whitelist ${PICTURES} | 25 | #whitelist ${PICTURES} |
26 | #whitelist ${HOME}/.config/Dharkael | 26 | #whitelist ${HOME}/.config/Dharkael |
27 | #whitelist ${HOME}/.config/flameshot | 27 | #whitelist ${HOME}/.config/flameshot |
28 | whitelist /usr/share/flameshot | 28 | allow /usr/share/flameshot |
29 | #include whitelist-common.inc | 29 | #include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/flashpeak-slimjet.profile b/etc/profile-a-l/flashpeak-slimjet.profile index 310fb378f..af114e129 100644 --- a/etc/profile-a-l/flashpeak-slimjet.profile +++ b/etc/profile-a-l/flashpeak-slimjet.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/slimjet | 13 | nodeny ${HOME}/.cache/slimjet |
14 | noblacklist ${HOME}/.config/slimjet | 14 | nodeny ${HOME}/.config/slimjet |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/slimjet | 16 | mkdir ${HOME}/.cache/slimjet |
17 | mkdir ${HOME}/.config/slimjet | 17 | mkdir ${HOME}/.config/slimjet |
18 | whitelist ${HOME}/.cache/slimjet | 18 | allow ${HOME}/.cache/slimjet |
19 | whitelist ${HOME}/.config/slimjet | 19 | allow ${HOME}/.config/slimjet |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/flowblade.profile b/etc/profile-a-l/flowblade.profile index a4421e3ce..505763fb9 100644 --- a/etc/profile-a-l/flowblade.profile +++ b/etc/profile-a-l/flowblade.profile | |||
@@ -6,8 +6,8 @@ include flowblade.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/flowblade | 9 | nodeny ${HOME}/.config/flowblade |
10 | noblacklist ${HOME}/.flowblade | 10 | nodeny ${HOME}/.flowblade |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/fluxbox.profile b/etc/profile-a-l/fluxbox.profile index 1210f365c..a22c0e103 100644 --- a/etc/profile-a-l/fluxbox.profile +++ b/etc/profile-a-l/fluxbox.profile | |||
@@ -7,7 +7,7 @@ include fluxbox.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in fluxbox will run in this profile | 9 | # all applications started in fluxbox will run in this profile |
10 | noblacklist ${HOME}/.fluxbox | 10 | nodeny ${HOME}/.fluxbox |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile index cd0129436..ff9167c1a 100644 --- a/etc/profile-a-l/font-manager.profile +++ b/etc/profile-a-l/font-manager.profile | |||
@@ -6,8 +6,8 @@ include font-manager.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/font-manager | 9 | nodeny ${HOME}/.cache/font-manager |
10 | noblacklist ${HOME}/.config/font-manager | 10 | nodeny ${HOME}/.config/font-manager |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -24,9 +24,9 @@ include disable-xdg.inc | |||
24 | 24 | ||
25 | mkdir ${HOME}/.cache/font-manager | 25 | mkdir ${HOME}/.cache/font-manager |
26 | mkdir ${HOME}/.config/font-manager | 26 | mkdir ${HOME}/.config/font-manager |
27 | whitelist ${HOME}/.cache/font-manager | 27 | allow ${HOME}/.cache/font-manager |
28 | whitelist ${HOME}/.config/font-manager | 28 | allow ${HOME}/.config/font-manager |
29 | whitelist /usr/share/font-manager | 29 | allow /usr/share/font-manager |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
32 | include whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/fontforge.profile b/etc/profile-a-l/fontforge.profile index bd1495877..64c7655e2 100644 --- a/etc/profile-a-l/fontforge.profile +++ b/etc/profile-a-l/fontforge.profile | |||
@@ -6,8 +6,8 @@ include fontforge.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.FontForge | 9 | nodeny ${HOME}/.FontForge |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/fossamail.profile b/etc/profile-a-l/fossamail.profile index 2d700d336..5e5a12794 100644 --- a/etc/profile-a-l/fossamail.profile +++ b/etc/profile-a-l/fossamail.profile | |||
@@ -6,16 +6,16 @@ include fossamail.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/fossamail | 9 | nodeny ${HOME}/.cache/fossamail |
10 | noblacklist ${HOME}/.fossamail | 10 | nodeny ${HOME}/.fossamail |
11 | noblacklist ${HOME}/.gnupg | 11 | nodeny ${HOME}/.gnupg |
12 | 12 | ||
13 | mkdir ${HOME}/.cache/fossamail | 13 | mkdir ${HOME}/.cache/fossamail |
14 | mkdir ${HOME}/.fossamail | 14 | mkdir ${HOME}/.fossamail |
15 | mkdir ${HOME}/.gnupg | 15 | mkdir ${HOME}/.gnupg |
16 | whitelist ${HOME}/.cache/fossamail | 16 | allow ${HOME}/.cache/fossamail |
17 | whitelist ${HOME}/.fossamail | 17 | allow ${HOME}/.fossamail |
18 | whitelist ${HOME}/.gnupg | 18 | allow ${HOME}/.gnupg |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | # allow browsers | 21 | # allow browsers |
diff --git a/etc/profile-a-l/four-in-a-row.profile b/etc/profile-a-l/four-in-a-row.profile index eb0c43ca5..97fd4a626 100644 --- a/etc/profile-a-l/four-in-a-row.profile +++ b/etc/profile-a-l/four-in-a-row.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | whitelist /usr/share/four-in-a-row | 12 | allow /usr/share/four-in-a-row |
13 | 13 | ||
14 | private-bin four-in-a-row | 14 | private-bin four-in-a-row |
15 | 15 | ||
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile index 1b1d031b4..8edc9b02d 100644 --- a/etc/profile-a-l/fractal.profile +++ b/etc/profile-a-l/fractal.profile | |||
@@ -6,7 +6,7 @@ include fractal.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/fractal | 9 | nodeny ${HOME}/.cache/fractal |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,8 +22,8 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.cache/fractal | 24 | mkdir ${HOME}/.cache/fractal |
25 | whitelist ${HOME}/.cache/fractal | 25 | allow ${HOME}/.cache/fractal |
26 | whitelist ${DOWNLOADS} | 26 | allow ${DOWNLOADS} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/franz.profile b/etc/profile-a-l/franz.profile index 9b780a572..1a8ec8f99 100644 --- a/etc/profile-a-l/franz.profile +++ b/etc/profile-a-l/franz.profile | |||
@@ -7,10 +7,10 @@ include globals.local | |||
7 | 7 | ||
8 | ignore noexec /tmp | 8 | ignore noexec /tmp |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/Franz | 10 | nodeny ${HOME}/.cache/Franz |
11 | noblacklist ${HOME}/.config/Franz | 11 | nodeny ${HOME}/.config/Franz |
12 | noblacklist ${HOME}/.pki | 12 | nodeny ${HOME}/.pki |
13 | noblacklist ${HOME}/.local/share/pki | 13 | nodeny ${HOME}/.local/share/pki |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Franz | |||
22 | mkdir ${HOME}/.config/Franz | 22 | mkdir ${HOME}/.config/Franz |
23 | mkdir ${HOME}/.pki | 23 | mkdir ${HOME}/.pki |
24 | mkdir ${HOME}/.local/share/pki | 24 | mkdir ${HOME}/.local/share/pki |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | whitelist ${HOME}/.cache/Franz | 26 | allow ${HOME}/.cache/Franz |
27 | whitelist ${HOME}/.config/Franz | 27 | allow ${HOME}/.config/Franz |
28 | whitelist ${HOME}/.pki | 28 | allow ${HOME}/.pki |
29 | whitelist ${HOME}/.local/share/pki | 29 | allow ${HOME}/.local/share/pki |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | 31 | ||
32 | caps.drop all | 32 | caps.drop all |
diff --git a/etc/profile-a-l/freecad.profile b/etc/profile-a-l/freecad.profile index 8043d0530..a45ad4c7a 100644 --- a/etc/profile-a-l/freecad.profile +++ b/etc/profile-a-l/freecad.profile | |||
@@ -6,8 +6,8 @@ include freecad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/FreeCAD | 9 | nodeny ${HOME}/.config/FreeCAD |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/freeciv.profile b/etc/profile-a-l/freeciv.profile index 23c19682c..20abd4056 100644 --- a/etc/profile-a-l/freeciv.profile +++ b/etc/profile-a-l/freeciv.profile | |||
@@ -6,7 +6,7 @@ include freeciv.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.freeciv | 9 | nodeny ${HOME}/.freeciv |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.freeciv | 19 | mkdir ${HOME}/.freeciv |
20 | whitelist ${HOME}/.freeciv | 20 | allow ${HOME}/.freeciv |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-a-l/freecol.profile b/etc/profile-a-l/freecol.profile index 93fa7da03..79ccf4101 100644 --- a/etc/profile-a-l/freecol.profile +++ b/etc/profile-a-l/freecol.profile | |||
@@ -6,10 +6,10 @@ include freecol.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.freecol | 9 | nodeny ${HOME}/.freecol |
10 | noblacklist ${HOME}/.cache/freecol | 10 | nodeny ${HOME}/.cache/freecol |
11 | noblacklist ${HOME}/.config/freecol | 11 | nodeny ${HOME}/.config/freecol |
12 | noblacklist ${HOME}/.local/share/freecol | 12 | nodeny ${HOME}/.local/share/freecol |
13 | 13 | ||
14 | # Allow java (blacklisted by disable-devel.inc) | 14 | # Allow java (blacklisted by disable-devel.inc) |
15 | include allow-java.inc | 15 | include allow-java.inc |
@@ -26,11 +26,11 @@ mkdir ${HOME}/.java | |||
26 | mkdir ${HOME}/.cache/freecol | 26 | mkdir ${HOME}/.cache/freecol |
27 | mkdir ${HOME}/.config/freecol | 27 | mkdir ${HOME}/.config/freecol |
28 | mkdir ${HOME}/.local/share/freecol | 28 | mkdir ${HOME}/.local/share/freecol |
29 | whitelist ${HOME}/.freecol | 29 | allow ${HOME}/.freecol |
30 | whitelist ${HOME}/.java | 30 | allow ${HOME}/.java |
31 | whitelist ${HOME}/.cache/freecol | 31 | allow ${HOME}/.cache/freecol |
32 | whitelist ${HOME}/.config/freecol | 32 | allow ${HOME}/.config/freecol |
33 | whitelist ${HOME}/.local/share/freecol | 33 | allow ${HOME}/.local/share/freecol |
34 | include whitelist-common.inc | 34 | include whitelist-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
36 | 36 | ||
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile index 699177039..ba52dd208 100644 --- a/etc/profile-a-l/freemind.profile +++ b/etc/profile-a-l/freemind.profile | |||
@@ -6,8 +6,8 @@ include freemind.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${HOME}/.freemind | 10 | nodeny ${HOME}/.freemind |
11 | 11 | ||
12 | # Allow java (blacklisted by disable-devel.inc) | 12 | # Allow java (blacklisted by disable-devel.inc) |
13 | include allow-java.inc | 13 | include allow-java.inc |
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile index e6aff533d..4c321322c 100644 --- a/etc/profile-a-l/freetube.profile +++ b/etc/profile-a-l/freetube.profile | |||
@@ -6,12 +6,12 @@ include freetube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/FreeTube | 9 | nodeny ${HOME}/.config/FreeTube |
10 | 10 | ||
11 | include disable-shell.inc | 11 | include disable-shell.inc |
12 | 12 | ||
13 | mkdir ${HOME}/.config/FreeTube | 13 | mkdir ${HOME}/.config/FreeTube |
14 | whitelist ${HOME}/.config/FreeTube | 14 | allow ${HOME}/.config/FreeTube |
15 | 15 | ||
16 | private-bin freetube | 16 | private-bin freetube |
17 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg | 17 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg |
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile index b4ad81046..3a6dfcfd6 100644 --- a/etc/profile-a-l/frogatto.profile +++ b/etc/profile-a-l/frogatto.profile | |||
@@ -6,7 +6,7 @@ include frogatto.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.frogatto | 9 | nodeny ${HOME}/.frogatto |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.frogatto | 19 | mkdir ${HOME}/.frogatto |
20 | whitelist ${HOME}/.frogatto | 20 | allow ${HOME}/.frogatto |
21 | whitelist /usr/libexec/frogatto | 21 | allow /usr/libexec/frogatto |
22 | whitelist /usr/share/frogatto | 22 | allow /usr/share/frogatto |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile index 76352e41e..12eca8eb0 100644 --- a/etc/profile-a-l/frozen-bubble.profile +++ b/etc/profile-a-l/frozen-bubble.profile | |||
@@ -6,7 +6,7 @@ include frozen-bubble.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.frozen-bubble | 9 | nodeny ${HOME}/.frozen-bubble |
10 | 10 | ||
11 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
12 | include allow-perl.inc | 12 | include allow-perl.inc |
@@ -20,7 +20,7 @@ include disable-programs.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.frozen-bubble | 22 | mkdir ${HOME}/.frozen-bubble |
23 | whitelist ${HOME}/.frozen-bubble | 23 | allow ${HOME}/.frozen-bubble |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile index 8852925b1..07030df4b 100644 --- a/etc/profile-a-l/funnyboat.profile +++ b/etc/profile-a-l/funnyboat.profile | |||
@@ -5,7 +5,7 @@ include funnyboat.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.funnyboat | 8 | nodeny ${HOME}/.funnyboat |
9 | 9 | ||
10 | ignore noexec /dev/shm | 10 | ignore noexec /dev/shm |
11 | include allow-python2.inc | 11 | include allow-python2.inc |
@@ -21,12 +21,12 @@ include disable-programs.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.funnyboat | 23 | mkdir ${HOME}/.funnyboat |
24 | whitelist ${HOME}/.funnyboat | 24 | allow ${HOME}/.funnyboat |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | whitelist /usr/share/funnyboat | 27 | allow /usr/share/funnyboat |
28 | # Debian: | 28 | # Debian: |
29 | whitelist /usr/share/games/funnyboat | 29 | allow /usr/share/games/funnyboat |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile index ed3f0357d..4cd2cb1e6 100644 --- a/etc/profile-a-l/gajim.profile +++ b/etc/profile-a-l/gajim.profile | |||
@@ -6,10 +6,10 @@ include gajim.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gnupg | 9 | nodeny ${HOME}/.gnupg |
10 | noblacklist ${HOME}/.cache/gajim | 10 | nodeny ${HOME}/.cache/gajim |
11 | noblacklist ${HOME}/.config/gajim | 11 | nodeny ${HOME}/.config/gajim |
12 | noblacklist ${HOME}/.local/share/gajim | 12 | nodeny ${HOME}/.local/share/gajim |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | #include allow-python2.inc | 15 | #include allow-python2.inc |
@@ -28,14 +28,14 @@ mkdir ${HOME}/.gnupg | |||
28 | mkdir ${HOME}/.cache/gajim | 28 | mkdir ${HOME}/.cache/gajim |
29 | mkdir ${HOME}/.config/gajim | 29 | mkdir ${HOME}/.config/gajim |
30 | mkdir ${HOME}/.local/share/gajim | 30 | mkdir ${HOME}/.local/share/gajim |
31 | whitelist ${HOME}/.gnupg | 31 | allow ${HOME}/.gnupg |
32 | whitelist ${HOME}/.cache/gajim | 32 | allow ${HOME}/.cache/gajim |
33 | whitelist ${HOME}/.config/gajim | 33 | allow ${HOME}/.config/gajim |
34 | whitelist ${HOME}/.local/share/gajim | 34 | allow ${HOME}/.local/share/gajim |
35 | whitelist ${DOWNLOADS} | 35 | allow ${DOWNLOADS} |
36 | whitelist ${RUNUSER}/gnupg | 36 | allow ${RUNUSER}/gnupg |
37 | whitelist /usr/share/gnupg | 37 | allow /usr/share/gnupg |
38 | whitelist /usr/share/gnupg2 | 38 | allow /usr/share/gnupg2 |
39 | include whitelist-common.inc | 39 | include whitelist-common.inc |
40 | include whitelist-runuser-common.inc | 40 | include whitelist-runuser-common.inc |
41 | include whitelist-usr-share-common.inc | 41 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile index 550b3808b..0b1b595a6 100644 --- a/etc/profile-a-l/galculator.profile +++ b/etc/profile-a-l/galculator.profile | |||
@@ -6,7 +6,7 @@ include galculator.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/galculator | 9 | nodeny ${HOME}/.config/galculator |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/galculator | 20 | mkdir ${HOME}/.config/galculator |
21 | whitelist ${HOME}/.config/galculator | 21 | allow ${HOME}/.config/galculator |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile index 3a8c055f2..00b830234 100644 --- a/etc/profile-a-l/gapplication.profile +++ b/etc/profile-a-l/gapplication.profile | |||
@@ -6,8 +6,8 @@ include gapplication.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | blacklist /usr/libexec | 10 | deny /usr/libexec |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile index 388f4c0df..896a100fc 100644 --- a/etc/profile-a-l/gcloud.profile +++ b/etc/profile-a-l/gcloud.profile | |||
@@ -8,9 +8,9 @@ include globals.local | |||
8 | # noexec ${HOME} will break user-local installs of gcloud tooling | 8 | # noexec ${HOME} will break user-local installs of gcloud tooling |
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.boto | 11 | nodeny ${HOME}/.boto |
12 | noblacklist ${HOME}/.config/gcloud | 12 | nodeny ${HOME}/.config/gcloud |
13 | noblacklist /var/run/docker.sock | 13 | nodeny /var/run/docker.sock |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gconf-editor.profile b/etc/profile-a-l/gconf-editor.profile index cb39174e5..8f72f0b34 100644 --- a/etc/profile-a-l/gconf-editor.profile +++ b/etc/profile-a-l/gconf-editor.profile | |||
@@ -7,9 +7,9 @@ include gconf-editor.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | 11 | ||
12 | whitelist /usr/share/gconf-editor | 12 | allow /usr/share/gconf-editor |
13 | 13 | ||
14 | ignore x11 none | 14 | ignore x11 none |
15 | 15 | ||
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile index fec1a555a..8c7013574 100644 --- a/etc/profile-a-l/gconf.profile +++ b/etc/profile-a-l/gconf.profile | |||
@@ -6,9 +6,9 @@ include gconf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/gconf | 11 | nodeny ${HOME}/.config/gconf |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -23,9 +23,9 @@ include disable-programs.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.config/gconf | 25 | mkdir ${HOME}/.config/gconf |
26 | whitelist ${HOME}/.config/gconf | 26 | allow ${HOME}/.config/gconf |
27 | whitelist /usr/share/GConf | 27 | allow /usr/share/GConf |
28 | whitelist /usr/share/gconf | 28 | allow /usr/share/gconf |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/geany.profile b/etc/profile-a-l/geany.profile index 6fdb9b37a..706a85c75 100644 --- a/etc/profile-a-l/geany.profile +++ b/etc/profile-a-l/geany.profile | |||
@@ -6,7 +6,7 @@ include geany.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/geany | 9 | nodeny ${HOME}/.config/geany |
10 | 10 | ||
11 | # Allows files commonly used by IDEs | 11 | # Allows files commonly used by IDEs |
12 | include allow-common-devel.inc | 12 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index 74e135a7c..512fc1e59 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile | |||
@@ -6,14 +6,14 @@ include geary.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/evolution | 9 | nodeny ${HOME}/.cache/evolution |
10 | noblacklist ${HOME}/.cache/folks | 10 | nodeny ${HOME}/.cache/folks |
11 | noblacklist ${HOME}/.cache/geary | 11 | nodeny ${HOME}/.cache/geary |
12 | noblacklist ${HOME}/.config/evolution | 12 | nodeny ${HOME}/.config/evolution |
13 | noblacklist ${HOME}/.config/geary | 13 | nodeny ${HOME}/.config/geary |
14 | noblacklist ${HOME}/.local/share/evolution | 14 | nodeny ${HOME}/.local/share/evolution |
15 | noblacklist ${HOME}/.local/share/geary | 15 | nodeny ${HOME}/.local/share/geary |
16 | noblacklist ${HOME}/.mozilla | 16 | nodeny ${HOME}/.mozilla |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -31,16 +31,16 @@ mkdir ${HOME}/.config/evolution | |||
31 | mkdir ${HOME}/.config/geary | 31 | mkdir ${HOME}/.config/geary |
32 | mkdir ${HOME}/.local/share/evolution | 32 | mkdir ${HOME}/.local/share/evolution |
33 | mkdir ${HOME}/.local/share/geary | 33 | mkdir ${HOME}/.local/share/geary |
34 | whitelist ${DOWNLOADS} | 34 | allow ${DOWNLOADS} |
35 | whitelist ${HOME}/.cache/evolution | 35 | allow ${HOME}/.cache/evolution |
36 | whitelist ${HOME}/.cache/folks | 36 | allow ${HOME}/.cache/folks |
37 | whitelist ${HOME}/.cache/geary | 37 | allow ${HOME}/.cache/geary |
38 | whitelist ${HOME}/.config/evolution | 38 | allow ${HOME}/.config/evolution |
39 | whitelist ${HOME}/.config/geary | 39 | allow ${HOME}/.config/geary |
40 | whitelist ${HOME}/.local/share/evolution | 40 | allow ${HOME}/.local/share/evolution |
41 | whitelist ${HOME}/.local/share/geary | 41 | allow ${HOME}/.local/share/geary |
42 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 42 | allow ${HOME}/.mozilla/firefox/profiles.ini |
43 | whitelist /usr/share/geary | 43 | allow /usr/share/geary |
44 | include whitelist-common.inc | 44 | include whitelist-common.inc |
45 | include whitelist-runuser-common.inc | 45 | include whitelist-runuser-common.inc |
46 | include whitelist-usr-share-common.inc | 46 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gedit.profile b/etc/profile-a-l/gedit.profile index 108b7041d..f11540374 100644 --- a/etc/profile-a-l/gedit.profile +++ b/etc/profile-a-l/gedit.profile | |||
@@ -6,8 +6,8 @@ include gedit.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/enchant | 9 | nodeny ${HOME}/.config/enchant |
10 | noblacklist ${HOME}/.config/gedit | 10 | nodeny ${HOME}/.config/gedit |
11 | 11 | ||
12 | # Allows files commonly used by IDEs | 12 | # Allows files commonly used by IDEs |
13 | include allow-common-devel.inc | 13 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/geeqie.profile b/etc/profile-a-l/geeqie.profile index dd33b3fb5..8ec3bbaf9 100644 --- a/etc/profile-a-l/geeqie.profile +++ b/etc/profile-a-l/geeqie.profile | |||
@@ -6,9 +6,9 @@ include geeqie.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/geeqie | 9 | nodeny ${HOME}/.cache/geeqie |
10 | noblacklist ${HOME}/.config/geeqie | 10 | nodeny ${HOME}/.config/geeqie |
11 | noblacklist ${HOME}/.local/share/geeqie | 11 | nodeny ${HOME}/.local/share/geeqie |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile index f894a42ca..1661da639 100644 --- a/etc/profile-a-l/gfeeds.profile +++ b/etc/profile-a-l/gfeeds.profile | |||
@@ -6,10 +6,10 @@ include gfeeds.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/gfeeds | 9 | nodeny ${HOME}/.cache/gfeeds |
10 | noblacklist ${HOME}/.cache/org.gabmus.gfeeds | 10 | nodeny ${HOME}/.cache/org.gabmus.gfeeds |
11 | noblacklist ${HOME}/.config/org.gabmus.gfeeds.json | 11 | nodeny ${HOME}/.config/org.gabmus.gfeeds.json |
12 | noblacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 12 | nodeny ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python3.inc | 15 | include allow-python3.inc |
@@ -27,12 +27,12 @@ mkdir ${HOME}/.cache/gfeeds | |||
27 | mkdir ${HOME}/.cache/org.gabmus.gfeeds | 27 | mkdir ${HOME}/.cache/org.gabmus.gfeeds |
28 | mkfile ${HOME}/.config/org.gabmus.gfeeds.json | 28 | mkfile ${HOME}/.config/org.gabmus.gfeeds.json |
29 | mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 29 | mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
30 | whitelist ${HOME}/.cache/gfeeds | 30 | allow ${HOME}/.cache/gfeeds |
31 | whitelist ${HOME}/.cache/org.gabmus.gfeeds | 31 | allow ${HOME}/.cache/org.gabmus.gfeeds |
32 | whitelist ${HOME}/.config/org.gabmus.gfeeds.json | 32 | allow ${HOME}/.config/org.gabmus.gfeeds.json |
33 | whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 33 | allow ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
34 | whitelist /usr/libexec/webkit2gtk-4.0 | 34 | allow /usr/libexec/webkit2gtk-4.0 |
35 | whitelist /usr/share/gfeeds | 35 | allow /usr/share/gfeeds |
36 | include whitelist-common.inc | 36 | include whitelist-common.inc |
37 | include whitelist-runuser-common.inc | 37 | include whitelist-runuser-common.inc |
38 | include whitelist-usr-share-common.inc | 38 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile index d9c5a0d9a..06929dbe3 100644 --- a/etc/profile-a-l/gget.profile +++ b/etc/profile-a-l/gget.profile | |||
@@ -7,8 +7,8 @@ include gget.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | deny ${RUNUSER} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile index 276ab76df..0577fe24f 100644 --- a/etc/profile-a-l/ghostwriter.profile +++ b/etc/profile-a-l/ghostwriter.profile | |||
@@ -6,10 +6,10 @@ include ghostwriter.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ghostwriter | 9 | nodeny ${HOME}/.config/ghostwriter |
10 | noblacklist ${HOME}/.local/share/ghostwriter | 10 | nodeny ${HOME}/.local/share/ghostwriter |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | noblacklist ${PICTURES} | 12 | nodeny ${PICTURES} |
13 | 13 | ||
14 | include allow-lua.inc | 14 | include allow-lua.inc |
15 | 15 | ||
@@ -22,10 +22,10 @@ include disable-programs.inc | |||
22 | include disable-shell.inc | 22 | include disable-shell.inc |
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | whitelist /usr/share/ghostwriter | 25 | allow /usr/share/ghostwriter |
26 | whitelist /usr/share/mozilla-dicts | 26 | allow /usr/share/mozilla-dicts |
27 | whitelist /usr/share/texlive | 27 | allow /usr/share/texlive |
28 | whitelist /usr/share/pandoc* | 28 | allow /usr/share/pandoc* |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index dfc1304d1..de9db8d0f 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile | |||
@@ -18,13 +18,13 @@ include globals.local | |||
18 | # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local. | 18 | # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local. |
19 | ignore noexec ${HOME} | 19 | ignore noexec ${HOME} |
20 | 20 | ||
21 | noblacklist ${HOME}/.cache/babl | 21 | nodeny ${HOME}/.cache/babl |
22 | noblacklist ${HOME}/.cache/gegl-0.4 | 22 | nodeny ${HOME}/.cache/gegl-0.4 |
23 | noblacklist ${HOME}/.cache/gimp | 23 | nodeny ${HOME}/.cache/gimp |
24 | noblacklist ${HOME}/.config/GIMP | 24 | nodeny ${HOME}/.config/GIMP |
25 | noblacklist ${HOME}/.gimp* | 25 | nodeny ${HOME}/.gimp* |
26 | noblacklist ${DOCUMENTS} | 26 | nodeny ${DOCUMENTS} |
27 | noblacklist ${PICTURES} | 27 | nodeny ${PICTURES} |
28 | 28 | ||
29 | include disable-common.inc | 29 | include disable-common.inc |
30 | include disable-exec.inc | 30 | include disable-exec.inc |
@@ -33,10 +33,10 @@ include disable-passwdmgr.inc | |||
33 | include disable-programs.inc | 33 | include disable-programs.inc |
34 | include disable-xdg.inc | 34 | include disable-xdg.inc |
35 | 35 | ||
36 | whitelist /usr/share/gegl-0.4 | 36 | allow /usr/share/gegl-0.4 |
37 | whitelist /usr/share/gimp | 37 | allow /usr/share/gimp |
38 | whitelist /usr/share/mypaint-data | 38 | allow /usr/share/mypaint-data |
39 | whitelist /usr/share/lensfun | 39 | allow /usr/share/lensfun |
40 | include whitelist-usr-share-common.inc | 40 | include whitelist-usr-share-common.inc |
41 | include whitelist-var-common.inc | 41 | include whitelist-var-common.inc |
42 | 42 | ||
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile index 661c3a375..e601d3ab0 100644 --- a/etc/profile-a-l/gist.profile +++ b/etc/profile-a-l/gist.profile | |||
@@ -7,10 +7,10 @@ include gist.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | noblacklist ${HOME}/.gist | 13 | nodeny ${HOME}/.gist |
14 | 14 | ||
15 | # Allow ruby (blacklisted by disable-interpreters.inc) | 15 | # Allow ruby (blacklisted by disable-interpreters.inc) |
16 | include allow-ruby.inc | 16 | include allow-ruby.inc |
@@ -24,8 +24,8 @@ include disable-programs.inc | |||
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | mkdir ${HOME}/.gist | 26 | mkdir ${HOME}/.gist |
27 | whitelist ${HOME}/.gist | 27 | allow ${HOME}/.gist |
28 | whitelist ${DOWNLOADS} | 28 | allow ${DOWNLOADS} |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index 5e4249376..74b7506cf 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile | |||
@@ -8,12 +8,12 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.gitconfig | 11 | nodeny ${HOME}/.gitconfig |
12 | noblacklist ${HOME}/.git-credentials | 12 | nodeny ${HOME}/.git-credentials |
13 | noblacklist ${HOME}/.gnupg | 13 | nodeny ${HOME}/.gnupg |
14 | noblacklist ${HOME}/.subversion | 14 | nodeny ${HOME}/.subversion |
15 | noblacklist ${HOME}/.config/git | 15 | nodeny ${HOME}/.config/git |
16 | noblacklist ${HOME}/.config/git-cola | 16 | nodeny ${HOME}/.config/git-cola |
17 | # Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings. | 17 | # Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings. |
18 | #noblacklist ${HOME}/ | 18 | #noblacklist ${HOME}/ |
19 | 19 | ||
@@ -32,17 +32,17 @@ include disable-passwdmgr.inc | |||
32 | include disable-programs.inc | 32 | include disable-programs.inc |
33 | include disable-xdg.inc | 33 | include disable-xdg.inc |
34 | 34 | ||
35 | whitelist ${RUNUSER}/gnupg | 35 | allow ${RUNUSER}/gnupg |
36 | whitelist ${RUNUSER}/keyring | 36 | allow ${RUNUSER}/keyring |
37 | # Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer. | 37 | # Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer. |
38 | whitelist /usr/share/git | 38 | allow /usr/share/git |
39 | whitelist /usr/share/git-cola | 39 | allow /usr/share/git-cola |
40 | whitelist /usr/share/git-core | 40 | allow /usr/share/git-core |
41 | whitelist /usr/share/git-gui | 41 | allow /usr/share/git-gui |
42 | whitelist /usr/share/gitk | 42 | allow /usr/share/gitk |
43 | whitelist /usr/share/gitweb | 43 | allow /usr/share/gitweb |
44 | whitelist /usr/share/gnupg | 44 | allow /usr/share/gnupg |
45 | whitelist /usr/share/gnupg2 | 45 | allow /usr/share/gnupg2 |
46 | include whitelist-runuser-common.inc | 46 | include whitelist-runuser-common.inc |
47 | include whitelist-usr-share-common.inc | 47 | include whitelist-usr-share-common.inc |
48 | include whitelist-var-common.inc | 48 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile index bfa0081c6..680e91085 100644 --- a/etc/profile-a-l/git.profile +++ b/etc/profile-a-l/git.profile | |||
@@ -7,33 +7,33 @@ include git.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/git | 10 | nodeny ${HOME}/.config/git |
11 | noblacklist ${HOME}/.config/nano | 11 | nodeny ${HOME}/.config/nano |
12 | noblacklist ${HOME}/.emacs | 12 | nodeny ${HOME}/.emacs |
13 | noblacklist ${HOME}/.emacs.d | 13 | nodeny ${HOME}/.emacs.d |
14 | noblacklist ${HOME}/.gitconfig | 14 | nodeny ${HOME}/.gitconfig |
15 | noblacklist ${HOME}/.git-credentials | 15 | nodeny ${HOME}/.git-credentials |
16 | noblacklist ${HOME}/.gnupg | 16 | nodeny ${HOME}/.gnupg |
17 | noblacklist ${HOME}/.nanorc | 17 | nodeny ${HOME}/.nanorc |
18 | noblacklist ${HOME}/.vim | 18 | nodeny ${HOME}/.vim |
19 | noblacklist ${HOME}/.viminfo | 19 | nodeny ${HOME}/.viminfo |
20 | 20 | ||
21 | # Allow ssh (blacklisted by disable-common.inc) | 21 | # Allow ssh (blacklisted by disable-common.inc) |
22 | include allow-ssh.inc | 22 | include allow-ssh.inc |
23 | 23 | ||
24 | blacklist /tmp/.X11-unix | 24 | deny /tmp/.X11-unix |
25 | blacklist ${RUNUSER}/wayland-* | 25 | deny ${RUNUSER}/wayland-* |
26 | 26 | ||
27 | include disable-common.inc | 27 | include disable-common.inc |
28 | include disable-exec.inc | 28 | include disable-exec.inc |
29 | include disable-passwdmgr.inc | 29 | include disable-passwdmgr.inc |
30 | include disable-programs.inc | 30 | include disable-programs.inc |
31 | 31 | ||
32 | whitelist /usr/share/git | 32 | allow /usr/share/git |
33 | whitelist /usr/share/git-core | 33 | allow /usr/share/git-core |
34 | whitelist /usr/share/gitgui | 34 | allow /usr/share/gitgui |
35 | whitelist /usr/share/gitweb | 35 | allow /usr/share/gitweb |
36 | whitelist /usr/share/nano | 36 | allow /usr/share/nano |
37 | include whitelist-usr-share-common.inc | 37 | include whitelist-usr-share-common.inc |
38 | include whitelist-var-common.inc | 38 | include whitelist-var-common.inc |
39 | 39 | ||
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile index 05d7dffa9..d313b5022 100644 --- a/etc/profile-a-l/gitg.profile +++ b/etc/profile-a-l/gitg.profile | |||
@@ -6,10 +6,10 @@ include gitg.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/git | 9 | nodeny ${HOME}/.config/git |
10 | noblacklist ${HOME}/.gitconfig | 10 | nodeny ${HOME}/.gitconfig |
11 | noblacklist ${HOME}/.git-credentials | 11 | nodeny ${HOME}/.git-credentials |
12 | noblacklist ${HOME}/.local/share/gitg | 12 | nodeny ${HOME}/.local/share/gitg |
13 | 13 | ||
14 | # Allow ssh (blacklisted by disable-common.inc) | 14 | # Allow ssh (blacklisted by disable-common.inc) |
15 | include allow-ssh.inc | 15 | include allow-ssh.inc |
@@ -29,7 +29,7 @@ include disable-programs.inc | |||
29 | #whitelist ${HOME}/.ssh | 29 | #whitelist ${HOME}/.ssh |
30 | #include whitelist-common.inc | 30 | #include whitelist-common.inc |
31 | 31 | ||
32 | whitelist /usr/share/gitg | 32 | allow /usr/share/gitg |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/github-desktop.profile b/etc/profile-a-l/github-desktop.profile index 325c54ced..81b534a74 100644 --- a/etc/profile-a-l/github-desktop.profile +++ b/etc/profile-a-l/github-desktop.profile | |||
@@ -22,10 +22,10 @@ ignore apparmor | |||
22 | ignore dbus-user none | 22 | ignore dbus-user none |
23 | ignore dbus-system none | 23 | ignore dbus-system none |
24 | 24 | ||
25 | noblacklist ${HOME}/.config/GitHub Desktop | 25 | nodeny ${HOME}/.config/GitHub Desktop |
26 | noblacklist ${HOME}/.config/git | 26 | nodeny ${HOME}/.config/git |
27 | noblacklist ${HOME}/.gitconfig | 27 | nodeny ${HOME}/.gitconfig |
28 | noblacklist ${HOME}/.git-credentials | 28 | nodeny ${HOME}/.git-credentials |
29 | 29 | ||
30 | # no3d | 30 | # no3d |
31 | nosound | 31 | nosound |
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile index 460e2b990..2d1694ef7 100644 --- a/etc/profile-a-l/gitter.profile +++ b/etc/profile-a-l/gitter.profile | |||
@@ -5,8 +5,8 @@ include gitter.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/autostart | 8 | nodeny ${HOME}/.config/autostart |
9 | noblacklist ${HOME}/.config/Gitter | 9 | nodeny ${HOME}/.config/Gitter |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/Gitter | 18 | mkdir ${HOME}/.config/Gitter |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.config/autostart | 20 | allow ${HOME}/.config/autostart |
21 | whitelist ${HOME}/.config/Gitter | 21 | allow ${HOME}/.config/Gitter |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-a-l/gjs.profile b/etc/profile-a-l/gjs.profile index ed68b3c2d..e00bb1dbf 100644 --- a/etc/profile-a-l/gjs.profile +++ b/etc/profile-a-l/gjs.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/libgweather | 11 | nodeny ${HOME}/.cache/libgweather |
12 | noblacklist ${HOME}/.cache/org.gnome.Books | 12 | nodeny ${HOME}/.cache/org.gnome.Books |
13 | noblacklist ${HOME}/.config/libreoffice | 13 | nodeny ${HOME}/.config/libreoffice |
14 | noblacklist ${HOME}/.local/share/gnome-photos | 14 | nodeny ${HOME}/.local/share/gnome-photos |
15 | 15 | ||
16 | # Allow gjs (blacklisted by disable-interpreters.inc) | 16 | # Allow gjs (blacklisted by disable-interpreters.inc) |
17 | include allow-gjs.inc | 17 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile index c8cefc67e..a3236c2be 100644 --- a/etc/profile-a-l/gl-117.profile +++ b/etc/profile-a-l/gl-117.profile | |||
@@ -6,7 +6,7 @@ include gl-117.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gl-117 | 9 | nodeny ${HOME}/.gl-117 |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.gl-117 | 20 | mkdir ${HOME}/.gl-117 |
21 | whitelist ${HOME}/.gl-117 | 21 | allow ${HOME}/.gl-117 |
22 | whitelist /usr/share/gl-117 | 22 | allow /usr/share/gl-117 |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile index ee7af0546..ec894a5f3 100644 --- a/etc/profile-a-l/glaxium.profile +++ b/etc/profile-a-l/glaxium.profile | |||
@@ -6,7 +6,7 @@ include glaxium.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.glaxiumrc | 9 | nodeny ${HOME}/.glaxiumrc |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/.glaxiumrc | 20 | mkfile ${HOME}/.glaxiumrc |
21 | whitelist ${HOME}/.glaxiumrc | 21 | allow ${HOME}/.glaxiumrc |
22 | whitelist /usr/share/glaxium | 22 | allow /usr/share/glaxium |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/globaltime.profile b/etc/profile-a-l/globaltime.profile index 14b3ef811..e091b811f 100644 --- a/etc/profile-a-l/globaltime.profile +++ b/etc/profile-a-l/globaltime.profile | |||
@@ -5,7 +5,7 @@ include globaltime.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/globaltime | 8 | nodeny ${HOME}/.config/globaltime |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile index b3aad8b2c..79397d28f 100644 --- a/etc/profile-a-l/gmpc.profile +++ b/etc/profile-a-l/gmpc.profile | |||
@@ -6,8 +6,8 @@ include gmpc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gmpc | 9 | nodeny ${HOME}/.config/gmpc |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-programs.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/gmpc | 20 | mkdir ${HOME}/.config/gmpc |
21 | whitelist ${HOME}/.config/gmpc | 21 | allow ${HOME}/.config/gmpc |
22 | whitelist ${MUSIC} | 22 | allow ${MUSIC} |
23 | whitelist /usr/share/gmpc | 23 | allow /usr/share/gmpc |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-2048.profile b/etc/profile-a-l/gnome-2048.profile index 777c81dbe..c723f6e46 100644 --- a/etc/profile-a-l/gnome-2048.profile +++ b/etc/profile-a-l/gnome-2048.profile | |||
@@ -6,10 +6,10 @@ include gnome-2048.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-2048 | 9 | nodeny ${HOME}/.local/share/gnome-2048 |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-2048 | 11 | mkdir ${HOME}/.local/share/gnome-2048 |
12 | whitelist ${HOME}/.local/share/gnome-2048 | 12 | allow ${HOME}/.local/share/gnome-2048 |
13 | 13 | ||
14 | private-bin gnome-2048 | 14 | private-bin gnome-2048 |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-books.profile b/etc/profile-a-l/gnome-books.profile index 34a7f557c..2ed5fa76b 100644 --- a/etc/profile-a-l/gnome-books.profile +++ b/etc/profile-a-l/gnome-books.profile | |||
@@ -7,8 +7,8 @@ include globals.local | |||
7 | 7 | ||
8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/org.gnome.Books | 10 | nodeny ${HOME}/.cache/org.gnome.Books |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | 13 | # Allow gjs (blacklisted by disable-interpreters.inc) |
14 | include allow-gjs.inc | 14 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnome-builder.profile b/etc/profile-a-l/gnome-builder.profile index 37ca5aeff..7dd1c6e22 100644 --- a/etc/profile-a-l/gnome-builder.profile +++ b/etc/profile-a-l/gnome-builder.profile | |||
@@ -6,11 +6,11 @@ include gnome-builder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.bash_history | 9 | nodeny ${HOME}/.bash_history |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/gnome-builder | 11 | nodeny ${HOME}/.cache/gnome-builder |
12 | noblacklist ${HOME}/.config/gnome-builder | 12 | nodeny ${HOME}/.config/gnome-builder |
13 | noblacklist ${HOME}/.local/share/gnome-builder | 13 | nodeny ${HOME}/.local/share/gnome-builder |
14 | 14 | ||
15 | # Allows files commonly used by IDEs | 15 | # Allows files commonly used by IDEs |
16 | include allow-common-devel.inc | 16 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile index eaf25b177..d91fbaa4b 100644 --- a/etc/profile-a-l/gnome-calendar.profile +++ b/etc/profile-a-l/gnome-calendar.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/libgweather | 18 | allow /usr/share/libgweather |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
@@ -46,7 +46,7 @@ private | |||
46 | private-bin gnome-calendar | 46 | private-bin gnome-calendar |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,nsswitch.conf,pki,resolv.conf,ssl | 49 | private-etc ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,localtime,nsswitch.conf,pki,resolv.conf,ssl |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | dbus-user filter | 52 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile index 741fe9bf7..806d7e571 100644 --- a/etc/profile-a-l/gnome-characters.profile +++ b/etc/profile-a-l/gnome-characters.profile | |||
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist /usr/share/org.gnome.Characters | 21 | allow /usr/share/org.gnome.Characters |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile index bd39f625c..095210565 100644 --- a/etc/profile-a-l/gnome-chess.profile +++ b/etc/profile-a-l/gnome-chess.profile | |||
@@ -6,8 +6,8 @@ include gnome-chess.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnome-chess | 9 | nodeny ${HOME}/.config/gnome-chess |
10 | noblacklist ${HOME}/.local/share/gnome-chess | 10 | nodeny ${HOME}/.local/share/gnome-chess |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | #whitelist ${HOME}/.local/share/gnome-chess | 22 | #whitelist ${HOME}/.local/share/gnome-chess |
23 | #include whitelist-common.inc | 23 | #include whitelist-common.inc |
24 | 24 | ||
25 | whitelist /usr/share/gnuchess | 25 | allow /usr/share/gnuchess |
26 | whitelist /usr/share/gnome-chess | 26 | allow /usr/share/gnome-chess |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile index 1e7c70b84..7e2d458fd 100644 --- a/etc/profile-a-l/gnome-clocks.profile +++ b/etc/profile-a-l/gnome-clocks.profile | |||
@@ -15,8 +15,8 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/gnome-clocks | 18 | allow /usr/share/gnome-clocks |
19 | whitelist /usr/share/libgweather | 19 | allow /usr/share/libgweather |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-contacts.profile b/etc/profile-a-l/gnome-contacts.profile index dcc6163b6..7902fa169 100644 --- a/etc/profile-a-l/gnome-contacts.profile +++ b/etc/profile-a-l/gnome-contacts.profile | |||
@@ -6,7 +6,7 @@ include gnome-contacts.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-documents.profile b/etc/profile-a-l/gnome-documents.profile index 29ad67af8..0f601149f 100644 --- a/etc/profile-a-l/gnome-documents.profile +++ b/etc/profile-a-l/gnome-documents.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/libreoffice | 11 | nodeny ${HOME}/.config/libreoffice |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | # Allow gjs (blacklisted by disable-interpreters.inc) | 14 | # Allow gjs (blacklisted by disable-interpreters.inc) |
15 | include allow-gjs.inc | 15 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile index 2db956faf..50c3e2c6f 100644 --- a/etc/profile-a-l/gnome-hexgl.profile +++ b/etc/profile-a-l/gnome-hexgl.profile | |||
@@ -16,7 +16,7 @@ include disable-shell.inc | |||
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/mesa_shader_cache | 18 | mkdir ${HOME}/.cache/mesa_shader_cache |
19 | whitelist /usr/share/gnome-hexgl | 19 | allow /usr/share/gnome-hexgl |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-keyring.profile b/etc/profile-a-l/gnome-keyring.profile index 25b4c47de..62a5a34ea 100644 --- a/etc/profile-a-l/gnome-keyring.profile +++ b/etc/profile-a-l/gnome-keyring.profile | |||
@@ -7,7 +7,7 @@ include gnome-keyring.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.gnupg | 10 | nodeny ${HOME}/.gnupg |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,12 +18,12 @@ include disable-programs.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.gnupg | 20 | mkdir ${HOME}/.gnupg |
21 | whitelist ${HOME}/.gnupg | 21 | allow ${HOME}/.gnupg |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist ${RUNUSER}/gnupg | 23 | allow ${RUNUSER}/gnupg |
24 | whitelist ${RUNUSER}/keyring | 24 | allow ${RUNUSER}/keyring |
25 | whitelist /usr/share/gnupg | 25 | allow /usr/share/gnupg |
26 | whitelist /usr/share/gnupg2 | 26 | allow /usr/share/gnupg2 |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-klotski.profile b/etc/profile-a-l/gnome-klotski.profile index c67a5c0da..ed074f944 100644 --- a/etc/profile-a-l/gnome-klotski.profile +++ b/etc/profile-a-l/gnome-klotski.profile | |||
@@ -6,10 +6,10 @@ include gnome-klotski.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-klotski | 9 | nodeny ${HOME}/.local/share/gnome-klotski |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-klotski | 11 | mkdir ${HOME}/.local/share/gnome-klotski |
12 | whitelist ${HOME}/.local/share/gnome-klotski | 12 | allow ${HOME}/.local/share/gnome-klotski |
13 | 13 | ||
14 | private-bin gnome-klotski | 14 | private-bin gnome-klotski |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile index 1a7eafeca..4a03a7ff5 100644 --- a/etc/profile-a-l/gnome-latex.profile +++ b/etc/profile-a-l/gnome-latex.profile | |||
@@ -6,8 +6,8 @@ include gnome-latex.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnome-latex | 9 | nodeny ${HOME}/.config/gnome-latex |
10 | noblacklist ${HOME}/.local/share/gnome-latex | 10 | nodeny ${HOME}/.local/share/gnome-latex |
11 | 11 | ||
12 | # Allow perl (blacklisted by disable-interpreters.inc) | 12 | # Allow perl (blacklisted by disable-interpreters.inc) |
13 | include allow-perl.inc | 13 | include allow-perl.inc |
@@ -19,8 +19,8 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | whitelist /usr/share/gnome-latex | 22 | allow /usr/share/gnome-latex |
23 | whitelist /usr/share/texlive | 23 | allow /usr/share/texlive |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | # May cause issues. | 26 | # May cause issues. |
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile index 9d2ea7b7b..fcc02dc76 100644 --- a/etc/profile-a-l/gnome-logs.profile +++ b/etc/profile-a-l/gnome-logs.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /var/log/journal | 18 | allow /var/log/journal |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-mahjongg.profile b/etc/profile-a-l/gnome-mahjongg.profile index 42409dce8..e21f03efe 100644 --- a/etc/profile-a-l/gnome-mahjongg.profile +++ b/etc/profile-a-l/gnome-mahjongg.profile | |||
@@ -6,7 +6,7 @@ include gnome-mahjongg.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | whitelist /usr/share/gnome-mahjongg | 9 | allow /usr/share/gnome-mahjongg |
10 | 10 | ||
11 | private-bin gnome-mahjongg | 11 | private-bin gnome-mahjongg |
12 | 12 | ||
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile index 23aab343f..cf4eceee3 100644 --- a/etc/profile-a-l/gnome-maps.profile +++ b/etc/profile-a-l/gnome-maps.profile | |||
@@ -11,14 +11,14 @@ include globals.local | |||
11 | 11 | ||
12 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 12 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
13 | 13 | ||
14 | noblacklist ${HOME}/.cache/champlain | 14 | nodeny ${HOME}/.cache/champlain |
15 | noblacklist ${HOME}/.cache/org.gnome.Maps | 15 | nodeny ${HOME}/.cache/org.gnome.Maps |
16 | noblacklist ${HOME}/.local/share/maps-places.json | 16 | nodeny ${HOME}/.local/share/maps-places.json |
17 | 17 | ||
18 | # Allow gjs (blacklisted by disable-interpreters.inc) | 18 | # Allow gjs (blacklisted by disable-interpreters.inc) |
19 | include allow-gjs.inc | 19 | include allow-gjs.inc |
20 | 20 | ||
21 | blacklist /usr/libexec | 21 | deny /usr/libexec |
22 | 22 | ||
23 | include disable-common.inc | 23 | include disable-common.inc |
24 | include disable-devel.inc | 24 | include disable-devel.inc |
@@ -31,12 +31,12 @@ include disable-xdg.inc | |||
31 | 31 | ||
32 | mkdir ${HOME}/.cache/champlain | 32 | mkdir ${HOME}/.cache/champlain |
33 | mkfile ${HOME}/.local/share/maps-places.json | 33 | mkfile ${HOME}/.local/share/maps-places.json |
34 | whitelist ${HOME}/.cache/champlain | 34 | allow ${HOME}/.cache/champlain |
35 | whitelist ${HOME}/.local/share/maps-places.json | 35 | allow ${HOME}/.local/share/maps-places.json |
36 | whitelist ${DOWNLOADS} | 36 | allow ${DOWNLOADS} |
37 | whitelist ${PICTURES} | 37 | allow ${PICTURES} |
38 | whitelist /usr/share/gnome-maps | 38 | allow /usr/share/gnome-maps |
39 | whitelist /usr/share/libgweather | 39 | allow /usr/share/libgweather |
40 | include whitelist-common.inc | 40 | include whitelist-common.inc |
41 | include whitelist-runuser-common.inc | 41 | include whitelist-runuser-common.inc |
42 | include whitelist-usr-share-common.inc | 42 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-mines.profile b/etc/profile-a-l/gnome-mines.profile index 4fe8986c2..1b2949bc5 100644 --- a/etc/profile-a-l/gnome-mines.profile +++ b/etc/profile-a-l/gnome-mines.profile | |||
@@ -6,11 +6,11 @@ include gnome-mines.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-mines | 9 | nodeny ${HOME}/.local/share/gnome-mines |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-mines | 11 | mkdir ${HOME}/.local/share/gnome-mines |
12 | whitelist ${HOME}/.local/share/gnome-mines | 12 | allow ${HOME}/.local/share/gnome-mines |
13 | whitelist /usr/share/gnome-mines | 13 | allow /usr/share/gnome-mines |
14 | 14 | ||
15 | private-bin gnome-mines | 15 | private-bin gnome-mines |
16 | 16 | ||
diff --git a/etc/profile-a-l/gnome-mplayer.profile b/etc/profile-a-l/gnome-mplayer.profile index 43fe71f5e..c1cbc796a 100644 --- a/etc/profile-a-l/gnome-mplayer.profile +++ b/etc/profile-a-l/gnome-mplayer.profile | |||
@@ -6,9 +6,9 @@ include gnome-mplayer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnome-mplayer | 9 | nodeny ${HOME}/.config/gnome-mplayer |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile index 2fcbe9910..8fd0826c4 100644 --- a/etc/profile-a-l/gnome-music.profile +++ b/etc/profile-a-l/gnome-music.profile | |||
@@ -6,8 +6,8 @@ include gnome-music.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-music | 9 | nodeny ${HOME}/.local/share/gnome-music |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/gnome-nettool.profile b/etc/profile-a-l/gnome-nettool.profile index 814751db3..a929582f8 100644 --- a/etc/profile-a-l/gnome-nettool.profile +++ b/etc/profile-a-l/gnome-nettool.profile | |||
@@ -14,7 +14,7 @@ include disable-passwdmgr.inc | |||
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | include disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | whitelist /usr/share/gnome-nettool | 17 | allow /usr/share/gnome-nettool |
18 | #include whitelist-common.inc -- see #903 | 18 | #include whitelist-common.inc -- see #903 |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-nibbles.profile b/etc/profile-a-l/gnome-nibbles.profile index b22810d34..d4c037a41 100644 --- a/etc/profile-a-l/gnome-nibbles.profile +++ b/etc/profile-a-l/gnome-nibbles.profile | |||
@@ -9,11 +9,11 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | noblacklist ${HOME}/.local/share/gnome-nibbles | 12 | nodeny ${HOME}/.local/share/gnome-nibbles |
13 | 13 | ||
14 | mkdir ${HOME}/.local/share/gnome-nibbles | 14 | mkdir ${HOME}/.local/share/gnome-nibbles |
15 | whitelist ${HOME}/.local/share/gnome-nibbles | 15 | allow ${HOME}/.local/share/gnome-nibbles |
16 | whitelist /usr/share/gnome-nibbles | 16 | allow /usr/share/gnome-nibbles |
17 | 17 | ||
18 | private-bin gnome-nibbles | 18 | private-bin gnome-nibbles |
19 | 19 | ||
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile index fee5f88b9..d2cf828cc 100644 --- a/etc/profile-a-l/gnome-passwordsafe.profile +++ b/etc/profile-a-l/gnome-passwordsafe.profile | |||
@@ -6,14 +6,14 @@ include gnome-passwordsafe.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${HOME}/*.kdb | 10 | nodeny ${HOME}/*.kdb |
11 | noblacklist ${HOME}/*.kdbx | 11 | nodeny ${HOME}/*.kdbx |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python3.inc | 14 | include allow-python3.inc |
15 | 15 | ||
16 | blacklist /usr/libexec | 16 | deny /usr/libexec |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -24,8 +24,8 @@ include disable-programs.inc | |||
24 | include disable-shell.inc | 24 | include disable-shell.inc |
25 | include disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | whitelist /usr/share/cracklib | 27 | allow /usr/share/cracklib |
28 | whitelist /usr/share/passwordsafe | 28 | allow /usr/share/passwordsafe |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-photos.profile b/etc/profile-a-l/gnome-photos.profile index 58bf3f349..3702da2c7 100644 --- a/etc/profile-a-l/gnome-photos.profile +++ b/etc/profile-a-l/gnome-photos.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | noblacklist ${HOME}/.local/share/gnome-photos | 11 | nodeny ${HOME}/.local/share/gnome-photos |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile index 41903b136..e9ae2bcb0 100644 --- a/etc/profile-a-l/gnome-pie.profile +++ b/etc/profile-a-l/gnome-pie.profile | |||
@@ -6,7 +6,7 @@ include gnome-pie.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnome-pie | 9 | nodeny ${HOME}/.config/gnome-pie |
10 | 10 | ||
11 | #include disable-common.inc | 11 | #include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile index c2ba7556d..bec23910c 100644 --- a/etc/profile-a-l/gnome-pomodoro.profile +++ b/etc/profile-a-l/gnome-pomodoro.profile | |||
@@ -6,7 +6,7 @@ include gnome-pomodoro.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-pomodoro | 9 | nodeny ${HOME}/.local/share/gnome-pomodoro |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.local/share/gnome-pomodoro | 19 | mkdir ${HOME}/.local/share/gnome-pomodoro |
20 | whitelist ${HOME}/.local/share/gnome-pomodoro | 20 | allow ${HOME}/.local/share/gnome-pomodoro |
21 | whitelist /usr/share/gnome-pomodoro | 21 | allow /usr/share/gnome-pomodoro |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile index 48c98ebe0..5ef33fdd8 100644 --- a/etc/profile-a-l/gnome-recipes.profile +++ b/etc/profile-a-l/gnome-recipes.profile | |||
@@ -7,8 +7,8 @@ include gnome-recipes.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/gnome-recipes | 10 | nodeny ${HOME}/.cache/gnome-recipes |
11 | noblacklist ${HOME}/.local/share/gnome-recipes | 11 | nodeny ${HOME}/.local/share/gnome-recipes |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-shell.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.cache/gnome-recipes | 21 | mkdir ${HOME}/.cache/gnome-recipes |
22 | mkdir ${HOME}/.local/share/gnome-recipes | 22 | mkdir ${HOME}/.local/share/gnome-recipes |
23 | whitelist ${HOME}/.cache/gnome-recipes | 23 | allow ${HOME}/.cache/gnome-recipes |
24 | whitelist ${HOME}/.local/share/gnome-recipes | 24 | allow ${HOME}/.local/share/gnome-recipes |
25 | whitelist /usr/share/gnome-recipes | 25 | allow /usr/share/gnome-recipes |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-ring.profile b/etc/profile-a-l/gnome-ring.profile index 78ceb9c4f..b34d264f4 100644 --- a/etc/profile-a-l/gnome-ring.profile +++ b/etc/profile-a-l/gnome-ring.profile | |||
@@ -5,7 +5,7 @@ include gnome-ring.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.local/share/gnome-ring | 8 | nodeny ${HOME}/.local/share/gnome-ring |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-robots.profile b/etc/profile-a-l/gnome-robots.profile index 8835f2b93..836d4e2b2 100644 --- a/etc/profile-a-l/gnome-robots.profile +++ b/etc/profile-a-l/gnome-robots.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | whitelist /usr/share/gnome-robots | 12 | allow /usr/share/gnome-robots |
13 | 13 | ||
14 | private-bin gnome-robots | 14 | private-bin gnome-robots |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-schedule.profile b/etc/profile-a-l/gnome-schedule.profile index 69c90b33d..146f8bc4e 100644 --- a/etc/profile-a-l/gnome-schedule.profile +++ b/etc/profile-a-l/gnome-schedule.profile | |||
@@ -6,17 +6,17 @@ include gnome-schedule.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gnome/gnome-schedule | 9 | nodeny ${HOME}/.gnome/gnome-schedule |
10 | 10 | ||
11 | # Needs at and crontab to read/write user cron | 11 | # Needs at and crontab to read/write user cron |
12 | noblacklist ${PATH}/at | 12 | nodeny ${PATH}/at |
13 | noblacklist ${PATH}/crontab | 13 | nodeny ${PATH}/crontab |
14 | 14 | ||
15 | # Needs access to these files/dirs | 15 | # Needs access to these files/dirs |
16 | noblacklist /etc/cron.allow | 16 | nodeny /etc/cron.allow |
17 | noblacklist /etc/cron.deny | 17 | nodeny /etc/cron.deny |
18 | noblacklist /etc/shadow | 18 | nodeny /etc/shadow |
19 | noblacklist /var/spool/cron | 19 | nodeny /var/spool/cron |
20 | 20 | ||
21 | # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc) | 21 | # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc) |
22 | # add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality | 22 | # add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality |
@@ -34,10 +34,10 @@ include disable-programs.inc | |||
34 | include disable-xdg.inc | 34 | include disable-xdg.inc |
35 | 35 | ||
36 | mkfile ${HOME}/.gnome/gnome-schedule | 36 | mkfile ${HOME}/.gnome/gnome-schedule |
37 | whitelist ${HOME}/.gnome/gnome-schedule | 37 | allow ${HOME}/.gnome/gnome-schedule |
38 | whitelist /usr/share/gnome-schedule | 38 | allow /usr/share/gnome-schedule |
39 | whitelist /var/spool/atd | 39 | allow /var/spool/atd |
40 | whitelist /var/spool/cron | 40 | allow /var/spool/cron |
41 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-runuser-common.inc | 42 | include whitelist-runuser-common.inc |
43 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile index b683b6f6c..175549e99 100644 --- a/etc/profile-a-l/gnome-screenshot.profile +++ b/etc/profile-a-l/gnome-screenshot.profile | |||
@@ -6,8 +6,8 @@ include gnome-screenshot.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | noblacklist ${HOME}/.cache/gnome-screenshot | 10 | nodeny ${HOME}/.cache/gnome-screenshot |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile index 34f5fdeff..c2fb14fa4 100644 --- a/etc/profile-a-l/gnome-sound-recorder.profile +++ b/etc/profile-a-l/gnome-sound-recorder.profile | |||
@@ -6,8 +6,8 @@ include gnome-sound-recorder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | noblacklist ${HOME}/.local/share/Trash | 10 | nodeny ${HOME}/.local/share/Trash |
11 | 11 | ||
12 | # Allow gjs (blacklisted by disable-interpreters.inc) | 12 | # Allow gjs (blacklisted by disable-interpreters.inc) |
13 | include allow-gjs.inc | 13 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnome-sudoku.profile b/etc/profile-a-l/gnome-sudoku.profile index 12fd48a86..3b7835e52 100644 --- a/etc/profile-a-l/gnome-sudoku.profile +++ b/etc/profile-a-l/gnome-sudoku.profile | |||
@@ -6,10 +6,10 @@ include gnome-sudoku.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-sudoku | 9 | nodeny ${HOME}/.local/share/gnome-sudoku |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-sudoku | 11 | mkdir ${HOME}/.local/share/gnome-sudoku |
12 | whitelist ${HOME}/.local/share/gnome-sudoku | 12 | allow ${HOME}/.local/share/gnome-sudoku |
13 | 13 | ||
14 | private-bin gnome-sudoku | 14 | private-bin gnome-sudoku |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile index 8a818695d..6978f7cab 100644 --- a/etc/profile-a-l/gnome-system-log.profile +++ b/etc/profile-a-l/gnome-system-log.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /var/log | 18 | allow /var/log |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-taquin.profile b/etc/profile-a-l/gnome-taquin.profile index 2341334f7..ac87cf70f 100644 --- a/etc/profile-a-l/gnome-taquin.profile +++ b/etc/profile-a-l/gnome-taquin.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | whitelist /usr/share/gnome-taquin | 12 | allow /usr/share/gnome-taquin |
13 | 13 | ||
14 | private-bin gnome-taquin | 14 | private-bin gnome-taquin |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile index 3b147cd48..092fd58a3 100644 --- a/etc/profile-a-l/gnome-todo.profile +++ b/etc/profile-a-l/gnome-todo.profile | |||
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist /usr/share/gnome-todo | 21 | allow /usr/share/gnome-todo |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/gnome-twitch.profile b/etc/profile-a-l/gnome-twitch.profile index b8ec195d3..d76872ea6 100644 --- a/etc/profile-a-l/gnome-twitch.profile +++ b/etc/profile-a-l/gnome-twitch.profile | |||
@@ -6,8 +6,8 @@ include gnome-twitch.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/gnome-twitch | 9 | nodeny ${HOME}/.cache/gnome-twitch |
10 | noblacklist ${HOME}/.local/share/gnome-twitch | 10 | nodeny ${HOME}/.local/share/gnome-twitch |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.cache/gnome-twitch | 19 | mkdir ${HOME}/.cache/gnome-twitch |
20 | mkdir ${HOME}/.local/share/gnome-twitch | 20 | mkdir ${HOME}/.local/share/gnome-twitch |
21 | whitelist ${HOME}/.cache/gnome-twitch | 21 | allow ${HOME}/.cache/gnome-twitch |
22 | whitelist ${HOME}/.local/share/gnome-twitch | 22 | allow ${HOME}/.local/share/gnome-twitch |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-a-l/gnome-weather.profile b/etc/profile-a-l/gnome-weather.profile index 2e08fa41d..6f557ff8d 100644 --- a/etc/profile-a-l/gnome-weather.profile +++ b/etc/profile-a-l/gnome-weather.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/libgweather | 11 | nodeny ${HOME}/.cache/libgweather |
12 | 12 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | 13 | # Allow gjs (blacklisted by disable-interpreters.inc) |
14 | include allow-gjs.inc | 14 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile index c3014a288..261efefac 100644 --- a/etc/profile-a-l/gnote.profile +++ b/etc/profile-a-l/gnote.profile | |||
@@ -6,8 +6,8 @@ include gnote.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnote | 9 | nodeny ${HOME}/.config/gnote |
10 | noblacklist ${HOME}/.local/share/gnote | 10 | nodeny ${HOME}/.local/share/gnote |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.config/gnote | 21 | mkdir ${HOME}/.config/gnote |
22 | mkdir ${HOME}/.local/share/gnote | 22 | mkdir ${HOME}/.local/share/gnote |
23 | whitelist ${HOME}/.config/gnote | 23 | allow ${HOME}/.config/gnote |
24 | whitelist ${HOME}/.local/share/gnote | 24 | allow ${HOME}/.local/share/gnote |
25 | whitelist /usr/share/gnote | 25 | allow /usr/share/gnote |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile index 22851ce9f..e6fbca26f 100644 --- a/etc/profile-a-l/gnubik.profile +++ b/etc/profile-a-l/gnubik.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/gnubik | 18 | allow /usr/share/gnubik |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile index 09ca17caa..f35a53ca4 100644 --- a/etc/profile-a-l/godot.profile +++ b/etc/profile-a-l/godot.profile | |||
@@ -6,9 +6,9 @@ include godot.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/godot | 9 | nodeny ${HOME}/.cache/godot |
10 | noblacklist ${HOME}/.config/godot | 10 | nodeny ${HOME}/.config/godot |
11 | noblacklist ${HOME}/.local/share/godot | 11 | nodeny ${HOME}/.local/share/godot |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/goobox.profile b/etc/profile-a-l/goobox.profile index 8399d77c4..95dd41c2a 100644 --- a/etc/profile-a-l/goobox.profile +++ b/etc/profile-a-l/goobox.profile | |||
@@ -6,7 +6,7 @@ include goobox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/google-chrome-beta.profile b/etc/profile-a-l/google-chrome-beta.profile index ebe5e870b..07f0e587d 100644 --- a/etc/profile-a-l/google-chrome-beta.profile +++ b/etc/profile-a-l/google-chrome-beta.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/google-chrome-beta | 13 | nodeny ${HOME}/.cache/google-chrome-beta |
14 | noblacklist ${HOME}/.config/google-chrome-beta | 14 | nodeny ${HOME}/.config/google-chrome-beta |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/chrome-beta-flags.conf | 16 | nodeny ${HOME}/.config/chrome-beta-flags.conf |
17 | noblacklist ${HOME}/.config/chrome-beta-flags.config | 17 | nodeny ${HOME}/.config/chrome-beta-flags.config |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/google-chrome-beta | 19 | mkdir ${HOME}/.cache/google-chrome-beta |
20 | mkdir ${HOME}/.config/google-chrome-beta | 20 | mkdir ${HOME}/.config/google-chrome-beta |
21 | whitelist ${HOME}/.cache/google-chrome-beta | 21 | allow ${HOME}/.cache/google-chrome-beta |
22 | whitelist ${HOME}/.config/google-chrome-beta | 22 | allow ${HOME}/.config/google-chrome-beta |
23 | 23 | ||
24 | whitelist ${HOME}/.config/chrome-beta-flags.conf | 24 | allow ${HOME}/.config/chrome-beta-flags.conf |
25 | whitelist ${HOME}/.config/chrome-beta-flags.config | 25 | allow ${HOME}/.config/chrome-beta-flags.config |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-a-l/google-chrome-unstable.profile b/etc/profile-a-l/google-chrome-unstable.profile index 4d303f71b..229904411 100644 --- a/etc/profile-a-l/google-chrome-unstable.profile +++ b/etc/profile-a-l/google-chrome-unstable.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/google-chrome-unstable | 13 | nodeny ${HOME}/.cache/google-chrome-unstable |
14 | noblacklist ${HOME}/.config/google-chrome-unstable | 14 | nodeny ${HOME}/.config/google-chrome-unstable |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/chrome-unstable-flags.conf | 16 | nodeny ${HOME}/.config/chrome-unstable-flags.conf |
17 | noblacklist ${HOME}/.config/chrome-unstable-flags.config | 17 | nodeny ${HOME}/.config/chrome-unstable-flags.config |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/google-chrome-unstable | 19 | mkdir ${HOME}/.cache/google-chrome-unstable |
20 | mkdir ${HOME}/.config/google-chrome-unstable | 20 | mkdir ${HOME}/.config/google-chrome-unstable |
21 | whitelist ${HOME}/.cache/google-chrome-unstable | 21 | allow ${HOME}/.cache/google-chrome-unstable |
22 | whitelist ${HOME}/.config/google-chrome-unstable | 22 | allow ${HOME}/.config/google-chrome-unstable |
23 | 23 | ||
24 | whitelist ${HOME}/.config/chrome-unstable-flags.conf | 24 | allow ${HOME}/.config/chrome-unstable-flags.conf |
25 | whitelist ${HOME}/.config/chrome-unstable-flags.config | 25 | allow ${HOME}/.config/chrome-unstable-flags.config |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-a-l/google-chrome.profile b/etc/profile-a-l/google-chrome.profile index ed2595f72..f61642f17 100644 --- a/etc/profile-a-l/google-chrome.profile +++ b/etc/profile-a-l/google-chrome.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/google-chrome | 13 | nodeny ${HOME}/.cache/google-chrome |
14 | noblacklist ${HOME}/.config/google-chrome | 14 | nodeny ${HOME}/.config/google-chrome |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/chrome-flags.conf | 16 | nodeny ${HOME}/.config/chrome-flags.conf |
17 | noblacklist ${HOME}/.config/chrome-flags.config | 17 | nodeny ${HOME}/.config/chrome-flags.config |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/google-chrome | 19 | mkdir ${HOME}/.cache/google-chrome |
20 | mkdir ${HOME}/.config/google-chrome | 20 | mkdir ${HOME}/.config/google-chrome |
21 | whitelist ${HOME}/.cache/google-chrome | 21 | allow ${HOME}/.cache/google-chrome |
22 | whitelist ${HOME}/.config/google-chrome | 22 | allow ${HOME}/.config/google-chrome |
23 | 23 | ||
24 | whitelist ${HOME}/.config/chrome-flags.conf | 24 | allow ${HOME}/.config/chrome-flags.conf |
25 | whitelist ${HOME}/.config/chrome-flags.config | 25 | allow ${HOME}/.config/chrome-flags.config |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-a-l/google-earth.profile b/etc/profile-a-l/google-earth.profile index 65ac04771..6039f7cbd 100644 --- a/etc/profile-a-l/google-earth.profile +++ b/etc/profile-a-l/google-earth.profile | |||
@@ -5,8 +5,8 @@ include google-earth.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Google | 8 | nodeny ${HOME}/.config/Google |
9 | noblacklist ${HOME}/.googleearth | 9 | nodeny ${HOME}/.googleearth |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | 17 | ||
18 | mkdir ${HOME}/.config/Google | 18 | mkdir ${HOME}/.config/Google |
19 | mkdir ${HOME}/.googleearth | 19 | mkdir ${HOME}/.googleearth |
20 | whitelist ${HOME}/.config/Google | 20 | allow ${HOME}/.config/Google |
21 | whitelist ${HOME}/.googleearth | 21 | allow ${HOME}/.googleearth |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-a-l/google-play-music-desktop-player.profile b/etc/profile-a-l/google-play-music-desktop-player.profile index a7aabe105..fdb65b93c 100644 --- a/etc/profile-a-l/google-play-music-desktop-player.profile +++ b/etc/profile-a-l/google-play-music-desktop-player.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | # noexec /tmp breaks mpris support | 8 | # noexec /tmp breaks mpris support |
9 | ignore noexec /tmp | 9 | ignore noexec /tmp |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/Google Play Music Desktop Player | 11 | nodeny ${HOME}/.config/Google Play Music Desktop Player |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,7 +20,7 @@ include disable-programs.inc | |||
20 | mkdir ${HOME}/.config/Google Play Music Desktop Player | 20 | mkdir ${HOME}/.config/Google Play Music Desktop Player |
21 | # whitelist ${HOME}/.config/pulse | 21 | # whitelist ${HOME}/.config/pulse |
22 | # whitelist ${HOME}/.pulse | 22 | # whitelist ${HOME}/.pulse |
23 | whitelist ${HOME}/.config/Google Play Music Desktop Player | 23 | allow ${HOME}/.config/Google Play Music Desktop Player |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile index 2d0bce52b..952c9c1d4 100644 --- a/etc/profile-a-l/googler-common.profile +++ b/etc/profile-a-l/googler-common.profile | |||
@@ -7,10 +7,10 @@ include googler-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | deny ${RUNUSER} |
12 | 12 | ||
13 | noblacklist ${HOME}/.w3m | 13 | nodeny ${HOME}/.w3m |
14 | 14 | ||
15 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 15 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
16 | include allow-bin-sh.inc | 16 | include allow-bin-sh.inc |
@@ -26,7 +26,7 @@ include disable-programs.inc | |||
26 | include disable-shell.inc | 26 | include disable-shell.inc |
27 | include disable-xdg.inc | 27 | include disable-xdg.inc |
28 | 28 | ||
29 | whitelist ${HOME}/.w3m | 29 | allow ${HOME}/.w3m |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
diff --git a/etc/profile-a-l/gpa.profile b/etc/profile-a-l/gpa.profile index 37b4f0b1c..9b8da361b 100644 --- a/etc/profile-a-l/gpa.profile +++ b/etc/profile-a-l/gpa.profile | |||
@@ -6,7 +6,7 @@ include gpa.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gnupg | 9 | nodeny ${HOME}/.gnupg |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile index 7f0b614b1..5fa66bb55 100644 --- a/etc/profile-a-l/gpg-agent.profile +++ b/etc/profile-a-l/gpg-agent.profile | |||
@@ -7,10 +7,10 @@ include gpg-agent.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.gnupg | 10 | nodeny ${HOME}/.gnupg |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | deny /tmp/.X11-unix |
13 | blacklist ${RUNUSER}/wayland-* | 13 | deny ${RUNUSER}/wayland-* |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -20,11 +20,11 @@ include disable-programs.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.gnupg | 22 | mkdir ${HOME}/.gnupg |
23 | whitelist ${HOME}/.gnupg | 23 | allow ${HOME}/.gnupg |
24 | whitelist ${RUNUSER}/gnupg | 24 | allow ${RUNUSER}/gnupg |
25 | whitelist ${RUNUSER}/keyring | 25 | allow ${RUNUSER}/keyring |
26 | whitelist /usr/share/gnupg | 26 | allow /usr/share/gnupg |
27 | whitelist /usr/share/gnupg2 | 27 | allow /usr/share/gnupg2 |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile index 4a4d6527c..2ad896abe 100644 --- a/etc/profile-a-l/gpg.profile +++ b/etc/profile-a-l/gpg.profile | |||
@@ -7,10 +7,10 @@ include gpg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.gnupg | 10 | nodeny ${HOME}/.gnupg |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | deny /tmp/.X11-unix |
13 | blacklist ${RUNUSER}/wayland-* | 13 | deny ${RUNUSER}/wayland-* |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -18,11 +18,11 @@ include disable-interpreters.inc | |||
18 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | whitelist ${RUNUSER}/gnupg | 21 | allow ${RUNUSER}/gnupg |
22 | whitelist ${RUNUSER}/keyring | 22 | allow ${RUNUSER}/keyring |
23 | whitelist /usr/share/gnupg | 23 | allow /usr/share/gnupg |
24 | whitelist /usr/share/gnupg2 | 24 | allow /usr/share/gnupg2 |
25 | whitelist /usr/share/pacman/keyrings | 25 | allow /usr/share/pacman/keyrings |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile index fa53c26c8..0552dc3d7 100644 --- a/etc/profile-a-l/gpicview.profile +++ b/etc/profile-a-l/gpicview.profile | |||
@@ -6,7 +6,7 @@ include gpicview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gpicview | 9 | nodeny ${HOME}/.config/gpicview |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | whitelist /usr/share/gpicview | 19 | allow /usr/share/gpicview |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile index 253d644f1..c9e62a73f 100644 --- a/etc/profile-a-l/gpredict.profile +++ b/etc/profile-a-l/gpredict.profile | |||
@@ -6,7 +6,7 @@ include gpredict.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Gpredict | 9 | nodeny ${HOME}/.config/Gpredict |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.config/Gpredict | 19 | mkdir ${HOME}/.config/Gpredict |
20 | whitelist ${HOME}/.config/Gpredict | 20 | allow ${HOME}/.config/Gpredict |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile index 2b4c536d2..2aebe2338 100644 --- a/etc/profile-a-l/gradio.profile +++ b/etc/profile-a-l/gradio.profile | |||
@@ -5,8 +5,8 @@ include gradio.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/gradio | 8 | nodeny ${HOME}/.cache/gradio |
9 | noblacklist ${HOME}/.local/share/gradio | 9 | nodeny ${HOME}/.local/share/gradio |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-xdg.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.cache/gradio | 19 | mkdir ${HOME}/.cache/gradio |
20 | mkdir ${HOME}/.local/share/gradio | 20 | mkdir ${HOME}/.local/share/gradio |
21 | whitelist ${HOME}/.cache/gradio | 21 | allow ${HOME}/.cache/gradio |
22 | whitelist ${HOME}/.local/share/gradio | 22 | allow ${HOME}/.local/share/gradio |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile index c7e0c2977..53f0baccb 100644 --- a/etc/profile-a-l/gramps.profile +++ b/etc/profile-a-l/gramps.profile | |||
@@ -6,7 +6,7 @@ include gramps.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gramps | 9 | nodeny ${HOME}/.gramps |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | #include allow-python2.inc | 12 | #include allow-python2.inc |
@@ -21,7 +21,7 @@ include disable-programs.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.gramps | 23 | mkdir ${HOME}/.gramps |
24 | whitelist ${HOME}/.gramps | 24 | allow ${HOME}/.gramps |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile index 890ba2560..ecc871c2e 100644 --- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile +++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/gravity-beams-and-evaporating-stars | 18 | allow /usr/share/gravity-beams-and-evaporating-stars |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile index 5927e8c4d..9a4f7b4fb 100644 --- a/etc/profile-a-l/gthumb.profile +++ b/etc/profile-a-l/gthumb.profile | |||
@@ -6,9 +6,9 @@ include gthumb.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gthumb | 9 | nodeny ${HOME}/.config/gthumb |
10 | noblacklist ${HOME}/.Steam | 10 | nodeny ${HOME}/.Steam |
11 | noblacklist ${HOME}/.steam | 11 | nodeny ${HOME}/.steam |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile index c8addae75..d6bb9902a 100644 --- a/etc/profile-a-l/gtk-update-icon-cache.profile +++ b/etc/profile-a-l/gtk-update-icon-cache.profile | |||
@@ -7,7 +7,7 @@ include gtk-update-icon-cache.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gtk2-youtube-viewer.profile b/etc/profile-a-l/gtk2-youtube-viewer.profile index 787c7bd90..8241de43a 100644 --- a/etc/profile-a-l/gtk2-youtube-viewer.profile +++ b/etc/profile-a-l/gtk2-youtube-viewer.profile | |||
@@ -8,8 +8,8 @@ include gtk2-youtube-viewer.local | |||
8 | 8 | ||
9 | ignore quiet | 9 | ignore quiet |
10 | 10 | ||
11 | noblacklist /tmp/.X11-unix | 11 | nodeny /tmp/.X11-unix |
12 | noblacklist ${RUNUSER} | 12 | nodeny ${RUNUSER} |
13 | 13 | ||
14 | include whitelist-runuser-common.inc | 14 | include whitelist-runuser-common.inc |
15 | 15 | ||
diff --git a/etc/profile-a-l/gtk3-youtube-viewer.profile b/etc/profile-a-l/gtk3-youtube-viewer.profile index 988882622..6ea4ebbdc 100644 --- a/etc/profile-a-l/gtk3-youtube-viewer.profile +++ b/etc/profile-a-l/gtk3-youtube-viewer.profile | |||
@@ -8,8 +8,8 @@ include gtk3-youtube-viewer.local | |||
8 | 8 | ||
9 | ignore quiet | 9 | ignore quiet |
10 | 10 | ||
11 | noblacklist /tmp/.X11-unix | 11 | nodeny /tmp/.X11-unix |
12 | noblacklist ${RUNUSER} | 12 | nodeny ${RUNUSER} |
13 | 13 | ||
14 | include whitelist-runuser-common.inc | 14 | include whitelist-runuser-common.inc |
15 | 15 | ||
diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile index 3d2b71e9d..731bcad1d 100644 --- a/etc/profile-a-l/guayadeque.profile +++ b/etc/profile-a-l/guayadeque.profile | |||
@@ -5,8 +5,8 @@ include guayadeque.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.guayadeque | 8 | nodeny ${HOME}/.guayadeque |
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gummi.profile b/etc/profile-a-l/gummi.profile index 2223c37a1..5cdc2cc18 100644 --- a/etc/profile-a-l/gummi.profile +++ b/etc/profile-a-l/gummi.profile | |||
@@ -5,8 +5,8 @@ include gummi.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/gummi | 8 | nodeny ${HOME}/.cache/gummi |
9 | noblacklist ${HOME}/.config/gummi | 9 | nodeny ${HOME}/.config/gummi |
10 | 10 | ||
11 | # Allow lua (blacklisted by disable-interpreters.inc) | 11 | # Allow lua (blacklisted by disable-interpreters.inc) |
12 | include allow-lua.inc | 12 | include allow-lua.inc |
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile index 9221ca31c..3404f5177 100644 --- a/etc/profile-a-l/guvcview.profile +++ b/etc/profile-a-l/guvcview.profile | |||
@@ -6,10 +6,10 @@ include guvcview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/guvcview2 | 9 | nodeny ${HOME}/.config/guvcview2 |
10 | 10 | ||
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | noblacklist ${VIDEOS} | 12 | nodeny ${VIDEOS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -21,9 +21,9 @@ include disable-shell.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.config/guvcview2 | 23 | mkdir ${HOME}/.config/guvcview2 |
24 | whitelist ${HOME}/.config/guvcview2 | 24 | allow ${HOME}/.config/guvcview2 |
25 | whitelist ${PICTURES} | 25 | allow ${PICTURES} |
26 | whitelist ${VIDEOS} | 26 | allow ${VIDEOS} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile index d33e2a673..132b5a2e2 100644 --- a/etc/profile-a-l/gwenview.profile +++ b/etc/profile-a-l/gwenview.profile | |||
@@ -6,17 +6,17 @@ include gwenview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/GIMP | 9 | nodeny ${HOME}/.config/GIMP |
10 | noblacklist ${HOME}/.config/gwenviewrc | 10 | nodeny ${HOME}/.config/gwenviewrc |
11 | noblacklist ${HOME}/.config/org.kde.gwenviewrc | 11 | nodeny ${HOME}/.config/org.kde.gwenviewrc |
12 | noblacklist ${HOME}/.gimp* | 12 | nodeny ${HOME}/.gimp* |
13 | noblacklist ${HOME}/.kde/share/apps/gwenview | 13 | nodeny ${HOME}/.kde/share/apps/gwenview |
14 | noblacklist ${HOME}/.kde/share/config/gwenviewrc | 14 | nodeny ${HOME}/.kde/share/config/gwenviewrc |
15 | noblacklist ${HOME}/.kde4/share/apps/gwenview | 15 | nodeny ${HOME}/.kde4/share/apps/gwenview |
16 | noblacklist ${HOME}/.kde4/share/config/gwenviewrc | 16 | nodeny ${HOME}/.kde4/share/config/gwenviewrc |
17 | noblacklist ${HOME}/.local/share/gwenview | 17 | nodeny ${HOME}/.local/share/gwenview |
18 | noblacklist ${HOME}/.local/share/kxmlgui5/gwenview | 18 | nodeny ${HOME}/.local/share/kxmlgui5/gwenview |
19 | noblacklist ${HOME}/.local/share/org.kde.gwenview | 19 | nodeny ${HOME}/.local/share/org.kde.gwenview |
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-devel.inc | 22 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gzip.profile b/etc/profile-a-l/gzip.profile index b261c16f4..46c98bdc2 100644 --- a/etc/profile-a-l/gzip.profile +++ b/etc/profile-a-l/gzip.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | 9 | ||
10 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop | 10 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop |
11 | # all capabilities this is automatically read-only. | 11 | # all capabilities this is automatically read-only. |
12 | noblacklist /var/lib/pacman | 12 | nodeny /var/lib/pacman |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include archiver-common.profile | 15 | include archiver-common.profile |
diff --git a/etc/profile-a-l/handbrake.profile b/etc/profile-a-l/handbrake.profile index 847e1ec1e..c102ac4cb 100644 --- a/etc/profile-a-l/handbrake.profile +++ b/etc/profile-a-l/handbrake.profile | |||
@@ -6,9 +6,9 @@ include handbrake.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ghb | 9 | nodeny ${HOME}/.config/ghb |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile index aab4b0c21..d98a1b554 100644 --- a/etc/profile-a-l/hashcat.profile +++ b/etc/profile-a-l/hashcat.profile | |||
@@ -7,11 +7,11 @@ include hashcat.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | noblacklist ${HOME}/.hashcat | 12 | nodeny ${HOME}/.hashcat |
13 | noblacklist /usr/include | 13 | nodeny /usr/include |
14 | noblacklist ${DOCUMENTS} | 14 | nodeny ${DOCUMENTS} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile index 44584f26b..1c2a44e06 100644 --- a/etc/profile-a-l/hasher-common.profile +++ b/etc/profile-a-l/hasher-common.profile | |||
@@ -4,7 +4,7 @@ include hasher-common.local | |||
4 | 4 | ||
5 | # common profile for hasher/checksum tools | 5 | # common profile for hasher/checksum tools |
6 | 6 | ||
7 | blacklist ${RUNUSER} | 7 | deny ${RUNUSER} |
8 | 8 | ||
9 | # Comment/uncomment the relevant include file(s) in your hasher-common.local | 9 | # Comment/uncomment the relevant include file(s) in your hasher-common.local |
10 | # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher** | 10 | # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher** |
diff --git a/etc/profile-a-l/hedgewars.profile b/etc/profile-a-l/hedgewars.profile index c0675d8ec..90833af91 100644 --- a/etc/profile-a-l/hedgewars.profile +++ b/etc/profile-a-l/hedgewars.profile | |||
@@ -6,7 +6,7 @@ include hedgewars.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.hedgewars | 9 | nodeny ${HOME}/.hedgewars |
10 | 10 | ||
11 | include allow-lua.inc | 11 | include allow-lua.inc |
12 | 12 | ||
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.hedgewars | 19 | mkdir ${HOME}/.hedgewars |
20 | whitelist ${HOME}/.hedgewars | 20 | allow ${HOME}/.hedgewars |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile index b887de147..993efb591 100644 --- a/etc/profile-a-l/hexchat.profile +++ b/etc/profile-a-l/hexchat.profile | |||
@@ -6,7 +6,7 @@ include hexchat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/hexchat | 9 | nodeny ${HOME}/.config/hexchat |
10 | 10 | ||
11 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 11 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
12 | include allow-bin-sh.inc | 12 | include allow-bin-sh.inc |
@@ -28,7 +28,7 @@ include disable-shell.inc | |||
28 | include disable-xdg.inc | 28 | include disable-xdg.inc |
29 | 29 | ||
30 | mkdir ${HOME}/.config/hexchat | 30 | mkdir ${HOME}/.config/hexchat |
31 | whitelist ${HOME}/.config/hexchat | 31 | allow ${HOME}/.config/hexchat |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile index 643736ac7..53db642dc 100644 --- a/etc/profile-a-l/highlight.profile +++ b/etc/profile-a-l/highlight.profile | |||
@@ -6,7 +6,7 @@ include highlight.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER} | 9 | deny ${RUNUSER} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile index 199b1a5e5..ef259cc00 100644 --- a/etc/profile-a-l/homebank.profile +++ b/etc/profile-a-l/homebank.profile | |||
@@ -6,7 +6,7 @@ include homebank.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/homebank | 9 | nodeny ${HOME}/.config/homebank |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/homebank | 20 | mkdir ${HOME}/.config/homebank |
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | whitelist ${HOME}/.config/homebank | 22 | allow ${HOME}/.config/homebank |
23 | whitelist /usr/share/homebank | 23 | allow /usr/share/homebank |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile index 00d9f7a76..63e1be259 100644 --- a/etc/profile-a-l/host.profile +++ b/etc/profile-a-l/host.profile | |||
@@ -7,8 +7,8 @@ include host.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | noblacklist ${PATH}/host | 11 | nodeny ${PATH}/host |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile index 267712c87..db5cd29cc 100644 --- a/etc/profile-a-l/hugin.profile +++ b/etc/profile-a-l/hugin.profile | |||
@@ -6,9 +6,9 @@ include hugin.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.hugin | 9 | nodeny ${HOME}/.hugin |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile index e66ffd7e1..1fb33ceb8 100644 --- a/etc/profile-a-l/hyperrogue.profile +++ b/etc/profile-a-l/hyperrogue.profile | |||
@@ -6,7 +6,7 @@ include hyperrogue.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/hyperrogue.ini | 9 | nodeny ${HOME}/hyperrogue.ini |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/hyperrogue.ini | 20 | mkfile ${HOME}/hyperrogue.ini |
21 | whitelist ${HOME}/hyperrogue.ini | 21 | allow ${HOME}/hyperrogue.ini |
22 | whitelist /usr/share/hyperrogue | 22 | allow /usr/share/hyperrogue |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile index 47c984175..c8a2e8a04 100644 --- a/etc/profile-a-l/i2prouter.profile +++ b/etc/profile-a-l/i2prouter.profile | |||
@@ -14,12 +14,12 @@ include globals.local | |||
14 | # Only needed when i2prouter binary resides in home directory (official I2P java installer does so). | 14 | # Only needed when i2prouter binary resides in home directory (official I2P java installer does so). |
15 | ignore noexec ${HOME} | 15 | ignore noexec ${HOME} |
16 | 16 | ||
17 | noblacklist ${HOME}/.config/i2p | 17 | nodeny ${HOME}/.config/i2p |
18 | noblacklist ${HOME}/.i2p | 18 | nodeny ${HOME}/.i2p |
19 | noblacklist ${HOME}/.local/share/i2p | 19 | nodeny ${HOME}/.local/share/i2p |
20 | noblacklist ${HOME}/i2p | 20 | nodeny ${HOME}/i2p |
21 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). | 21 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). |
22 | noblacklist /usr/sbin | 22 | nodeny /usr/sbin |
23 | 23 | ||
24 | # Allow java (blacklisted by disable-devel.inc) | 24 | # Allow java (blacklisted by disable-devel.inc) |
25 | include allow-java.inc | 25 | include allow-java.inc |
@@ -36,12 +36,12 @@ mkdir ${HOME}/.config/i2p | |||
36 | mkdir ${HOME}/.i2p | 36 | mkdir ${HOME}/.i2p |
37 | mkdir ${HOME}/.local/share/i2p | 37 | mkdir ${HOME}/.local/share/i2p |
38 | mkdir ${HOME}/i2p | 38 | mkdir ${HOME}/i2p |
39 | whitelist ${HOME}/.config/i2p | 39 | allow ${HOME}/.config/i2p |
40 | whitelist ${HOME}/.i2p | 40 | allow ${HOME}/.i2p |
41 | whitelist ${HOME}/.local/share/i2p | 41 | allow ${HOME}/.local/share/i2p |
42 | whitelist ${HOME}/i2p | 42 | allow ${HOME}/i2p |
43 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). | 43 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). |
44 | whitelist /usr/sbin/wrapper* | 44 | allow /usr/sbin/wrapper* |
45 | 45 | ||
46 | include whitelist-common.inc | 46 | include whitelist-common.inc |
47 | 47 | ||
diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile index e96b1843c..95ddad221 100644 --- a/etc/profile-a-l/i3.profile +++ b/etc/profile-a-l/i3.profile | |||
@@ -7,7 +7,7 @@ include i3.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in i3 will run in this profile | 9 | # all applications started in i3 will run in this profile |
10 | noblacklist ${HOME}/.config/i3 | 10 | nodeny ${HOME}/.config/i3 |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/icecat.profile b/etc/profile-a-l/icecat.profile index 660343a29..0de2f658b 100644 --- a/etc/profile-a-l/icecat.profile +++ b/etc/profile-a-l/icecat.profile | |||
@@ -5,13 +5,13 @@ include icecat.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/mozilla | 8 | nodeny ${HOME}/.cache/mozilla |
9 | noblacklist ${HOME}/.mozilla | 9 | nodeny ${HOME}/.mozilla |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/mozilla/icecat | 11 | mkdir ${HOME}/.cache/mozilla/icecat |
12 | mkdir ${HOME}/.mozilla | 12 | mkdir ${HOME}/.mozilla |
13 | whitelist ${HOME}/.cache/mozilla/icecat | 13 | allow ${HOME}/.cache/mozilla/icecat |
14 | whitelist ${HOME}/.mozilla | 14 | allow ${HOME}/.mozilla |
15 | 15 | ||
16 | # private-etc must first be enabled in firefox-common.profile | 16 | # private-etc must first be enabled in firefox-common.profile |
17 | #private-etc icecat | 17 | #private-etc icecat |
diff --git a/etc/profile-a-l/icedove.profile b/etc/profile-a-l/icedove.profile index 19690cd5a..0c22d87d0 100644 --- a/etc/profile-a-l/icedove.profile +++ b/etc/profile-a-l/icedove.profile | |||
@@ -9,16 +9,16 @@ include icedove.local | |||
9 | # Users have icedove set to open a browser by clicking a link in an email | 9 | # Users have icedove set to open a browser by clicking a link in an email |
10 | # We are not allowed to blacklist browser-specific directories | 10 | # We are not allowed to blacklist browser-specific directories |
11 | 11 | ||
12 | noblacklist ${HOME}/.cache/icedove | 12 | nodeny ${HOME}/.cache/icedove |
13 | noblacklist ${HOME}/.gnupg | 13 | nodeny ${HOME}/.gnupg |
14 | noblacklist ${HOME}/.icedove | 14 | nodeny ${HOME}/.icedove |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/icedove | 16 | mkdir ${HOME}/.cache/icedove |
17 | mkdir ${HOME}/.gnupg | 17 | mkdir ${HOME}/.gnupg |
18 | mkdir ${HOME}/.icedove | 18 | mkdir ${HOME}/.icedove |
19 | whitelist ${HOME}/.cache/icedove | 19 | allow ${HOME}/.cache/icedove |
20 | whitelist ${HOME}/.gnupg | 20 | allow ${HOME}/.gnupg |
21 | whitelist ${HOME}/.icedove | 21 | allow ${HOME}/.icedove |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | ignore private-tmp | 24 | ignore private-tmp |
diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile index 680b8e777..180b62ec2 100644 --- a/etc/profile-a-l/idea.sh.profile +++ b/etc/profile-a-l/idea.sh.profile | |||
@@ -5,12 +5,12 @@ include idea.sh.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.IdeaIC* | 8 | nodeny ${HOME}/.IdeaIC* |
9 | noblacklist ${HOME}/.android | 9 | nodeny ${HOME}/.android |
10 | noblacklist ${HOME}/.jack-server | 10 | nodeny ${HOME}/.jack-server |
11 | noblacklist ${HOME}/.jack-settings | 11 | nodeny ${HOME}/.jack-settings |
12 | noblacklist ${HOME}/.local/share/JetBrains | 12 | nodeny ${HOME}/.local/share/JetBrains |
13 | noblacklist ${HOME}/.tooling | 13 | nodeny ${HOME}/.tooling |
14 | 14 | ||
15 | # Allows files commonly used by IDEs | 15 | # Allows files commonly used by IDEs |
16 | include allow-common-devel.inc | 16 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/imagej.profile b/etc/profile-a-l/imagej.profile index 12ce7976b..5d28e7aca 100644 --- a/etc/profile-a-l/imagej.profile +++ b/etc/profile-a-l/imagej.profile | |||
@@ -6,7 +6,7 @@ include imagej.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.imagej | 9 | nodeny ${HOME}/.imagej |
10 | 10 | ||
11 | # Allow java (blacklisted by disable-devel.inc) | 11 | # Allow java (blacklisted by disable-devel.inc) |
12 | include allow-java.inc | 12 | include allow-java.inc |
diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile index c26958d06..70d56a7dc 100644 --- a/etc/profile-a-l/img2txt.profile +++ b/etc/profile-a-l/img2txt.profile | |||
@@ -5,10 +5,10 @@ include img2txt.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | blacklist ${RUNUSER}/wayland-* | 8 | deny ${RUNUSER}/wayland-* |
9 | 9 | ||
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist /usr/share/imlib2 | 21 | allow /usr/share/imlib2 |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/impressive.profile b/etc/profile-a-l/impressive.profile index c152be01c..4914cd9d0 100644 --- a/etc/profile-a-l/impressive.profile +++ b/etc/profile-a-l/impressive.profile | |||
@@ -6,9 +6,9 @@ include impressive.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist /sbin | 10 | nodeny /sbin |
11 | noblacklist /usr/sbin | 11 | nodeny /usr/sbin |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | #include allow-python2.inc | 14 | #include allow-python2.inc |
@@ -23,8 +23,8 @@ include disable-programs.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.cache/mesa_shader_cache | 25 | mkdir ${HOME}/.cache/mesa_shader_cache |
26 | whitelist /usr/share/opengl-games-utils | 26 | allow /usr/share/opengl-games-utils |
27 | whitelist /usr/share/zenity | 27 | allow /usr/share/zenity |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile index 35dd86b32..1a949b300 100644 --- a/etc/profile-a-l/inkscape.profile +++ b/etc/profile-a-l/inkscape.profile | |||
@@ -6,14 +6,14 @@ include inkscape.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/inkscape | 9 | nodeny ${HOME}/.cache/inkscape |
10 | noblacklist ${HOME}/.config/inkscape | 10 | nodeny ${HOME}/.config/inkscape |
11 | noblacklist ${HOME}/.inkscape | 11 | nodeny ${HOME}/.inkscape |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | noblacklist ${PICTURES} | 13 | nodeny ${PICTURES} |
14 | # Allow exporting .xcf files | 14 | # Allow exporting .xcf files |
15 | noblacklist ${HOME}/.config/GIMP | 15 | nodeny ${HOME}/.config/GIMP |
16 | noblacklist ${HOME}/.gimp* | 16 | nodeny ${HOME}/.gimp* |
17 | 17 | ||
18 | 18 | ||
19 | # Allow python (blacklisted by disable-interpreters.inc) | 19 | # Allow python (blacklisted by disable-interpreters.inc) |
@@ -28,7 +28,7 @@ include disable-passwdmgr.inc | |||
28 | include disable-programs.inc | 28 | include disable-programs.inc |
29 | include disable-xdg.inc | 29 | include disable-xdg.inc |
30 | 30 | ||
31 | whitelist /usr/share/inkscape | 31 | allow /usr/share/inkscape |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-a-l/inox.profile b/etc/profile-a-l/inox.profile index a5cac12f2..1591ed7ea 100644 --- a/etc/profile-a-l/inox.profile +++ b/etc/profile-a-l/inox.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/inox | 13 | nodeny ${HOME}/.cache/inox |
14 | noblacklist ${HOME}/.config/inox | 14 | nodeny ${HOME}/.config/inox |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/inox | 16 | mkdir ${HOME}/.cache/inox |
17 | mkdir ${HOME}/.config/inox | 17 | mkdir ${HOME}/.config/inox |
18 | whitelist ${HOME}/.cache/inox | 18 | allow ${HOME}/.cache/inox |
19 | whitelist ${HOME}/.config/inox | 19 | allow ${HOME}/.config/inox |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/iridium.profile b/etc/profile-a-l/iridium.profile index 3037d00e9..f361fd663 100644 --- a/etc/profile-a-l/iridium.profile +++ b/etc/profile-a-l/iridium.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/iridium | 13 | nodeny ${HOME}/.cache/iridium |
14 | noblacklist ${HOME}/.config/iridium | 14 | nodeny ${HOME}/.config/iridium |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/iridium | 16 | mkdir ${HOME}/.cache/iridium |
17 | mkdir ${HOME}/.config/iridium | 17 | mkdir ${HOME}/.config/iridium |
18 | whitelist ${HOME}/.cache/iridium | 18 | allow ${HOME}/.cache/iridium |
19 | whitelist ${HOME}/.config/iridium | 19 | allow ${HOME}/.config/iridium |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/itch.profile b/etc/profile-a-l/itch.profile index e02dcbdb1..fa0bcf986 100644 --- a/etc/profile-a-l/itch.profile +++ b/etc/profile-a-l/itch.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | # itch.io has native firejail/sandboxing support bundled in | 8 | # itch.io has native firejail/sandboxing support bundled in |
9 | # See https://itch.io/docs/itch/using/sandbox/linux.html | 9 | # See https://itch.io/docs/itch/using/sandbox/linux.html |
10 | 10 | ||
11 | noblacklist ${HOME}/.itch | 11 | nodeny ${HOME}/.itch |
12 | noblacklist ${HOME}/.config/itch | 12 | nodeny ${HOME}/.config/itch |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-programs.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.itch | 20 | mkdir ${HOME}/.itch |
21 | mkdir ${HOME}/.config/itch | 21 | mkdir ${HOME}/.config/itch |
22 | whitelist ${HOME}/.itch | 22 | allow ${HOME}/.itch |
23 | whitelist ${HOME}/.config/itch | 23 | allow ${HOME}/.config/itch |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile index 3e9abf369..e4be574df 100644 --- a/etc/profile-a-l/jami-gnome.profile +++ b/etc/profile-a-l/jami-gnome.profile | |||
@@ -6,8 +6,8 @@ include jami-gnome.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/jami | 9 | nodeny ${HOME}/.config/jami |
10 | noblacklist ${HOME}/.local/share/jami | 10 | nodeny ${HOME}/.local/share/jami |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.config/jami | 19 | mkdir ${HOME}/.config/jami |
20 | mkdir ${HOME}/.local/share/jami | 20 | mkdir ${HOME}/.local/share/jami |
21 | whitelist ${HOME}/.config/jami | 21 | allow ${HOME}/.config/jami |
22 | whitelist ${HOME}/.local/share/jami | 22 | allow ${HOME}/.local/share/jami |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-a-l/jd-gui.profile b/etc/profile-a-l/jd-gui.profile index 7d29f1068..bfea84c69 100644 --- a/etc/profile-a-l/jd-gui.profile +++ b/etc/profile-a-l/jd-gui.profile | |||
@@ -5,7 +5,7 @@ include jd-gui.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/jd-gui.cfg | 8 | nodeny ${HOME}/.config/jd-gui.cfg |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile index 85b1f2120..c41027618 100644 --- a/etc/profile-a-l/jerry.profile +++ b/etc/profile-a-l/jerry.profile | |||
@@ -6,7 +6,7 @@ include jerry.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/dkl | 9 | nodeny ${HOME}/.config/dkl |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/jitsi-meet-desktop.profile b/etc/profile-a-l/jitsi-meet-desktop.profile index edb7ed840..9ca30c36d 100644 --- a/etc/profile-a-l/jitsi-meet-desktop.profile +++ b/etc/profile-a-l/jitsi-meet-desktop.profile | |||
@@ -13,12 +13,12 @@ ignore shell none | |||
13 | 13 | ||
14 | ignore noexec /tmp | 14 | ignore noexec /tmp |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/Jitsi Meet | 16 | nodeny ${HOME}/.config/Jitsi Meet |
17 | 17 | ||
18 | nowhitelist ${DOWNLOADS} | 18 | noallow ${DOWNLOADS} |
19 | 19 | ||
20 | mkdir ${HOME}/.config/Jitsi Meet | 20 | mkdir ${HOME}/.config/Jitsi Meet |
21 | whitelist ${HOME}/.config/Jitsi Meet | 21 | allow ${HOME}/.config/Jitsi Meet |
22 | 22 | ||
23 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh | 23 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh |
24 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg | 24 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg |
diff --git a/etc/profile-a-l/jitsi.profile b/etc/profile-a-l/jitsi.profile index 223c360b8..f53e6ca32 100644 --- a/etc/profile-a-l/jitsi.profile +++ b/etc/profile-a-l/jitsi.profile | |||
@@ -5,7 +5,7 @@ include jitsi.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.jitsi | 8 | nodeny ${HOME}/.jitsi |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile index 9954b8aea..c0a78ecc0 100644 --- a/etc/profile-a-l/jumpnbump.profile +++ b/etc/profile-a-l/jumpnbump.profile | |||
@@ -6,7 +6,7 @@ include jumpnbump.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.jumpnbump | 9 | nodeny ${HOME}/.jumpnbump |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.jumpnbump | 19 | mkdir ${HOME}/.jumpnbump |
20 | whitelist ${HOME}/.jumpnbump | 20 | allow ${HOME}/.jumpnbump |
21 | whitelist /usr/share/jumpnbump | 21 | allow /usr/share/jumpnbump |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile index 5ae90dff6..73ce8670f 100644 --- a/etc/profile-a-l/k3b.profile +++ b/etc/profile-a-l/k3b.profile | |||
@@ -6,11 +6,11 @@ include k3b.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/k3brc | 9 | nodeny ${HOME}/.config/k3brc |
10 | noblacklist ${HOME}/.kde/share/config/k3brc | 10 | nodeny ${HOME}/.kde/share/config/k3brc |
11 | noblacklist ${HOME}/.kde4/share/config/k3brc | 11 | nodeny ${HOME}/.kde4/share/config/k3brc |
12 | noblacklist ${HOME}/.local/share/kxmlgui5/k3b | 12 | nodeny ${HOME}/.local/share/kxmlgui5/k3b |
13 | noblacklist ${MUSIC} | 13 | nodeny ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile index d55fd22cb..e6a00e350 100644 --- a/etc/profile-a-l/kaffeine.profile +++ b/etc/profile-a-l/kaffeine.profile | |||
@@ -6,14 +6,14 @@ include kaffeine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kaffeinerc | 9 | nodeny ${HOME}/.config/kaffeinerc |
10 | noblacklist ${HOME}/.kde/share/apps/kaffeine | 10 | nodeny ${HOME}/.kde/share/apps/kaffeine |
11 | noblacklist ${HOME}/.kde/share/config/kaffeinerc | 11 | nodeny ${HOME}/.kde/share/config/kaffeinerc |
12 | noblacklist ${HOME}/.kde4/share/apps/kaffeine | 12 | nodeny ${HOME}/.kde4/share/apps/kaffeine |
13 | noblacklist ${HOME}/.kde4/share/config/kaffeinerc | 13 | nodeny ${HOME}/.kde4/share/config/kaffeinerc |
14 | noblacklist ${HOME}/.local/share/kaffeine | 14 | nodeny ${HOME}/.local/share/kaffeine |
15 | noblacklist ${MUSIC} | 15 | nodeny ${MUSIC} |
16 | noblacklist ${VIDEOS} | 16 | nodeny ${VIDEOS} |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile index 503dac4b6..98b04353e 100644 --- a/etc/profile-a-l/kalgebra.profile +++ b/etc/profile-a-l/kalgebra.profile | |||
@@ -6,8 +6,8 @@ include kalgebra.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kalgebrarc | 9 | nodeny ${HOME}/.config/kalgebrarc |
10 | noblacklist ${HOME}/.local/share/kalgebra | 10 | nodeny ${HOME}/.local/share/kalgebra |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist /usr/share/kalgebramobile | 20 | allow /usr/share/kalgebramobile |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-a-l/karbon.profile b/etc/profile-a-l/karbon.profile index 231299a2f..db5394550 100644 --- a/etc/profile-a-l/karbon.profile +++ b/etc/profile-a-l/karbon.profile | |||
@@ -6,7 +6,7 @@ include karbon.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/karbon | 9 | nodeny ${HOME}/.local/share/kxmlgui5/karbon |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include krita.profile | 12 | include krita.profile |
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile index 27b87e7c3..d2b180492 100644 --- a/etc/profile-a-l/kate.profile +++ b/etc/profile-a-l/kate.profile | |||
@@ -8,20 +8,20 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/katemetainfos | 11 | nodeny ${HOME}/.config/katemetainfos |
12 | noblacklist ${HOME}/.config/katepartrc | 12 | nodeny ${HOME}/.config/katepartrc |
13 | noblacklist ${HOME}/.config/katerc | 13 | nodeny ${HOME}/.config/katerc |
14 | noblacklist ${HOME}/.config/kateschemarc | 14 | nodeny ${HOME}/.config/kateschemarc |
15 | noblacklist ${HOME}/.config/katesyntaxhighlightingrc | 15 | nodeny ${HOME}/.config/katesyntaxhighlightingrc |
16 | noblacklist ${HOME}/.config/katevirc | 16 | nodeny ${HOME}/.config/katevirc |
17 | noblacklist ${HOME}/.local/share/kate | 17 | nodeny ${HOME}/.local/share/kate |
18 | noblacklist ${HOME}/.local/share/kxmlgui5/kate | 18 | nodeny ${HOME}/.local/share/kxmlgui5/kate |
19 | noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree | 19 | nodeny ${HOME}/.local/share/kxmlgui5/katefiletree |
20 | noblacklist ${HOME}/.local/share/kxmlgui5/katekonsole | 20 | nodeny ${HOME}/.local/share/kxmlgui5/katekonsole |
21 | noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin | 21 | nodeny ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin |
22 | noblacklist ${HOME}/.local/share/kxmlgui5/katepart | 22 | nodeny ${HOME}/.local/share/kxmlgui5/katepart |
23 | noblacklist ${HOME}/.local/share/kxmlgui5/kateproject | 23 | nodeny ${HOME}/.local/share/kxmlgui5/kateproject |
24 | noblacklist ${HOME}/.local/share/kxmlgui5/katesearch | 24 | nodeny ${HOME}/.local/share/kxmlgui5/katesearch |
25 | 25 | ||
26 | include disable-common.inc | 26 | include disable-common.inc |
27 | # include disable-devel.inc | 27 | # include disable-devel.inc |
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile index 9795cf168..a4e2e64f4 100644 --- a/etc/profile-a-l/kazam.profile +++ b/etc/profile-a-l/kazam.profile | |||
@@ -8,9 +8,9 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | noblacklist ${VIDEOS} | 12 | nodeny ${VIDEOS} |
13 | noblacklist ${HOME}/.config/kazam | 13 | nodeny ${HOME}/.config/kazam |
14 | 14 | ||
15 | # Allow python (blacklisted by disable-interpreters.inc) | 15 | # Allow python (blacklisted by disable-interpreters.inc) |
16 | include allow-python2.inc | 16 | include allow-python2.inc |
@@ -25,7 +25,7 @@ include disable-passwdmgr.inc | |||
25 | include disable-shell.inc | 25 | include disable-shell.inc |
26 | include disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | whitelist /usr/share/kazam | 28 | allow /usr/share/kazam |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile index e36ee5ed2..fcb168d4d 100644 --- a/etc/profile-a-l/kcalc.profile +++ b/etc/profile-a-l/kcalc.profile | |||
@@ -6,7 +6,7 @@ include kcalc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/kcalc | 9 | nodeny ${HOME}/.local/share/kxmlgui5/kcalc |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -21,13 +21,13 @@ mkdir ${HOME}/.local/share/kxmlgui5/kcalc | |||
21 | mkfile ${HOME}/.config/kcalcrc | 21 | mkfile ${HOME}/.config/kcalcrc |
22 | mkfile ${HOME}/.kde/share/config/kcalcrc | 22 | mkfile ${HOME}/.kde/share/config/kcalcrc |
23 | mkfile ${HOME}/.kde4/share/config/kcalcrc | 23 | mkfile ${HOME}/.kde4/share/config/kcalcrc |
24 | whitelist ${HOME}/.config/kcalcrc | 24 | allow ${HOME}/.config/kcalcrc |
25 | whitelist ${HOME}/.kde/share/config/kcalcrc | 25 | allow ${HOME}/.kde/share/config/kcalcrc |
26 | whitelist ${HOME}/.kde4/share/config/kcalcrc | 26 | allow ${HOME}/.kde4/share/config/kcalcrc |
27 | whitelist ${HOME}/.local/share/kxmlgui5/kcalc | 27 | allow ${HOME}/.local/share/kxmlgui5/kcalc |
28 | whitelist /usr/share/config.kcfg/kcalc.kcfg | 28 | allow /usr/share/config.kcfg/kcalc.kcfg |
29 | whitelist /usr/share/kcalc | 29 | allow /usr/share/kcalc |
30 | whitelist /usr/share/kconf_update/kcalcrc.upd | 30 | allow /usr/share/kconf_update/kcalcrc.upd |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
33 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile index d2a08a269..4acafbf2a 100644 --- a/etc/profile-a-l/kdenlive.profile +++ b/etc/profile-a-l/kdenlive.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/kdenlive | 11 | nodeny ${HOME}/.cache/kdenlive |
12 | noblacklist ${HOME}/.config/kdenliverc | 12 | nodeny ${HOME}/.config/kdenliverc |
13 | noblacklist ${HOME}/.local/share/kdenlive | 13 | nodeny ${HOME}/.local/share/kdenlive |
14 | noblacklist ${HOME}/.local/share/kxmlgui5/kdenlive | 14 | nodeny ${HOME}/.local/share/kxmlgui5/kdenlive |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile index 7c1cb2294..0c37f7968 100644 --- a/etc/profile-a-l/kdiff3.profile +++ b/etc/profile-a-l/kdiff3.profile | |||
@@ -6,14 +6,14 @@ include kdiff3.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kdiff3fileitemactionrc | 9 | nodeny ${HOME}/.config/kdiff3fileitemactionrc |
10 | noblacklist ${HOME}/.config/kdiff3rc | 10 | nodeny ${HOME}/.config/kdiff3rc |
11 | 11 | ||
12 | # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc. | 12 | # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc. |
13 | # By default we deny access only to .ssh and .gnupg. | 13 | # By default we deny access only to .ssh and .gnupg. |
14 | #include disable-common.inc | 14 | #include disable-common.inc |
15 | blacklist ${HOME}/.ssh | 15 | deny ${HOME}/.ssh |
16 | blacklist ${HOME}/.gnupg | 16 | deny ${HOME}/.gnupg |
17 | 17 | ||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile index ae8971ab4..9c06962bc 100644 --- a/etc/profile-a-l/keepass.profile +++ b/etc/profile-a-l/keepass.profile | |||
@@ -6,14 +6,14 @@ include keepass.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/*.kdb | 9 | nodeny ${HOME}/*.kdb |
10 | noblacklist ${HOME}/*.kdbx | 10 | nodeny ${HOME}/*.kdbx |
11 | noblacklist ${HOME}/.config/KeePass | 11 | nodeny ${HOME}/.config/KeePass |
12 | noblacklist ${HOME}/.config/keepass | 12 | nodeny ${HOME}/.config/keepass |
13 | noblacklist ${HOME}/.keepass | 13 | nodeny ${HOME}/.keepass |
14 | noblacklist ${HOME}/.local/share/KeePass | 14 | nodeny ${HOME}/.local/share/KeePass |
15 | noblacklist ${HOME}/.local/share/keepass | 15 | nodeny ${HOME}/.local/share/keepass |
16 | noblacklist ${DOCUMENTS} | 16 | nodeny ${DOCUMENTS} |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile index ac364986d..2772fa8bf 100644 --- a/etc/profile-a-l/keepassx.profile +++ b/etc/profile-a-l/keepassx.profile | |||
@@ -6,11 +6,11 @@ include keepassx.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/*.kdb | 9 | nodeny ${HOME}/*.kdb |
10 | noblacklist ${HOME}/*.kdbx | 10 | nodeny ${HOME}/*.kdbx |
11 | noblacklist ${HOME}/.config/keepassx | 11 | nodeny ${HOME}/.config/keepassx |
12 | noblacklist ${HOME}/.keepassx | 12 | nodeny ${HOME}/.keepassx |
13 | noblacklist ${DOCUMENTS} | 13 | nodeny ${DOCUMENTS} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile index f71dcf82b..9c530b20d 100644 --- a/etc/profile-a-l/keepassxc.profile +++ b/etc/profile-a-l/keepassxc.profile | |||
@@ -6,23 +6,23 @@ include keepassxc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/*.kdb | 9 | nodeny ${HOME}/*.kdb |
10 | noblacklist ${HOME}/*.kdbx | 10 | nodeny ${HOME}/*.kdbx |
11 | noblacklist ${HOME}/.cache/keepassxc | 11 | nodeny ${HOME}/.cache/keepassxc |
12 | noblacklist ${HOME}/.config/keepassxc | 12 | nodeny ${HOME}/.config/keepassxc |
13 | noblacklist ${HOME}/.config/KeePassXCrc | 13 | nodeny ${HOME}/.config/KeePassXCrc |
14 | noblacklist ${HOME}/.keepassxc | 14 | nodeny ${HOME}/.keepassxc |
15 | noblacklist ${DOCUMENTS} | 15 | nodeny ${DOCUMENTS} |
16 | 16 | ||
17 | # Allow browser profiles, required for browser integration. | 17 | # Allow browser profiles, required for browser integration. |
18 | noblacklist ${HOME}/.config/BraveSoftware | 18 | nodeny ${HOME}/.config/BraveSoftware |
19 | noblacklist ${HOME}/.config/chromium | 19 | nodeny ${HOME}/.config/chromium |
20 | noblacklist ${HOME}/.config/google-chrome | 20 | nodeny ${HOME}/.config/google-chrome |
21 | noblacklist ${HOME}/.config/vivaldi | 21 | nodeny ${HOME}/.config/vivaldi |
22 | noblacklist ${HOME}/.local/share/torbrowser | 22 | nodeny ${HOME}/.local/share/torbrowser |
23 | noblacklist ${HOME}/.mozilla | 23 | nodeny ${HOME}/.mozilla |
24 | 24 | ||
25 | blacklist /usr/libexec | 25 | deny /usr/libexec |
26 | 26 | ||
27 | include disable-common.inc | 27 | include disable-common.inc |
28 | include disable-devel.inc | 28 | include disable-devel.inc |
@@ -57,7 +57,7 @@ include disable-xdg.inc | |||
57 | #whitelist ${HOME}/.config/KeePassXCrc | 57 | #whitelist ${HOME}/.config/KeePassXCrc |
58 | #include whitelist-common.inc | 58 | #include whitelist-common.inc |
59 | 59 | ||
60 | whitelist /usr/share/keepassxc | 60 | allow /usr/share/keepassxc |
61 | include whitelist-usr-share-common.inc | 61 | include whitelist-usr-share-common.inc |
62 | include whitelist-var-common.inc | 62 | include whitelist-var-common.inc |
63 | 63 | ||
diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile index 2c684504b..30c041cbc 100644 --- a/etc/profile-a-l/kget.profile +++ b/etc/profile-a-l/kget.profile | |||
@@ -6,13 +6,13 @@ include kget.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kgetrc | 9 | nodeny ${HOME}/.config/kgetrc |
10 | noblacklist ${HOME}/.kde/share/apps/kget | 10 | nodeny ${HOME}/.kde/share/apps/kget |
11 | noblacklist ${HOME}/.kde/share/config/kgetrc | 11 | nodeny ${HOME}/.kde/share/config/kgetrc |
12 | noblacklist ${HOME}/.kde4/share/apps/kget | 12 | nodeny ${HOME}/.kde4/share/apps/kget |
13 | noblacklist ${HOME}/.kde4/share/config/kgetrc | 13 | nodeny ${HOME}/.kde4/share/config/kgetrc |
14 | noblacklist ${HOME}/.local/share/kget | 14 | nodeny ${HOME}/.local/share/kget |
15 | noblacklist ${HOME}/.local/share/kxmlgui5/kget | 15 | nodeny ${HOME}/.local/share/kxmlgui5/kget |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kid3-qt.profile b/etc/profile-a-l/kid3-qt.profile index 9bcede077..84d135fc3 100644 --- a/etc/profile-a-l/kid3-qt.profile +++ b/etc/profile-a-l/kid3-qt.profile | |||
@@ -2,7 +2,7 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | include kid3-qt.local | 3 | include kid3-qt.local |
4 | 4 | ||
5 | noblacklist ${HOME}/.config/Kid3 | 5 | nodeny ${HOME}/.config/Kid3 |
6 | 6 | ||
7 | # Redirect | 7 | # Redirect |
8 | include kid3.profile | 8 | include kid3.profile |
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile index e18292e99..0ef2a7845 100644 --- a/etc/profile-a-l/kid3.profile +++ b/etc/profile-a-l/kid3.profile | |||
@@ -6,9 +6,9 @@ include kid3.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | noblacklist ${HOME}/.config/kid3rc | 10 | nodeny ${HOME}/.config/kid3rc |
11 | noblacklist ${HOME}/.local/share/kxmlgui5/kid3 | 11 | nodeny ${HOME}/.local/share/kxmlgui5/kid3 |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kino.profile b/etc/profile-a-l/kino.profile index 74014ffe6..833c1d22a 100644 --- a/etc/profile-a-l/kino.profile +++ b/etc/profile-a-l/kino.profile | |||
@@ -6,8 +6,8 @@ include kino.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.kino-history | 9 | nodeny ${HOME}/.kino-history |
10 | noblacklist ${HOME}/.kinorc | 10 | nodeny ${HOME}/.kinorc |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile index 40ee0bbc7..b188ba0e3 100644 --- a/etc/profile-a-l/kiwix-desktop.profile +++ b/etc/profile-a-l/kiwix-desktop.profile | |||
@@ -6,8 +6,8 @@ include kiwix-desktop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kiwix | 9 | nodeny ${HOME}/.local/share/kiwix |
10 | noblacklist ${HOME}/.local/share/kiwix-desktop | 10 | nodeny ${HOME}/.local/share/kiwix-desktop |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/kiwix | 20 | mkdir ${HOME}/.local/share/kiwix |
21 | mkdir ${HOME}/.local/share/kiwix-desktop | 21 | mkdir ${HOME}/.local/share/kiwix-desktop |
22 | whitelist ${HOME}/.local/share/kiwix | 22 | allow ${HOME}/.local/share/kiwix |
23 | whitelist ${HOME}/.local/share/kiwix-desktop | 23 | allow ${HOME}/.local/share/kiwix-desktop |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/klatexformula.profile b/etc/profile-a-l/klatexformula.profile index c6a9023f1..e087e4973 100644 --- a/etc/profile-a-l/klatexformula.profile +++ b/etc/profile-a-l/klatexformula.profile | |||
@@ -6,8 +6,8 @@ include klatexformula.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.kde/share/apps/klatexformula | 9 | nodeny ${HOME}/.kde/share/apps/klatexformula |
10 | noblacklist ${HOME}/.klatexformula | 10 | nodeny ${HOME}/.klatexformula |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile index f5cd3a48c..ec3912419 100644 --- a/etc/profile-a-l/klavaro.profile +++ b/etc/profile-a-l/klavaro.profile | |||
@@ -6,8 +6,8 @@ include klavaro.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/klavaro | 9 | nodeny ${HOME}/.config/klavaro |
10 | noblacklist ${HOME}/.local/share/klavaro | 10 | nodeny ${HOME}/.local/share/klavaro |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/klavaro | 20 | mkdir ${HOME}/.local/share/klavaro |
21 | mkdir ${HOME}/.config/klavaro | 21 | mkdir ${HOME}/.config/klavaro |
22 | whitelist ${HOME}/.local/share/klavaro | 22 | allow ${HOME}/.local/share/klavaro |
23 | whitelist ${HOME}/.config/klavaro | 23 | allow ${HOME}/.config/klavaro |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile index 95ae98e53..3c582c08c 100644 --- a/etc/profile-a-l/kmail.profile +++ b/etc/profile-a-l/kmail.profile | |||
@@ -9,27 +9,27 @@ include globals.local | |||
9 | # kmail has problems launching akonadi in debian and ubuntu. | 9 | # kmail has problems launching akonadi in debian and ubuntu. |
10 | # one solution is to have akonadi already running when kmail is started | 10 | # one solution is to have akonadi already running when kmail is started |
11 | 11 | ||
12 | noblacklist ${HOME}/.cache/akonadi* | 12 | nodeny ${HOME}/.cache/akonadi* |
13 | noblacklist ${HOME}/.cache/kmail2 | 13 | nodeny ${HOME}/.cache/kmail2 |
14 | noblacklist ${HOME}/.config/akonadi* | 14 | nodeny ${HOME}/.config/akonadi* |
15 | noblacklist ${HOME}/.config/baloorc | 15 | nodeny ${HOME}/.config/baloorc |
16 | noblacklist ${HOME}/.config/emaildefaults | 16 | nodeny ${HOME}/.config/emaildefaults |
17 | noblacklist ${HOME}/.config/emailidentities | 17 | nodeny ${HOME}/.config/emailidentities |
18 | noblacklist ${HOME}/.config/kmail2rc | 18 | nodeny ${HOME}/.config/kmail2rc |
19 | noblacklist ${HOME}/.config/kmailsearchindexingrc | 19 | nodeny ${HOME}/.config/kmailsearchindexingrc |
20 | noblacklist ${HOME}/.config/mailtransports | 20 | nodeny ${HOME}/.config/mailtransports |
21 | noblacklist ${HOME}/.config/specialmailcollectionsrc | 21 | nodeny ${HOME}/.config/specialmailcollectionsrc |
22 | noblacklist ${HOME}/.gnupg | 22 | nodeny ${HOME}/.gnupg |
23 | noblacklist ${HOME}/.local/share/akonadi* | 23 | nodeny ${HOME}/.local/share/akonadi* |
24 | noblacklist ${HOME}/.local/share/apps/korganizer | 24 | nodeny ${HOME}/.local/share/apps/korganizer |
25 | noblacklist ${HOME}/.local/share/contacts | 25 | nodeny ${HOME}/.local/share/contacts |
26 | noblacklist ${HOME}/.local/share/emailidentities | 26 | nodeny ${HOME}/.local/share/emailidentities |
27 | noblacklist ${HOME}/.local/share/kmail2 | 27 | nodeny ${HOME}/.local/share/kmail2 |
28 | noblacklist ${HOME}/.local/share/kxmlgui5/kmail | 28 | nodeny ${HOME}/.local/share/kxmlgui5/kmail |
29 | noblacklist ${HOME}/.local/share/kxmlgui5/kmail2 | 29 | nodeny ${HOME}/.local/share/kxmlgui5/kmail2 |
30 | noblacklist ${HOME}/.local/share/local-mail | 30 | nodeny ${HOME}/.local/share/local-mail |
31 | noblacklist ${HOME}/.local/share/notes | 31 | nodeny ${HOME}/.local/share/notes |
32 | noblacklist /tmp/akonadi-* | 32 | nodeny /tmp/akonadi-* |
33 | 33 | ||
34 | include disable-common.inc | 34 | include disable-common.inc |
35 | include disable-devel.inc | 35 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kmplayer.profile b/etc/profile-a-l/kmplayer.profile index e88b53499..d2ce14ab6 100644 --- a/etc/profile-a-l/kmplayer.profile +++ b/etc/profile-a-l/kmplayer.profile | |||
@@ -6,11 +6,11 @@ include kmplayer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kmplayerrc | 9 | nodeny ${HOME}/.config/kmplayerrc |
10 | noblacklist ${HOME}/.kde/share/config/kmplayerrc | 10 | nodeny ${HOME}/.kde/share/config/kmplayerrc |
11 | noblacklist ${HOME}/.local/share/kmplayer | 11 | nodeny ${HOME}/.local/share/kmplayer |
12 | noblacklist ${MUSIC} | 12 | nodeny ${MUSIC} |
13 | noblacklist ${VIDEOS} | 13 | nodeny ${VIDEOS} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/knotes.profile b/etc/profile-a-l/knotes.profile index f155d0ad6..5a9ac34da 100644 --- a/etc/profile-a-l/knotes.profile +++ b/etc/profile-a-l/knotes.profile | |||
@@ -10,9 +10,9 @@ include knotes.local | |||
10 | # knotes has problems launching akonadi in debian and ubuntu. | 10 | # knotes has problems launching akonadi in debian and ubuntu. |
11 | # one solution is to have akonadi already running when knotes is started | 11 | # one solution is to have akonadi already running when knotes is started |
12 | 12 | ||
13 | noblacklist ${HOME}/.config/knotesrc | 13 | nodeny ${HOME}/.config/knotesrc |
14 | noblacklist ${HOME}/.local/share/knotes | 14 | nodeny ${HOME}/.local/share/knotes |
15 | noblacklist ${HOME}/.local/share/kxmlgui5/knotes | 15 | nodeny ${HOME}/.local/share/kxmlgui5/knotes |
16 | 16 | ||
17 | # Redirect | 17 | # Redirect |
18 | include kmail.profile | 18 | include kmail.profile |
diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile index b7091f1fc..2725c87be 100644 --- a/etc/profile-a-l/kodi.profile +++ b/etc/profile-a-l/kodi.profile | |||
@@ -13,10 +13,10 @@ ignore noexec ${HOME} | |||
13 | #ignore noroot | 13 | #ignore noroot |
14 | #ignore private-dev | 14 | #ignore private-dev |
15 | 15 | ||
16 | noblacklist ${HOME}/.kodi | 16 | nodeny ${HOME}/.kodi |
17 | noblacklist ${MUSIC} | 17 | nodeny ${MUSIC} |
18 | noblacklist ${PICTURES} | 18 | nodeny ${PICTURES} |
19 | noblacklist ${VIDEOS} | 19 | nodeny ${VIDEOS} |
20 | 20 | ||
21 | # Allow python (blacklisted by disable-interpreters.inc) | 21 | # Allow python (blacklisted by disable-interpreters.inc) |
22 | include allow-python2.inc | 22 | include allow-python2.inc |
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile index 5b5ed6e24..d8ce33838 100644 --- a/etc/profile-a-l/konversation.profile +++ b/etc/profile-a-l/konversation.profile | |||
@@ -6,11 +6,11 @@ include konversation.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/konversationrc | 9 | nodeny ${HOME}/.config/konversationrc |
10 | noblacklist ${HOME}/.config/konversation.notifyrc | 10 | nodeny ${HOME}/.config/konversation.notifyrc |
11 | noblacklist ${HOME}/.kde/share/config/konversationrc | 11 | nodeny ${HOME}/.kde/share/config/konversationrc |
12 | noblacklist ${HOME}/.kde4/share/config/konversationrc | 12 | nodeny ${HOME}/.kde4/share/config/konversationrc |
13 | noblacklist ${HOME}/.local/share/kxmlgui5/konversation | 13 | nodeny ${HOME}/.local/share/kxmlgui5/konversation |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile index 88f47d1bf..749591f32 100644 --- a/etc/profile-a-l/kopete.profile +++ b/etc/profile-a-l/kopete.profile | |||
@@ -6,11 +6,11 @@ include kopete.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.kde/share/apps/kopete | 9 | nodeny ${HOME}/.kde/share/apps/kopete |
10 | noblacklist ${HOME}/.kde/share/config/kopeterc | 10 | nodeny ${HOME}/.kde/share/config/kopeterc |
11 | noblacklist ${HOME}/.kde4/share/apps/kopete | 11 | nodeny ${HOME}/.kde4/share/apps/kopete |
12 | noblacklist ${HOME}/.kde4/share/config/kopeterc | 12 | nodeny ${HOME}/.kde4/share/config/kopeterc |
13 | noblacklist ${HOME}/.local/share/kxmlgui5/kopete | 13 | nodeny ${HOME}/.local/share/kxmlgui5/kopete |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | whitelist /var/lib/winpopup | 22 | allow /var/lib/winpopup |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-a-l/krita.profile b/etc/profile-a-l/krita.profile index 8604e63d0..950341def 100644 --- a/etc/profile-a-l/krita.profile +++ b/etc/profile-a-l/krita.profile | |||
@@ -9,10 +9,10 @@ include globals.local | |||
9 | # noexec ${HOME} may break krita, see issue #1953 | 9 | # noexec ${HOME} may break krita, see issue #1953 |
10 | ignore noexec ${HOME} | 10 | ignore noexec ${HOME} |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/kritarc | 12 | nodeny ${HOME}/.config/kritarc |
13 | noblacklist ${HOME}/.local/share/krita | 13 | nodeny ${HOME}/.local/share/krita |
14 | noblacklist ${DOCUMENTS} | 14 | nodeny ${DOCUMENTS} |
15 | noblacklist ${PICTURES} | 15 | nodeny ${PICTURES} |
16 | 16 | ||
17 | # Allow python (blacklisted by disable-interpreters.inc) | 17 | # Allow python (blacklisted by disable-interpreters.inc) |
18 | include allow-python2.inc | 18 | include allow-python2.inc |
diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile index 9cb5eff87..7b325d273 100644 --- a/etc/profile-a-l/krunner.profile +++ b/etc/profile-a-l/krunner.profile | |||
@@ -13,9 +13,9 @@ include globals.local | |||
13 | # noblacklist ${HOME}/.cache/krunner | 13 | # noblacklist ${HOME}/.cache/krunner |
14 | # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* | 14 | # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* |
15 | # noblacklist ${HOME}/.config/chromium | 15 | # noblacklist ${HOME}/.config/chromium |
16 | noblacklist ${HOME}/.config/krunnerrc | 16 | nodeny ${HOME}/.config/krunnerrc |
17 | noblacklist ${HOME}/.kde/share/config/krunnerrc | 17 | nodeny ${HOME}/.kde/share/config/krunnerrc |
18 | noblacklist ${HOME}/.kde4/share/config/krunnerrc | 18 | nodeny ${HOME}/.kde4/share/config/krunnerrc |
19 | # noblacklist ${HOME}/.local/share/baloo | 19 | # noblacklist ${HOME}/.local/share/baloo |
20 | # noblacklist ${HOME}/.mozilla | 20 | # noblacklist ${HOME}/.mozilla |
21 | 21 | ||
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile index 5a85194e0..ac9fee585 100644 --- a/etc/profile-a-l/ktorrent.profile +++ b/etc/profile-a-l/ktorrent.profile | |||
@@ -6,13 +6,13 @@ include ktorrent.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ktorrentrc | 9 | nodeny ${HOME}/.config/ktorrentrc |
10 | noblacklist ${HOME}/.kde/share/apps/ktorrent | 10 | nodeny ${HOME}/.kde/share/apps/ktorrent |
11 | noblacklist ${HOME}/.kde/share/config/ktorrentrc | 11 | nodeny ${HOME}/.kde/share/config/ktorrentrc |
12 | noblacklist ${HOME}/.kde4/share/apps/ktorrent | 12 | nodeny ${HOME}/.kde4/share/apps/ktorrent |
13 | noblacklist ${HOME}/.kde4/share/config/ktorrentrc | 13 | nodeny ${HOME}/.kde4/share/config/ktorrentrc |
14 | noblacklist ${HOME}/.local/share/ktorrent | 14 | nodeny ${HOME}/.local/share/ktorrent |
15 | noblacklist ${HOME}/.local/share/kxmlgui5/ktorrent | 15 | nodeny ${HOME}/.local/share/kxmlgui5/ktorrent |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -29,14 +29,14 @@ mkdir ${HOME}/.local/share/kxmlgui5/ktorrent | |||
29 | mkfile ${HOME}/.config/ktorrentrc | 29 | mkfile ${HOME}/.config/ktorrentrc |
30 | mkfile ${HOME}/.kde/share/config/ktorrentrc | 30 | mkfile ${HOME}/.kde/share/config/ktorrentrc |
31 | mkfile ${HOME}/.kde4/share/config/ktorrentrc | 31 | mkfile ${HOME}/.kde4/share/config/ktorrentrc |
32 | whitelist ${DOWNLOADS} | 32 | allow ${DOWNLOADS} |
33 | whitelist ${HOME}/.config/ktorrentrc | 33 | allow ${HOME}/.config/ktorrentrc |
34 | whitelist ${HOME}/.kde/share/apps/ktorrent | 34 | allow ${HOME}/.kde/share/apps/ktorrent |
35 | whitelist ${HOME}/.kde/share/config/ktorrentrc | 35 | allow ${HOME}/.kde/share/config/ktorrentrc |
36 | whitelist ${HOME}/.kde4/share/apps/ktorrent | 36 | allow ${HOME}/.kde4/share/apps/ktorrent |
37 | whitelist ${HOME}/.kde4/share/config/ktorrentrc | 37 | allow ${HOME}/.kde4/share/config/ktorrentrc |
38 | whitelist ${HOME}/.local/share/ktorrent | 38 | allow ${HOME}/.local/share/ktorrent |
39 | whitelist ${HOME}/.local/share/kxmlgui5/ktorrent | 39 | allow ${HOME}/.local/share/kxmlgui5/ktorrent |
40 | include whitelist-common.inc | 40 | include whitelist-common.inc |
41 | include whitelist-var-common.inc | 41 | include whitelist-var-common.inc |
42 | 42 | ||
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile index 4cf72b74c..71f8e4977 100644 --- a/etc/profile-a-l/ktouch.profile +++ b/etc/profile-a-l/ktouch.profile | |||
@@ -6,8 +6,8 @@ include ktouch.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ktouch2rc | 9 | nodeny ${HOME}/.config/ktouch2rc |
10 | noblacklist ${HOME}/.local/share/ktouch | 10 | nodeny ${HOME}/.local/share/ktouch |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,8 +20,8 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkfile ${HOME}/.config/ktouch2rc | 21 | mkfile ${HOME}/.config/ktouch2rc |
22 | mkdir ${HOME}/.local/share/ktouch | 22 | mkdir ${HOME}/.local/share/ktouch |
23 | whitelist ${HOME}/.config/ktouch2rc | 23 | allow ${HOME}/.config/ktouch2rc |
24 | whitelist ${HOME}/.local/share/ktouch | 24 | allow ${HOME}/.local/share/ktouch |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile index 4e9a12e5f..74ffd1162 100644 --- a/etc/profile-a-l/kube.profile +++ b/etc/profile-a-l/kube.profile | |||
@@ -6,13 +6,13 @@ include kube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gnupg | 9 | nodeny ${HOME}/.gnupg |
10 | noblacklist ${HOME}/.mozilla | 10 | nodeny ${HOME}/.mozilla |
11 | noblacklist ${HOME}/.cache/kube | 11 | nodeny ${HOME}/.cache/kube |
12 | noblacklist ${HOME}/.config/kube | 12 | nodeny ${HOME}/.config/kube |
13 | noblacklist ${HOME}/.config/sink | 13 | nodeny ${HOME}/.config/sink |
14 | noblacklist ${HOME}/.local/share/kube | 14 | nodeny ${HOME}/.local/share/kube |
15 | noblacklist ${HOME}/.local/share/sink | 15 | nodeny ${HOME}/.local/share/sink |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -29,17 +29,17 @@ mkdir ${HOME}/.config/kube | |||
29 | mkdir ${HOME}/.config/sink | 29 | mkdir ${HOME}/.config/sink |
30 | mkdir ${HOME}/.local/share/kube | 30 | mkdir ${HOME}/.local/share/kube |
31 | mkdir ${HOME}/.local/share/sink | 31 | mkdir ${HOME}/.local/share/sink |
32 | whitelist ${HOME}/.gnupg | 32 | allow ${HOME}/.gnupg |
33 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 33 | allow ${HOME}/.mozilla/firefox/profiles.ini |
34 | whitelist ${HOME}/.cache/kube | 34 | allow ${HOME}/.cache/kube |
35 | whitelist ${HOME}/.config/kube | 35 | allow ${HOME}/.config/kube |
36 | whitelist ${HOME}/.config/sink | 36 | allow ${HOME}/.config/sink |
37 | whitelist ${HOME}/.local/share/kube | 37 | allow ${HOME}/.local/share/kube |
38 | whitelist ${HOME}/.local/share/sink | 38 | allow ${HOME}/.local/share/sink |
39 | whitelist ${RUNUSER}/gnupg | 39 | allow ${RUNUSER}/gnupg |
40 | whitelist /usr/share/kube | 40 | allow /usr/share/kube |
41 | whitelist /usr/share/gnupg | 41 | allow /usr/share/gnupg |
42 | whitelist /usr/share/gnupg2 | 42 | allow /usr/share/gnupg2 |
43 | include whitelist-common.inc | 43 | include whitelist-common.inc |
44 | include whitelist-runuser-common.inc | 44 | include whitelist-runuser-common.inc |
45 | include whitelist-usr-share-common.inc | 45 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile index 15e7ceb17..580f93736 100644 --- a/etc/profile-a-l/kwin_x11.profile +++ b/etc/profile-a-l/kwin_x11.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | # fix automatical kwin_x11 sandboxing: | 8 | # fix automatical kwin_x11 sandboxing: |
9 | # echo KDEWM=kwin_x11 >> ~/.pam_environment | 9 | # echo KDEWM=kwin_x11 >> ~/.pam_environment |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/kwin | 11 | nodeny ${HOME}/.cache/kwin |
12 | noblacklist ${HOME}/.config/kwinrc | 12 | nodeny ${HOME}/.config/kwinrc |
13 | noblacklist ${HOME}/.config/kwinrulesrc | 13 | nodeny ${HOME}/.config/kwinrulesrc |
14 | noblacklist ${HOME}/.local/share/kwin | 14 | nodeny ${HOME}/.local/share/kwin |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile index 804ffafeb..08b0e0224 100644 --- a/etc/profile-a-l/kwrite.profile +++ b/etc/profile-a-l/kwrite.profile | |||
@@ -6,15 +6,15 @@ include kwrite.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/katepartrc | 9 | nodeny ${HOME}/.config/katepartrc |
10 | noblacklist ${HOME}/.config/katerc | 10 | nodeny ${HOME}/.config/katerc |
11 | noblacklist ${HOME}/.config/kateschemarc | 11 | nodeny ${HOME}/.config/kateschemarc |
12 | noblacklist ${HOME}/.config/katesyntaxhighlightingrc | 12 | nodeny ${HOME}/.config/katesyntaxhighlightingrc |
13 | noblacklist ${HOME}/.config/katevirc | 13 | nodeny ${HOME}/.config/katevirc |
14 | noblacklist ${HOME}/.config/kwriterc | 14 | nodeny ${HOME}/.config/kwriterc |
15 | noblacklist ${HOME}/.local/share/kwrite | 15 | nodeny ${HOME}/.local/share/kwrite |
16 | noblacklist ${HOME}/.local/share/kxmlgui5/kwrite | 16 | nodeny ${HOME}/.local/share/kxmlgui5/kwrite |
17 | noblacklist ${DOCUMENTS} | 17 | nodeny ${DOCUMENTS} |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/profile-a-l/latex-common.profile b/etc/profile-a-l/latex-common.profile index ac1b8785d..91693bfc1 100644 --- a/etc/profile-a-l/latex-common.profile +++ b/etc/profile-a-l/latex-common.profile | |||
@@ -13,7 +13,7 @@ include disable-interpreters.inc | |||
13 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | whitelist /var/lib | 16 | allow /var/lib |
17 | include whitelist-runuser-common.inc | 17 | include whitelist-runuser-common.inc |
18 | include whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile index 4bbb0a86d..e154708eb 100644 --- a/etc/profile-a-l/leafpad.profile +++ b/etc/profile-a-l/leafpad.profile | |||
@@ -6,7 +6,7 @@ include leafpad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/leafpad | 9 | nodeny ${HOME}/.config/leafpad |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile index 8eb5ad0c2..abee392de 100644 --- a/etc/profile-a-l/less.profile +++ b/etc/profile-a-l/less.profile | |||
@@ -7,9 +7,9 @@ include less.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | noblacklist ${HOME}/.lesshst | 12 | nodeny ${HOME}/.lesshst |
13 | 13 | ||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile index c57eae73d..8ec41eee3 100644 --- a/etc/profile-a-l/librecad.profile +++ b/etc/profile-a-l/librecad.profile | |||
@@ -4,8 +4,8 @@ include librecad.local | |||
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include globals.local | 5 | include globals.local |
6 | 6 | ||
7 | noblacklist ${HOME}/.config/LibreCAD | 7 | nodeny ${HOME}/.config/LibreCAD |
8 | noblacklist ${HOME}/.local/share/LibreCAD | 8 | nodeny ${HOME}/.local/share/LibreCAD |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist /usr/share/librecad | 19 | allow /usr/share/librecad |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile index b1a24888c..ae01d39b8 100644 --- a/etc/profile-a-l/libreoffice.profile +++ b/etc/profile-a-l/libreoffice.profile | |||
@@ -6,15 +6,15 @@ include libreoffice.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /usr/local/sbin | 9 | nodeny /usr/local/sbin |
10 | noblacklist ${HOME}/.config/libreoffice | 10 | nodeny ${HOME}/.config/libreoffice |
11 | 11 | ||
12 | # libreoffice uses java for some functionality. | 12 | # libreoffice uses java for some functionality. |
13 | # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality. | 13 | # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality. |
14 | # Allow java (blacklisted by disable-devel.inc) | 14 | # Allow java (blacklisted by disable-devel.inc) |
15 | include allow-java.inc | 15 | include allow-java.inc |
16 | 16 | ||
17 | blacklist /usr/libexec | 17 | deny /usr/libexec |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index da047357a..5c614ab8e 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile | |||
@@ -6,13 +6,13 @@ include librewolf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/librewolf | 9 | nodeny ${HOME}/.cache/librewolf |
10 | noblacklist ${HOME}/.librewolf | 10 | nodeny ${HOME}/.librewolf |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/librewolf | 12 | mkdir ${HOME}/.cache/librewolf |
13 | mkdir ${HOME}/.librewolf | 13 | mkdir ${HOME}/.librewolf |
14 | whitelist ${HOME}/.cache/librewolf | 14 | allow ${HOME}/.cache/librewolf |
15 | whitelist ${HOME}/.librewolf | 15 | allow ${HOME}/.librewolf |
16 | 16 | ||
17 | # Add the next lines to your librewolf.local if you want to use the migration wizard. | 17 | # Add the next lines to your librewolf.local if you want to use the migration wizard. |
18 | #noblacklist ${HOME}/.mozilla | 18 | #noblacklist ${HOME}/.mozilla |
@@ -23,10 +23,10 @@ whitelist ${HOME}/.librewolf | |||
23 | #whitelist ${RUNUSER}/kpxc_server | 23 | #whitelist ${RUNUSER}/kpxc_server |
24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | 24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer |
25 | 25 | ||
26 | whitelist /usr/share/doc | 26 | allow /usr/share/doc |
27 | whitelist /usr/share/gtk-doc/html | 27 | allow /usr/share/gtk-doc/html |
28 | whitelist /usr/share/mozilla | 28 | allow /usr/share/mozilla |
29 | whitelist /usr/share/webext | 29 | allow /usr/share/webext |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | 31 | ||
32 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). | 32 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). |
diff --git a/etc/profile-a-l/lifeograph.profile b/etc/profile-a-l/lifeograph.profile new file mode 100644 index 000000000..b9ed0de8e --- /dev/null +++ b/etc/profile-a-l/lifeograph.profile | |||
@@ -0,0 +1,58 @@ | |||
1 | # Firejail profile for lifeograph | ||
2 | # Description: Lifeograph is a diary program to take personal notes | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include lifeograph.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | nodeny ${DOCUMENTS} | ||
10 | |||
11 | deny /usr/libexec | ||
12 | |||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | include disable-shell.inc | ||
20 | include disable-xdg.inc | ||
21 | |||
22 | allow ${DOCUMENTS} | ||
23 | allow /usr/share/lifeograph | ||
24 | include whitelist-common.inc | ||
25 | include whitelist-runuser-common.inc | ||
26 | include whitelist-usr-share-common.inc | ||
27 | include whitelist-var-common.inc | ||
28 | |||
29 | apparmor | ||
30 | caps.drop all | ||
31 | machine-id | ||
32 | net none | ||
33 | no3d | ||
34 | nodvd | ||
35 | nogroups | ||
36 | noinput | ||
37 | nonewprivs | ||
38 | noroot | ||
39 | nosound | ||
40 | notv | ||
41 | nou2f | ||
42 | novideo | ||
43 | protocol unix | ||
44 | seccomp | ||
45 | seccomp.block-secondary | ||
46 | shell none | ||
47 | tracelog | ||
48 | |||
49 | disable-mnt | ||
50 | private-bin lifeograph | ||
51 | private-cache | ||
52 | private-dev | ||
53 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | ||
54 | private-tmp | ||
55 | |||
56 | dbus-user filter | ||
57 | dbus-user.talk ca.desrt.dconf | ||
58 | dbus-system none | ||
diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile index 7afca1d5f..595ecc257 100644 --- a/etc/profile-a-l/liferea.profile +++ b/etc/profile-a-l/liferea.profile | |||
@@ -6,9 +6,9 @@ include liferea.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/liferea | 9 | nodeny ${HOME}/.cache/liferea |
10 | noblacklist ${HOME}/.config/liferea | 10 | nodeny ${HOME}/.config/liferea |
11 | noblacklist ${HOME}/.local/share/liferea | 11 | nodeny ${HOME}/.local/share/liferea |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -24,10 +24,10 @@ include disable-programs.inc | |||
24 | mkdir ${HOME}/.cache/liferea | 24 | mkdir ${HOME}/.cache/liferea |
25 | mkdir ${HOME}/.config/liferea | 25 | mkdir ${HOME}/.config/liferea |
26 | mkdir ${HOME}/.local/share/liferea | 26 | mkdir ${HOME}/.local/share/liferea |
27 | whitelist ${HOME}/.cache/liferea | 27 | allow ${HOME}/.cache/liferea |
28 | whitelist ${HOME}/.config/liferea | 28 | allow ${HOME}/.config/liferea |
29 | whitelist ${HOME}/.local/share/liferea | 29 | allow ${HOME}/.local/share/liferea |
30 | whitelist /usr/share/liferea | 30 | allow /usr/share/liferea |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/lightsoff.profile b/etc/profile-a-l/lightsoff.profile index c065c44a9..58d5bcd6d 100644 --- a/etc/profile-a-l/lightsoff.profile +++ b/etc/profile-a-l/lightsoff.profile | |||
@@ -6,7 +6,7 @@ include lightsoff.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | whitelist /usr/share/lightsoff | 9 | allow /usr/share/lightsoff |
10 | 10 | ||
11 | private-bin lightsoff | 11 | private-bin lightsoff |
12 | 12 | ||
diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile index 4254b7f33..e14c50d77 100644 --- a/etc/profile-a-l/lincity-ng.profile +++ b/etc/profile-a-l/lincity-ng.profile | |||
@@ -6,7 +6,7 @@ include lincity-ng.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.lincity-ng | 9 | nodeny ${HOME}/.lincity-ng |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.lincity-ng | 20 | mkdir ${HOME}/.lincity-ng |
21 | whitelist ${HOME}/.lincity-ng | 21 | allow ${HOME}/.lincity-ng |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile index cd885b1d4..51e3d5b94 100644 --- a/etc/profile-a-l/links-common.profile +++ b/etc/profile-a-l/links-common.profile | |||
@@ -4,8 +4,8 @@ include links-common.local | |||
4 | 4 | ||
5 | # common profile for links browsers | 5 | # common profile for links browsers |
6 | 6 | ||
7 | blacklist /tmp/.X11-unix | 7 | deny /tmp/.X11-unix |
8 | blacklist ${RUNUSER}/wayland-* | 8 | deny ${RUNUSER}/wayland-* |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist ${DOWNLOADS} | 20 | allow ${DOWNLOADS} |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/links.profile b/etc/profile-a-l/links.profile index 8ce39cc7f..ae57601ca 100644 --- a/etc/profile-a-l/links.profile +++ b/etc/profile-a-l/links.profile | |||
@@ -7,10 +7,10 @@ include links.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.links | 10 | nodeny ${HOME}/.links |
11 | 11 | ||
12 | mkdir ${HOME}/.links | 12 | mkdir ${HOME}/.links |
13 | whitelist ${HOME}/.links | 13 | allow ${HOME}/.links |
14 | 14 | ||
15 | private-bin links | 15 | private-bin links |
16 | 16 | ||
diff --git a/etc/profile-a-l/links2.profile b/etc/profile-a-l/links2.profile index 5f91dfcd2..eb349c73a 100644 --- a/etc/profile-a-l/links2.profile +++ b/etc/profile-a-l/links2.profile | |||
@@ -7,10 +7,10 @@ include links2.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.links2 | 10 | nodeny ${HOME}/.links2 |
11 | 11 | ||
12 | mkdir ${HOME}/.links2 | 12 | mkdir ${HOME}/.links2 |
13 | whitelist ${HOME}/.links2 | 13 | allow ${HOME}/.links2 |
14 | 14 | ||
15 | private-bin links2 | 15 | private-bin links2 |
16 | 16 | ||
diff --git a/etc/profile-a-l/linphone.profile b/etc/profile-a-l/linphone.profile index 7ebdbef4c..dd1dac05b 100644 --- a/etc/profile-a-l/linphone.profile +++ b/etc/profile-a-l/linphone.profile | |||
@@ -6,10 +6,10 @@ include linphone.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/linphone | 9 | nodeny ${HOME}/.config/linphone |
10 | noblacklist ${HOME}/.linphone-history.db | 10 | nodeny ${HOME}/.linphone-history.db |
11 | noblacklist ${HOME}/.linphonerc | 11 | nodeny ${HOME}/.linphonerc |
12 | noblacklist ${HOME}/.local/share/linphone | 12 | nodeny ${HOME}/.local/share/linphone |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -23,11 +23,11 @@ include disable-programs.inc | |||
23 | # ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile. | 23 | # ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile. |
24 | mkdir ${HOME}/.config/linphone | 24 | mkdir ${HOME}/.config/linphone |
25 | mkdir ${HOME}/.local/share/linphone | 25 | mkdir ${HOME}/.local/share/linphone |
26 | whitelist ${HOME}/.config/linphone | 26 | allow ${HOME}/.config/linphone |
27 | whitelist ${HOME}/.linphone-history.db | 27 | allow ${HOME}/.linphone-history.db |
28 | whitelist ${HOME}/.linphonerc | 28 | allow ${HOME}/.linphonerc |
29 | whitelist ${HOME}/.local/share/linphone | 29 | allow ${HOME}/.local/share/linphone |
30 | whitelist ${DOWNLOADS} | 30 | allow ${DOWNLOADS} |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | 32 | ||
33 | caps.drop all | 33 | caps.drop all |
diff --git a/etc/profile-a-l/lmms.profile b/etc/profile-a-l/lmms.profile index 48b0e14dc..b22110fdc 100644 --- a/etc/profile-a-l/lmms.profile +++ b/etc/profile-a-l/lmms.profile | |||
@@ -6,9 +6,9 @@ include lmms.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.lmmsrc.xml | 9 | nodeny ${HOME}/.lmmsrc.xml |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile index f2676fec5..0a7ce86e8 100644 --- a/etc/profile-a-l/lollypop.profile +++ b/etc/profile-a-l/lollypop.profile | |||
@@ -6,8 +6,8 @@ include lollypop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/lollypop | 9 | nodeny ${HOME}/.local/share/lollypop |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile index 174c65a65..30802b3b7 100644 --- a/etc/profile-a-l/lugaru.profile +++ b/etc/profile-a-l/lugaru.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | # note: crashes after entering | 9 | # note: crashes after entering |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/lugaru | 11 | nodeny ${HOME}/.config/lugaru |
12 | noblacklist ${HOME}/.local/share/lugaru | 12 | nodeny ${HOME}/.local/share/lugaru |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | mkdir ${HOME}/.config/lugaru | 23 | mkdir ${HOME}/.config/lugaru |
24 | mkdir ${HOME}/.local/share/lugaru | 24 | mkdir ${HOME}/.local/share/lugaru |
25 | whitelist ${HOME}/.config/lugaru | 25 | allow ${HOME}/.config/lugaru |
26 | whitelist ${HOME}/.local/share/lugaru | 26 | allow ${HOME}/.local/share/lugaru |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
diff --git a/etc/profile-a-l/luminance-hdr.profile b/etc/profile-a-l/luminance-hdr.profile index 31067034e..73400dbd6 100644 --- a/etc/profile-a-l/luminance-hdr.profile +++ b/etc/profile-a-l/luminance-hdr.profile | |||
@@ -6,8 +6,8 @@ include luminance-hdr.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Luminance | 9 | nodeny ${HOME}/.config/Luminance |
10 | noblacklist ${PICTURES} | 10 | nodeny ${PICTURES} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile index 80a3aba86..9d5169b80 100644 --- a/etc/profile-a-l/lutris.profile +++ b/etc/profile-a-l/lutris.profile | |||
@@ -6,18 +6,18 @@ include lutris.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PATH}/llvm* | 9 | nodeny ${PATH}/llvm* |
10 | noblacklist ${HOME}/Games | 10 | nodeny ${HOME}/Games |
11 | noblacklist ${HOME}/.cache/lutris | 11 | nodeny ${HOME}/.cache/lutris |
12 | noblacklist ${HOME}/.cache/winetricks | 12 | nodeny ${HOME}/.cache/winetricks |
13 | noblacklist ${HOME}/.config/lutris | 13 | nodeny ${HOME}/.config/lutris |
14 | noblacklist ${HOME}/.local/share/lutris | 14 | nodeny ${HOME}/.local/share/lutris |
15 | # noblacklist ${HOME}/.wine | 15 | # noblacklist ${HOME}/.wine |
16 | noblacklist /tmp/.wine-* | 16 | nodeny /tmp/.wine-* |
17 | # Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise | 17 | # Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise |
18 | # Lutris won't even start. | 18 | # Lutris won't even start. |
19 | noblacklist /sbin | 19 | nodeny /sbin |
20 | noblacklist /usr/sbin | 20 | nodeny /usr/sbin |
21 | 21 | ||
22 | ignore noexec ${HOME} | 22 | ignore noexec ${HOME} |
23 | 23 | ||
@@ -39,15 +39,15 @@ mkdir ${HOME}/.cache/winetricks | |||
39 | mkdir ${HOME}/.config/lutris | 39 | mkdir ${HOME}/.config/lutris |
40 | mkdir ${HOME}/.local/share/lutris | 40 | mkdir ${HOME}/.local/share/lutris |
41 | # mkdir ${HOME}/.wine | 41 | # mkdir ${HOME}/.wine |
42 | whitelist ${DOWNLOADS} | 42 | allow ${DOWNLOADS} |
43 | whitelist ${HOME}/Games | 43 | allow ${HOME}/Games |
44 | whitelist ${HOME}/.cache/lutris | 44 | allow ${HOME}/.cache/lutris |
45 | whitelist ${HOME}/.cache/winetricks | 45 | allow ${HOME}/.cache/winetricks |
46 | whitelist ${HOME}/.config/lutris | 46 | allow ${HOME}/.config/lutris |
47 | whitelist ${HOME}/.local/share/lutris | 47 | allow ${HOME}/.local/share/lutris |
48 | # whitelist ${HOME}/.wine | 48 | # whitelist ${HOME}/.wine |
49 | whitelist /usr/share/lutris | 49 | allow /usr/share/lutris |
50 | whitelist /usr/share/wine | 50 | allow /usr/share/wine |
51 | include whitelist-common.inc | 51 | include whitelist-common.inc |
52 | include whitelist-usr-share-common.inc | 52 | include whitelist-usr-share-common.inc |
53 | include whitelist-runuser-common.inc | 53 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/lximage-qt.profile b/etc/profile-a-l/lximage-qt.profile index b2a56012e..43147211b 100644 --- a/etc/profile-a-l/lximage-qt.profile +++ b/etc/profile-a-l/lximage-qt.profile | |||
@@ -6,7 +6,7 @@ include lximage-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/lximage-qt | 9 | nodeny ${HOME}/.config/lximage-qt |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lxmusic.profile b/etc/profile-a-l/lxmusic.profile index cc4b95551..c849f2ad2 100644 --- a/etc/profile-a-l/lxmusic.profile +++ b/etc/profile-a-l/lxmusic.profile | |||
@@ -6,9 +6,9 @@ include lxmusic.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/xmms2 | 9 | nodeny ${HOME}/.cache/xmms2 |
10 | noblacklist ${HOME}/.config/xmms2 | 10 | nodeny ${HOME}/.config/xmms2 |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile index a919e924b..15c8f1faa 100644 --- a/etc/profile-a-l/lynx.profile +++ b/etc/profile-a-l/lynx.profile | |||
@@ -7,8 +7,8 @@ include lynx.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile index fa69463d1..358dbf2f2 100644 --- a/etc/profile-a-l/lyx.profile +++ b/etc/profile-a-l/lyx.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | ignore private-tmp | 9 | ignore private-tmp |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/LyX | 11 | nodeny ${HOME}/.config/LyX |
12 | noblacklist ${HOME}/.lyx | 12 | nodeny ${HOME}/.lyx |
13 | 13 | ||
14 | # Allow lua (blacklisted by disable-interpreters.inc) | 14 | # Allow lua (blacklisted by disable-interpreters.inc) |
15 | include allow-lua.inc | 15 | include allow-lua.inc |
@@ -21,11 +21,11 @@ include allow-perl.inc | |||
21 | include allow-python2.inc | 21 | include allow-python2.inc |
22 | include allow-python3.inc | 22 | include allow-python3.inc |
23 | 23 | ||
24 | whitelist /usr/share/lyx | 24 | allow /usr/share/lyx |
25 | whitelist /usr/share/texinfo | 25 | allow /usr/share/texinfo |
26 | whitelist /usr/share/texlive | 26 | allow /usr/share/texlive |
27 | whitelist /usr/share/texmf-dist | 27 | allow /usr/share/texmf-dist |
28 | whitelist /usr/share/tlpkg | 28 | allow /usr/share/tlpkg |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
30 | 30 | ||
31 | apparmor | 31 | apparmor |
diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile index 4637419bf..3a4edcf69 100644 --- a/etc/profile-a-l/sway.profile +++ b/etc/profile-a-l/sway.profile | |||
@@ -7,9 +7,9 @@ include sway.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in sway will run in this profile | 9 | # all applications started in sway will run in this profile |
10 | noblacklist ${HOME}/.config/sway | 10 | nodeny ${HOME}/.config/sway |
11 | # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway | 11 | # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway |
12 | noblacklist ${HOME}/.config/i3 | 12 | nodeny ${HOME}/.config/i3 |
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
diff --git a/etc/profile-m-z/Maelstrom.profile b/etc/profile-m-z/Maelstrom.profile index 62d0a8b3a..e6c43007d 100644 --- a/etc/profile-m-z/Maelstrom.profile +++ b/etc/profile-m-z/Maelstrom.profile | |||
@@ -6,7 +6,7 @@ include Maelstrom.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /var/lib/games/Maelstrom-Scores | 9 | nodeny /var/lib/games/Maelstrom-Scores |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist /var/lib/games | 20 | allow /var/lib/games |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/Mathematica.profile b/etc/profile-m-z/Mathematica.profile index c2734b1c1..bd929d21a 100644 --- a/etc/profile-m-z/Mathematica.profile +++ b/etc/profile-m-z/Mathematica.profile | |||
@@ -5,8 +5,8 @@ include Mathematica.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.Mathematica | 8 | nodeny ${HOME}/.Mathematica |
9 | noblacklist ${HOME}/.Wolfram Research | 9 | nodeny ${HOME}/.Wolfram Research |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-programs.inc | |||
17 | mkdir ${HOME}/.Mathematica | 17 | mkdir ${HOME}/.Mathematica |
18 | mkdir ${HOME}/.Wolfram Research | 18 | mkdir ${HOME}/.Wolfram Research |
19 | mkdir ${HOME}/Documents/Wolfram Mathematica | 19 | mkdir ${HOME}/Documents/Wolfram Mathematica |
20 | whitelist ${HOME}/.Mathematica | 20 | allow ${HOME}/.Mathematica |
21 | whitelist ${HOME}/.Wolfram Research | 21 | allow ${HOME}/.Wolfram Research |
22 | whitelist ${HOME}/Documents/Wolfram Mathematica | 22 | allow ${HOME}/Documents/Wolfram Mathematica |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile index e678b7204..f833b9446 100644 --- a/etc/profile-m-z/PCSX2.profile +++ b/etc/profile-m-z/PCSX2.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # Note: you must whitelist your games folder in your PCSX2.local. | 9 | # Note: you must whitelist your games folder in your PCSX2.local. |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/PCSX2 | 11 | nodeny ${HOME}/.config/PCSX2 |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,7 +21,7 @@ include disable-write-mnt.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.config/PCSX2 | 23 | mkdir ${HOME}/.config/PCSX2 |
24 | whitelist ${HOME}/.config/PCSX2 | 24 | allow ${HOME}/.config/PCSX2 |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/QMediathekView.profile b/etc/profile-m-z/QMediathekView.profile index 86120587b..d7b01fe06 100644 --- a/etc/profile-m-z/QMediathekView.profile +++ b/etc/profile-m-z/QMediathekView.profile | |||
@@ -6,18 +6,18 @@ include QMediathekView.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/QMediathekView | 9 | nodeny ${HOME}/.config/QMediathekView |
10 | noblacklist ${HOME}/.local/share/QMediathekView | 10 | nodeny ${HOME}/.local/share/QMediathekView |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/mpv | 12 | nodeny ${HOME}/.config/mpv |
13 | noblacklist ${HOME}/.config/smplayer | 13 | nodeny ${HOME}/.config/smplayer |
14 | noblacklist ${HOME}/.config/totem | 14 | nodeny ${HOME}/.config/totem |
15 | noblacklist ${HOME}/.config/vlc | 15 | nodeny ${HOME}/.config/vlc |
16 | noblacklist ${HOME}/.config/xplayer | 16 | nodeny ${HOME}/.config/xplayer |
17 | noblacklist ${HOME}/.local/share/totem | 17 | nodeny ${HOME}/.local/share/totem |
18 | noblacklist ${HOME}/.local/share/xplayer | 18 | nodeny ${HOME}/.local/share/xplayer |
19 | noblacklist ${HOME}/.mplayer | 19 | nodeny ${HOME}/.mplayer |
20 | noblacklist ${VIDEOS} | 20 | nodeny ${VIDEOS} |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
@@ -28,7 +28,7 @@ include disable-programs.inc | |||
28 | include disable-shell.inc | 28 | include disable-shell.inc |
29 | include disable-xdg.inc | 29 | include disable-xdg.inc |
30 | 30 | ||
31 | whitelist /usr/share/qtchooser | 31 | allow /usr/share/qtchooser |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-m-z/QOwnNotes.profile b/etc/profile-m-z/QOwnNotes.profile index 660378089..4ca42730a 100644 --- a/etc/profile-m-z/QOwnNotes.profile +++ b/etc/profile-m-z/QOwnNotes.profile | |||
@@ -6,10 +6,10 @@ include QOwnNotes.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${HOME}/Nextcloud/Notes | 10 | nodeny ${HOME}/Nextcloud/Notes |
11 | noblacklist ${HOME}/.config/PBE | 11 | nodeny ${HOME}/.config/PBE |
12 | noblacklist ${HOME}/.local/share/PBE | 12 | nodeny ${HOME}/.local/share/PBE |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -23,10 +23,10 @@ include disable-xdg.inc | |||
23 | mkdir ${HOME}/Nextcloud/Notes | 23 | mkdir ${HOME}/Nextcloud/Notes |
24 | mkdir ${HOME}/.config/PBE | 24 | mkdir ${HOME}/.config/PBE |
25 | mkdir ${HOME}/.local/share/PBE | 25 | mkdir ${HOME}/.local/share/PBE |
26 | whitelist ${DOCUMENTS} | 26 | allow ${DOCUMENTS} |
27 | whitelist ${HOME}/Nextcloud/Notes | 27 | allow ${HOME}/Nextcloud/Notes |
28 | whitelist ${HOME}/.config/PBE | 28 | allow ${HOME}/.config/PBE |
29 | whitelist ${HOME}/.local/share/PBE | 29 | allow ${HOME}/.local/share/PBE |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
diff --git a/etc/profile-m-z/Viber.profile b/etc/profile-m-z/Viber.profile index 3195e39fa..b98847d3a 100644 --- a/etc/profile-m-z/Viber.profile +++ b/etc/profile-m-z/Viber.profile | |||
@@ -5,8 +5,8 @@ include Viber.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.ViberPC | 8 | nodeny ${HOME}/.ViberPC |
9 | noblacklist ${PATH}/dig | 9 | nodeny ${PATH}/dig |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.ViberPC | 18 | mkdir ${HOME}/.ViberPC |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.ViberPC | 20 | allow ${HOME}/.ViberPC |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-m-z/XMind.profile b/etc/profile-m-z/XMind.profile index d78e04595..c9cf7adf7 100644 --- a/etc/profile-m-z/XMind.profile +++ b/etc/profile-m-z/XMind.profile | |||
@@ -5,7 +5,7 @@ include XMind.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.xmind | 8 | nodeny ${HOME}/.xmind |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -15,8 +15,8 @@ include disable-passwdmgr.inc | |||
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.xmind | 17 | mkdir ${HOME}/.xmind |
18 | whitelist ${HOME}/.xmind | 18 | allow ${HOME}/.xmind |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/profile-m-z/Xephyr.profile b/etc/profile-m-z/Xephyr.profile index 5cf5161ce..7ba1cdac9 100644 --- a/etc/profile-m-z/Xephyr.profile +++ b/etc/profile-m-z/Xephyr.profile | |||
@@ -15,7 +15,7 @@ include globals.local | |||
15 | # or run "sudo firecfg" | 15 | # or run "sudo firecfg" |
16 | # | 16 | # |
17 | 17 | ||
18 | whitelist /var/lib/xkb | 18 | allow /var/lib/xkb |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/profile-m-z/Xvfb.profile b/etc/profile-m-z/Xvfb.profile index 1acd43023..a246ccb23 100644 --- a/etc/profile-m-z/Xvfb.profile +++ b/etc/profile-m-z/Xvfb.profile | |||
@@ -18,7 +18,7 @@ include globals.local | |||
18 | # some Linux distributions. Also, older versions of Xpra use Xvfb. | 18 | # some Linux distributions. Also, older versions of Xpra use Xvfb. |
19 | # | 19 | # |
20 | 20 | ||
21 | whitelist /var/lib/xkb | 21 | allow /var/lib/xkb |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-m-z/ZeGrapher.profile b/etc/profile-m-z/ZeGrapher.profile index 7686c3442..4f65ad7d1 100644 --- a/etc/profile-m-z/ZeGrapher.profile +++ b/etc/profile-m-z/ZeGrapher.profile | |||
@@ -6,7 +6,7 @@ include ZeGrapher.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ZeGrapher Project | 9 | nodeny ${HOME}/.config/ZeGrapher Project |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | whitelist /usr/share/ZeGrapher | 19 | allow /usr/share/ZeGrapher |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/io.github.lainsce.Notejot.profile b/etc/profile-m-z/io.github.lainsce.Notejot.profile new file mode 100644 index 000000000..a8029db72 --- /dev/null +++ b/etc/profile-m-z/io.github.lainsce.Notejot.profile | |||
@@ -0,0 +1,61 @@ | |||
1 | # Firejail profile for notejot | ||
2 | # Description: Jot your ideas | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include io.github.lainsce.Notejot.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | nodeny ${HOME}/.cache/io.github.lainsce.Notejot | ||
10 | nodeny ${HOME}/.local/share/io.github.lainsce.Notejot | ||
11 | |||
12 | include disable-common.inc | ||
13 | include disable-devel.inc | ||
14 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | ||
18 | include disable-shell.inc | ||
19 | include disable-xdg.inc | ||
20 | |||
21 | mkdir ${HOME}/.cache/io.github.lainsce.Notejot | ||
22 | mkdir ${HOME}/.local/share/io.github.lainsce.Notejot | ||
23 | allow ${HOME}/.cache/io.github.lainsce.Notejot | ||
24 | allow ${HOME}/.local/share/io.github.lainsce.Notejot | ||
25 | allow /usr/libexec/webkit2gtk-4.0 | ||
26 | include whitelist-common.inc | ||
27 | include whitelist-runuser-common.inc | ||
28 | include whitelist-usr-share-common.inc | ||
29 | include whitelist-var-common.inc | ||
30 | |||
31 | apparmor | ||
32 | caps.drop all | ||
33 | machine-id | ||
34 | net none | ||
35 | no3d | ||
36 | nodvd | ||
37 | nogroups | ||
38 | noinput | ||
39 | nonewprivs | ||
40 | noroot | ||
41 | nosound | ||
42 | notv | ||
43 | nou2f | ||
44 | novideo | ||
45 | protocol unix | ||
46 | seccomp | ||
47 | seccomp.block-secondary | ||
48 | shell none | ||
49 | tracelog | ||
50 | |||
51 | disable-mnt | ||
52 | private-bin io.github.lainsce.Notejot | ||
53 | private-cache | ||
54 | private-dev | ||
55 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | ||
56 | private-tmp | ||
57 | |||
58 | dbus-user filter | ||
59 | dbus-user.own io.github.lainsce.Notejot | ||
60 | dbus-user.talk ca.desrt.dconf | ||
61 | dbus-system none | ||
diff --git a/etc/profile-m-z/macrofusion.profile b/etc/profile-m-z/macrofusion.profile index d1dcb6fe0..763d475bb 100644 --- a/etc/profile-m-z/macrofusion.profile +++ b/etc/profile-m-z/macrofusion.profile | |||
@@ -5,8 +5,8 @@ include macrofusion.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/mfusion | 8 | nodeny ${HOME}/.config/mfusion |
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
diff --git a/etc/profile-m-z/magicor.profile b/etc/profile-m-z/magicor.profile index 8a27b2626..d561a5095 100644 --- a/etc/profile-m-z/magicor.profile +++ b/etc/profile-m-z/magicor.profile | |||
@@ -6,7 +6,7 @@ include magicor.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.magicor | 9 | nodeny ${HOME}/.magicor |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -21,8 +21,8 @@ include disable-shell.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.magicor | 23 | mkdir ${HOME}/.magicor |
24 | whitelist ${HOME}/.magicor | 24 | allow ${HOME}/.magicor |
25 | whitelist /usr/share/magicor | 25 | allow /usr/share/magicor |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile index 513fcae55..a7c486c9f 100644 --- a/etc/profile-m-z/makepkg.profile +++ b/etc/profile-m-z/makepkg.profile | |||
@@ -6,8 +6,8 @@ include makepkg.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | deny /tmp/.X11-unix |
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 | 12 | # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 |
13 | # for potential issues and their solutions when Firejailing makepkg | 13 | # for potential issues and their solutions when Firejailing makepkg |
@@ -17,18 +17,18 @@ blacklist ${RUNUSER}/wayland-* | |||
17 | # whitelist ${HOME}/.gnupg | 17 | # whitelist ${HOME}/.gnupg |
18 | 18 | ||
19 | # Enable severely restricted access to ${HOME}/.gnupg | 19 | # Enable severely restricted access to ${HOME}/.gnupg |
20 | noblacklist ${HOME}/.gnupg | 20 | nodeny ${HOME}/.gnupg |
21 | read-only ${HOME}/.gnupg/gpg.conf | 21 | read-only ${HOME}/.gnupg/gpg.conf |
22 | read-only ${HOME}/.gnupg/trustdb.gpg | 22 | read-only ${HOME}/.gnupg/trustdb.gpg |
23 | read-only ${HOME}/.gnupg/pubring.kbx | 23 | read-only ${HOME}/.gnupg/pubring.kbx |
24 | blacklist ${HOME}/.gnupg/random_seed | 24 | deny ${HOME}/.gnupg/random_seed |
25 | blacklist ${HOME}/.gnupg/pubring.kbx~ | 25 | deny ${HOME}/.gnupg/pubring.kbx~ |
26 | blacklist ${HOME}/.gnupg/private-keys-v1.d | 26 | deny ${HOME}/.gnupg/private-keys-v1.d |
27 | blacklist ${HOME}/.gnupg/crls.d | 27 | deny ${HOME}/.gnupg/crls.d |
28 | blacklist ${HOME}/.gnupg/openpgp-revocs.d | 28 | deny ${HOME}/.gnupg/openpgp-revocs.d |
29 | 29 | ||
30 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. | 30 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. |
31 | noblacklist /var/lib/pacman | 31 | nodeny /var/lib/pacman |
32 | 32 | ||
33 | include disable-common.inc | 33 | include disable-common.inc |
34 | include disable-exec.inc | 34 | include disable-exec.inc |
diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile index bd510fcac..383eeeeb7 100644 --- a/etc/profile-m-z/man.profile +++ b/etc/profile-m-z/man.profile | |||
@@ -7,10 +7,10 @@ include man.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | noblacklist ${HOME}/.local/share/man | 12 | nodeny ${HOME}/.local/share/man |
13 | noblacklist ${HOME}/.rustup | 13 | nodeny ${HOME}/.rustup |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -23,12 +23,12 @@ include disable-xdg.inc | |||
23 | #mkdir ${HOME}/.local/share/man | 23 | #mkdir ${HOME}/.local/share/man |
24 | #whitelist ${HOME}/.local/share/man | 24 | #whitelist ${HOME}/.local/share/man |
25 | #whitelist ${HOME}/.manpath | 25 | #whitelist ${HOME}/.manpath |
26 | whitelist /usr/share/groff | 26 | allow /usr/share/groff |
27 | whitelist /usr/share/info | 27 | allow /usr/share/info |
28 | whitelist /usr/share/lintian | 28 | allow /usr/share/lintian |
29 | whitelist /usr/share/locale | 29 | allow /usr/share/locale |
30 | whitelist /usr/share/man | 30 | allow /usr/share/man |
31 | whitelist /var/cache/man | 31 | allow /var/cache/man |
32 | #include whitelist-common.inc | 32 | #include whitelist-common.inc |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/manaplus.profile b/etc/profile-m-z/manaplus.profile index f59a56ac6..67ee783a6 100644 --- a/etc/profile-m-z/manaplus.profile +++ b/etc/profile-m-z/manaplus.profile | |||
@@ -6,8 +6,8 @@ include manaplus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mana | 9 | nodeny ${HOME}/.config/mana |
10 | noblacklist ${HOME}/.local/share/mana | 10 | nodeny ${HOME}/.local/share/mana |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -21,8 +21,8 @@ include disable-xdg.inc | |||
21 | mkdir ${HOME}/.config/mana | 21 | mkdir ${HOME}/.config/mana |
22 | mkdir ${HOME}/.config/mana/mana | 22 | mkdir ${HOME}/.config/mana/mana |
23 | mkdir ${HOME}/.local/share/mana | 23 | mkdir ${HOME}/.local/share/mana |
24 | whitelist ${HOME}/.config/mana | 24 | allow ${HOME}/.config/mana |
25 | whitelist ${HOME}/.local/share/mana | 25 | allow ${HOME}/.local/share/mana |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile index bd56a8221..7645ad335 100644 --- a/etc/profile-m-z/marker.profile +++ b/etc/profile-m-z/marker.profile | |||
@@ -11,8 +11,8 @@ include globals.local | |||
11 | #protocol unix,inet,inet6 | 11 | #protocol unix,inet,inet6 |
12 | #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf | 12 | #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf |
13 | 13 | ||
14 | noblacklist ${HOME}/.cache/marker | 14 | nodeny ${HOME}/.cache/marker |
15 | noblacklist ${DOCUMENTS} | 15 | nodeny ${DOCUMENTS} |
16 | 16 | ||
17 | include allow-python3.inc | 17 | include allow-python3.inc |
18 | 18 | ||
@@ -25,8 +25,8 @@ include disable-programs.inc | |||
25 | include disable-shell.inc | 25 | include disable-shell.inc |
26 | include disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | whitelist /usr/libexec/webkit2gtk-4.0 | 28 | allow /usr/libexec/webkit2gtk-4.0 |
29 | whitelist /usr/share/com.github.fabiocolacio.marker | 29 | allow /usr/share/com.github.fabiocolacio.marker |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
32 | include whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/masterpdfeditor.profile b/etc/profile-m-z/masterpdfeditor.profile index de1135071..d8b215b7f 100644 --- a/etc/profile-m-z/masterpdfeditor.profile +++ b/etc/profile-m-z/masterpdfeditor.profile | |||
@@ -6,8 +6,8 @@ include masterpdfeditor.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Code Industry | 9 | nodeny ${HOME}/.config/Code Industry |
10 | noblacklist ${HOME}/.masterpdfeditor | 10 | nodeny ${HOME}/.masterpdfeditor |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mate-calc.profile b/etc/profile-m-z/mate-calc.profile index 39ee7439d..92832783e 100644 --- a/etc/profile-m-z/mate-calc.profile +++ b/etc/profile-m-z/mate-calc.profile | |||
@@ -6,7 +6,7 @@ include mate-calc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mate-calc | 9 | nodeny ${HOME}/.config/mate-calc |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-programs.inc | |||
18 | mkdir ${HOME}/.cache/mate-calc | 18 | mkdir ${HOME}/.cache/mate-calc |
19 | mkdir ${HOME}/.config/caja | 19 | mkdir ${HOME}/.config/caja |
20 | mkdir ${HOME}/.config/mate-menu | 20 | mkdir ${HOME}/.config/mate-menu |
21 | whitelist ${HOME}/.cache/mate-calc | 21 | allow ${HOME}/.cache/mate-calc |
22 | whitelist ${HOME}/.config/caja | 22 | allow ${HOME}/.config/caja |
23 | whitelist ${HOME}/.config/mate-menu | 23 | allow ${HOME}/.config/mate-menu |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/mate-dictionary.profile b/etc/profile-m-z/mate-dictionary.profile index ae1fcbf62..90c9d0993 100644 --- a/etc/profile-m-z/mate-dictionary.profile +++ b/etc/profile-m-z/mate-dictionary.profile | |||
@@ -5,7 +5,7 @@ include mate-dictionary.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/mate/mate-dictionary | 8 | nodeny ${HOME}/.config/mate/mate-dictionary |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/mate/mate-dictionary | 18 | mkdir ${HOME}/.config/mate/mate-dictionary |
19 | whitelist ${HOME}/.config/mate/mate-dictionary | 19 | allow ${HOME}/.config/mate/mate-dictionary |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | 21 | ||
22 | apparmor | 22 | apparmor |
diff --git a/etc/profile-m-z/matrix-mirage.profile b/etc/profile-m-z/matrix-mirage.profile index b3080df88..8ee470a50 100644 --- a/etc/profile-m-z/matrix-mirage.profile +++ b/etc/profile-m-z/matrix-mirage.profile | |||
@@ -7,16 +7,16 @@ include matrix-mirage.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/matrix-mirage | 10 | nodeny ${HOME}/.cache/matrix-mirage |
11 | noblacklist ${HOME}/.config/matrix-mirage | 11 | nodeny ${HOME}/.config/matrix-mirage |
12 | noblacklist ${HOME}/.local/share/matrix-mirage | 12 | nodeny ${HOME}/.local/share/matrix-mirage |
13 | 13 | ||
14 | mkdir ${HOME}/.cache/matrix-mirage | 14 | mkdir ${HOME}/.cache/matrix-mirage |
15 | mkdir ${HOME}/.config/matrix-mirage | 15 | mkdir ${HOME}/.config/matrix-mirage |
16 | mkdir ${HOME}/.local/share/matrix-mirage | 16 | mkdir ${HOME}/.local/share/matrix-mirage |
17 | whitelist ${HOME}/.cache/matrix-mirage | 17 | allow ${HOME}/.cache/matrix-mirage |
18 | whitelist ${HOME}/.config/matrix-mirage | 18 | allow ${HOME}/.config/matrix-mirage |
19 | whitelist ${HOME}/.local/share/matrix-mirage | 19 | allow ${HOME}/.local/share/matrix-mirage |
20 | 20 | ||
21 | private-bin matrix-mirage | 21 | private-bin matrix-mirage |
22 | 22 | ||
diff --git a/etc/profile-m-z/mattermost-desktop.profile b/etc/profile-m-z/mattermost-desktop.profile index 3c2bf4fa3..01076a90a 100644 --- a/etc/profile-m-z/mattermost-desktop.profile +++ b/etc/profile-m-z/mattermost-desktop.profile | |||
@@ -10,12 +10,12 @@ ignore apparmor | |||
10 | ignore dbus-user none | 10 | ignore dbus-user none |
11 | ignore dbus-system none | 11 | ignore dbus-system none |
12 | 12 | ||
13 | noblacklist ${HOME}/.config/Mattermost | 13 | nodeny ${HOME}/.config/Mattermost |
14 | 14 | ||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.config/Mattermost | 17 | mkdir ${HOME}/.config/Mattermost |
18 | whitelist ${HOME}/.config/Mattermost | 18 | allow ${HOME}/.config/Mattermost |
19 | 19 | ||
20 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 20 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl |
21 | 21 | ||
diff --git a/etc/profile-m-z/mcabber.profile b/etc/profile-m-z/mcabber.profile index 38d2d8d63..ae749114a 100644 --- a/etc/profile-m-z/mcabber.profile +++ b/etc/profile-m-z/mcabber.profile | |||
@@ -6,8 +6,8 @@ include mcabber.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.mcabber | 9 | nodeny ${HOME}/.mcabber |
10 | noblacklist ${HOME}/.mcabberrc | 10 | nodeny ${HOME}/.mcabberrc |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile index fcd1e24e5..d9e12fb5d 100644 --- a/etc/profile-m-z/mcomix.profile +++ b/etc/profile-m-z/mcomix.profile | |||
@@ -6,9 +6,9 @@ include mcomix.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mcomix | 9 | nodeny ${HOME}/.config/mcomix |
10 | noblacklist ${HOME}/.local/share/mcomix | 10 | nodeny ${HOME}/.local/share/mcomix |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 13 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
14 | include allow-bin-sh.inc | 14 | include allow-bin-sh.inc |
@@ -30,7 +30,7 @@ include disable-xdg.inc | |||
30 | 30 | ||
31 | mkdir ${HOME}/.config/mcomix | 31 | mkdir ${HOME}/.config/mcomix |
32 | mkdir ${HOME}/.local/share/mcomix | 32 | mkdir ${HOME}/.local/share/mcomix |
33 | whitelist /usr/share/mcomix | 33 | allow /usr/share/mcomix |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
36 | include whitelist-runuser-common.inc | 36 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/mdr.profile b/etc/profile-m-z/mdr.profile index 5d3f8dc41..9e8656290 100644 --- a/etc/profile-m-z/mdr.profile +++ b/etc/profile-m-z/mdr.profile | |||
@@ -5,7 +5,7 @@ include mdr.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | blacklist ${RUNUSER}/wayland-* | 8 | deny ${RUNUSER}/wayland-* |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-m-z/mediainfo.profile b/etc/profile-m-z/mediainfo.profile index 17363624f..ae34ea321 100644 --- a/etc/profile-m-z/mediainfo.profile +++ b/etc/profile-m-z/mediainfo.profile | |||
@@ -6,7 +6,7 @@ include mediainfo.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mediathekview.profile b/etc/profile-m-z/mediathekview.profile index 0063badd8..3459ad4cf 100644 --- a/etc/profile-m-z/mediathekview.profile +++ b/etc/profile-m-z/mediathekview.profile | |||
@@ -6,16 +6,16 @@ include mediathekview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mpv | 9 | nodeny ${HOME}/.config/mpv |
10 | noblacklist ${HOME}/.config/smplayer | 10 | nodeny ${HOME}/.config/smplayer |
11 | noblacklist ${HOME}/.config/totem | 11 | nodeny ${HOME}/.config/totem |
12 | noblacklist ${HOME}/.config/vlc | 12 | nodeny ${HOME}/.config/vlc |
13 | noblacklist ${HOME}/.config/xplayer | 13 | nodeny ${HOME}/.config/xplayer |
14 | noblacklist ${HOME}/.local/share/totem | 14 | nodeny ${HOME}/.local/share/totem |
15 | noblacklist ${HOME}/.local/share/xplayer | 15 | nodeny ${HOME}/.local/share/xplayer |
16 | noblacklist ${HOME}/.mediathek3 | 16 | nodeny ${HOME}/.mediathek3 |
17 | noblacklist ${HOME}/.mplayer | 17 | nodeny ${HOME}/.mplayer |
18 | noblacklist ${VIDEOS} | 18 | nodeny ${VIDEOS} |
19 | 19 | ||
20 | # Allow java (blacklisted by disable-devel.inc) | 20 | # Allow java (blacklisted by disable-devel.inc) |
21 | include allow-java.inc | 21 | include allow-java.inc |
diff --git a/etc/profile-m-z/megaglest.profile b/etc/profile-m-z/megaglest.profile index f07b9166a..ad9094ddf 100644 --- a/etc/profile-m-z/megaglest.profile +++ b/etc/profile-m-z/megaglest.profile | |||
@@ -6,7 +6,7 @@ include megaglest.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.megaglest | 9 | nodeny ${HOME}/.megaglest |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.megaglest | 20 | mkdir ${HOME}/.megaglest |
21 | whitelist ${HOME}/.megaglest | 21 | allow ${HOME}/.megaglest |
22 | whitelist /usr/share/megaglest | 22 | allow /usr/share/megaglest |
23 | whitelist /usr/share/games/megaglest # Debian version | 23 | allow /usr/share/games/megaglest # Debian version |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/meld.profile b/etc/profile-m-z/meld.profile index 2a8bb3acf..06ee572c9 100644 --- a/etc/profile-m-z/meld.profile +++ b/etc/profile-m-z/meld.profile | |||
@@ -13,12 +13,12 @@ include globals.local | |||
13 | # Calling it by its absolute path (example for git mergetool): | 13 | # Calling it by its absolute path (example for git mergetool): |
14 | # $ git config --global mergetool.meld.cmd /usr/bin/meld | 14 | # $ git config --global mergetool.meld.cmd /usr/bin/meld |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/meld | 16 | nodeny ${HOME}/.config/meld |
17 | noblacklist ${HOME}/.config/git | 17 | nodeny ${HOME}/.config/git |
18 | noblacklist ${HOME}/.gitconfig | 18 | nodeny ${HOME}/.gitconfig |
19 | noblacklist ${HOME}/.git-credentials | 19 | nodeny ${HOME}/.git-credentials |
20 | noblacklist ${HOME}/.local/share/meld | 20 | nodeny ${HOME}/.local/share/meld |
21 | noblacklist ${HOME}/.subversion | 21 | nodeny ${HOME}/.subversion |
22 | 22 | ||
23 | # Allow python (blacklisted by disable-interpreters.inc) | 23 | # Allow python (blacklisted by disable-interpreters.inc) |
24 | # Python 2 is EOL (see #3164). Add the next line to your meld.local if you understand the risks | 24 | # Python 2 is EOL (see #3164). Add the next line to your meld.local if you understand the risks |
@@ -29,7 +29,7 @@ include allow-python3.inc | |||
29 | # Allow ssh (blacklisted by disable-common.inc) | 29 | # Allow ssh (blacklisted by disable-common.inc) |
30 | include allow-ssh.inc | 30 | include allow-ssh.inc |
31 | 31 | ||
32 | blacklist /usr/libexec | 32 | deny /usr/libexec |
33 | 33 | ||
34 | # Add the next line to your meld.local if you don't need to compare files in disable-common.inc. | 34 | # Add the next line to your meld.local if you don't need to compare files in disable-common.inc. |
35 | #include disable-common.inc | 35 | #include disable-common.inc |
diff --git a/etc/profile-m-z/mendeleydesktop.profile b/etc/profile-m-z/mendeleydesktop.profile index c0bdbb230..e33d6c157 100644 --- a/etc/profile-m-z/mendeleydesktop.profile +++ b/etc/profile-m-z/mendeleydesktop.profile | |||
@@ -6,13 +6,13 @@ include mendeleydesktop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${HOME}/.cache/Mendeley Ltd. | 10 | nodeny ${HOME}/.cache/Mendeley Ltd. |
11 | noblacklist ${HOME}/.config/Mendeley Ltd. | 11 | nodeny ${HOME}/.config/Mendeley Ltd. |
12 | noblacklist ${HOME}/.local/share/Mendeley Ltd. | 12 | nodeny ${HOME}/.local/share/Mendeley Ltd. |
13 | noblacklist ${HOME}/.local/share/data/Mendeley Ltd. | 13 | nodeny ${HOME}/.local/share/data/Mendeley Ltd. |
14 | noblacklist ${HOME}/.pki | 14 | nodeny ${HOME}/.pki |
15 | noblacklist ${HOME}/.local/share/pki | 15 | nodeny ${HOME}/.local/share/pki |
16 | 16 | ||
17 | # Allow python (blacklisted by disable-interpreters.inc) | 17 | # Allow python (blacklisted by disable-interpreters.inc) |
18 | include allow-python2.inc | 18 | include allow-python2.inc |
diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile index 2081b8c96..52808a5b5 100644 --- a/etc/profile-m-z/menulibre.profile +++ b/etc/profile-m-z/menulibre.profile | |||
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | # Whitelist your system icon directory,varies by distro | 21 | # Whitelist your system icon directory,varies by distro |
22 | whitelist /usr/share/app-info | 22 | allow /usr/share/app-info |
23 | whitelist /usr/share/desktop-directories | 23 | allow /usr/share/desktop-directories |
24 | whitelist /usr/share/icons | 24 | allow /usr/share/icons |
25 | whitelist /usr/share/menulibre | 25 | allow /usr/share/menulibre |
26 | whitelist /var/lib/app-info/icons | 26 | allow /var/lib/app-info/icons |
27 | whitelist /var/lib/flatpak/exports/share/applications | 27 | allow /var/lib/flatpak/exports/share/applications |
28 | whitelist /var/lib/flatpak/exports/share/icons | 28 | allow /var/lib/flatpak/exports/share/icons |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/meteo-qt.profile b/etc/profile-m-z/meteo-qt.profile index 85ed7bc74..48f936632 100644 --- a/etc/profile-m-z/meteo-qt.profile +++ b/etc/profile-m-z/meteo-qt.profile | |||
@@ -6,8 +6,8 @@ include meteo-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/autostart | 9 | nodeny ${HOME}/.config/autostart |
10 | noblacklist ${HOME}/.config/meteo-qt | 10 | nodeny ${HOME}/.config/meteo-qt |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python3.inc | 13 | include allow-python3.inc |
@@ -22,8 +22,8 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.config/meteo-qt | 24 | mkdir ${HOME}/.config/meteo-qt |
25 | whitelist ${HOME}/.config/autostart | 25 | allow ${HOME}/.config/autostart |
26 | whitelist ${HOME}/.config/meteo-qt | 26 | allow ${HOME}/.config/meteo-qt |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
diff --git a/etc/profile-m-z/microsoft-edge-beta.profile b/etc/profile-m-z/microsoft-edge-beta.profile new file mode 100644 index 000000000..259d39a5f --- /dev/null +++ b/etc/profile-m-z/microsoft-edge-beta.profile | |||
@@ -0,0 +1,20 @@ | |||
1 | # Firejail profile for Microsoft Edge Beta | ||
2 | # Description: Web browser from Microsoft,beta channel | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include microsoft-edge-beta.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | nodeny ${HOME}/.cache/microsoft-edge-beta | ||
10 | nodeny ${HOME}/.config/microsoft-edge-beta | ||
11 | |||
12 | mkdir ${HOME}/.cache/microsoft-edge-beta | ||
13 | mkdir ${HOME}/.config/microsoft-edge-beta | ||
14 | allow ${HOME}/.cache/microsoft-edge-beta | ||
15 | allow ${HOME}/.config/microsoft-edge-beta | ||
16 | |||
17 | private-opt microsoft | ||
18 | |||
19 | # Redirect | ||
20 | include chromium-common.profile \ No newline at end of file | ||
diff --git a/etc/profile-m-z/microsoft-edge-dev.profile b/etc/profile-m-z/microsoft-edge-dev.profile index 039cd36a8..96465866c 100644 --- a/etc/profile-m-z/microsoft-edge-dev.profile +++ b/etc/profile-m-z/microsoft-edge-dev.profile | |||
@@ -6,13 +6,13 @@ include microsoft-edge-dev.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/microsoft-edge-dev | 9 | nodeny ${HOME}/.cache/microsoft-edge-dev |
10 | noblacklist ${HOME}/.config/microsoft-edge-dev | 10 | nodeny ${HOME}/.config/microsoft-edge-dev |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/microsoft-edge-dev | 12 | mkdir ${HOME}/.cache/microsoft-edge-dev |
13 | mkdir ${HOME}/.config/microsoft-edge-dev | 13 | mkdir ${HOME}/.config/microsoft-edge-dev |
14 | whitelist ${HOME}/.cache/microsoft-edge-dev | 14 | allow ${HOME}/.cache/microsoft-edge-dev |
15 | whitelist ${HOME}/.config/microsoft-edge-dev | 15 | allow ${HOME}/.config/microsoft-edge-dev |
16 | 16 | ||
17 | private-opt microsoft | 17 | private-opt microsoft |
18 | 18 | ||
diff --git a/etc/profile-m-z/midori.profile b/etc/profile-m-z/midori.profile index e15259608..c4a444e0d 100644 --- a/etc/profile-m-z/midori.profile +++ b/etc/profile-m-z/midori.profile | |||
@@ -9,17 +9,17 @@ include globals.local | |||
9 | # noexec ${HOME} breaks DRM binaries. | 9 | # noexec ${HOME} breaks DRM binaries. |
10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
11 | 11 | ||
12 | noblacklist ${HOME}/.cache/midori | 12 | nodeny ${HOME}/.cache/midori |
13 | noblacklist ${HOME}/.config/midori | 13 | nodeny ${HOME}/.config/midori |
14 | noblacklist ${HOME}/.local/share/midori | 14 | nodeny ${HOME}/.local/share/midori |
15 | # noblacklist ${HOME}/.local/share/webkit | 15 | # noblacklist ${HOME}/.local/share/webkit |
16 | # noblacklist ${HOME}/.local/share/webkitgtk | 16 | # noblacklist ${HOME}/.local/share/webkitgtk |
17 | noblacklist ${HOME}/.pki | 17 | nodeny ${HOME}/.pki |
18 | noblacklist ${HOME}/.local/share/pki | 18 | nodeny ${HOME}/.local/share/pki |
19 | 19 | ||
20 | noblacklist ${HOME}/.cache/gnome-mplayer | 20 | nodeny ${HOME}/.cache/gnome-mplayer |
21 | noblacklist ${HOME}/.config/gnome-mplayer | 21 | nodeny ${HOME}/.config/gnome-mplayer |
22 | noblacklist ${HOME}/.lastpass | 22 | nodeny ${HOME}/.lastpass |
23 | 23 | ||
24 | include disable-common.inc | 24 | include disable-common.inc |
25 | include disable-devel.inc | 25 | include disable-devel.inc |
@@ -36,17 +36,17 @@ mkdir ${HOME}/.local/share/webkit | |||
36 | mkdir ${HOME}/.local/share/webkitgtk | 36 | mkdir ${HOME}/.local/share/webkitgtk |
37 | mkdir ${HOME}/.pki | 37 | mkdir ${HOME}/.pki |
38 | mkdir ${HOME}/.local/share/pki | 38 | mkdir ${HOME}/.local/share/pki |
39 | whitelist ${DOWNLOADS} | 39 | allow ${DOWNLOADS} |
40 | whitelist ${HOME}/.cache/gnome-mplayer/plugin | 40 | allow ${HOME}/.cache/gnome-mplayer/plugin |
41 | whitelist ${HOME}/.cache/midori | 41 | allow ${HOME}/.cache/midori |
42 | whitelist ${HOME}/.config/gnome-mplayer | 42 | allow ${HOME}/.config/gnome-mplayer |
43 | whitelist ${HOME}/.config/midori | 43 | allow ${HOME}/.config/midori |
44 | whitelist ${HOME}/.lastpass | 44 | allow ${HOME}/.lastpass |
45 | whitelist ${HOME}/.local/share/midori | 45 | allow ${HOME}/.local/share/midori |
46 | whitelist ${HOME}/.local/share/webkit | 46 | allow ${HOME}/.local/share/webkit |
47 | whitelist ${HOME}/.local/share/webkitgtk | 47 | allow ${HOME}/.local/share/webkitgtk |
48 | whitelist ${HOME}/.pki | 48 | allow ${HOME}/.pki |
49 | whitelist ${HOME}/.local/share/pki | 49 | allow ${HOME}/.local/share/pki |
50 | include whitelist-common.inc | 50 | include whitelist-common.inc |
51 | include whitelist-var-common.inc | 51 | include whitelist-var-common.inc |
52 | 52 | ||
diff --git a/etc/profile-m-z/min.profile b/etc/profile-m-z/min.profile index 7f3aeab44..214332184 100644 --- a/etc/profile-m-z/min.profile +++ b/etc/profile-m-z/min.profile | |||
@@ -6,10 +6,10 @@ include min.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Min | 9 | nodeny ${HOME}/.config/Min |
10 | 10 | ||
11 | mkdir ${HOME}/.config/Min | 11 | mkdir ${HOME}/.config/Min |
12 | whitelist ${HOME}/.config/Min | 12 | allow ${HOME}/.config/Min |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include chromium-common.profile | 15 | include chromium-common.profile |
diff --git a/etc/profile-m-z/mindless.profile b/etc/profile-m-z/mindless.profile index fbf6b58e8..ee8402b87 100644 --- a/etc/profile-m-z/mindless.profile +++ b/etc/profile-m-z/mindless.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/mindless | 18 | allow /usr/share/mindless |
19 | include whitelist-usr-share-common.inc | 19 | include whitelist-usr-share-common.inc |
20 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile index 1028e374a..595313851 100644 --- a/etc/profile-m-z/minecraft-launcher.profile +++ b/etc/profile-m-z/minecraft-launcher.profile | |||
@@ -11,7 +11,7 @@ include globals.local | |||
11 | 11 | ||
12 | ignore noexec ${HOME} | 12 | ignore noexec ${HOME} |
13 | 13 | ||
14 | noblacklist ${HOME}/.minecraft | 14 | nodeny ${HOME}/.minecraft |
15 | 15 | ||
16 | include allow-java.inc | 16 | include allow-java.inc |
17 | 17 | ||
@@ -25,7 +25,7 @@ include disable-shell.inc | |||
25 | include disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | mkdir ${HOME}/.minecraft | 27 | mkdir ${HOME}/.minecraft |
28 | whitelist ${HOME}/.minecraft | 28 | allow ${HOME}/.minecraft |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/minetest.profile b/etc/profile-m-z/minetest.profile index cad1adbda..11d0859b7 100644 --- a/etc/profile-m-z/minetest.profile +++ b/etc/profile-m-z/minetest.profile | |||
@@ -9,8 +9,8 @@ include globals.local | |||
9 | # In order to save in-game screenshots to a persistent location edit ~/.minetest/minetest.conf: | 9 | # In order to save in-game screenshots to a persistent location edit ~/.minetest/minetest.conf: |
10 | # screenshot_path = /home/<USER>/.minetest/screenshots | 10 | # screenshot_path = /home/<USER>/.minetest/screenshots |
11 | 11 | ||
12 | noblacklist ${HOME}/.cache/minetest | 12 | nodeny ${HOME}/.cache/minetest |
13 | noblacklist ${HOME}/.minetest | 13 | nodeny ${HOME}/.minetest |
14 | 14 | ||
15 | # Allow lua (blacklisted by disable-interpreters.inc) | 15 | # Allow lua (blacklisted by disable-interpreters.inc) |
16 | include allow-lua.inc | 16 | include allow-lua.inc |
@@ -26,10 +26,10 @@ include disable-xdg.inc | |||
26 | 26 | ||
27 | mkdir ${HOME}/.cache/minetest | 27 | mkdir ${HOME}/.cache/minetest |
28 | mkdir ${HOME}/.minetest | 28 | mkdir ${HOME}/.minetest |
29 | whitelist ${HOME}/.cache/minetest | 29 | allow ${HOME}/.cache/minetest |
30 | whitelist ${HOME}/.minetest | 30 | allow ${HOME}/.minetest |
31 | whitelist /usr/share/games/minetest | 31 | allow /usr/share/games/minetest |
32 | whitelist /usr/share/minetest | 32 | allow /usr/share/minetest |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-runuser-common.inc | 34 | include whitelist-runuser-common.inc |
35 | include whitelist-usr-share-common.inc | 35 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile index 3fe3428d0..192913dbf 100644 --- a/etc/profile-m-z/minitube.profile +++ b/etc/profile-m-z/minitube.profile | |||
@@ -6,10 +6,10 @@ include minitube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | noblacklist ${HOME}/.cache/Flavio Tordini | 10 | nodeny ${HOME}/.cache/Flavio Tordini |
11 | noblacklist ${HOME}/.config/Flavio Tordini | 11 | nodeny ${HOME}/.config/Flavio Tordini |
12 | noblacklist ${HOME}/.local/share/Flavio Tordini | 12 | nodeny ${HOME}/.local/share/Flavio Tordini |
13 | 13 | ||
14 | include allow-lua.inc | 14 | include allow-lua.inc |
15 | 15 | ||
@@ -25,11 +25,11 @@ include disable-xdg.inc | |||
25 | mkdir ${HOME}/.cache/Flavio Tordini | 25 | mkdir ${HOME}/.cache/Flavio Tordini |
26 | mkdir ${HOME}/.config/Flavio Tordini | 26 | mkdir ${HOME}/.config/Flavio Tordini |
27 | mkdir ${HOME}/.local/share/Flavio Tordini | 27 | mkdir ${HOME}/.local/share/Flavio Tordini |
28 | whitelist ${PICTURES} | 28 | allow ${PICTURES} |
29 | whitelist ${HOME}/.cache/Flavio Tordini | 29 | allow ${HOME}/.cache/Flavio Tordini |
30 | whitelist ${HOME}/.config/Flavio Tordini | 30 | allow ${HOME}/.config/Flavio Tordini |
31 | whitelist ${HOME}/.local/share/Flavio Tordini | 31 | allow ${HOME}/.local/share/Flavio Tordini |
32 | whitelist /usr/share/minitube | 32 | allow /usr/share/minitube |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-runuser-common.inc | 34 | include whitelist-runuser-common.inc |
35 | include whitelist-usr-share-common.inc | 35 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile index 505009283..b2f2cc5b1 100644 --- a/etc/profile-m-z/mirage.profile +++ b/etc/profile-m-z/mirage.profile | |||
@@ -6,10 +6,10 @@ include mirage.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/mirage | 9 | nodeny ${HOME}/.cache/mirage |
10 | noblacklist ${HOME}/.config/mirage | 10 | nodeny ${HOME}/.config/mirage |
11 | noblacklist ${HOME}/.local/share/mirage | 11 | nodeny ${HOME}/.local/share/mirage |
12 | noblacklist /sbin | 12 | nodeny /sbin |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
@@ -27,10 +27,10 @@ include disable-xdg.inc | |||
27 | mkdir ${HOME}/.cache/mirage | 27 | mkdir ${HOME}/.cache/mirage |
28 | mkdir ${HOME}/.config/mirage | 28 | mkdir ${HOME}/.config/mirage |
29 | mkdir ${HOME}/.local/share/mirage | 29 | mkdir ${HOME}/.local/share/mirage |
30 | whitelist ${HOME}/.cache/mirage | 30 | allow ${HOME}/.cache/mirage |
31 | whitelist ${HOME}/.config/mirage | 31 | allow ${HOME}/.config/mirage |
32 | whitelist ${HOME}/.local/share/mirage | 32 | allow ${HOME}/.local/share/mirage |
33 | whitelist ${DOWNLOADS} | 33 | allow ${DOWNLOADS} |
34 | include whitelist-common.inc | 34 | include whitelist-common.inc |
35 | include whitelist-runuser-common.inc | 35 | include whitelist-runuser-common.inc |
36 | include whitelist-usr-share-common.inc | 36 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/mirrormagic.profile b/etc/profile-m-z/mirrormagic.profile index 58dfd56f5..d5ebfd4b0 100644 --- a/etc/profile-m-z/mirrormagic.profile +++ b/etc/profile-m-z/mirrormagic.profile | |||
@@ -6,7 +6,7 @@ include mirrormagic.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.mirrormagic | 9 | nodeny ${HOME}/.mirrormagic |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.mirrormagic | 20 | mkdir ${HOME}/.mirrormagic |
21 | whitelist ${HOME}/.mirrormagic | 21 | allow ${HOME}/.mirrormagic |
22 | whitelist /usr/share/mirrormagic | 22 | allow /usr/share/mirrormagic |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile index e71ba4569..b734bd7c0 100644 --- a/etc/profile-m-z/mocp.profile +++ b/etc/profile-m-z/mocp.profile | |||
@@ -7,8 +7,8 @@ include mocp.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.moc | 10 | nodeny ${HOME}/.moc |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mousepad.profile b/etc/profile-m-z/mousepad.profile index 98063fa7c..a02b29b61 100644 --- a/etc/profile-m-z/mousepad.profile +++ b/etc/profile-m-z/mousepad.profile | |||
@@ -6,7 +6,7 @@ include mousepad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Mousepad | 9 | nodeny ${HOME}/.config/Mousepad |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mp3splt-gtk.profile b/etc/profile-m-z/mp3splt-gtk.profile index 37ce60e04..f47384753 100644 --- a/etc/profile-m-z/mp3splt-gtk.profile +++ b/etc/profile-m-z/mp3splt-gtk.profile | |||
@@ -6,7 +6,7 @@ include mp3splt-gtk.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.mp3splt-gtk | 9 | nodeny ${HOME}/.mp3splt-gtk |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mp3splt.profile b/etc/profile-m-z/mp3splt.profile index 070de8451..8a2ab15bd 100644 --- a/etc/profile-m-z/mp3splt.profile +++ b/etc/profile-m-z/mp3splt.profile | |||
@@ -6,9 +6,9 @@ include mp3splt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mpDris2.profile b/etc/profile-m-z/mpDris2.profile index 55a0b5897..6994b0429 100644 --- a/etc/profile-m-z/mpDris2.profile +++ b/etc/profile-m-z/mpDris2.profile | |||
@@ -6,13 +6,13 @@ include mpDris2.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mpDris2 | 9 | nodeny ${HOME}/.config/mpDris2 |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
13 | include allow-python3.inc | 13 | include allow-python3.inc |
14 | 14 | ||
15 | noblacklist ${MUSIC} | 15 | nodeny ${MUSIC} |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -23,10 +23,10 @@ include disable-programs.inc | |||
23 | include disable-shell.inc | 23 | include disable-shell.inc |
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | whitelist ${MUSIC} | 26 | allow ${MUSIC} |
27 | 27 | ||
28 | mkdir ${HOME}/.config/mpDris2 | 28 | mkdir ${HOME}/.config/mpDris2 |
29 | whitelist ${HOME}/.config/mpDris2 | 29 | allow ${HOME}/.config/mpDris2 |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
diff --git a/etc/profile-m-z/mpd.profile b/etc/profile-m-z/mpd.profile index b517d4ab2..8b3350ac8 100644 --- a/etc/profile-m-z/mpd.profile +++ b/etc/profile-m-z/mpd.profile | |||
@@ -6,10 +6,10 @@ include mpd.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mpd | 9 | nodeny ${HOME}/.config/mpd |
10 | noblacklist ${HOME}/.mpd | 10 | nodeny ${HOME}/.mpd |
11 | noblacklist ${HOME}/.mpdconf | 11 | nodeny ${HOME}/.mpdconf |
12 | noblacklist ${MUSIC} | 12 | nodeny ${MUSIC} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mpg123.profile b/etc/profile-m-z/mpg123.profile index 25187e894..03bd44daa 100644 --- a/etc/profile-m-z/mpg123.profile +++ b/etc/profile-m-z/mpg123.profile | |||
@@ -7,7 +7,7 @@ include mpg123.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mplayer.profile b/etc/profile-m-z/mplayer.profile index 5d023b7f1..84754aeb2 100644 --- a/etc/profile-m-z/mplayer.profile +++ b/etc/profile-m-z/mplayer.profile | |||
@@ -6,7 +6,7 @@ include mplayer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.mplayer | 9 | nodeny ${HOME}/.mplayer |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | 17 | ||
18 | read-only ${DESKTOP} | 18 | read-only ${DESKTOP} |
19 | mkdir ${HOME}/.mplayer | 19 | mkdir ${HOME}/.mplayer |
20 | whitelist ${HOME}/.mplayer | 20 | allow ${HOME}/.mplayer |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-player-common.inc | 22 | include whitelist-player-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile index bfe57a132..d35519103 100644 --- a/etc/profile-m-z/mpsyt.profile +++ b/etc/profile-m-z/mpsyt.profile | |||
@@ -6,12 +6,12 @@ include mpsyt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mps-youtube | 9 | nodeny ${HOME}/.config/mps-youtube |
10 | noblacklist ${HOME}/.config/mpv | 10 | nodeny ${HOME}/.config/mpv |
11 | noblacklist ${HOME}/.config/youtube-dl | 11 | nodeny ${HOME}/.config/youtube-dl |
12 | noblacklist ${HOME}/.mplayer | 12 | nodeny ${HOME}/.mplayer |
13 | noblacklist ${HOME}/.netrc | 13 | nodeny ${HOME}/.netrc |
14 | noblacklist ${HOME}/mps | 14 | nodeny ${HOME}/mps |
15 | 15 | ||
16 | # Allow lua (blacklisted by disable-interpreters.inc) | 16 | # Allow lua (blacklisted by disable-interpreters.inc) |
17 | include allow-lua.inc | 17 | include allow-lua.inc |
@@ -20,8 +20,8 @@ include allow-lua.inc | |||
20 | include allow-python2.inc | 20 | include allow-python2.inc |
21 | include allow-python3.inc | 21 | include allow-python3.inc |
22 | 22 | ||
23 | noblacklist ${MUSIC} | 23 | nodeny ${MUSIC} |
24 | noblacklist ${VIDEOS} | 24 | nodeny ${VIDEOS} |
25 | 25 | ||
26 | include disable-common.inc | 26 | include disable-common.inc |
27 | include disable-devel.inc | 27 | include disable-devel.inc |
@@ -37,12 +37,12 @@ mkdir ${HOME}/.config/mpv | |||
37 | mkdir ${HOME}/.config/youtube-dl | 37 | mkdir ${HOME}/.config/youtube-dl |
38 | mkdir ${HOME}/.mplayer | 38 | mkdir ${HOME}/.mplayer |
39 | mkdir ${HOME}/mps | 39 | mkdir ${HOME}/mps |
40 | whitelist ${HOME}/.config/mps-youtube | 40 | allow ${HOME}/.config/mps-youtube |
41 | whitelist ${HOME}/.config/mpv | 41 | allow ${HOME}/.config/mpv |
42 | whitelist ${HOME}/.config/youtube-dl | 42 | allow ${HOME}/.config/youtube-dl |
43 | whitelist ${HOME}/.mplayer | 43 | allow ${HOME}/.mplayer |
44 | whitelist ${HOME}/.netrc | 44 | allow ${HOME}/.netrc |
45 | whitelist ${HOME}/mps | 45 | allow ${HOME}/mps |
46 | include whitelist-common.inc | 46 | include whitelist-common.inc |
47 | include whitelist-player-common.inc | 47 | include whitelist-player-common.inc |
48 | include whitelist-var-common.inc | 48 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile index af5c214f7..4ea2dd348 100644 --- a/etc/profile-m-z/mpv.profile +++ b/etc/profile-m-z/mpv.profile | |||
@@ -24,9 +24,9 @@ include globals.local | |||
24 | #include allow-bin-sh.inc | 24 | #include allow-bin-sh.inc |
25 | #private-bin sh | 25 | #private-bin sh |
26 | 26 | ||
27 | noblacklist ${HOME}/.config/mpv | 27 | nodeny ${HOME}/.config/mpv |
28 | noblacklist ${HOME}/.config/youtube-dl | 28 | nodeny ${HOME}/.config/youtube-dl |
29 | noblacklist ${HOME}/.netrc | 29 | nodeny ${HOME}/.netrc |
30 | 30 | ||
31 | # Allow lua (blacklisted by disable-interpreters.inc) | 31 | # Allow lua (blacklisted by disable-interpreters.inc) |
32 | include allow-lua.inc | 32 | include allow-lua.inc |
@@ -35,7 +35,7 @@ include allow-lua.inc | |||
35 | include allow-python2.inc | 35 | include allow-python2.inc |
36 | include allow-python3.inc | 36 | include allow-python3.inc |
37 | 37 | ||
38 | blacklist /usr/libexec | 38 | deny /usr/libexec |
39 | 39 | ||
40 | include disable-common.inc | 40 | include disable-common.inc |
41 | include disable-devel.inc | 41 | include disable-devel.inc |
@@ -49,14 +49,14 @@ read-only ${DESKTOP} | |||
49 | mkdir ${HOME}/.config/mpv | 49 | mkdir ${HOME}/.config/mpv |
50 | mkdir ${HOME}/.config/youtube-dl | 50 | mkdir ${HOME}/.config/youtube-dl |
51 | mkfile ${HOME}/.netrc | 51 | mkfile ${HOME}/.netrc |
52 | whitelist ${HOME}/.config/mpv | 52 | allow ${HOME}/.config/mpv |
53 | whitelist ${HOME}/.config/youtube-dl | 53 | allow ${HOME}/.config/youtube-dl |
54 | whitelist ${HOME}/.netrc | 54 | allow ${HOME}/.netrc |
55 | include whitelist-common.inc | 55 | include whitelist-common.inc |
56 | include whitelist-player-common.inc | 56 | include whitelist-player-common.inc |
57 | whitelist /usr/share/lua | 57 | allow /usr/share/lua |
58 | whitelist /usr/share/lua* | 58 | allow /usr/share/lua* |
59 | whitelist /usr/share/vulkan | 59 | allow /usr/share/vulkan |
60 | include whitelist-usr-share-common.inc | 60 | include whitelist-usr-share-common.inc |
61 | include whitelist-var-common.inc | 61 | include whitelist-var-common.inc |
62 | 62 | ||
diff --git a/etc/profile-m-z/mrrescue.profile b/etc/profile-m-z/mrrescue.profile index e3ceb3bd4..a8c49a690 100644 --- a/etc/profile-m-z/mrrescue.profile +++ b/etc/profile-m-z/mrrescue.profile | |||
@@ -6,7 +6,7 @@ include mrrescue.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/love | 9 | nodeny ${HOME}/.local/share/love |
10 | 10 | ||
11 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 11 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
12 | include allow-bin-sh.inc | 12 | include allow-bin-sh.inc |
@@ -14,7 +14,7 @@ include allow-bin-sh.inc | |||
14 | # Allow lua (blacklisted by disable-interpreters.inc) | 14 | # Allow lua (blacklisted by disable-interpreters.inc) |
15 | include allow-lua.inc | 15 | include allow-lua.inc |
16 | 16 | ||
17 | blacklist /usr/libexec | 17 | deny /usr/libexec |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
@@ -26,8 +26,8 @@ include disable-shell.inc | |||
26 | include disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | mkdir ${HOME}/.local/share/love | 28 | mkdir ${HOME}/.local/share/love |
29 | whitelist ${HOME}/.local/share/love | 29 | allow ${HOME}/.local/share/love |
30 | whitelist /usr/share/mrrescue | 30 | allow /usr/share/mrrescue |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
33 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/ms-excel.profile b/etc/profile-m-z/ms-excel.profile index db24e8f9b..5fea86ae7 100644 --- a/etc/profile-m-z/ms-excel.profile +++ b/etc/profile-m-z/ms-excel.profile | |||
@@ -6,7 +6,7 @@ include ms-excel.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/ms-excel-online | 9 | nodeny ${HOME}/.cache/ms-excel-online |
10 | private-bin ms-excel | 10 | private-bin ms-excel |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
diff --git a/etc/profile-m-z/ms-office.profile b/etc/profile-m-z/ms-office.profile index 38fc84ecc..4033627f7 100644 --- a/etc/profile-m-z/ms-office.profile +++ b/etc/profile-m-z/ms-office.profile | |||
@@ -5,8 +5,8 @@ include ms-office.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/ms-office-online | 8 | nodeny ${HOME}/.cache/ms-office-online |
9 | noblacklist ${HOME}/.jak | 9 | nodeny ${HOME}/.jak |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
diff --git a/etc/profile-m-z/ms-onenote.profile b/etc/profile-m-z/ms-onenote.profile index 9ea0637bd..805de5102 100644 --- a/etc/profile-m-z/ms-onenote.profile +++ b/etc/profile-m-z/ms-onenote.profile | |||
@@ -6,7 +6,7 @@ include ms-onenote.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/ms-onenote-online | 9 | nodeny ${HOME}/.cache/ms-onenote-online |
10 | private-bin ms-onenote | 10 | private-bin ms-onenote |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
diff --git a/etc/profile-m-z/ms-outlook.profile b/etc/profile-m-z/ms-outlook.profile index fc3e7c009..bd14fb7d3 100644 --- a/etc/profile-m-z/ms-outlook.profile +++ b/etc/profile-m-z/ms-outlook.profile | |||
@@ -6,7 +6,7 @@ include ms-outlook.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/ms-outlook-online | 9 | nodeny ${HOME}/.cache/ms-outlook-online |
10 | private-bin ms-outlook | 10 | private-bin ms-outlook |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
diff --git a/etc/profile-m-z/ms-powerpoint.profile b/etc/profile-m-z/ms-powerpoint.profile index dadcd5b1e..02a7424e2 100644 --- a/etc/profile-m-z/ms-powerpoint.profile +++ b/etc/profile-m-z/ms-powerpoint.profile | |||
@@ -6,7 +6,7 @@ include ms-powerpoint.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/ms-powerpoint-online | 9 | nodeny ${HOME}/.cache/ms-powerpoint-online |
10 | private-bin ms-powerpoint | 10 | private-bin ms-powerpoint |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
diff --git a/etc/profile-m-z/ms-skype.profile b/etc/profile-m-z/ms-skype.profile index df1618361..01729f9a2 100644 --- a/etc/profile-m-z/ms-skype.profile +++ b/etc/profile-m-z/ms-skype.profile | |||
@@ -8,7 +8,7 @@ include ms-skype.local | |||
8 | 8 | ||
9 | ignore novideo | 9 | ignore novideo |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/ms-skype-online | 11 | nodeny ${HOME}/.cache/ms-skype-online |
12 | 12 | ||
13 | private-bin ms-skype | 13 | private-bin ms-skype |
14 | 14 | ||
diff --git a/etc/profile-m-z/ms-word.profile b/etc/profile-m-z/ms-word.profile index 5a617a893..34cf02128 100644 --- a/etc/profile-m-z/ms-word.profile +++ b/etc/profile-m-z/ms-word.profile | |||
@@ -6,7 +6,7 @@ include ms-word.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/ms-word-online | 9 | nodeny ${HOME}/.cache/ms-word-online |
10 | private-bin ms-word | 10 | private-bin ms-word |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
diff --git a/etc/profile-m-z/mtpaint.profile b/etc/profile-m-z/mtpaint.profile index 85c3ee9f2..ec7cd5d04 100644 --- a/etc/profile-m-z/mtpaint.profile +++ b/etc/profile-m-z/mtpaint.profile | |||
@@ -6,7 +6,7 @@ include mtpaint.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/multimc5.profile b/etc/profile-m-z/multimc5.profile index 6df681df1..447e7753f 100644 --- a/etc/profile-m-z/multimc5.profile +++ b/etc/profile-m-z/multimc5.profile | |||
@@ -5,9 +5,9 @@ include multimc5.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.local/share/multimc | 8 | nodeny ${HOME}/.local/share/multimc |
9 | noblacklist ${HOME}/.local/share/multimc5 | 9 | nodeny ${HOME}/.local/share/multimc5 |
10 | noblacklist ${HOME}/.multimc5 | 10 | nodeny ${HOME}/.multimc5 |
11 | 11 | ||
12 | # Allow java (blacklisted by disable-devel.inc) | 12 | # Allow java (blacklisted by disable-devel.inc) |
13 | include allow-java.inc | 13 | include allow-java.inc |
@@ -22,9 +22,9 @@ include disable-programs.inc | |||
22 | mkdir ${HOME}/.local/share/multimc | 22 | mkdir ${HOME}/.local/share/multimc |
23 | mkdir ${HOME}/.local/share/multimc5 | 23 | mkdir ${HOME}/.local/share/multimc5 |
24 | mkdir ${HOME}/.multimc5 | 24 | mkdir ${HOME}/.multimc5 |
25 | whitelist ${HOME}/.local/share/multimc | 25 | allow ${HOME}/.local/share/multimc |
26 | whitelist ${HOME}/.local/share/multimc5 | 26 | allow ${HOME}/.local/share/multimc5 |
27 | whitelist ${HOME}/.multimc5 | 27 | allow ${HOME}/.multimc5 |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | 29 | ||
30 | caps.drop all | 30 | caps.drop all |
diff --git a/etc/profile-m-z/mumble.profile b/etc/profile-m-z/mumble.profile index c7f59c5ee..1d72e07b8 100644 --- a/etc/profile-m-z/mumble.profile +++ b/etc/profile-m-z/mumble.profile | |||
@@ -6,9 +6,9 @@ include mumble.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Mumble | 9 | nodeny ${HOME}/.config/Mumble |
10 | noblacklist ${HOME}/.local/share/data/Mumble | 10 | nodeny ${HOME}/.local/share/data/Mumble |
11 | noblacklist ${HOME}/.local/share/Mumble | 11 | nodeny ${HOME}/.local/share/Mumble |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,9 +21,9 @@ include disable-shell.inc | |||
21 | mkdir ${HOME}/.config/Mumble | 21 | mkdir ${HOME}/.config/Mumble |
22 | mkdir ${HOME}/.local/share/data/Mumble | 22 | mkdir ${HOME}/.local/share/data/Mumble |
23 | mkdir ${HOME}/.local/share/Mumble | 23 | mkdir ${HOME}/.local/share/Mumble |
24 | whitelist ${HOME}/.config/Mumble | 24 | allow ${HOME}/.config/Mumble |
25 | whitelist ${HOME}/.local/share/data/Mumble | 25 | allow ${HOME}/.local/share/data/Mumble |
26 | whitelist ${HOME}/.local/share/Mumble | 26 | allow ${HOME}/.local/share/Mumble |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
diff --git a/etc/profile-m-z/mupdf-gl.profile b/etc/profile-m-z/mupdf-gl.profile index be94a9083..c208a5e54 100644 --- a/etc/profile-m-z/mupdf-gl.profile +++ b/etc/profile-m-z/mupdf-gl.profile | |||
@@ -7,7 +7,7 @@ include mupdf-gl.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.mupdf.history | 10 | nodeny ${HOME}/.mupdf.history |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
13 | include mupdf.profile | 13 | include mupdf.profile |
diff --git a/etc/profile-m-z/mupdf.profile b/etc/profile-m-z/mupdf.profile index 9e4609c48..e602b1429 100644 --- a/etc/profile-m-z/mupdf.profile +++ b/etc/profile-m-z/mupdf.profile | |||
@@ -6,7 +6,7 @@ include mupdf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mupen64plus.profile b/etc/profile-m-z/mupen64plus.profile index 00983a8f3..ecc7e2957 100644 --- a/etc/profile-m-z/mupen64plus.profile +++ b/etc/profile-m-z/mupen64plus.profile | |||
@@ -6,8 +6,8 @@ include mupen64plus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mupen64plus | 9 | nodeny ${HOME}/.config/mupen64plus |
10 | noblacklist ${HOME}/.local/share/mupen64plus | 10 | nodeny ${HOME}/.local/share/mupen64plus |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | # you'll need to manually whitelist ROM files | 18 | # you'll need to manually whitelist ROM files |
19 | mkdir ${HOME}/.config/mupen64plus | 19 | mkdir ${HOME}/.config/mupen64plus |
20 | mkdir ${HOME}/.local/share/mupen64plus | 20 | mkdir ${HOME}/.local/share/mupen64plus |
21 | whitelist ${HOME}/.config/mupen64plus | 21 | allow ${HOME}/.config/mupen64plus |
22 | whitelist ${HOME}/.local/share/mupen64plus | 22 | allow ${HOME}/.local/share/mupen64plus |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-m-z/musescore.profile b/etc/profile-m-z/musescore.profile index 679e82ae8..aa141f9c0 100644 --- a/etc/profile-m-z/musescore.profile +++ b/etc/profile-m-z/musescore.profile | |||
@@ -6,12 +6,12 @@ include musescore.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/MusE | 9 | nodeny ${HOME}/.config/MusE |
10 | noblacklist ${HOME}/.config/MuseScore | 10 | nodeny ${HOME}/.config/MuseScore |
11 | noblacklist ${HOME}/.local/share/data/MusE | 11 | nodeny ${HOME}/.local/share/data/MusE |
12 | noblacklist ${HOME}/.local/share/data/MuseScore | 12 | nodeny ${HOME}/.local/share/data/MuseScore |
13 | noblacklist ${DOCUMENTS} | 13 | nodeny ${DOCUMENTS} |
14 | noblacklist ${MUSIC} | 14 | nodeny ${MUSIC} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile index 04500ac6a..5ab1303a2 100644 --- a/etc/profile-m-z/musictube.profile +++ b/etc/profile-m-z/musictube.profile | |||
@@ -6,9 +6,9 @@ include musictube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Flavio Tordini | 9 | nodeny ${HOME}/.cache/Flavio Tordini |
10 | noblacklist ${HOME}/.config/Flavio Tordini | 10 | nodeny ${HOME}/.config/Flavio Tordini |
11 | noblacklist ${HOME}/.local/share/Flavio Tordini | 11 | nodeny ${HOME}/.local/share/Flavio Tordini |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,10 +22,10 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.cache/Flavio Tordini | 22 | mkdir ${HOME}/.cache/Flavio Tordini |
23 | mkdir ${HOME}/.config/Flavio Tordini | 23 | mkdir ${HOME}/.config/Flavio Tordini |
24 | mkdir ${HOME}/.local/share/Flavio Tordini | 24 | mkdir ${HOME}/.local/share/Flavio Tordini |
25 | whitelist ${HOME}/.cache/Flavio Tordini | 25 | allow ${HOME}/.cache/Flavio Tordini |
26 | whitelist ${HOME}/.config/Flavio Tordini | 26 | allow ${HOME}/.config/Flavio Tordini |
27 | whitelist ${HOME}/.local/share/Flavio Tordini | 27 | allow ${HOME}/.local/share/Flavio Tordini |
28 | whitelist /usr/share/musictube | 28 | allow /usr/share/musictube |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/musixmatch.profile b/etc/profile-m-z/musixmatch.profile index 74b3e9a5f..9390f9dcf 100644 --- a/etc/profile-m-z/musixmatch.profile +++ b/etc/profile-m-z/musixmatch.profile | |||
@@ -5,7 +5,7 @@ include musixmatch.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${MUSIC} | 8 | nodeny ${MUSIC} |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index debf81659..91606bdfa 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile | |||
@@ -7,36 +7,36 @@ include mutt.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist /var/mail | 10 | nodeny /var/mail |
11 | noblacklist /var/spool/mail | 11 | nodeny /var/spool/mail |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | noblacklist ${HOME}/.Mail | 13 | nodeny ${HOME}/.Mail |
14 | noblacklist ${HOME}/.bogofilter | 14 | nodeny ${HOME}/.bogofilter |
15 | noblacklist ${HOME}/.cache/mutt | 15 | nodeny ${HOME}/.cache/mutt |
16 | noblacklist ${HOME}/.config/mutt | 16 | nodeny ${HOME}/.config/mutt |
17 | noblacklist ${HOME}/.config/nano | 17 | nodeny ${HOME}/.config/nano |
18 | noblacklist ${HOME}/.elinks | 18 | nodeny ${HOME}/.elinks |
19 | noblacklist ${HOME}/.emacs | 19 | nodeny ${HOME}/.emacs |
20 | noblacklist ${HOME}/.emacs.d | 20 | nodeny ${HOME}/.emacs.d |
21 | noblacklist ${HOME}/.gnupg | 21 | nodeny ${HOME}/.gnupg |
22 | noblacklist ${HOME}/.mail | 22 | nodeny ${HOME}/.mail |
23 | noblacklist ${HOME}/.mailcap | 23 | nodeny ${HOME}/.mailcap |
24 | noblacklist ${HOME}/.msmtprc | 24 | nodeny ${HOME}/.msmtprc |
25 | noblacklist ${HOME}/.mutt | 25 | nodeny ${HOME}/.mutt |
26 | noblacklist ${HOME}/.muttrc | 26 | nodeny ${HOME}/.muttrc |
27 | noblacklist ${HOME}/.nanorc | 27 | nodeny ${HOME}/.nanorc |
28 | noblacklist ${HOME}/.signature | 28 | nodeny ${HOME}/.signature |
29 | noblacklist ${HOME}/.vim | 29 | nodeny ${HOME}/.vim |
30 | noblacklist ${HOME}/.viminfo | 30 | nodeny ${HOME}/.viminfo |
31 | noblacklist ${HOME}/.vimrc | 31 | nodeny ${HOME}/.vimrc |
32 | noblacklist ${HOME}/.w3m | 32 | nodeny ${HOME}/.w3m |
33 | noblacklist ${HOME}/Mail | 33 | nodeny ${HOME}/Mail |
34 | noblacklist ${HOME}/mail | 34 | nodeny ${HOME}/mail |
35 | noblacklist ${HOME}/postponed | 35 | nodeny ${HOME}/postponed |
36 | noblacklist ${HOME}/sent | 36 | nodeny ${HOME}/sent |
37 | 37 | ||
38 | blacklist /tmp/.X11-unix | 38 | deny /tmp/.X11-unix |
39 | blacklist ${RUNUSER}/wayland-* | 39 | deny ${RUNUSER}/wayland-* |
40 | 40 | ||
41 | # Add the next lines to your mutt.local for oauth.py,S/MIME support. | 41 | # Add the next lines to your mutt.local for oauth.py,S/MIME support. |
42 | #include allow-perl.inc | 42 | #include allow-perl.inc |
@@ -75,37 +75,37 @@ mkfile ${HOME}/.nanorc | |||
75 | mkfile ${HOME}/.signature | 75 | mkfile ${HOME}/.signature |
76 | mkfile ${HOME}/.viminfo | 76 | mkfile ${HOME}/.viminfo |
77 | mkfile ${HOME}/.vimrc | 77 | mkfile ${HOME}/.vimrc |
78 | whitelist ${DOCUMENTS} | 78 | allow ${DOCUMENTS} |
79 | whitelist ${DOWNLOADS} | 79 | allow ${DOWNLOADS} |
80 | whitelist ${HOME}/.Mail | 80 | allow ${HOME}/.Mail |
81 | whitelist ${HOME}/.bogofilter | 81 | allow ${HOME}/.bogofilter |
82 | whitelist ${HOME}/.cache/mutt | 82 | allow ${HOME}/.cache/mutt |
83 | whitelist ${HOME}/.config/mutt | 83 | allow ${HOME}/.config/mutt |
84 | whitelist ${HOME}/.config/nano | 84 | allow ${HOME}/.config/nano |
85 | whitelist ${HOME}/.elinks | 85 | allow ${HOME}/.elinks |
86 | whitelist ${HOME}/.emacs | 86 | allow ${HOME}/.emacs |
87 | whitelist ${HOME}/.emacs.d | 87 | allow ${HOME}/.emacs.d |
88 | whitelist ${HOME}/.gnupg | 88 | allow ${HOME}/.gnupg |
89 | whitelist ${HOME}/.mail | 89 | allow ${HOME}/.mail |
90 | whitelist ${HOME}/.mailcap | 90 | allow ${HOME}/.mailcap |
91 | whitelist ${HOME}/.msmtprc | 91 | allow ${HOME}/.msmtprc |
92 | whitelist ${HOME}/.mutt | 92 | allow ${HOME}/.mutt |
93 | whitelist ${HOME}/.muttrc | 93 | allow ${HOME}/.muttrc |
94 | whitelist ${HOME}/.nanorc | 94 | allow ${HOME}/.nanorc |
95 | whitelist ${HOME}/.signature | 95 | allow ${HOME}/.signature |
96 | whitelist ${HOME}/.vim | 96 | allow ${HOME}/.vim |
97 | whitelist ${HOME}/.viminfo | 97 | allow ${HOME}/.viminfo |
98 | whitelist ${HOME}/.vimrc | 98 | allow ${HOME}/.vimrc |
99 | whitelist ${HOME}/.w3m | 99 | allow ${HOME}/.w3m |
100 | whitelist ${HOME}/Mail | 100 | allow ${HOME}/Mail |
101 | whitelist ${HOME}/mail | 101 | allow ${HOME}/mail |
102 | whitelist ${HOME}/postponed | 102 | allow ${HOME}/postponed |
103 | whitelist ${HOME}/sent | 103 | allow ${HOME}/sent |
104 | whitelist /usr/share/gnupg | 104 | allow /usr/share/gnupg |
105 | whitelist /usr/share/gnupg2 | 105 | allow /usr/share/gnupg2 |
106 | whitelist /usr/share/mutt | 106 | allow /usr/share/mutt |
107 | whitelist /var/mail | 107 | allow /var/mail |
108 | whitelist /var/spool/mail | 108 | allow /var/spool/mail |
109 | include whitelist-common.inc | 109 | include whitelist-common.inc |
110 | include whitelist-runuser-common.inc | 110 | include whitelist-runuser-common.inc |
111 | include whitelist-usr-share-common.inc | 111 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/mypaint.profile b/etc/profile-m-z/mypaint.profile index d8d487fe7..19af47498 100644 --- a/etc/profile-m-z/mypaint.profile +++ b/etc/profile-m-z/mypaint.profile | |||
@@ -6,10 +6,10 @@ include mypaint.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/mypaint | 9 | nodeny ${HOME}/.cache/mypaint |
10 | noblacklist ${HOME}/.config/mypaint | 10 | nodeny ${HOME}/.config/mypaint |
11 | noblacklist ${HOME}/.local/share/mypaint | 11 | nodeny ${HOME}/.local/share/mypaint |
12 | noblacklist ${PICTURES} | 12 | nodeny ${PICTURES} |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile index 4698c2287..f0553bed5 100644 --- a/etc/profile-m-z/nano.profile +++ b/etc/profile-m-z/nano.profile | |||
@@ -7,10 +7,10 @@ include nano.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/nano | 12 | nodeny ${HOME}/.config/nano |
13 | noblacklist ${HOME}/.nanorc | 13 | nodeny ${HOME}/.nanorc |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | whitelist /usr/share/nano | 22 | allow /usr/share/nano |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | 24 | ||
25 | apparmor | 25 | apparmor |
diff --git a/etc/profile-m-z/natron.profile b/etc/profile-m-z/natron.profile index 5bf152f84..35d152748 100644 --- a/etc/profile-m-z/natron.profile +++ b/etc/profile-m-z/natron.profile | |||
@@ -5,9 +5,9 @@ include natron.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.Natron | 8 | nodeny ${HOME}/.Natron |
9 | noblacklist ${HOME}/.cache/INRIA/Natron | 9 | nodeny ${HOME}/.cache/INRIA/Natron |
10 | noblacklist ${HOME}/.config/INRIA | 10 | nodeny ${HOME}/.config/INRIA |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-m-z/ncdu.profile b/etc/profile-m-z/ncdu.profile index 063e30366..38646dc90 100644 --- a/etc/profile-m-z/ncdu.profile +++ b/etc/profile-m-z/ncdu.profile | |||
@@ -6,7 +6,7 @@ include ncdu.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | 12 | ||
diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile index 9f00448c8..ceb885908 100644 --- a/etc/profile-m-z/neochat.profile +++ b/etc/profile-m-z/neochat.profile | |||
@@ -6,12 +6,12 @@ include neochat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/KDE/neochat | 9 | nodeny ${HOME}/.cache/KDE/neochat |
10 | noblacklist ${HOME}/.config/KDE | 10 | nodeny ${HOME}/.config/KDE |
11 | noblacklist ${HOME}/.config/KDE/neochat | 11 | nodeny ${HOME}/.config/KDE/neochat |
12 | noblacklist ${HOME}/.config/neochatrc | 12 | nodeny ${HOME}/.config/neochatrc |
13 | noblacklist ${HOME}/.config/neochat.notifyrc | 13 | nodeny ${HOME}/.config/neochat.notifyrc |
14 | noblacklist ${HOME}/.local/share/KDE/neochat | 14 | nodeny ${HOME}/.local/share/KDE/neochat |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -24,9 +24,9 @@ include disable-xdg.inc | |||
24 | 24 | ||
25 | mkdir ${HOME}/.cache/KDE/neochat | 25 | mkdir ${HOME}/.cache/KDE/neochat |
26 | mkdir ${HOME}/.local/share/KDE/neochat | 26 | mkdir ${HOME}/.local/share/KDE/neochat |
27 | whitelist ${HOME}/.cache/KDE/neochat | 27 | allow ${HOME}/.cache/KDE/neochat |
28 | whitelist ${HOME}/.local/share/KDE/neochat | 28 | allow ${HOME}/.local/share/KDE/neochat |
29 | whitelist ${DOWNLOADS} | 29 | allow ${DOWNLOADS} |
30 | include whitelist-1793-workaround.inc | 30 | include whitelist-1793-workaround.inc |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index fafa129e4..939d6f111 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile | |||
@@ -7,38 +7,38 @@ include neomutt.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${HOME}/.Mail | 11 | nodeny ${HOME}/.Mail |
12 | noblacklist ${HOME}/.bogofilter | 12 | nodeny ${HOME}/.bogofilter |
13 | noblacklist ${HOME}/.config/mutt | 13 | nodeny ${HOME}/.config/mutt |
14 | noblacklist ${HOME}/.config/nano | 14 | nodeny ${HOME}/.config/nano |
15 | noblacklist ${HOME}/.config/neomutt | 15 | nodeny ${HOME}/.config/neomutt |
16 | noblacklist ${HOME}/.elinks | 16 | nodeny ${HOME}/.elinks |
17 | noblacklist ${HOME}/.emacs | 17 | nodeny ${HOME}/.emacs |
18 | noblacklist ${HOME}/.emacs.d | 18 | nodeny ${HOME}/.emacs.d |
19 | noblacklist ${HOME}/.gnupg | 19 | nodeny ${HOME}/.gnupg |
20 | noblacklist ${HOME}/.mail | 20 | nodeny ${HOME}/.mail |
21 | noblacklist ${HOME}/.mailcap | 21 | nodeny ${HOME}/.mailcap |
22 | noblacklist ${HOME}/.msmtprc | 22 | nodeny ${HOME}/.msmtprc |
23 | noblacklist ${HOME}/.mutt | 23 | nodeny ${HOME}/.mutt |
24 | noblacklist ${HOME}/.muttrc | 24 | nodeny ${HOME}/.muttrc |
25 | noblacklist ${HOME}/.nanorc | 25 | nodeny ${HOME}/.nanorc |
26 | noblacklist ${HOME}/.neomutt | 26 | nodeny ${HOME}/.neomutt |
27 | noblacklist ${HOME}/.neomuttrc | 27 | nodeny ${HOME}/.neomuttrc |
28 | noblacklist ${HOME}/.signature | 28 | nodeny ${HOME}/.signature |
29 | noblacklist ${HOME}/.vim | 29 | nodeny ${HOME}/.vim |
30 | noblacklist ${HOME}/.viminfo | 30 | nodeny ${HOME}/.viminfo |
31 | noblacklist ${HOME}/.vimrc | 31 | nodeny ${HOME}/.vimrc |
32 | noblacklist ${HOME}/.w3m | 32 | nodeny ${HOME}/.w3m |
33 | noblacklist ${HOME}/Mail | 33 | nodeny ${HOME}/Mail |
34 | noblacklist ${HOME}/mail | 34 | nodeny ${HOME}/mail |
35 | noblacklist ${HOME}/postponed | 35 | nodeny ${HOME}/postponed |
36 | noblacklist ${HOME}/sent | 36 | nodeny ${HOME}/sent |
37 | noblacklist /var/mail | 37 | nodeny /var/mail |
38 | noblacklist /var/spool/mail | 38 | nodeny /var/spool/mail |
39 | 39 | ||
40 | blacklist /tmp/.X11-unix | 40 | deny /tmp/.X11-unix |
41 | blacklist ${RUNUSER}/wayland-* | 41 | deny ${RUNUSER}/wayland-* |
42 | 42 | ||
43 | include allow-lua.inc | 43 | include allow-lua.inc |
44 | 44 | ||
@@ -76,39 +76,39 @@ mkfile ${HOME}/.neomuttrc | |||
76 | mkfile ${HOME}/.signature | 76 | mkfile ${HOME}/.signature |
77 | mkfile ${HOME}/.viminfo | 77 | mkfile ${HOME}/.viminfo |
78 | mkfile ${HOME}/.vimrc | 78 | mkfile ${HOME}/.vimrc |
79 | whitelist ${DOCUMENTS} | 79 | allow ${DOCUMENTS} |
80 | whitelist ${DOWNLOADS} | 80 | allow ${DOWNLOADS} |
81 | whitelist ${HOME}/.Mail | 81 | allow ${HOME}/.Mail |
82 | whitelist ${HOME}/.bogofilter | 82 | allow ${HOME}/.bogofilter |
83 | whitelist ${HOME}/.config/mutt | 83 | allow ${HOME}/.config/mutt |
84 | whitelist ${HOME}/.config/nano | 84 | allow ${HOME}/.config/nano |
85 | whitelist ${HOME}/.config/neomutt | 85 | allow ${HOME}/.config/neomutt |
86 | whitelist ${HOME}/.elinks | 86 | allow ${HOME}/.elinks |
87 | whitelist ${HOME}/.emacs | 87 | allow ${HOME}/.emacs |
88 | whitelist ${HOME}/.emacs.d | 88 | allow ${HOME}/.emacs.d |
89 | whitelist ${HOME}/.gnupg | 89 | allow ${HOME}/.gnupg |
90 | whitelist ${HOME}/.mail | 90 | allow ${HOME}/.mail |
91 | whitelist ${HOME}/.mailcap | 91 | allow ${HOME}/.mailcap |
92 | whitelist ${HOME}/.msmtprc | 92 | allow ${HOME}/.msmtprc |
93 | whitelist ${HOME}/.mutt | 93 | allow ${HOME}/.mutt |
94 | whitelist ${HOME}/.muttrc | 94 | allow ${HOME}/.muttrc |
95 | whitelist ${HOME}/.nanorc | 95 | allow ${HOME}/.nanorc |
96 | whitelist ${HOME}/.neomutt | 96 | allow ${HOME}/.neomutt |
97 | whitelist ${HOME}/.neomuttrc | 97 | allow ${HOME}/.neomuttrc |
98 | whitelist ${HOME}/.signature | 98 | allow ${HOME}/.signature |
99 | whitelist ${HOME}/.vim | 99 | allow ${HOME}/.vim |
100 | whitelist ${HOME}/.viminfo | 100 | allow ${HOME}/.viminfo |
101 | whitelist ${HOME}/.vimrc | 101 | allow ${HOME}/.vimrc |
102 | whitelist ${HOME}/.w3m | 102 | allow ${HOME}/.w3m |
103 | whitelist ${HOME}/Mail | 103 | allow ${HOME}/Mail |
104 | whitelist ${HOME}/mail | 104 | allow ${HOME}/mail |
105 | whitelist ${HOME}/postponed | 105 | allow ${HOME}/postponed |
106 | whitelist ${HOME}/sent | 106 | allow ${HOME}/sent |
107 | whitelist /usr/share/gnupg | 107 | allow /usr/share/gnupg |
108 | whitelist /usr/share/gnupg2 | 108 | allow /usr/share/gnupg2 |
109 | whitelist /usr/share/neomutt | 109 | allow /usr/share/neomutt |
110 | whitelist /var/mail | 110 | allow /var/mail |
111 | whitelist /var/spool/mail | 111 | allow /var/spool/mail |
112 | include whitelist-common.inc | 112 | include whitelist-common.inc |
113 | include whitelist-runuser-common.inc | 113 | include whitelist-runuser-common.inc |
114 | include whitelist-usr-share-common.inc | 114 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/netactview.profile b/etc/profile-m-z/netactview.profile index 5d45dd7bc..68297c110 100644 --- a/etc/profile-m-z/netactview.profile +++ b/etc/profile-m-z/netactview.profile | |||
@@ -6,7 +6,7 @@ include netactview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.netactview | 9 | nodeny ${HOME}/.netactview |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/.netactview | 20 | mkfile ${HOME}/.netactview |
21 | whitelist ${HOME}/.netactview | 21 | allow ${HOME}/.netactview |
22 | whitelist /usr/share/netactview | 22 | allow /usr/share/netactview |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/nethack-vultures.profile b/etc/profile-m-z/nethack-vultures.profile index c9a537370..d5bf8a52a 100644 --- a/etc/profile-m-z/nethack-vultures.profile +++ b/etc/profile-m-z/nethack-vultures.profile | |||
@@ -6,7 +6,7 @@ include nethack.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.vultures | 9 | nodeny ${HOME}/.vultures |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.vultures | 18 | mkdir ${HOME}/.vultures |
19 | whitelist ${HOME}/.vultures | 19 | allow ${HOME}/.vultures |
20 | whitelist /var/log/vultures | 20 | allow /var/log/vultures |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/nethack.profile b/etc/profile-m-z/nethack.profile index b57abe260..23b57bb52 100644 --- a/etc/profile-m-z/nethack.profile +++ b/etc/profile-m-z/nethack.profile | |||
@@ -6,7 +6,7 @@ include nethack.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /var/games/nethack | 9 | nodeny /var/games/nethack |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -15,7 +15,7 @@ include disable-interpreters.inc | |||
15 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | whitelist /var/games/nethack | 18 | allow /var/games/nethack |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
diff --git a/etc/profile-m-z/netsurf.profile b/etc/profile-m-z/netsurf.profile index 0ddb7bbbe..b099d6f0c 100644 --- a/etc/profile-m-z/netsurf.profile +++ b/etc/profile-m-z/netsurf.profile | |||
@@ -6,8 +6,8 @@ include netsurf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/netsurf | 9 | nodeny ${HOME}/.cache/netsurf |
10 | noblacklist ${HOME}/.config/netsurf | 10 | nodeny ${HOME}/.config/netsurf |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-programs.inc | |||
16 | 16 | ||
17 | mkdir ${HOME}/.cache/netsurf | 17 | mkdir ${HOME}/.cache/netsurf |
18 | mkdir ${HOME}/.config/netsurf | 18 | mkdir ${HOME}/.config/netsurf |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.cache/netsurf | 20 | allow ${HOME}/.cache/netsurf |
21 | whitelist ${HOME}/.config/netsurf | 21 | allow ${HOME}/.config/netsurf |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-m-z/neverball.profile b/etc/profile-m-z/neverball.profile index ecfbb14e4..dad90a66c 100644 --- a/etc/profile-m-z/neverball.profile +++ b/etc/profile-m-z/neverball.profile | |||
@@ -6,7 +6,7 @@ include neverball.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.neverball | 9 | nodeny ${HOME}/.neverball |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.neverball | 20 | mkdir ${HOME}/.neverball |
21 | whitelist ${HOME}/.neverball | 21 | allow ${HOME}/.neverball |
22 | whitelist /usr/share/neverball | 22 | allow /usr/share/neverball |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/newsbeuter.profile b/etc/profile-m-z/newsbeuter.profile index 6efb19502..c26ba4be0 100644 --- a/etc/profile-m-z/newsbeuter.profile +++ b/etc/profile-m-z/newsbeuter.profile | |||
@@ -11,15 +11,15 @@ ignore include newsboat.local | |||
11 | ignore mkdir ${HOME}/.config/newsboat | 11 | ignore mkdir ${HOME}/.config/newsboat |
12 | ignore mkdir ${HOME}/.local/share/newsboat | 12 | ignore mkdir ${HOME}/.local/share/newsboat |
13 | ignore mkdir ${HOME}/.newsboat | 13 | ignore mkdir ${HOME}/.newsboat |
14 | blacklist ${PATH}/newsboat | 14 | deny ${PATH}/newsboat |
15 | 15 | ||
16 | blacklist ${HOME}/.config/newsboat | 16 | deny ${HOME}/.config/newsboat |
17 | blacklist ${HOME}/.local/share/newsboat | 17 | deny ${HOME}/.local/share/newsboat |
18 | blacklist ${HOME}/.newsboat | 18 | deny ${HOME}/.newsboat |
19 | 19 | ||
20 | nowhitelist ${HOME}/.config/newsboat | 20 | noallow ${HOME}/.config/newsboat |
21 | nowhitelist ${HOME}/.local/share/newsboat | 21 | noallow ${HOME}/.local/share/newsboat |
22 | nowhitelist ${HOME}/.newsboat | 22 | noallow ${HOME}/.newsboat |
23 | 23 | ||
24 | mkdir ${HOME}/.config/newsbeuter | 24 | mkdir ${HOME}/.config/newsbeuter |
25 | mkdir ${HOME}/.local/share/newsbeuter | 25 | mkdir ${HOME}/.local/share/newsbeuter |
diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile index 13bc3a615..e34752b55 100644 --- a/etc/profile-m-z/newsboat.profile +++ b/etc/profile-m-z/newsboat.profile | |||
@@ -6,12 +6,12 @@ include newsboat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/newsbeuter | 9 | nodeny ${HOME}/.config/newsbeuter |
10 | noblacklist ${HOME}/.config/newsboat | 10 | nodeny ${HOME}/.config/newsboat |
11 | noblacklist ${HOME}/.local/share/newsbeuter | 11 | nodeny ${HOME}/.local/share/newsbeuter |
12 | noblacklist ${HOME}/.local/share/newsboat | 12 | nodeny ${HOME}/.local/share/newsboat |
13 | noblacklist ${HOME}/.newsbeuter | 13 | nodeny ${HOME}/.newsbeuter |
14 | noblacklist ${HOME}/.newsboat | 14 | nodeny ${HOME}/.newsboat |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -24,12 +24,12 @@ include disable-xdg.inc | |||
24 | mkdir ${HOME}/.config/newsboat | 24 | mkdir ${HOME}/.config/newsboat |
25 | mkdir ${HOME}/.local/share/newsboat | 25 | mkdir ${HOME}/.local/share/newsboat |
26 | mkdir ${HOME}/.newsboat | 26 | mkdir ${HOME}/.newsboat |
27 | whitelist ${HOME}/.config/newsbeuter | 27 | allow ${HOME}/.config/newsbeuter |
28 | whitelist ${HOME}/.config/newsboat | 28 | allow ${HOME}/.config/newsboat |
29 | whitelist ${HOME}/.local/share/newsbeuter | 29 | allow ${HOME}/.local/share/newsbeuter |
30 | whitelist ${HOME}/.local/share/newsboat | 30 | allow ${HOME}/.local/share/newsboat |
31 | whitelist ${HOME}/.newsbeuter | 31 | allow ${HOME}/.newsbeuter |
32 | whitelist ${HOME}/.newsboat | 32 | allow ${HOME}/.newsboat |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-runuser-common.inc | 34 | include whitelist-runuser-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/newsflash.profile b/etc/profile-m-z/newsflash.profile index 18d8c6ed4..273628ea2 100644 --- a/etc/profile-m-z/newsflash.profile +++ b/etc/profile-m-z/newsflash.profile | |||
@@ -6,9 +6,9 @@ include newsflash.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/NewsFlashGTK | 9 | nodeny ${HOME}/.cache/NewsFlashGTK |
10 | noblacklist ${HOME}/.config/news-flash | 10 | nodeny ${HOME}/.config/news-flash |
11 | noblacklist ${HOME}/.local/share/news-flash | 11 | nodeny ${HOME}/.local/share/news-flash |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,9 +22,9 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.cache/NewsFlashGTK | 22 | mkdir ${HOME}/.cache/NewsFlashGTK |
23 | mkdir ${HOME}/.config/news-flash | 23 | mkdir ${HOME}/.config/news-flash |
24 | mkdir ${HOME}/.local/share/news-flash | 24 | mkdir ${HOME}/.local/share/news-flash |
25 | whitelist ${HOME}/.cache/NewsFlashGTK | 25 | allow ${HOME}/.cache/NewsFlashGTK |
26 | whitelist ${HOME}/.config/news-flash | 26 | allow ${HOME}/.config/news-flash |
27 | whitelist ${HOME}/.local/share/news-flash | 27 | allow ${HOME}/.local/share/news-flash |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile index 9fd76fbe7..7ba46691d 100644 --- a/etc/profile-m-z/nextcloud.profile +++ b/etc/profile-m-z/nextcloud.profile | |||
@@ -6,9 +6,9 @@ include nextcloud.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/Nextcloud | 9 | nodeny ${HOME}/Nextcloud |
10 | noblacklist ${HOME}/.config/Nextcloud | 10 | nodeny ${HOME}/.config/Nextcloud |
11 | noblacklist ${HOME}/.local/share/Nextcloud | 11 | nodeny ${HOME}/.local/share/Nextcloud |
12 | # Add the next lines to your nextcloud.local to allow sync in more directories. | 12 | # Add the next lines to your nextcloud.local to allow sync in more directories. |
13 | #noblacklist ${DOCUMENTS} | 13 | #noblacklist ${DOCUMENTS} |
14 | #noblacklist ${MUSIC} | 14 | #noblacklist ${MUSIC} |
@@ -27,9 +27,9 @@ include disable-xdg.inc | |||
27 | mkdir ${HOME}/Nextcloud | 27 | mkdir ${HOME}/Nextcloud |
28 | mkdir ${HOME}/.config/Nextcloud | 28 | mkdir ${HOME}/.config/Nextcloud |
29 | mkdir ${HOME}/.local/share/Nextcloud | 29 | mkdir ${HOME}/.local/share/Nextcloud |
30 | whitelist ${HOME}/Nextcloud | 30 | allow ${HOME}/Nextcloud |
31 | whitelist ${HOME}/.config/Nextcloud | 31 | allow ${HOME}/.config/Nextcloud |
32 | whitelist ${HOME}/.local/share/Nextcloud | 32 | allow ${HOME}/.local/share/Nextcloud |
33 | # Add the next lines to your nextcloud.local to allow sync in more directories. | 33 | # Add the next lines to your nextcloud.local to allow sync in more directories. |
34 | #whitelist ${DOCUMENTS} | 34 | #whitelist ${DOCUMENTS} |
35 | #whitelist ${MUSIC} | 35 | #whitelist ${MUSIC} |
diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile index f8062891c..0149e0737 100644 --- a/etc/profile-m-z/nheko.profile +++ b/etc/profile-m-z/nheko.profile | |||
@@ -6,9 +6,9 @@ include nheko.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/nheko | 9 | nodeny ${HOME}/.cache/nheko |
10 | noblacklist ${HOME}/.config/nheko | 10 | nodeny ${HOME}/.config/nheko |
11 | noblacklist ${HOME}/.local/share/nheko | 11 | nodeny ${HOME}/.local/share/nheko |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,10 +22,10 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.cache/nheko | 22 | mkdir ${HOME}/.cache/nheko |
23 | mkdir ${HOME}/.config/nheko | 23 | mkdir ${HOME}/.config/nheko |
24 | mkdir ${HOME}/.local/share/nheko | 24 | mkdir ${HOME}/.local/share/nheko |
25 | whitelist ${HOME}/.cache/nheko | 25 | allow ${HOME}/.cache/nheko |
26 | whitelist ${HOME}/.config/nheko | 26 | allow ${HOME}/.config/nheko |
27 | whitelist ${HOME}/.local/share/nheko | 27 | allow ${HOME}/.local/share/nheko |
28 | whitelist ${DOWNLOADS} | 28 | allow ${DOWNLOADS} |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/nicotine.profile b/etc/profile-m-z/nicotine.profile index 1c7dbc009..b31a7babf 100644 --- a/etc/profile-m-z/nicotine.profile +++ b/etc/profile-m-z/nicotine.profile | |||
@@ -6,7 +6,7 @@ include nicotine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.nicotine | 9 | nodeny ${HOME}/.nicotine |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -21,9 +21,9 @@ include disable-shell.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.nicotine | 23 | mkdir ${HOME}/.nicotine |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | whitelist ${HOME}/.nicotine | 25 | allow ${HOME}/.nicotine |
26 | whitelist /usr/share/GeoIP | 26 | allow /usr/share/GeoIP |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/nitroshare.profile b/etc/profile-m-z/nitroshare.profile index 8dba84f02..70fffd5d4 100644 --- a/etc/profile-m-z/nitroshare.profile +++ b/etc/profile-m-z/nitroshare.profile | |||
@@ -6,8 +6,8 @@ include nitroshare.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Nathan Osman | 9 | nodeny ${HOME}/.config/Nathan Osman |
10 | noblacklist ${HOME}/.config/NitroShare | 10 | nodeny ${HOME}/.config/NitroShare |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile index fa69f9214..7981ba6ae 100644 --- a/etc/profile-m-z/nodejs-common.profile +++ b/etc/profile-m-z/nodejs-common.profile | |||
@@ -7,22 +7,22 @@ include nodejs-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | deny ${RUNUSER} |
12 | 12 | ||
13 | ignore read-only ${HOME}/.npm-packages | 13 | ignore read-only ${HOME}/.npm-packages |
14 | ignore read-only ${HOME}/.npmrc | 14 | ignore read-only ${HOME}/.npmrc |
15 | ignore read-only ${HOME}/.nvm | 15 | ignore read-only ${HOME}/.nvm |
16 | ignore read-only ${HOME}/.yarnrc | 16 | ignore read-only ${HOME}/.yarnrc |
17 | 17 | ||
18 | noblacklist ${HOME}/.node-gyp | 18 | nodeny ${HOME}/.node-gyp |
19 | noblacklist ${HOME}/.npm | 19 | nodeny ${HOME}/.npm |
20 | noblacklist ${HOME}/.npmrc | 20 | nodeny ${HOME}/.npmrc |
21 | noblacklist ${HOME}/.nvm | 21 | nodeny ${HOME}/.nvm |
22 | noblacklist ${HOME}/.yarn | 22 | nodeny ${HOME}/.yarn |
23 | noblacklist ${HOME}/.yarn-config | 23 | nodeny ${HOME}/.yarn-config |
24 | noblacklist ${HOME}/.yarncache | 24 | nodeny ${HOME}/.yarncache |
25 | noblacklist ${HOME}/.yarnrc | 25 | nodeny ${HOME}/.yarnrc |
26 | 26 | ||
27 | ignore noexec ${HOME} | 27 | ignore noexec ${HOME} |
28 | 28 | ||
@@ -58,9 +58,9 @@ include disable-xdg.inc | |||
58 | #whitelist ${HOME}/Projects | 58 | #whitelist ${HOME}/Projects |
59 | #include whitelist-common.inc | 59 | #include whitelist-common.inc |
60 | 60 | ||
61 | whitelist /usr/share/doc/node | 61 | allow /usr/share/doc/node |
62 | whitelist /usr/share/nvm | 62 | allow /usr/share/nvm |
63 | whitelist /usr/share/systemtap/tapset/node.stp | 63 | allow /usr/share/systemtap/tapset/node.stp |
64 | include whitelist-runuser-common.inc | 64 | include whitelist-runuser-common.inc |
65 | include whitelist-usr-share-common.inc | 65 | include whitelist-usr-share-common.inc |
66 | include whitelist-var-common.inc | 66 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/nomacs.profile b/etc/profile-m-z/nomacs.profile index a36dee874..80fbd0fcb 100644 --- a/etc/profile-m-z/nomacs.profile +++ b/etc/profile-m-z/nomacs.profile | |||
@@ -6,10 +6,10 @@ include nomacs.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/nomacs | 9 | nodeny ${HOME}/.config/nomacs |
10 | noblacklist ${HOME}/.local/share/nomacs | 10 | nodeny ${HOME}/.local/share/nomacs |
11 | noblacklist ${HOME}/.local/share/data/nomacs | 11 | nodeny ${HOME}/.local/share/data/nomacs |
12 | noblacklist ${PICTURES} | 12 | nodeny ${PICTURES} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/notify-send.profile b/etc/profile-m-z/notify-send.profile index 650118c98..a3bcc040c 100644 --- a/etc/profile-m-z/notify-send.profile +++ b/etc/profile-m-z/notify-send.profile | |||
@@ -7,7 +7,7 @@ include notify-send.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile index c7a131a2c..b3002ad0e 100644 --- a/etc/profile-m-z/nslookup.profile +++ b/etc/profile-m-z/nslookup.profile | |||
@@ -7,10 +7,10 @@ include nslookup.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | deny ${RUNUSER} |
12 | 12 | ||
13 | noblacklist ${PATH}/nslookup | 13 | nodeny ${PATH}/nslookup |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | whitelist ${HOME}/.nslookuprc | 23 | allow ${HOME}/.nslookuprc |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/nuclear.profile b/etc/profile-m-z/nuclear.profile index 886403b9e..67f54f9fc 100644 --- a/etc/profile-m-z/nuclear.profile +++ b/etc/profile-m-z/nuclear.profile | |||
@@ -8,12 +8,12 @@ include globals.local | |||
8 | 8 | ||
9 | ignore dbus-user | 9 | ignore dbus-user |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/nuclear | 11 | nodeny ${HOME}/.config/nuclear |
12 | 12 | ||
13 | include disable-shell.inc | 13 | include disable-shell.inc |
14 | 14 | ||
15 | mkdir ${HOME}/.config/nuclear | 15 | mkdir ${HOME}/.config/nuclear |
16 | whitelist ${HOME}/.config/nuclear | 16 | allow ${HOME}/.config/nuclear |
17 | 17 | ||
18 | no3d | 18 | no3d |
19 | 19 | ||
diff --git a/etc/profile-m-z/nylas.profile b/etc/profile-m-z/nylas.profile index fe0c2116b..ee7710b9c 100644 --- a/etc/profile-m-z/nylas.profile +++ b/etc/profile-m-z/nylas.profile | |||
@@ -5,8 +5,8 @@ include nylas.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Nylas Mail | 8 | nodeny ${HOME}/.config/Nylas Mail |
9 | noblacklist ${HOME}/.nylas-mail | 9 | nodeny ${HOME}/.nylas-mail |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-programs.inc | |||
16 | 16 | ||
17 | mkdir ${HOME}/.config/Nylas Mail | 17 | mkdir ${HOME}/.config/Nylas Mail |
18 | mkdir ${HOME}/.nylas-mail | 18 | mkdir ${HOME}/.nylas-mail |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.config/Nylas Mail | 20 | allow ${HOME}/.config/Nylas Mail |
21 | whitelist ${HOME}/.nylas-mail | 21 | allow ${HOME}/.nylas-mail |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-m-z/nyx.profile b/etc/profile-m-z/nyx.profile index d040d42af..1d606f70c 100644 --- a/etc/profile-m-z/nyx.profile +++ b/etc/profile-m-z/nyx.profile | |||
@@ -10,7 +10,7 @@ include globals.local | |||
10 | include allow-python2.inc | 10 | include allow-python2.inc |
11 | include allow-python3.inc | 11 | include allow-python3.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.nyx | 13 | nodeny ${HOME}/.nyx |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,7 +22,7 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.nyx | 24 | mkdir ${HOME}/.nyx |
25 | whitelist ${HOME}/.nyx | 25 | allow ${HOME}/.nyx |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-m-z/obs.profile b/etc/profile-m-z/obs.profile index 9345cee4f..f70bdc55a 100644 --- a/etc/profile-m-z/obs.profile +++ b/etc/profile-m-z/obs.profile | |||
@@ -5,10 +5,10 @@ include obs.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/obs-studio | 8 | nodeny ${HOME}/.config/obs-studio |
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | noblacklist ${PICTURES} | 10 | nodeny ${PICTURES} |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-m-z/ocenaudio.profile b/etc/profile-m-z/ocenaudio.profile index 7be68a201..792c2ffc6 100644 --- a/etc/profile-m-z/ocenaudio.profile +++ b/etc/profile-m-z/ocenaudio.profile | |||
@@ -6,9 +6,9 @@ include ocenaudio.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/ocenaudio | 9 | nodeny ${HOME}/.local/share/ocenaudio |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/odt2txt.profile b/etc/profile-m-z/odt2txt.profile index 6163d2e22..61b71ec10 100644 --- a/etc/profile-m-z/odt2txt.profile +++ b/etc/profile-m-z/odt2txt.profile | |||
@@ -6,9 +6,9 @@ include odt2txt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile index ab8ccf623..feeed86cb 100644 --- a/etc/profile-m-z/okular.profile +++ b/etc/profile-m-z/okular.profile | |||
@@ -6,18 +6,18 @@ include okular.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/okular | 9 | nodeny ${HOME}/.cache/okular |
10 | noblacklist ${HOME}/.config/okularpartrc | 10 | nodeny ${HOME}/.config/okularpartrc |
11 | noblacklist ${HOME}/.config/okularrc | 11 | nodeny ${HOME}/.config/okularrc |
12 | noblacklist ${HOME}/.kde/share/apps/okular | 12 | nodeny ${HOME}/.kde/share/apps/okular |
13 | noblacklist ${HOME}/.kde/share/config/okularpartrc | 13 | nodeny ${HOME}/.kde/share/config/okularpartrc |
14 | noblacklist ${HOME}/.kde/share/config/okularrc | 14 | nodeny ${HOME}/.kde/share/config/okularrc |
15 | noblacklist ${HOME}/.kde4/share/apps/okular | 15 | nodeny ${HOME}/.kde4/share/apps/okular |
16 | noblacklist ${HOME}/.kde4/share/config/okularpartrc | 16 | nodeny ${HOME}/.kde4/share/config/okularpartrc |
17 | noblacklist ${HOME}/.kde4/share/config/okularrc | 17 | nodeny ${HOME}/.kde4/share/config/okularrc |
18 | noblacklist ${HOME}/.local/share/kxmlgui5/okular | 18 | nodeny ${HOME}/.local/share/kxmlgui5/okular |
19 | noblacklist ${HOME}/.local/share/okular | 19 | nodeny ${HOME}/.local/share/okular |
20 | noblacklist ${DOCUMENTS} | 20 | nodeny ${DOCUMENTS} |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
@@ -28,15 +28,15 @@ include disable-programs.inc | |||
28 | include disable-shell.inc | 28 | include disable-shell.inc |
29 | include disable-xdg.inc | 29 | include disable-xdg.inc |
30 | 30 | ||
31 | whitelist /usr/share/config.kcfg/gssettings.kcfg | 31 | allow /usr/share/config.kcfg/gssettings.kcfg |
32 | whitelist /usr/share/config.kcfg/pdfsettings.kcfg | 32 | allow /usr/share/config.kcfg/pdfsettings.kcfg |
33 | whitelist /usr/share/config.kcfg/okular.kcfg | 33 | allow /usr/share/config.kcfg/okular.kcfg |
34 | whitelist /usr/share/config.kcfg/okular_core.kcfg | 34 | allow /usr/share/config.kcfg/okular_core.kcfg |
35 | whitelist /usr/share/ghostscript | 35 | allow /usr/share/ghostscript |
36 | whitelist /usr/share/kconf_update/okular.upd | 36 | allow /usr/share/kconf_update/okular.upd |
37 | whitelist /usr/share/kxmlgui5/okular | 37 | allow /usr/share/kxmlgui5/okular |
38 | whitelist /usr/share/okular | 38 | allow /usr/share/okular |
39 | whitelist /usr/share/poppler | 39 | allow /usr/share/poppler |
40 | include whitelist-runuser-common.inc | 40 | include whitelist-runuser-common.inc |
41 | include whitelist-usr-share-common.inc | 41 | include whitelist-usr-share-common.inc |
42 | include whitelist-var-common.inc | 42 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile index 5b367b639..748d17995 100644 --- a/etc/profile-m-z/onboard.profile +++ b/etc/profile-m-z/onboard.profile | |||
@@ -6,7 +6,7 @@ include onboard.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/onboard | 9 | nodeny ${HOME}/.config/onboard |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,8 +22,8 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.config/onboard | 24 | mkdir ${HOME}/.config/onboard |
25 | whitelist ${HOME}/.config/onboard | 25 | allow ${HOME}/.config/onboard |
26 | whitelist /usr/share/onboard | 26 | allow /usr/share/onboard |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/onionshare-gui.profile b/etc/profile-m-z/onionshare-gui.profile index 960df9034..188818a7f 100644 --- a/etc/profile-m-z/onionshare-gui.profile +++ b/etc/profile-m-z/onionshare-gui.profile | |||
@@ -5,7 +5,7 @@ include onionshare-gui.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/onionshare | 8 | nodeny ${HOME}/.config/onionshare |
9 | 9 | ||
10 | # Allow python (blacklisted by disable-interpreters.inc) | 10 | # Allow python (blacklisted by disable-interpreters.inc) |
11 | include allow-python3.inc | 11 | include allow-python3.inc |
diff --git a/etc/profile-m-z/open-invaders.profile b/etc/profile-m-z/open-invaders.profile index 7a840d4a9..6e2b31def 100644 --- a/etc/profile-m-z/open-invaders.profile +++ b/etc/profile-m-z/open-invaders.profile | |||
@@ -6,7 +6,7 @@ include open-invaders.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.openinvaders | 9 | nodeny ${HOME}/.openinvaders |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.openinvaders | 19 | mkdir ${HOME}/.openinvaders |
20 | whitelist ${HOME}/.openinvaders | 20 | allow ${HOME}/.openinvaders |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/openarena.profile b/etc/profile-m-z/openarena.profile index 36ce0316f..dfc78e5a9 100644 --- a/etc/profile-m-z/openarena.profile +++ b/etc/profile-m-z/openarena.profile | |||
@@ -6,7 +6,7 @@ include openarena.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.openarena | 9 | nodeny ${HOME}/.openarena |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.openarena | 19 | mkdir ${HOME}/.openarena |
20 | whitelist ${HOME}/.openarena | 20 | allow ${HOME}/.openarena |
21 | whitelist /usr/share/openarena | 21 | allow /usr/share/openarena |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/openbox.profile b/etc/profile-m-z/openbox.profile index b49fd9932..5a6b378f0 100644 --- a/etc/profile-m-z/openbox.profile +++ b/etc/profile-m-z/openbox.profile | |||
@@ -7,7 +7,7 @@ include openbox.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in openbox will run in this profile | 9 | # all applications started in openbox will run in this profile |
10 | noblacklist ${HOME}/.config/openbox | 10 | nodeny ${HOME}/.config/openbox |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-m-z/opencity.profile b/etc/profile-m-z/opencity.profile index a3d371e15..268e7cee3 100644 --- a/etc/profile-m-z/opencity.profile +++ b/etc/profile-m-z/opencity.profile | |||
@@ -6,7 +6,7 @@ include opencity.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.opencity | 9 | nodeny ${HOME}/.opencity |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.opencity | 20 | mkdir ${HOME}/.opencity |
21 | whitelist ${HOME}/.opencity | 21 | allow ${HOME}/.opencity |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/openclonk.profile b/etc/profile-m-z/openclonk.profile index 32b40df42..588191cb3 100644 --- a/etc/profile-m-z/openclonk.profile +++ b/etc/profile-m-z/openclonk.profile | |||
@@ -6,7 +6,7 @@ include openclonk.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.clonk | 9 | nodeny ${HOME}/.clonk |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.clonk | 20 | mkdir ${HOME}/.clonk |
21 | whitelist ${HOME}/.clonk | 21 | allow ${HOME}/.clonk |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile index d1fe67aed..95d507c98 100644 --- a/etc/profile-m-z/openmw.profile +++ b/etc/profile-m-z/openmw.profile | |||
@@ -6,8 +6,8 @@ include openmw.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/openmw | 9 | nodeny ${HOME}/.config/openmw |
10 | noblacklist ${HOME}/.local/share/openmw | 10 | nodeny ${HOME}/.local/share/openmw |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -21,11 +21,11 @@ include disable-xdg.inc | |||
21 | 21 | ||
22 | mkdir ${HOME}/.config/openmw | 22 | mkdir ${HOME}/.config/openmw |
23 | mkdir ${HOME}/.local/share/openmw | 23 | mkdir ${HOME}/.local/share/openmw |
24 | whitelist ${HOME}/.config/openmw | 24 | allow ${HOME}/.config/openmw |
25 | # Copy Morrowind data files into ${HOME}/.local/share/openmw or load them from /mnt. | 25 | # Copy Morrowind data files into ${HOME}/.local/share/openmw or load them from /mnt. |
26 | # Alternatively you can whitelist custom paths in your openmw.local. | 26 | # Alternatively you can whitelist custom paths in your openmw.local. |
27 | whitelist ${HOME}/.local/share/openmw | 27 | allow ${HOME}/.local/share/openmw |
28 | whitelist /usr/share/openmw | 28 | allow /usr/share/openmw |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/openshot.profile b/etc/profile-m-z/openshot.profile index 6118630c4..ebb536b3e 100644 --- a/etc/profile-m-z/openshot.profile +++ b/etc/profile-m-z/openshot.profile | |||
@@ -6,8 +6,8 @@ include openshot.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.openshot | 9 | nodeny ${HOME}/.openshot |
10 | noblacklist ${HOME}/.openshot_qt | 10 | nodeny ${HOME}/.openshot_qt |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python3.inc | 13 | include allow-python3.inc |
@@ -19,8 +19,8 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | whitelist /usr/share/blender | 22 | allow /usr/share/blender |
23 | whitelist /usr/share/inkscape | 23 | allow /usr/share/inkscape |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/openttd.profile b/etc/profile-m-z/openttd.profile index 546958bb7..79c1f8ffa 100644 --- a/etc/profile-m-z/openttd.profile +++ b/etc/profile-m-z/openttd.profile | |||
@@ -6,7 +6,7 @@ include openttd.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.openttd | 9 | nodeny ${HOME}/.openttd |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.openttd | 20 | mkdir ${HOME}/.openttd |
21 | whitelist ${HOME}/.openttd | 21 | allow ${HOME}/.openttd |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/opera-beta.profile b/etc/profile-m-z/opera-beta.profile index 551f1aba4..548afc0b4 100644 --- a/etc/profile-m-z/opera-beta.profile +++ b/etc/profile-m-z/opera-beta.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/opera | 13 | nodeny ${HOME}/.cache/opera |
14 | noblacklist ${HOME}/.config/opera-beta | 14 | nodeny ${HOME}/.config/opera-beta |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/opera | 16 | mkdir ${HOME}/.cache/opera |
17 | mkdir ${HOME}/.config/opera-beta | 17 | mkdir ${HOME}/.config/opera-beta |
18 | whitelist ${HOME}/.cache/opera | 18 | allow ${HOME}/.cache/opera |
19 | whitelist ${HOME}/.config/opera-beta | 19 | allow ${HOME}/.config/opera-beta |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-m-z/opera.profile b/etc/profile-m-z/opera.profile index 2c7c5fc35..5a3fe064e 100644 --- a/etc/profile-m-z/opera.profile +++ b/etc/profile-m-z/opera.profile | |||
@@ -11,16 +11,16 @@ ignore whitelist /usr/share/chromium | |||
11 | ignore include whitelist-runuser-common.inc | 11 | ignore include whitelist-runuser-common.inc |
12 | ignore include whitelist-usr-share-common.inc | 12 | ignore include whitelist-usr-share-common.inc |
13 | 13 | ||
14 | noblacklist ${HOME}/.cache/opera | 14 | nodeny ${HOME}/.cache/opera |
15 | noblacklist ${HOME}/.config/opera | 15 | nodeny ${HOME}/.config/opera |
16 | noblacklist ${HOME}/.opera | 16 | nodeny ${HOME}/.opera |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/opera | 18 | mkdir ${HOME}/.cache/opera |
19 | mkdir ${HOME}/.config/opera | 19 | mkdir ${HOME}/.config/opera |
20 | mkdir ${HOME}/.opera | 20 | mkdir ${HOME}/.opera |
21 | whitelist ${HOME}/.cache/opera | 21 | allow ${HOME}/.cache/opera |
22 | whitelist ${HOME}/.config/opera | 22 | allow ${HOME}/.config/opera |
23 | whitelist ${HOME}/.opera | 23 | allow ${HOME}/.opera |
24 | 24 | ||
25 | # Redirect | 25 | # Redirect |
26 | include chromium-common.profile | 26 | include chromium-common.profile |
diff --git a/etc/profile-m-z/orage.profile b/etc/profile-m-z/orage.profile index 4e4d8bea5..a49cbdb91 100644 --- a/etc/profile-m-z/orage.profile +++ b/etc/profile-m-z/orage.profile | |||
@@ -6,8 +6,8 @@ include orage.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/orage | 9 | nodeny ${HOME}/.config/orage |
10 | noblacklist ${HOME}/.local/share/orage | 10 | nodeny ${HOME}/.local/share/orage |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/ostrichriders.profile b/etc/profile-m-z/ostrichriders.profile index 310b90919..ed881816e 100644 --- a/etc/profile-m-z/ostrichriders.profile +++ b/etc/profile-m-z/ostrichriders.profile | |||
@@ -6,7 +6,7 @@ include ostrichriders.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.ostrichriders | 9 | nodeny ${HOME}/.ostrichriders |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.ostrichriders | 20 | mkdir ${HOME}/.ostrichriders |
21 | whitelist ${HOME}/.ostrichriders | 21 | allow ${HOME}/.ostrichriders |
22 | whitelist /usr/share/ostrichriders | 22 | allow /usr/share/ostrichriders |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile index 20a4e25ed..bc9e730a1 100644 --- a/etc/profile-m-z/otter-browser.profile +++ b/etc/profile-m-z/otter-browser.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | 8 | ||
9 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 9 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/Otter | 11 | nodeny ${HOME}/.cache/Otter |
12 | noblacklist ${HOME}/.config/otter | 12 | nodeny ${HOME}/.config/otter |
13 | noblacklist ${HOME}/.pki | 13 | nodeny ${HOME}/.pki |
14 | noblacklist ${HOME}/.local/share/pki | 14 | nodeny ${HOME}/.local/share/pki |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -25,12 +25,12 @@ mkdir ${HOME}/.cache/Otter | |||
25 | mkdir ${HOME}/.config/otter | 25 | mkdir ${HOME}/.config/otter |
26 | mkdir ${HOME}/.pki | 26 | mkdir ${HOME}/.pki |
27 | mkdir ${HOME}/.local/share/pki | 27 | mkdir ${HOME}/.local/share/pki |
28 | whitelist ${DOWNLOADS} | 28 | allow ${DOWNLOADS} |
29 | whitelist ${HOME}/.cache/Otter | 29 | allow ${HOME}/.cache/Otter |
30 | whitelist ${HOME}/.config/otter | 30 | allow ${HOME}/.config/otter |
31 | whitelist ${HOME}/.pki | 31 | allow ${HOME}/.pki |
32 | whitelist ${HOME}/.local/share/pki | 32 | allow ${HOME}/.local/share/pki |
33 | whitelist /usr/share/otter-browser | 33 | allow /usr/share/otter-browser |
34 | include whitelist-common.inc | 34 | include whitelist-common.inc |
35 | include whitelist-runuser-common.inc | 35 | include whitelist-runuser-common.inc |
36 | include whitelist-usr-share-common.inc | 36 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/palemoon.profile b/etc/profile-m-z/palemoon.profile index acb2ce176..503c141d8 100644 --- a/etc/profile-m-z/palemoon.profile +++ b/etc/profile-m-z/palemoon.profile | |||
@@ -5,13 +5,13 @@ include palemoon.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/moonchild productions/pale moon | 8 | nodeny ${HOME}/.cache/moonchild productions/pale moon |
9 | noblacklist ${HOME}/.moonchild productions/pale moon | 9 | nodeny ${HOME}/.moonchild productions/pale moon |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/moonchild productions/pale moon | 11 | mkdir ${HOME}/.cache/moonchild productions/pale moon |
12 | mkdir ${HOME}/.moonchild productions | 12 | mkdir ${HOME}/.moonchild productions |
13 | whitelist ${HOME}/.cache/moonchild productions/pale moon | 13 | allow ${HOME}/.cache/moonchild productions/pale moon |
14 | whitelist ${HOME}/.moonchild productions | 14 | allow ${HOME}/.moonchild productions |
15 | 15 | ||
16 | # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60) | 16 | # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60) |
17 | seccomp | 17 | seccomp |
diff --git a/etc/profile-m-z/pandoc.profile b/etc/profile-m-z/pandoc.profile index 513b4119e..a59f53298 100644 --- a/etc/profile-m-z/pandoc.profile +++ b/etc/profile-m-z/pandoc.profile | |||
@@ -7,9 +7,9 @@ include pandoc.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/parole.profile b/etc/profile-m-z/parole.profile index 0a4422a73..a277d1cbc 100644 --- a/etc/profile-m-z/parole.profile +++ b/etc/profile-m-z/parole.profile | |||
@@ -6,8 +6,8 @@ include parole.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | noblacklist ${VIDEOS} | 10 | nodeny ${VIDEOS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/patch.profile b/etc/profile-m-z/patch.profile index 0de968185..156c3956d 100644 --- a/etc/profile-m-z/patch.profile +++ b/etc/profile-m-z/patch.profile | |||
@@ -7,9 +7,9 @@ include patch.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pavucontrol-qt.profile b/etc/profile-m-z/pavucontrol-qt.profile index f96ba14d2..dcd69cdd0 100644 --- a/etc/profile-m-z/pavucontrol-qt.profile +++ b/etc/profile-m-z/pavucontrol-qt.profile | |||
@@ -7,10 +7,10 @@ include pavucontrol-qt.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/pavucontrol-qt | 10 | nodeny ${HOME}/.config/pavucontrol-qt |
11 | 11 | ||
12 | mkdir ${HOME}/.config/pavucontrol-qt | 12 | mkdir ${HOME}/.config/pavucontrol-qt |
13 | whitelist ${HOME}/.config/pavucontrol-qt | 13 | allow ${HOME}/.config/pavucontrol-qt |
14 | 14 | ||
15 | private-bin pavucontrol-qt | 15 | private-bin pavucontrol-qt |
16 | ignore private-lib | 16 | ignore private-lib |
diff --git a/etc/profile-m-z/pavucontrol.profile b/etc/profile-m-z/pavucontrol.profile index b46fb3026..f44730c33 100644 --- a/etc/profile-m-z/pavucontrol.profile +++ b/etc/profile-m-z/pavucontrol.profile | |||
@@ -6,7 +6,7 @@ include pavucontrol.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/pavucontrol.ini | 9 | nodeny ${HOME}/.config/pavucontrol.ini |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | # whitelisting in ${HOME} is broken, see #3112 | 19 | # whitelisting in ${HOME} is broken, see #3112 |
20 | #mkfile ${HOME}/.config/pavucontrol.ini | 20 | #mkfile ${HOME}/.config/pavucontrol.ini |
21 | #whitelist ${HOME}/.config/pavucontrol.ini | 21 | #whitelist ${HOME}/.config/pavucontrol.ini |
22 | whitelist /usr/share/pavucontrol | 22 | allow /usr/share/pavucontrol |
23 | whitelist /usr/share/pavucontrol-qt | 23 | allow /usr/share/pavucontrol-qt |
24 | #include whitelist-common.inc | 24 | #include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile index a6dab2a9a..3f920ced8 100644 --- a/etc/profile-m-z/pcsxr.profile +++ b/etc/profile-m-z/pcsxr.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # Note: you must whitelist your games folder in your pcsxr.local | 9 | # Note: you must whitelist your games folder in your pcsxr.local |
10 | 10 | ||
11 | noblacklist ${HOME}/.pcsxr | 11 | nodeny ${HOME}/.pcsxr |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,7 +21,7 @@ include disable-write-mnt.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.pcsxr | 23 | mkdir ${HOME}/.pcsxr |
24 | whitelist ${HOME}/.pcsxr | 24 | allow ${HOME}/.pcsxr |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/pdfchain.profile b/etc/profile-m-z/pdfchain.profile index d72417914..13a011072 100644 --- a/etc/profile-m-z/pdfchain.profile +++ b/etc/profile-m-z/pdfchain.profile | |||
@@ -5,7 +5,7 @@ include pdfchain.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${DOCUMENTS} | 8 | nodeny ${DOCUMENTS} |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pdfmod.profile b/etc/profile-m-z/pdfmod.profile index a19826555..e49ce8073 100644 --- a/etc/profile-m-z/pdfmod.profile +++ b/etc/profile-m-z/pdfmod.profile | |||
@@ -6,9 +6,9 @@ include pdfmod.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/pdfmod | 9 | nodeny ${HOME}/.cache/pdfmod |
10 | noblacklist ${HOME}/.config/pdfmod | 10 | nodeny ${HOME}/.config/pdfmod |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pdfsam.profile b/etc/profile-m-z/pdfsam.profile index e2808d4d2..67c14bbc3 100644 --- a/etc/profile-m-z/pdfsam.profile +++ b/etc/profile-m-z/pdfsam.profile | |||
@@ -6,7 +6,7 @@ include pdfsam.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | 10 | ||
11 | # Allow java (blacklisted by disable-devel.inc) | 11 | # Allow java (blacklisted by disable-devel.inc) |
12 | include allow-java.inc | 12 | include allow-java.inc |
diff --git a/etc/profile-m-z/pdftotext.profile b/etc/profile-m-z/pdftotext.profile index d3902a51c..1c7ebfad5 100644 --- a/etc/profile-m-z/pdftotext.profile +++ b/etc/profile-m-z/pdftotext.profile | |||
@@ -6,9 +6,9 @@ include pdftotext.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER} | 9 | deny ${RUNUSER} |
10 | 10 | ||
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist ${DOCUMENTS} | 22 | allow ${DOCUMENTS} |
23 | whitelist ${DOWNLOADS} | 23 | allow ${DOWNLOADS} |
24 | whitelist /usr/share/poppler | 24 | allow /usr/share/poppler |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile index c33953687..e809625ad 100644 --- a/etc/profile-m-z/peek.profile +++ b/etc/profile-m-z/peek.profile | |||
@@ -5,9 +5,9 @@ include peek.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/peek | 8 | nodeny ${HOME}/.cache/peek |
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | noblacklist ${VIDEOS} | 10 | nodeny ${VIDEOS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/penguin-command.profile b/etc/profile-m-z/penguin-command.profile index f5ad0321d..5ebd7b462 100644 --- a/etc/profile-m-z/penguin-command.profile +++ b/etc/profile-m-z/penguin-command.profile | |||
@@ -6,7 +6,7 @@ include penguin-command.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.penguin-command | 9 | nodeny ${HOME}/.penguin-command |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | whitelist ${HOME}/.penguin-command | 19 | allow ${HOME}/.penguin-command |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-m-z/photoflare.profile b/etc/profile-m-z/photoflare.profile index 40068ff78..8dd506850 100644 --- a/etc/profile-m-z/photoflare.profile +++ b/etc/profile-m-z/photoflare.profile | |||
@@ -6,7 +6,7 @@ include photoflare.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include photoflare.local | 7 | include photoflare.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/picard.profile b/etc/profile-m-z/picard.profile index a5ea47088..ac178ee6c 100644 --- a/etc/profile-m-z/picard.profile +++ b/etc/profile-m-z/picard.profile | |||
@@ -6,9 +6,9 @@ include picard.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/MusicBrainz | 9 | nodeny ${HOME}/.cache/MusicBrainz |
10 | noblacklist ${HOME}/.config/MusicBrainz | 10 | nodeny ${HOME}/.config/MusicBrainz |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-m-z/pidgin.profile b/etc/profile-m-z/pidgin.profile index 26872e9a1..a65abeb2e 100644 --- a/etc/profile-m-z/pidgin.profile +++ b/etc/profile-m-z/pidgin.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore noexec ${RUNUSER} | 9 | ignore noexec ${RUNUSER} |
10 | ignore noexec /dev/shm | 10 | ignore noexec /dev/shm |
11 | 11 | ||
12 | noblacklist ${HOME}/.purple | 12 | nodeny ${HOME}/.purple |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-programs.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.purple | 22 | mkdir ${HOME}/.purple |
23 | whitelist ${HOME}/.purple | 23 | allow ${HOME}/.purple |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | whitelist ${PICTURES} | 25 | allow ${PICTURES} |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile index 2e17be2ce..41e4fb6c0 100644 --- a/etc/profile-m-z/pinball.profile +++ b/etc/profile-m-z/pinball.profile | |||
@@ -6,7 +6,7 @@ include pinball.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/emilia | 9 | nodeny ${HOME}/.config/emilia |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,11 +18,11 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/emilia | 20 | mkdir ${HOME}/.config/emilia |
21 | whitelist ${HOME}/.config/emilia | 21 | allow ${HOME}/.config/emilia |
22 | 22 | ||
23 | whitelist /usr/share/pinball | 23 | allow /usr/share/pinball |
24 | # on debian games are stored under /usr/share/games | 24 | # on debian games are stored under /usr/share/games |
25 | whitelist /usr/share/games/pinball | 25 | allow /usr/share/games/pinball |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile index e914007c0..65e77abfa 100644 --- a/etc/profile-m-z/ping.profile +++ b/etc/profile-m-z/ping.profile | |||
@@ -7,8 +7,8 @@ include ping.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | deny ${RUNUSER} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile index f1fdfcbad..aa2cfe203 100644 --- a/etc/profile-m-z/pingus.profile +++ b/etc/profile-m-z/pingus.profile | |||
@@ -6,12 +6,12 @@ include pingus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.pingus | 9 | nodeny ${HOME}/.pingus |
10 | 10 | ||
11 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 11 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
12 | include allow-bin-sh.inc | 12 | include allow-bin-sh.inc |
13 | 13 | ||
14 | blacklist /usr/libexec | 14 | deny /usr/libexec |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -23,8 +23,8 @@ include disable-shell.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.pingus | 25 | mkdir ${HOME}/.pingus |
26 | whitelist ${HOME}/.pingus | 26 | allow ${HOME}/.pingus |
27 | whitelist /usr/share/pingus | 27 | allow /usr/share/pingus |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/pinta.profile b/etc/profile-m-z/pinta.profile index 19406c399..d0d4f1fce 100644 --- a/etc/profile-m-z/pinta.profile +++ b/etc/profile-m-z/pinta.profile | |||
@@ -6,9 +6,9 @@ include pinta.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Pinta | 9 | nodeny ${HOME}/.config/Pinta |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pioneer.profile b/etc/profile-m-z/pioneer.profile index 721b3944a..6cfea28b6 100644 --- a/etc/profile-m-z/pioneer.profile +++ b/etc/profile-m-z/pioneer.profile | |||
@@ -6,7 +6,7 @@ include pioneer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.pioneer | 9 | nodeny ${HOME}/.pioneer |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.pioneer | 20 | mkdir ${HOME}/.pioneer |
21 | whitelist ${HOME}/.pioneer | 21 | allow ${HOME}/.pioneer |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/pipe-viewer.profile b/etc/profile-m-z/pipe-viewer.profile index 3de064311..acd7eeaf2 100644 --- a/etc/profile-m-z/pipe-viewer.profile +++ b/etc/profile-m-z/pipe-viewer.profile | |||
@@ -7,13 +7,13 @@ include pipe-viewer.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/pipe-viewer | 10 | nodeny ${HOME}/.cache/pipe-viewer |
11 | noblacklist ${HOME}/.config/pipe-viewer | 11 | nodeny ${HOME}/.config/pipe-viewer |
12 | 12 | ||
13 | mkdir ${HOME}/.config/pipe-viewer | 13 | mkdir ${HOME}/.config/pipe-viewer |
14 | mkdir ${HOME}/.cache/pipe-viewer | 14 | mkdir ${HOME}/.cache/pipe-viewer |
15 | whitelist ${HOME}/.cache/pipe-viewer | 15 | allow ${HOME}/.cache/pipe-viewer |
16 | whitelist ${HOME}/.config/pipe-viewer | 16 | allow ${HOME}/.config/pipe-viewer |
17 | 17 | ||
18 | private-bin gtk-pipe-viewer,pipe-viewer | 18 | private-bin gtk-pipe-viewer,pipe-viewer |
19 | 19 | ||
diff --git a/etc/profile-m-z/pitivi.profile b/etc/profile-m-z/pitivi.profile index a2dd809c4..abce4c911 100644 --- a/etc/profile-m-z/pitivi.profile +++ b/etc/profile-m-z/pitivi.profile | |||
@@ -6,7 +6,7 @@ include pitivi.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/pitivi | 9 | nodeny ${HOME}/.config/pitivi |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
diff --git a/etc/profile-m-z/pix.profile b/etc/profile-m-z/pix.profile index 81d3e9370..63451d352 100644 --- a/etc/profile-m-z/pix.profile +++ b/etc/profile-m-z/pix.profile | |||
@@ -5,10 +5,10 @@ include pix.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/pix | 8 | nodeny ${HOME}/.config/pix |
9 | noblacklist ${HOME}/.local/share/pix | 9 | nodeny ${HOME}/.local/share/pix |
10 | noblacklist ${HOME}/.Steam | 10 | nodeny ${HOME}/.Steam |
11 | noblacklist ${HOME}/.steam | 11 | nodeny ${HOME}/.steam |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile index 4eb41b3bd..13d7db7f7 100644 --- a/etc/profile-m-z/pkglog.profile +++ b/etc/profile-m-z/pkglog.profile | |||
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist /var/log/apt/history.log | 20 | allow /var/log/apt/history.log |
21 | whitelist /var/log/dnf.rpm.log | 21 | allow /var/log/dnf.rpm.log |
22 | whitelist /var/log/pacman.log | 22 | allow /var/log/pacman.log |
23 | 23 | ||
24 | apparmor | 24 | apparmor |
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-m-z/playonlinux.profile b/etc/profile-m-z/playonlinux.profile index 8e98905b5..9c23841e2 100644 --- a/etc/profile-m-z/playonlinux.profile +++ b/etc/profile-m-z/playonlinux.profile | |||
@@ -7,10 +7,10 @@ include playonlinux.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.PlayOnLinux | 10 | nodeny ${HOME}/.PlayOnLinux |
11 | 11 | ||
12 | # nc is needed to run playonlinux | 12 | # nc is needed to run playonlinux |
13 | noblacklist ${PATH}/nc | 13 | nodeny ${PATH}/nc |
14 | 14 | ||
15 | # Allow perl (blacklisted by disable-interpreters.inc) | 15 | # Allow perl (blacklisted by disable-interpreters.inc) |
16 | include allow-perl.inc | 16 | include allow-perl.inc |
diff --git a/etc/profile-m-z/pluma.profile b/etc/profile-m-z/pluma.profile index 10e12e5b1..ab7e0c64b 100644 --- a/etc/profile-m-z/pluma.profile +++ b/etc/profile-m-z/pluma.profile | |||
@@ -6,8 +6,8 @@ include pluma.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/enchant | 9 | nodeny ${HOME}/.config/enchant |
10 | noblacklist ${HOME}/.config/pluma | 10 | nodeny ${HOME}/.config/pluma |
11 | 11 | ||
12 | # Allows files commonly used by IDEs | 12 | # Allows files commonly used by IDEs |
13 | include allow-common-devel.inc | 13 | include allow-common-devel.inc |
diff --git a/etc/profile-m-z/plv.profile b/etc/profile-m-z/plv.profile index 5201fd853..02cb83ef6 100644 --- a/etc/profile-m-z/plv.profile +++ b/etc/profile-m-z/plv.profile | |||
@@ -6,7 +6,7 @@ include plv.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/PacmanLogViewer | 9 | nodeny ${HOME}/.config/PacmanLogViewer |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.config/PacmanLogViewer | 19 | mkdir ${HOME}/.config/PacmanLogViewer |
20 | whitelist ${HOME}/.config/PacmanLogViewer | 20 | allow ${HOME}/.config/PacmanLogViewer |
21 | whitelist /var/log/pacman.log | 21 | allow /var/log/pacman.log |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/pngquant.profile b/etc/profile-m-z/pngquant.profile index 8a181d5a8..2c4dda43e 100644 --- a/etc/profile-m-z/pngquant.profile +++ b/etc/profile-m-z/pngquant.profile | |||
@@ -7,9 +7,9 @@ include pngquant.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${PICTURES} | 10 | nodeny ${PICTURES} |
11 | 11 | ||
12 | blacklist ${RUNUSER}/wayland-* | 12 | deny ${RUNUSER}/wayland-* |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/polari.profile b/etc/profile-m-z/polari.profile index a3d4f9851..115ac36ab 100644 --- a/etc/profile-m-z/polari.profile +++ b/etc/profile-m-z/polari.profile | |||
@@ -21,12 +21,12 @@ mkdir ${HOME}/.local/share/Empathy | |||
21 | mkdir ${HOME}/.local/share/TpLogger | 21 | mkdir ${HOME}/.local/share/TpLogger |
22 | mkdir ${HOME}/.local/share/telepathy | 22 | mkdir ${HOME}/.local/share/telepathy |
23 | mkdir ${HOME}/.purple | 23 | mkdir ${HOME}/.purple |
24 | whitelist ${HOME}/.cache/telepathy | 24 | allow ${HOME}/.cache/telepathy |
25 | whitelist ${HOME}/.config/telepathy-account-widgets | 25 | allow ${HOME}/.config/telepathy-account-widgets |
26 | whitelist ${HOME}/.local/share/Empathy | 26 | allow ${HOME}/.local/share/Empathy |
27 | whitelist ${HOME}/.local/share/TpLogger | 27 | allow ${HOME}/.local/share/TpLogger |
28 | whitelist ${HOME}/.local/share/telepathy | 28 | allow ${HOME}/.local/share/telepathy |
29 | whitelist ${HOME}/.purple | 29 | allow ${HOME}/.purple |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | 32 | ||
diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile index 1f73c1d89..10c59ea32 100644 --- a/etc/profile-m-z/ppsspp.profile +++ b/etc/profile-m-z/ppsspp.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # Note: you must whitelist your games folder in your ppsspp.local. | 9 | # Note: you must whitelist your games folder in your ppsspp.local. |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/ppsspp | 11 | nodeny ${HOME}/.config/ppsspp |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,8 +20,8 @@ include disable-write-mnt.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.config/ppsspp | 22 | mkdir ${HOME}/.config/ppsspp |
23 | whitelist ${HOME}/.config/ppsspp | 23 | allow ${HOME}/.config/ppsspp |
24 | whitelist /usr/share/ppsspp | 24 | allow /usr/share/ppsspp |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/pragha.profile b/etc/profile-m-z/pragha.profile index f138d785e..9b03bf632 100644 --- a/etc/profile-m-z/pragha.profile +++ b/etc/profile-m-z/pragha.profile | |||
@@ -6,8 +6,8 @@ include pragha.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/pragha | 9 | nodeny ${HOME}/.config/pragha |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/profanity.profile b/etc/profile-m-z/profanity.profile index 743458725..137b4cb20 100644 --- a/etc/profile-m-z/profanity.profile +++ b/etc/profile-m-z/profanity.profile | |||
@@ -7,8 +7,8 @@ include profanity.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/profanity | 10 | nodeny ${HOME}/.config/profanity |
11 | noblacklist ${HOME}/.local/share/profanity | 11 | nodeny ${HOME}/.local/share/profanity |
12 | 12 | ||
13 | # Allow Python | 13 | # Allow Python |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-m-z/psi-plus.profile b/etc/profile-m-z/psi-plus.profile index 5ac58b0ac..b0e28baf7 100644 --- a/etc/profile-m-z/psi-plus.profile +++ b/etc/profile-m-z/psi-plus.profile | |||
@@ -6,8 +6,8 @@ include psi-plus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/psi+ | 9 | nodeny ${HOME}/.config/psi+ |
10 | noblacklist ${HOME}/.local/share/psi+ | 10 | nodeny ${HOME}/.local/share/psi+ |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,10 +19,10 @@ include disable-programs.inc | |||
19 | mkdir ${HOME}/.cache/psi+ | 19 | mkdir ${HOME}/.cache/psi+ |
20 | mkdir ${HOME}/.config/psi+ | 20 | mkdir ${HOME}/.config/psi+ |
21 | mkdir ${HOME}/.local/share/psi+ | 21 | mkdir ${HOME}/.local/share/psi+ |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist ${HOME}/.cache/psi+ | 23 | allow ${HOME}/.cache/psi+ |
24 | whitelist ${HOME}/.config/psi+ | 24 | allow ${HOME}/.config/psi+ |
25 | whitelist ${HOME}/.local/share/psi+ | 25 | allow ${HOME}/.local/share/psi+ |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | 27 | ||
28 | caps.drop all | 28 | caps.drop all |
diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile index 7e0ef99fc..2588c3b75 100644 --- a/etc/profile-m-z/psi.profile +++ b/etc/profile-m-z/psi.profile | |||
@@ -8,11 +8,11 @@ include globals.local | |||
8 | 8 | ||
9 | # Add the next line to your psi.local to enable GPG support. | 9 | # Add the next line to your psi.local to enable GPG support. |
10 | #noblacklist ${HOME}/.gnupg | 10 | #noblacklist ${HOME}/.gnupg |
11 | noblacklist ${HOME}/.cache/psi | 11 | nodeny ${HOME}/.cache/psi |
12 | noblacklist ${HOME}/.cache/Psi | 12 | nodeny ${HOME}/.cache/Psi |
13 | noblacklist ${HOME}/.config/psi | 13 | nodeny ${HOME}/.config/psi |
14 | noblacklist ${HOME}/.local/share/psi | 14 | nodeny ${HOME}/.local/share/psi |
15 | noblacklist ${HOME}/.local/share/Psi | 15 | nodeny ${HOME}/.local/share/Psi |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -32,16 +32,16 @@ mkdir ${HOME}/.local/share/psi | |||
32 | mkdir ${HOME}/.local/share/Psi | 32 | mkdir ${HOME}/.local/share/Psi |
33 | # Add the next line to your psi.local to enable GPG support. | 33 | # Add the next line to your psi.local to enable GPG support. |
34 | #whitelist ${HOME}/.gnupg | 34 | #whitelist ${HOME}/.gnupg |
35 | whitelist ${HOME}/.cache/psi | 35 | allow ${HOME}/.cache/psi |
36 | whitelist ${HOME}/.cache/Psi | 36 | allow ${HOME}/.cache/Psi |
37 | whitelist ${HOME}/.config/psi | 37 | allow ${HOME}/.config/psi |
38 | whitelist ${HOME}/.local/share/psi | 38 | allow ${HOME}/.local/share/psi |
39 | whitelist ${HOME}/.local/share/Psi | 39 | allow ${HOME}/.local/share/Psi |
40 | whitelist ${DOWNLOADS} | 40 | allow ${DOWNLOADS} |
41 | # Add the next lines to your psi.local to enable GPG support. | 41 | # Add the next lines to your psi.local to enable GPG support. |
42 | #whitelist /usr/share/gnupg | 42 | #whitelist /usr/share/gnupg |
43 | #whitelist /usr/share/gnupg2 | 43 | #whitelist /usr/share/gnupg2 |
44 | whitelist /usr/share/psi | 44 | allow /usr/share/psi |
45 | # Add the next lines to your psi.local to enable GPG support. | 45 | # Add the next lines to your psi.local to enable GPG support. |
46 | #whitelist ${RUNUSER}/gnupg | 46 | #whitelist ${RUNUSER}/gnupg |
47 | #whitelist ${RUNUSER}/keyring | 47 | #whitelist ${RUNUSER}/keyring |
diff --git a/etc/profile-m-z/pybitmessage.profile b/etc/profile-m-z/pybitmessage.profile index 60ae37930..1f0e83ab6 100644 --- a/etc/profile-m-z/pybitmessage.profile +++ b/etc/profile-m-z/pybitmessage.profile | |||
@@ -5,9 +5,9 @@ include pybitmessage.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist /sbin | 8 | nodeny /sbin |
9 | noblacklist /usr/local/sbin | 9 | nodeny /usr/local/sbin |
10 | noblacklist /usr/sbin | 10 | nodeny /usr/sbin |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-m-z/pycharm-community.profile b/etc/profile-m-z/pycharm-community.profile index 00d7239ae..b6c08290e 100644 --- a/etc/profile-m-z/pycharm-community.profile +++ b/etc/profile-m-z/pycharm-community.profile | |||
@@ -5,7 +5,7 @@ include pycharm-community.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.PyCharmCE* | 8 | nodeny ${HOME}/.PyCharmCE* |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
diff --git a/etc/profile-m-z/pycharm-professional.profile b/etc/profile-m-z/pycharm-professional.profile index b754a18c9..fa0932cc0 100644 --- a/etc/profile-m-z/pycharm-professional.profile +++ b/etc/profile-m-z/pycharm-professional.profile | |||
@@ -6,7 +6,7 @@ include pyucharm-professional.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.PyCharm* | 9 | nodeny ${HOME}/.PyCharm* |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include pycharm-community.profile | 12 | include pycharm-community.profile |
diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile index 506b738cc..fb8e622b0 100644 --- a/etc/profile-m-z/qbittorrent.profile +++ b/etc/profile-m-z/qbittorrent.profile | |||
@@ -6,10 +6,10 @@ include qbittorrent.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/qBittorrent | 9 | nodeny ${HOME}/.cache/qBittorrent |
10 | noblacklist ${HOME}/.config/qBittorrent | 10 | nodeny ${HOME}/.config/qBittorrent |
11 | noblacklist ${HOME}/.config/qBittorrentrc | 11 | nodeny ${HOME}/.config/qBittorrentrc |
12 | noblacklist ${HOME}/.local/share/data/qBittorrent | 12 | nodeny ${HOME}/.local/share/data/qBittorrent |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
@@ -27,11 +27,11 @@ mkdir ${HOME}/.cache/qBittorrent | |||
27 | mkdir ${HOME}/.config/qBittorrent | 27 | mkdir ${HOME}/.config/qBittorrent |
28 | mkfile ${HOME}/.config/qBittorrentrc | 28 | mkfile ${HOME}/.config/qBittorrentrc |
29 | mkdir ${HOME}/.local/share/data/qBittorrent | 29 | mkdir ${HOME}/.local/share/data/qBittorrent |
30 | whitelist ${DOWNLOADS} | 30 | allow ${DOWNLOADS} |
31 | whitelist ${HOME}/.cache/qBittorrent | 31 | allow ${HOME}/.cache/qBittorrent |
32 | whitelist ${HOME}/.config/qBittorrent | 32 | allow ${HOME}/.config/qBittorrent |
33 | whitelist ${HOME}/.config/qBittorrentrc | 33 | allow ${HOME}/.config/qBittorrentrc |
34 | whitelist ${HOME}/.local/share/data/qBittorrent | 34 | allow ${HOME}/.local/share/data/qBittorrent |
35 | include whitelist-common.inc | 35 | include whitelist-common.inc |
36 | include whitelist-var-common.inc | 36 | include whitelist-var-common.inc |
37 | 37 | ||
diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile index 0e52d7fc4..7bcc4b065 100644 --- a/etc/profile-m-z/qcomicbook.profile +++ b/etc/profile-m-z/qcomicbook.profile | |||
@@ -6,10 +6,10 @@ include qcomicbook.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/PawelStolowski | 9 | nodeny ${HOME}/.cache/PawelStolowski |
10 | noblacklist ${HOME}/.config/PawelStolowski | 10 | nodeny ${HOME}/.config/PawelStolowski |
11 | noblacklist ${HOME}/.local/share/PawelStolowski | 11 | nodeny ${HOME}/.local/share/PawelStolowski |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 14 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
15 | include allow-bin-sh.inc | 15 | include allow-bin-sh.inc |
@@ -27,7 +27,7 @@ include disable-xdg.inc | |||
27 | mkdir ${HOME}/.cache/PawelStolowski | 27 | mkdir ${HOME}/.cache/PawelStolowski |
28 | mkdir ${HOME}/.config/PawelStolowski | 28 | mkdir ${HOME}/.config/PawelStolowski |
29 | mkdir ${HOME}/.local/share/PawelStolowski | 29 | mkdir ${HOME}/.local/share/PawelStolowski |
30 | whitelist /usr/share/qcomicbook | 30 | allow /usr/share/qcomicbook |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/qemu-launcher.profile b/etc/profile-m-z/qemu-launcher.profile index ac60384fd..d527a2b82 100644 --- a/etc/profile-m-z/qemu-launcher.profile +++ b/etc/profile-m-z/qemu-launcher.profile | |||
@@ -5,7 +5,7 @@ include qemu-launcher.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.qemu-launcher | 8 | nodeny ${HOME}/.qemu-launcher |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-passwdmgr.inc | 11 | include disable-passwdmgr.inc |
diff --git a/etc/profile-m-z/qgis.profile b/etc/profile-m-z/qgis.profile index 2e97daea2..e99140c22 100644 --- a/etc/profile-m-z/qgis.profile +++ b/etc/profile-m-z/qgis.profile | |||
@@ -6,10 +6,10 @@ include qgis.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/QGIS | 9 | nodeny ${HOME}/.config/QGIS |
10 | noblacklist ${HOME}/.local/share/QGIS | 10 | nodeny ${HOME}/.local/share/QGIS |
11 | noblacklist ${HOME}/.qgis2 | 11 | nodeny ${HOME}/.qgis2 |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python3.inc | 15 | include allow-python3.inc |
@@ -25,10 +25,10 @@ include disable-xdg.inc | |||
25 | mkdir ${HOME}/.local/share/QGIS | 25 | mkdir ${HOME}/.local/share/QGIS |
26 | mkdir ${HOME}/.qgis2 | 26 | mkdir ${HOME}/.qgis2 |
27 | mkdir ${HOME}/.config/QGIS | 27 | mkdir ${HOME}/.config/QGIS |
28 | whitelist ${HOME}/.local/share/QGIS | 28 | allow ${HOME}/.local/share/QGIS |
29 | whitelist ${HOME}/.qgis2 | 29 | allow ${HOME}/.qgis2 |
30 | whitelist ${HOME}/.config/QGIS | 30 | allow ${HOME}/.config/QGIS |
31 | whitelist ${DOCUMENTS} | 31 | allow ${DOCUMENTS} |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-m-z/qlipper.profile b/etc/profile-m-z/qlipper.profile index 6e94d5845..75dc58ae4 100644 --- a/etc/profile-m-z/qlipper.profile +++ b/etc/profile-m-z/qlipper.profile | |||
@@ -6,7 +6,7 @@ include qlipper.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Qlipper | 9 | nodeny ${HOME}/.config/Qlipper |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/qmmp.profile b/etc/profile-m-z/qmmp.profile index c3d982c17..d37fce997 100644 --- a/etc/profile-m-z/qmmp.profile +++ b/etc/profile-m-z/qmmp.profile | |||
@@ -6,8 +6,8 @@ include qmmp.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.qmmp | 9 | nodeny ${HOME}/.qmmp |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/qnapi.profile b/etc/profile-m-z/qnapi.profile index ca11df5be..f12340052 100644 --- a/etc/profile-m-z/qnapi.profile +++ b/etc/profile-m-z/qnapi.profile | |||
@@ -6,7 +6,7 @@ include qnapi.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/qnapi.ini | 9 | nodeny ${HOME}/.config/qnapi.ini |
10 | 10 | ||
11 | ignore noexec /tmp | 11 | ignore noexec /tmp |
12 | 12 | ||
@@ -20,8 +20,8 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkfile ${HOME}/.config/qnapi.ini | 22 | mkfile ${HOME}/.config/qnapi.ini |
23 | whitelist ${HOME}/.config/qnapi.ini | 23 | allow ${HOME}/.config/qnapi.ini |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/qpdfview.profile b/etc/profile-m-z/qpdfview.profile index be690ffa4..62fae324c 100644 --- a/etc/profile-m-z/qpdfview.profile +++ b/etc/profile-m-z/qpdfview.profile | |||
@@ -6,9 +6,9 @@ include qpdfview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/qpdfview | 9 | nodeny ${HOME}/.config/qpdfview |
10 | noblacklist ${HOME}/.local/share/qpdfview | 10 | nodeny ${HOME}/.local/share/qpdfview |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/qrencode.profile b/etc/profile-m-z/qrencode.profile index 6cbf8519f..5f0aec804 100644 --- a/etc/profile-m-z/qrencode.profile +++ b/etc/profile-m-z/qrencode.profile | |||
@@ -7,7 +7,7 @@ include qrencode.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/qtox.profile b/etc/profile-m-z/qtox.profile index 8ffe24d11..1ad46814e 100644 --- a/etc/profile-m-z/qtox.profile +++ b/etc/profile-m-z/qtox.profile | |||
@@ -6,8 +6,8 @@ include qtox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Tox | 9 | nodeny ${HOME}/.cache/Tox |
10 | noblacklist ${HOME}/.config/tox | 10 | nodeny ${HOME}/.config/tox |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-shell.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.config/tox | 21 | mkdir ${HOME}/.config/tox |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist ${HOME}/.config/tox | 23 | allow ${HOME}/.config/tox |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/quadrapassel.profile b/etc/profile-m-z/quadrapassel.profile index 91e0d9d0d..aee24925c 100644 --- a/etc/profile-m-z/quadrapassel.profile +++ b/etc/profile-m-z/quadrapassel.profile | |||
@@ -6,11 +6,11 @@ include quadrapassel.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/quadrapassel | 9 | nodeny ${HOME}/.local/share/quadrapassel |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/quadrapassel | 11 | mkdir ${HOME}/.local/share/quadrapassel |
12 | whitelist ${HOME}/.local/share/quadrapassel | 12 | allow ${HOME}/.local/share/quadrapassel |
13 | whitelist /usr/share/quadrapassel | 13 | allow /usr/share/quadrapassel |
14 | 14 | ||
15 | private-bin quadrapassel | 15 | private-bin quadrapassel |
16 | 16 | ||
diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile index 1d146aa39..a319e1e12 100644 --- a/etc/profile-m-z/quaternion.profile +++ b/etc/profile-m-z/quaternion.profile | |||
@@ -6,8 +6,8 @@ include quaternion.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Quotient/quaternion | 9 | nodeny ${HOME}/.cache/Quotient/quaternion |
10 | noblacklist ${HOME}/.config/Quotient | 10 | nodeny ${HOME}/.config/Quotient |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,10 +20,10 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.cache/Quotient/quaternion | 21 | mkdir ${HOME}/.cache/Quotient/quaternion |
22 | mkdir ${HOME}/.config/Quotient | 22 | mkdir ${HOME}/.config/Quotient |
23 | whitelist ${HOME}/.cache/Quotient/quaternion | 23 | allow ${HOME}/.cache/Quotient/quaternion |
24 | whitelist ${HOME}/.config/Quotient | 24 | allow ${HOME}/.config/Quotient |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | whitelist /usr/share/Quotient/quaternion | 26 | allow /usr/share/Quotient/quaternion |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/quiterss.profile b/etc/profile-m-z/quiterss.profile index 9490089b2..2693f2ed5 100644 --- a/etc/profile-m-z/quiterss.profile +++ b/etc/profile-m-z/quiterss.profile | |||
@@ -6,10 +6,10 @@ include quiterss.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/QuiteRss | 9 | nodeny ${HOME}/.cache/QuiteRss |
10 | noblacklist ${HOME}/.config/QuiteRss | 10 | nodeny ${HOME}/.config/QuiteRss |
11 | noblacklist ${HOME}/.config/QuiteRssrc | 11 | nodeny ${HOME}/.config/QuiteRssrc |
12 | noblacklist ${HOME}/.local/share/QuiteRss | 12 | nodeny ${HOME}/.local/share/QuiteRss |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -25,12 +25,12 @@ mkdir ${HOME}/.local/share/data | |||
25 | mkdir ${HOME}/.local/share/data/QuiteRss | 25 | mkdir ${HOME}/.local/share/data/QuiteRss |
26 | mkdir ${HOME}/.local/share/QuiteRss | 26 | mkdir ${HOME}/.local/share/QuiteRss |
27 | mkfile ${HOME}/quiterssfeeds.opml | 27 | mkfile ${HOME}/quiterssfeeds.opml |
28 | whitelist ${HOME}/.cache/QuiteRss | 28 | allow ${HOME}/.cache/QuiteRss |
29 | whitelist ${HOME}/.config/QuiteRss | 29 | allow ${HOME}/.config/QuiteRss |
30 | whitelist ${HOME}/.config/QuiteRssrc | 30 | allow ${HOME}/.config/QuiteRssrc |
31 | whitelist ${HOME}/.local/share/data/QuiteRss | 31 | allow ${HOME}/.local/share/data/QuiteRss |
32 | whitelist ${HOME}/.local/share/QuiteRss | 32 | allow ${HOME}/.local/share/QuiteRss |
33 | whitelist ${HOME}/quiterssfeeds.opml | 33 | allow ${HOME}/quiterssfeeds.opml |
34 | include whitelist-common.inc | 34 | include whitelist-common.inc |
35 | 35 | ||
36 | caps.drop all | 36 | caps.drop all |
diff --git a/etc/profile-m-z/quodlibet.profile b/etc/profile-m-z/quodlibet.profile index 92b02b2bf..52c120c08 100644 --- a/etc/profile-m-z/quodlibet.profile +++ b/etc/profile-m-z/quodlibet.profile | |||
@@ -6,10 +6,10 @@ include quodlibet.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/quodlibet | 9 | nodeny ${HOME}/.cache/quodlibet |
10 | noblacklist ${HOME}/.config/quodlibet | 10 | nodeny ${HOME}/.config/quodlibet |
11 | noblacklist ${HOME}/.quodlibet | 11 | nodeny ${HOME}/.quodlibet |
12 | noblacklist ${MUSIC} | 12 | nodeny ${MUSIC} |
13 | 13 | ||
14 | include allow-bin-sh.inc | 14 | include allow-bin-sh.inc |
15 | 15 | ||
@@ -30,11 +30,11 @@ mkdir ${HOME}/.cache/quodlibet | |||
30 | mkdir ${HOME}/.config/quodlibet | 30 | mkdir ${HOME}/.config/quodlibet |
31 | mkdir ${HOME}/.quodlibet | 31 | mkdir ${HOME}/.quodlibet |
32 | 32 | ||
33 | whitelist ${HOME}/.cache/quodlibet | 33 | allow ${HOME}/.cache/quodlibet |
34 | whitelist ${HOME}/.config/quodlibet | 34 | allow ${HOME}/.config/quodlibet |
35 | whitelist ${HOME}/.quodlibet | 35 | allow ${HOME}/.quodlibet |
36 | whitelist ${DOWNLOADS} | 36 | allow ${DOWNLOADS} |
37 | whitelist ${MUSIC} | 37 | allow ${MUSIC} |
38 | include whitelist-common.inc | 38 | include whitelist-common.inc |
39 | include whitelist-runuser-common.inc | 39 | include whitelist-runuser-common.inc |
40 | include whitelist-usr-share-common.inc | 40 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/qupzilla.profile b/etc/profile-m-z/qupzilla.profile index 7aa71c848..9bc91808b 100644 --- a/etc/profile-m-z/qupzilla.profile +++ b/etc/profile-m-z/qupzilla.profile | |||
@@ -6,8 +6,8 @@ include qupzilla.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/qupzilla | 9 | nodeny ${HOME}/.cache/qupzilla |
10 | noblacklist ${HOME}/.config/qupzilla | 10 | nodeny ${HOME}/.config/qupzilla |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.cache/qupzilla | 19 | mkdir ${HOME}/.cache/qupzilla |
20 | mkdir ${HOME}/.config/qupzilla | 20 | mkdir ${HOME}/.config/qupzilla |
21 | whitelist ${HOME}/.cache/qupzilla | 21 | allow ${HOME}/.cache/qupzilla |
22 | whitelist ${HOME}/.config/qupzilla | 22 | allow ${HOME}/.config/qupzilla |
23 | 23 | ||
24 | # Redirect | 24 | # Redirect |
25 | include falkon.profile | 25 | include falkon.profile |
diff --git a/etc/profile-m-z/qutebrowser.profile b/etc/profile-m-z/qutebrowser.profile index fc910b589..a342e2acd 100644 --- a/etc/profile-m-z/qutebrowser.profile +++ b/etc/profile-m-z/qutebrowser.profile | |||
@@ -6,9 +6,9 @@ include qutebrowser.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/qutebrowser | 9 | nodeny ${HOME}/.cache/qutebrowser |
10 | noblacklist ${HOME}/.config/qutebrowser | 10 | nodeny ${HOME}/.config/qutebrowser |
11 | noblacklist ${HOME}/.local/share/qutebrowser | 11 | nodeny ${HOME}/.local/share/qutebrowser |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -22,10 +22,10 @@ include disable-programs.inc | |||
22 | mkdir ${HOME}/.cache/qutebrowser | 22 | mkdir ${HOME}/.cache/qutebrowser |
23 | mkdir ${HOME}/.config/qutebrowser | 23 | mkdir ${HOME}/.config/qutebrowser |
24 | mkdir ${HOME}/.local/share/qutebrowser | 24 | mkdir ${HOME}/.local/share/qutebrowser |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | whitelist ${HOME}/.cache/qutebrowser | 26 | allow ${HOME}/.cache/qutebrowser |
27 | whitelist ${HOME}/.config/qutebrowser | 27 | allow ${HOME}/.config/qutebrowser |
28 | whitelist ${HOME}/.local/share/qutebrowser | 28 | allow ${HOME}/.local/share/qutebrowser |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | 30 | ||
31 | caps.drop all | 31 | caps.drop all |
diff --git a/etc/profile-m-z/rambox.profile b/etc/profile-m-z/rambox.profile index ffa2022ee..b1059cee8 100644 --- a/etc/profile-m-z/rambox.profile +++ b/etc/profile-m-z/rambox.profile | |||
@@ -6,9 +6,9 @@ include rambox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Rambox | 9 | nodeny ${HOME}/.config/Rambox |
10 | noblacklist ${HOME}/.pki | 10 | nodeny ${HOME}/.pki |
11 | noblacklist ${HOME}/.local/share/pki | 11 | nodeny ${HOME}/.local/share/pki |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -18,10 +18,10 @@ include disable-programs.inc | |||
18 | mkdir ${HOME}/.config/Rambox | 18 | mkdir ${HOME}/.config/Rambox |
19 | mkdir ${HOME}/.pki | 19 | mkdir ${HOME}/.pki |
20 | mkdir ${HOME}/.local/share/pki | 20 | mkdir ${HOME}/.local/share/pki |
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | whitelist ${HOME}/.config/Rambox | 22 | allow ${HOME}/.config/Rambox |
23 | whitelist ${HOME}/.pki | 23 | allow ${HOME}/.pki |
24 | whitelist ${HOME}/.local/share/pki | 24 | allow ${HOME}/.local/share/pki |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-m-z/redeclipse.profile b/etc/profile-m-z/redeclipse.profile index 9bc196a16..3b56f651f 100644 --- a/etc/profile-m-z/redeclipse.profile +++ b/etc/profile-m-z/redeclipse.profile | |||
@@ -6,7 +6,7 @@ include redeclipse.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.redeclipse | 9 | nodeny ${HOME}/.redeclipse |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.redeclipse | 19 | mkdir ${HOME}/.redeclipse |
20 | whitelist ${HOME}/.redeclipse | 20 | allow ${HOME}/.redeclipse |
21 | whitelist /usr/share/redeclipse | 21 | allow /usr/share/redeclipse |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/rednotebook.profile b/etc/profile-m-z/rednotebook.profile new file mode 100644 index 000000000..67281c518 --- /dev/null +++ b/etc/profile-m-z/rednotebook.profile | |||
@@ -0,0 +1,67 @@ | |||
1 | # Firejail profile for rednotebook | ||
2 | # Description: Daily journal with calendar, templates and keyword searching | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include rednotebook.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | nodeny ${HOME}/.cache/rednotebook | ||
10 | nodeny ${HOME}/.rednotebook | ||
11 | |||
12 | # Allow python (blacklisted by disable-interpreters.inc) | ||
13 | include allow-python3.inc | ||
14 | |||
15 | include disable-common.inc | ||
16 | include disable-devel.inc | ||
17 | include disable-exec.inc | ||
18 | include disable-interpreters.inc | ||
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | ||
21 | include disable-shell.inc | ||
22 | |||
23 | mkdir ${HOME}/.cache/rednotebook | ||
24 | mkdir ${HOME}/.rednotebook | ||
25 | allow ${HOME}/.cache/rednotebook | ||
26 | allow ${HOME}/.rednotebook | ||
27 | allow ${DESKTOP} | ||
28 | allow ${DOCUMENTS} | ||
29 | allow ${DOWNLOADS} | ||
30 | allow ${MUSIC} | ||
31 | allow ${PICTURES} | ||
32 | allow ${VIDEOS} | ||
33 | allow /usr/libexec/webkit2gtk-4.0 | ||
34 | include whitelist-common.inc | ||
35 | include whitelist-runuser-common.inc | ||
36 | include whitelist-usr-share-common.inc | ||
37 | include whitelist-var-common.inc | ||
38 | |||
39 | apparmor | ||
40 | caps.drop all | ||
41 | machine-id | ||
42 | net none | ||
43 | no3d | ||
44 | nodvd | ||
45 | nogroups | ||
46 | noinput | ||
47 | nonewprivs | ||
48 | noroot | ||
49 | nosound | ||
50 | notv | ||
51 | nou2f | ||
52 | novideo | ||
53 | protocol unix | ||
54 | seccomp | ||
55 | seccomp.block-secondary | ||
56 | shell none | ||
57 | tracelog | ||
58 | |||
59 | disable-mnt | ||
60 | private-bin python3*,rednotebook | ||
61 | private-cache | ||
62 | private-dev | ||
63 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | ||
64 | private-tmp | ||
65 | |||
66 | dbus-user none | ||
67 | dbus-system none | ||
diff --git a/etc/profile-m-z/redshift.profile b/etc/profile-m-z/redshift.profile index f87c5f67c..3035e1d74 100644 --- a/etc/profile-m-z/redshift.profile +++ b/etc/profile-m-z/redshift.profile | |||
@@ -7,8 +7,8 @@ include redshift.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/redshift | 10 | nodeny ${HOME}/.config/redshift |
11 | noblacklist ${HOME}/.config/redshift.conf | 11 | nodeny ${HOME}/.config/redshift.conf |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.config/redshift | 21 | mkdir ${HOME}/.config/redshift |
22 | whitelist ${HOME}/.config/redshift | 22 | allow ${HOME}/.config/redshift |
23 | whitelist ${HOME}/.config/redshift.conf | 23 | allow ${HOME}/.config/redshift.conf |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
26 | apparmor | 26 | apparmor |
diff --git a/etc/profile-m-z/regextester.profile b/etc/profile-m-z/regextester.profile index f5131c5d0..82feafab9 100644 --- a/etc/profile-m-z/regextester.profile +++ b/etc/profile-m-z/regextester.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/com.github.artemanufrij.regextester | 18 | allow /usr/share/com.github.artemanufrij.regextester |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/remmina.profile b/etc/profile-m-z/remmina.profile index aca22f187..3f385f602 100644 --- a/etc/profile-m-z/remmina.profile +++ b/etc/profile-m-z/remmina.profile | |||
@@ -6,9 +6,9 @@ include remmina.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.remmina | 9 | nodeny ${HOME}/.remmina |
10 | noblacklist ${HOME}/.config/remmina | 10 | nodeny ${HOME}/.config/remmina |
11 | noblacklist ${HOME}/.local/share/remmina | 11 | nodeny ${HOME}/.local/share/remmina |
12 | 12 | ||
13 | # Allow ssh (blacklisted by disable-common.inc) | 13 | # Allow ssh (blacklisted by disable-common.inc) |
14 | include allow-ssh.inc | 14 | include allow-ssh.inc |
diff --git a/etc/profile-m-z/rhythmbox.profile b/etc/profile-m-z/rhythmbox.profile index 970e8ffba..c532d3dc1 100644 --- a/etc/profile-m-z/rhythmbox.profile +++ b/etc/profile-m-z/rhythmbox.profile | |||
@@ -6,9 +6,9 @@ include rhythmbox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | noblacklist ${HOME}/.cache/rhythmbox | 10 | nodeny ${HOME}/.cache/rhythmbox |
11 | noblacklist ${HOME}/.local/share/rhythmbox | 11 | nodeny ${HOME}/.local/share/rhythmbox |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -26,10 +26,10 @@ include disable-programs.inc | |||
26 | include disable-shell.inc | 26 | include disable-shell.inc |
27 | include disable-xdg.inc | 27 | include disable-xdg.inc |
28 | 28 | ||
29 | whitelist /usr/share/rhythmbox | 29 | allow /usr/share/rhythmbox |
30 | whitelist /usr/share/lua | 30 | allow /usr/share/lua |
31 | whitelist /usr/share/libquvi-scripts | 31 | allow /usr/share/libquvi-scripts |
32 | whitelist /usr/share/tracker | 32 | allow /usr/share/tracker |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/ricochet.profile b/etc/profile-m-z/ricochet.profile index b664a2be3..c3ee57ef3 100644 --- a/etc/profile-m-z/ricochet.profile +++ b/etc/profile-m-z/ricochet.profile | |||
@@ -5,7 +5,7 @@ include ricochet.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.local/share/Ricochet | 8 | nodeny ${HOME}/.local/share/Ricochet |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.local/share/Ricochet | 18 | mkdir ${HOME}/.local/share/Ricochet |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.local/share/Ricochet | 20 | allow ${HOME}/.local/share/Ricochet |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-m-z/riot-web.profile b/etc/profile-m-z/riot-web.profile index 687c943b0..782396a50 100644 --- a/etc/profile-m-z/riot-web.profile +++ b/etc/profile-m-z/riot-web.profile | |||
@@ -8,11 +8,11 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec /tmp | 9 | ignore noexec /tmp |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/Riot | 11 | nodeny ${HOME}/.config/Riot |
12 | 12 | ||
13 | mkdir ${HOME}/.config/Riot | 13 | mkdir ${HOME}/.config/Riot |
14 | whitelist ${HOME}/.config/Riot | 14 | allow ${HOME}/.config/Riot |
15 | whitelist /usr/share/webapps/element | 15 | allow /usr/share/webapps/element |
16 | 16 | ||
17 | # Redirect | 17 | # Redirect |
18 | include electron.profile | 18 | include electron.profile |
diff --git a/etc/profile-m-z/ripperx.profile b/etc/profile-m-z/ripperx.profile index be815e714..c97ac8090 100644 --- a/etc/profile-m-z/ripperx.profile +++ b/etc/profile-m-z/ripperx.profile | |||
@@ -6,8 +6,8 @@ include ripperx.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.ripperXrc | 9 | nodeny ${HOME}/.ripperXrc |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/ristretto.profile b/etc/profile-m-z/ristretto.profile index 5572cab5a..109d2f8f1 100644 --- a/etc/profile-m-z/ristretto.profile +++ b/etc/profile-m-z/ristretto.profile | |||
@@ -6,9 +6,9 @@ include ristretto.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ristretto | 9 | nodeny ${HOME}/.config/ristretto |
10 | noblacklist ${HOME}/.Steam | 10 | nodeny ${HOME}/.Steam |
11 | noblacklist ${HOME}/.steam | 11 | nodeny ${HOME}/.steam |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/rocketchat.profile b/etc/profile-m-z/rocketchat.profile index 8d3607c75..1a76c4211 100644 --- a/etc/profile-m-z/rocketchat.profile +++ b/etc/profile-m-z/rocketchat.profile | |||
@@ -21,10 +21,10 @@ ignore private-cache | |||
21 | ignore private-dev | 21 | ignore private-dev |
22 | ignore private-tmp | 22 | ignore private-tmp |
23 | 23 | ||
24 | noblacklist ${HOME}/.config/Rocket.Chat | 24 | nodeny ${HOME}/.config/Rocket.Chat |
25 | 25 | ||
26 | mkdir ${HOME}/.config/Rocket.Chat | 26 | mkdir ${HOME}/.config/Rocket.Chat |
27 | whitelist ${HOME}/.config/Rocket.Chat | 27 | allow ${HOME}/.config/Rocket.Chat |
28 | 28 | ||
29 | # Redirect | 29 | # Redirect |
30 | include electron.profile | 30 | include electron.profile |
diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile index 690b44bb1..4807b7d36 100644 --- a/etc/profile-m-z/rsync-download_only.profile +++ b/etc/profile-m-z/rsync-download_only.profile | |||
@@ -11,8 +11,8 @@ include globals.local | |||
11 | # not as a daemon (rsync --daemon) nor to create backups. | 11 | # not as a daemon (rsync --daemon) nor to create backups. |
12 | # Usage: firejail --profile=rsync-download_only rsync | 12 | # Usage: firejail --profile=rsync-download_only rsync |
13 | 13 | ||
14 | blacklist /tmp/.X11-unix | 14 | deny /tmp/.X11-unix |
15 | blacklist ${RUNUSER} | 15 | deny ${RUNUSER} |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/profile-m-z/rtv-addons.profile b/etc/profile-m-z/rtv-addons.profile index c9da0b628..6b7d6b155 100644 --- a/etc/profile-m-z/rtv-addons.profile +++ b/etc/profile-m-z/rtv-addons.profile | |||
@@ -11,13 +11,18 @@ ignore nosound | |||
11 | ignore private-bin | 11 | ignore private-bin |
12 | ignore dbus-user none | 12 | ignore dbus-user none |
13 | 13 | ||
14 | noblacklist ${HOME}/.config/mpv | 14 | nodeny ${HOME}/.config/mpv |
15 | noblacklist ${HOME}/.mailcap | 15 | nodeny ${HOME}/.mailcap |
16 | noblacklist ${HOME}/.netrc | 16 | nodeny ${HOME}/.netrc |
17 | noblacklist ${HOME}/.w3m | 17 | nodeny ${HOME}/.w3m |
18 | 18 | ||
19 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs | 19 | allow ${HOME}/.cache/youtube-dl/youtube-sigfuncs |
20 | whitelist ${HOME}/.config/mpv | 20 | allow ${HOME}/.config/mpv |
21 | whitelist ${HOME}/.mailcap | 21 | allow ${HOME}/.mailcap |
22 | whitelist ${HOME}/.netrc | 22 | allow ${HOME}/.netrc |
23 | whitelist ${HOME}/.w3m | 23 | allow ${HOME}/.w3m |
24 | |||
25 | #private-bin w3m,mpv,youtube-dl | ||
26 | |||
27 | # tells rtv, which browser to use | ||
28 | #env RTV_BROWSER=w3m | ||
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile index f0b8d31e9..074050792 100644 --- a/etc/profile-m-z/rtv.profile +++ b/etc/profile-m-z/rtv.profile | |||
@@ -6,11 +6,14 @@ include rtv.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | deny /tmp/.X11-unix |
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/rtv | 12 | nodeny ${HOME}/.config/rtv |
13 | noblacklist ${HOME}/.local/share/rtv | 13 | nodeny ${HOME}/.local/share/rtv |
14 | |||
15 | # Allow /bin/sh (blacklisted by disable-shell.inc) | ||
16 | include allow-bin-sh.inc | ||
14 | 17 | ||
15 | # Allow python (blacklisted by disable-interpreters.inc) | 18 | # Allow python (blacklisted by disable-interpreters.inc) |
16 | include allow-python2.inc | 19 | include allow-python2.inc |
@@ -30,8 +33,8 @@ include disable-xdg.inc | |||
30 | 33 | ||
31 | mkdir ${HOME}/.config/rtv | 34 | mkdir ${HOME}/.config/rtv |
32 | mkdir ${HOME}/.local/share/rtv | 35 | mkdir ${HOME}/.local/share/rtv |
33 | whitelist ${HOME}/.config/rtv | 36 | allow ${HOME}/.config/rtv |
34 | whitelist ${HOME}/.local/share/rtv | 37 | allow ${HOME}/.local/share/rtv |
35 | include whitelist-var-common.inc | 38 | include whitelist-var-common.inc |
36 | 39 | ||
37 | apparmor | 40 | apparmor |
@@ -54,10 +57,10 @@ shell none | |||
54 | tracelog | 57 | tracelog |
55 | 58 | ||
56 | disable-mnt | 59 | disable-mnt |
57 | private-bin python*,rtv,sh,xdg-settings | 60 | private-bin less,python*,rtv,sh,xdg-settings |
58 | private-cache | 61 | private-cache |
59 | private-dev | 62 | private-dev |
60 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg | 63 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mailcap,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg |
61 | 64 | ||
62 | dbus-user none | 65 | dbus-user none |
63 | dbus-system none | 66 | dbus-system none |
diff --git a/etc/profile-m-z/sayonara.profile b/etc/profile-m-z/sayonara.profile index de79913cc..963f5da02 100644 --- a/etc/profile-m-z/sayonara.profile +++ b/etc/profile-m-z/sayonara.profile | |||
@@ -5,8 +5,8 @@ include sayonara.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.Sayonara | 8 | nodeny ${HOME}/.Sayonara |
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/scallion.profile b/etc/profile-m-z/scallion.profile index eb8468c3b..26550b5e0 100644 --- a/etc/profile-m-z/scallion.profile +++ b/etc/profile-m-z/scallion.profile | |||
@@ -6,10 +6,10 @@ include scallion.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PATH}/llvm* | 9 | nodeny ${PATH}/llvm* |
10 | noblacklist ${PATH}/openssl | 10 | nodeny ${PATH}/openssl |
11 | noblacklist ${PATH}/openssl-1.0 | 11 | nodeny ${PATH}/openssl-1.0 |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
diff --git a/etc/profile-m-z/scorched3d.profile b/etc/profile-m-z/scorched3d.profile index b1989e474..921efb49e 100644 --- a/etc/profile-m-z/scorched3d.profile +++ b/etc/profile-m-z/scorched3d.profile | |||
@@ -6,7 +6,7 @@ include scorched3d.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.scorched3d | 9 | nodeny ${HOME}/.scorched3d |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.scorched3d | 19 | mkdir ${HOME}/.scorched3d |
20 | whitelist ${HOME}/.scorched3d | 20 | allow ${HOME}/.scorched3d |
21 | whitelist /usr/share/scorched3d | 21 | allow /usr/share/scorched3d |
22 | whitelist /usr/share/games/scorched3d | 22 | allow /usr/share/games/scorched3d |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/scorchwentbonkers.profile b/etc/profile-m-z/scorchwentbonkers.profile index 2cb1df6b5..54a6c3a01 100644 --- a/etc/profile-m-z/scorchwentbonkers.profile +++ b/etc/profile-m-z/scorchwentbonkers.profile | |||
@@ -6,7 +6,7 @@ include scorchwentbonkers.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.swb.ini | 9 | nodeny ${HOME}/.swb.ini |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.swb.ini | 20 | mkdir ${HOME}/.swb.ini |
21 | whitelist ${HOME}/.swb.ini | 21 | allow ${HOME}/.swb.ini |
22 | whitelist /usr/share/scorchwentbonkers | 22 | allow /usr/share/scorchwentbonkers |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/scribus.profile b/etc/profile-m-z/scribus.profile index 1fdeaa145..6519f8e87 100644 --- a/etc/profile-m-z/scribus.profile +++ b/etc/profile-m-z/scribus.profile | |||
@@ -7,24 +7,24 @@ include scribus.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Support for PDF readers comes with Scribus 1.5 and higher | 9 | # Support for PDF readers comes with Scribus 1.5 and higher |
10 | noblacklist ${HOME}/.cache/okular | 10 | nodeny ${HOME}/.cache/okular |
11 | noblacklist ${HOME}/.config/GIMP | 11 | nodeny ${HOME}/.config/GIMP |
12 | noblacklist ${HOME}/.config/okularpartrc | 12 | nodeny ${HOME}/.config/okularpartrc |
13 | noblacklist ${HOME}/.config/okularrc | 13 | nodeny ${HOME}/.config/okularrc |
14 | noblacklist ${HOME}/.config/scribus | 14 | nodeny ${HOME}/.config/scribus |
15 | noblacklist ${HOME}/.config/scribusrc | 15 | nodeny ${HOME}/.config/scribusrc |
16 | noblacklist ${HOME}/.gimp* | 16 | nodeny ${HOME}/.gimp* |
17 | noblacklist ${HOME}/.kde/share/apps/okular | 17 | nodeny ${HOME}/.kde/share/apps/okular |
18 | noblacklist ${HOME}/.kde/share/config/okularpartrc | 18 | nodeny ${HOME}/.kde/share/config/okularpartrc |
19 | noblacklist ${HOME}/.kde/share/config/okularrc | 19 | nodeny ${HOME}/.kde/share/config/okularrc |
20 | noblacklist ${HOME}/.kde4/share/apps/okular | 20 | nodeny ${HOME}/.kde4/share/apps/okular |
21 | noblacklist ${HOME}/.kde4/share/config/okularpartrc | 21 | nodeny ${HOME}/.kde4/share/config/okularpartrc |
22 | noblacklist ${HOME}/.kde4/share/config/okularrc | 22 | nodeny ${HOME}/.kde4/share/config/okularrc |
23 | noblacklist ${HOME}/.local/share/okular | 23 | nodeny ${HOME}/.local/share/okular |
24 | noblacklist ${HOME}/.local/share/scribus | 24 | nodeny ${HOME}/.local/share/scribus |
25 | noblacklist ${HOME}/.scribus | 25 | nodeny ${HOME}/.scribus |
26 | noblacklist ${DOCUMENTS} | 26 | nodeny ${DOCUMENTS} |
27 | noblacklist ${PICTURES} | 27 | nodeny ${PICTURES} |
28 | 28 | ||
29 | # Allow python (blacklisted by disable-interpreters.inc) | 29 | # Allow python (blacklisted by disable-interpreters.inc) |
30 | include allow-python2.inc | 30 | include allow-python2.inc |
diff --git a/etc/profile-m-z/seahorse-adventures.profile b/etc/profile-m-z/seahorse-adventures.profile index 7799ab7ed..95cedac3f 100644 --- a/etc/profile-m-z/seahorse-adventures.profile +++ b/etc/profile-m-z/seahorse-adventures.profile | |||
@@ -22,8 +22,8 @@ include disable-programs.inc | |||
22 | include disable-shell.inc | 22 | include disable-shell.inc |
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | whitelist /usr/share/seahorse-adventures | 25 | allow /usr/share/seahorse-adventures |
26 | whitelist /usr/share/games/seahorse-adventures | 26 | allow /usr/share/games/seahorse-adventures |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile index d3d8e453f..66605173b 100644 --- a/etc/profile-m-z/seahorse.profile +++ b/etc/profile-m-z/seahorse.profile | |||
@@ -6,9 +6,9 @@ include seahorse.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | deny /tmp/.X11-unix |
10 | 10 | ||
11 | noblacklist ${HOME}/.gnupg | 11 | nodeny ${HOME}/.gnupg |
12 | 12 | ||
13 | # Allow ssh (blacklisted by disable-common.inc) | 13 | # Allow ssh (blacklisted by disable-common.inc) |
14 | include allow-ssh.inc | 14 | include allow-ssh.inc |
@@ -27,13 +27,13 @@ include disable-xdg.inc | |||
27 | #mkdir ${HOME}/.ssh | 27 | #mkdir ${HOME}/.ssh |
28 | #whitelist ${HOME}/.gnupg | 28 | #whitelist ${HOME}/.gnupg |
29 | #whitelist ${HOME}/.ssh | 29 | #whitelist ${HOME}/.ssh |
30 | whitelist /tmp/ssh-* | 30 | allow /tmp/ssh-* |
31 | whitelist /usr/share/gnupg | 31 | allow /usr/share/gnupg |
32 | whitelist /usr/share/gnupg2 | 32 | allow /usr/share/gnupg2 |
33 | whitelist /usr/share/seahorse | 33 | allow /usr/share/seahorse |
34 | whitelist /usr/share/seahorse-nautilus | 34 | allow /usr/share/seahorse-nautilus |
35 | whitelist ${RUNUSER}/gnupg | 35 | allow ${RUNUSER}/gnupg |
36 | whitelist ${RUNUSER}/keyring | 36 | allow ${RUNUSER}/keyring |
37 | #include whitelist-common.inc | 37 | #include whitelist-common.inc |
38 | include whitelist-runuser-common.inc | 38 | include whitelist-runuser-common.inc |
39 | include whitelist-usr-share-common.inc | 39 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/seamonkey.profile b/etc/profile-m-z/seamonkey.profile index 807effbeb..c9867719a 100644 --- a/etc/profile-m-z/seamonkey.profile +++ b/etc/profile-m-z/seamonkey.profile | |||
@@ -6,10 +6,10 @@ include seamonkey.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/mozilla | 9 | nodeny ${HOME}/.cache/mozilla |
10 | noblacklist ${HOME}/.mozilla | 10 | nodeny ${HOME}/.mozilla |
11 | noblacklist ${HOME}/.pki | 11 | nodeny ${HOME}/.pki |
12 | noblacklist ${HOME}/.local/share/pki | 12 | nodeny ${HOME}/.local/share/pki |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -20,25 +20,25 @@ mkdir ${HOME}/.cache/mozilla | |||
20 | mkdir ${HOME}/.mozilla | 20 | mkdir ${HOME}/.mozilla |
21 | mkdir ${HOME}/.pki | 21 | mkdir ${HOME}/.pki |
22 | mkdir ${HOME}/.local/share/pki | 22 | mkdir ${HOME}/.local/share/pki |
23 | whitelist ${DOWNLOADS} | 23 | allow ${DOWNLOADS} |
24 | whitelist ${HOME}/.cache/gnome-mplayer/plugin | 24 | allow ${HOME}/.cache/gnome-mplayer/plugin |
25 | whitelist ${HOME}/.cache/mozilla | 25 | allow ${HOME}/.cache/mozilla |
26 | whitelist ${HOME}/.config/gnome-mplayer | 26 | allow ${HOME}/.config/gnome-mplayer |
27 | whitelist ${HOME}/.config/pipelight-silverlight5.1 | 27 | allow ${HOME}/.config/pipelight-silverlight5.1 |
28 | whitelist ${HOME}/.config/pipelight-widevine | 28 | allow ${HOME}/.config/pipelight-widevine |
29 | whitelist ${HOME}/.keysnail.js | 29 | allow ${HOME}/.keysnail.js |
30 | whitelist ${HOME}/.lastpass | 30 | allow ${HOME}/.lastpass |
31 | whitelist ${HOME}/.mozilla | 31 | allow ${HOME}/.mozilla |
32 | whitelist ${HOME}/.pentadactyl | 32 | allow ${HOME}/.pentadactyl |
33 | whitelist ${HOME}/.pentadactylrc | 33 | allow ${HOME}/.pentadactylrc |
34 | whitelist ${HOME}/.pki | 34 | allow ${HOME}/.pki |
35 | whitelist ${HOME}/.local/share/pki | 35 | allow ${HOME}/.local/share/pki |
36 | whitelist ${HOME}/.vimperator | 36 | allow ${HOME}/.vimperator |
37 | whitelist ${HOME}/.vimperatorrc | 37 | allow ${HOME}/.vimperatorrc |
38 | whitelist ${HOME}/.wine-pipelight | 38 | allow ${HOME}/.wine-pipelight |
39 | whitelist ${HOME}/.wine-pipelight64 | 39 | allow ${HOME}/.wine-pipelight64 |
40 | whitelist ${HOME}/.zotero | 40 | allow ${HOME}/.zotero |
41 | whitelist ${HOME}/dwhelper | 41 | allow ${HOME}/dwhelper |
42 | include whitelist-common.inc | 42 | include whitelist-common.inc |
43 | 43 | ||
44 | caps.drop all | 44 | caps.drop all |
diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile index 7d56684db..23f464637 100644 --- a/etc/profile-m-z/server.profile +++ b/etc/profile-m-z/server.profile | |||
@@ -32,12 +32,12 @@ include globals.local | |||
32 | # it allows /sbin and /usr/sbin directories - this is where servers are installed | 32 | # it allows /sbin and /usr/sbin directories - this is where servers are installed |
33 | # depending on your usage, you can enable some of the commands below: | 33 | # depending on your usage, you can enable some of the commands below: |
34 | 34 | ||
35 | noblacklist /sbin | 35 | nodeny /sbin |
36 | noblacklist /usr/sbin | 36 | nodeny /usr/sbin |
37 | # noblacklist /var/opt | 37 | # noblacklist /var/opt |
38 | 38 | ||
39 | blacklist /tmp/.X11-unix | 39 | deny /tmp/.X11-unix |
40 | blacklist ${RUNUSER}/wayland-* | 40 | deny ${RUNUSER}/wayland-* |
41 | 41 | ||
42 | include disable-common.inc | 42 | include disable-common.inc |
43 | # include disable-devel.inc | 43 | # include disable-devel.inc |
diff --git a/etc/profile-m-z/shellcheck.profile b/etc/profile-m-z/shellcheck.profile index b7f398f45..0cb9de45a 100644 --- a/etc/profile-m-z/shellcheck.profile +++ b/etc/profile-m-z/shellcheck.profile | |||
@@ -7,9 +7,9 @@ include shellcheck.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist /usr/share/shellcheck | 22 | allow /usr/share/shellcheck |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-m-z/shortwave.profile b/etc/profile-m-z/shortwave.profile index d629240ec..a8e5f6b18 100644 --- a/etc/profile-m-z/shortwave.profile +++ b/etc/profile-m-z/shortwave.profile | |||
@@ -6,8 +6,8 @@ include shortwave.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Shortwave | 9 | nodeny ${HOME}/.cache/Shortwave |
10 | noblacklist ${HOME}/.local/share/Shortwave | 10 | nodeny ${HOME}/.local/share/Shortwave |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.cache/Shortwave | 20 | mkdir ${HOME}/.cache/Shortwave |
21 | mkdir ${HOME}/.local/share/Shortwave | 21 | mkdir ${HOME}/.local/share/Shortwave |
22 | whitelist ${HOME}/.cache/Shortwave | 22 | allow ${HOME}/.cache/Shortwave |
23 | whitelist ${HOME}/.local/share/Shortwave | 23 | allow ${HOME}/.local/share/Shortwave |
24 | whitelist /usr/share/shortwave | 24 | allow /usr/share/shortwave |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/shotcut.profile b/etc/profile-m-z/shotcut.profile index 63af4d367..1f3c39c46 100644 --- a/etc/profile-m-z/shotcut.profile +++ b/etc/profile-m-z/shotcut.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/Meltytech | 11 | nodeny ${HOME}/.config/Meltytech |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/shotwell.profile b/etc/profile-m-z/shotwell.profile index ddc8a7743..b653930c3 100644 --- a/etc/profile-m-z/shotwell.profile +++ b/etc/profile-m-z/shotwell.profile | |||
@@ -6,10 +6,10 @@ include shotwell.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/shotwell | 9 | nodeny ${HOME}/.cache/shotwell |
10 | noblacklist ${HOME}/.local/share/shotwell | 10 | nodeny ${HOME}/.local/share/shotwell |
11 | 11 | ||
12 | noblacklist ${PICTURES} | 12 | nodeny ${PICTURES} |
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
@@ -21,9 +21,9 @@ include disable-xdg.inc | |||
21 | 21 | ||
22 | mkdir ${HOME}/.cache/shotwell | 22 | mkdir ${HOME}/.cache/shotwell |
23 | mkdir ${HOME}/.local/share/shotwell | 23 | mkdir ${HOME}/.local/share/shotwell |
24 | whitelist ${HOME}/.cache/shotwell | 24 | allow ${HOME}/.cache/shotwell |
25 | whitelist ${HOME}/.local/share/shotwell | 25 | allow ${HOME}/.local/share/shotwell |
26 | whitelist ${PICTURES} | 26 | allow ${PICTURES} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile index 478377344..8a46899f1 100644 --- a/etc/profile-m-z/signal-cli.profile +++ b/etc/profile-m-z/signal-cli.profile | |||
@@ -6,10 +6,10 @@ include signal-cli.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | deny /tmp/.X11-unix |
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | noblacklist ${HOME}/.local/share/signal-cli | 12 | nodeny ${HOME}/.local/share/signal-cli |
13 | 13 | ||
14 | include allow-java.inc | 14 | include allow-java.inc |
15 | 15 | ||
@@ -22,7 +22,7 @@ include disable-programs.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.local/share/signal-cli | 24 | mkdir ${HOME}/.local/share/signal-cli |
25 | whitelist ${HOME}/.local/share/signal-cli | 25 | allow ${HOME}/.local/share/signal-cli |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-m-z/signal-desktop.profile b/etc/profile-m-z/signal-desktop.profile index 77a7f5b38..a12080748 100644 --- a/etc/profile-m-z/signal-desktop.profile +++ b/etc/profile-m-z/signal-desktop.profile | |||
@@ -9,15 +9,15 @@ ignore novideo | |||
9 | 9 | ||
10 | ignore noexec /tmp | 10 | ignore noexec /tmp |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/Signal | 12 | nodeny ${HOME}/.config/Signal |
13 | 13 | ||
14 | # These lines are needed to allow Firefox to open links | 14 | # These lines are needed to allow Firefox to open links |
15 | noblacklist ${HOME}/.mozilla | 15 | nodeny ${HOME}/.mozilla |
16 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 16 | allow ${HOME}/.mozilla/firefox/profiles.ini |
17 | read-only ${HOME}/.mozilla/firefox/profiles.ini | 17 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
18 | 18 | ||
19 | mkdir ${HOME}/.config/Signal | 19 | mkdir ${HOME}/.config/Signal |
20 | whitelist ${HOME}/.config/Signal | 20 | allow ${HOME}/.config/Signal |
21 | 21 | ||
22 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 22 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl |
23 | 23 | ||
diff --git a/etc/profile-m-z/simple-scan.profile b/etc/profile-m-z/simple-scan.profile index 17920677b..589a44ffc 100644 --- a/etc/profile-m-z/simple-scan.profile +++ b/etc/profile-m-z/simple-scan.profile | |||
@@ -6,8 +6,8 @@ include simple-scan.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/simple-scan | 9 | nodeny ${HOME}/.cache/simple-scan |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist /usr/share/hplip | 19 | allow /usr/share/hplip |
20 | whitelist /usr/share/simple-scan | 20 | allow /usr/share/simple-scan |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/simplescreenrecorder.profile b/etc/profile-m-z/simplescreenrecorder.profile index d664f8bf5..83f833508 100644 --- a/etc/profile-m-z/simplescreenrecorder.profile +++ b/etc/profile-m-z/simplescreenrecorder.profile | |||
@@ -6,8 +6,8 @@ include simplescreenrecorder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${VIDEOS} | 9 | nodeny ${VIDEOS} |
10 | noblacklist ${HOME}/.ssr | 10 | nodeny ${HOME}/.ssr |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist /usr/share/simplescreenrecorder | 20 | allow /usr/share/simplescreenrecorder |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/simutrans.profile b/etc/profile-m-z/simutrans.profile index afaa0f6d8..1d7f41579 100644 --- a/etc/profile-m-z/simutrans.profile +++ b/etc/profile-m-z/simutrans.profile | |||
@@ -6,7 +6,7 @@ include simutrans.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.simutrans | 9 | nodeny ${HOME}/.simutrans |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.simutrans | 18 | mkdir ${HOME}/.simutrans |
19 | whitelist ${HOME}/.simutrans | 19 | allow ${HOME}/.simutrans |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-m-z/skanlite.profile b/etc/profile-m-z/skanlite.profile index 093a61398..98ed624f9 100644 --- a/etc/profile-m-z/skanlite.profile +++ b/etc/profile-m-z/skanlite.profile | |||
@@ -6,7 +6,7 @@ include skanlite.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/skypeforlinux.profile b/etc/profile-m-z/skypeforlinux.profile index ed04eda8e..e7f70eebe 100644 --- a/etc/profile-m-z/skypeforlinux.profile +++ b/etc/profile-m-z/skypeforlinux.profile | |||
@@ -21,7 +21,7 @@ ignore dbus-system none | |||
21 | ignore apparmor | 21 | ignore apparmor |
22 | ignore noexec /tmp | 22 | ignore noexec /tmp |
23 | 23 | ||
24 | noblacklist ${HOME}/.config/skypeforlinux | 24 | nodeny ${HOME}/.config/skypeforlinux |
25 | 25 | ||
26 | # private-dev - needs /dev/disk | 26 | # private-dev - needs /dev/disk |
27 | 27 | ||
diff --git a/etc/profile-m-z/slack.profile b/etc/profile-m-z/slack.profile index 51f6c8b00..b8299add3 100644 --- a/etc/profile-m-z/slack.profile +++ b/etc/profile-m-z/slack.profile | |||
@@ -16,14 +16,14 @@ ignore private-tmp | |||
16 | ignore dbus-user none | 16 | ignore dbus-user none |
17 | ignore dbus-system none | 17 | ignore dbus-system none |
18 | 18 | ||
19 | noblacklist ${HOME}/.config/Slack | 19 | nodeny ${HOME}/.config/Slack |
20 | 20 | ||
21 | include allow-bin-sh.inc | 21 | include allow-bin-sh.inc |
22 | 22 | ||
23 | include disable-shell.inc | 23 | include disable-shell.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.config/Slack | 25 | mkdir ${HOME}/.config/Slack |
26 | whitelist ${HOME}/.config/Slack | 26 | allow ${HOME}/.config/Slack |
27 | 27 | ||
28 | private-bin electron,electron[0-9],electron[0-9][0-9],locale,sh,slack | 28 | private-bin electron,electron[0-9],electron[0-9][0-9],locale,sh,slack |
29 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,debian_version,fedora-release,fonts,group,ld.so.cache,ld.so.conf,localtime,machine-id,os-release,passwd,pki,pulse,redhat-release,resolv.conf,ssl,system-release,system-release-cpe | 29 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,debian_version,fedora-release,fonts,group,ld.so.cache,ld.so.conf,localtime,machine-id,os-release,passwd,pki,pulse,redhat-release,resolv.conf,ssl,system-release,system-release-cpe |
diff --git a/etc/profile-m-z/slashem.profile b/etc/profile-m-z/slashem.profile index c5a31c237..36a0044dc 100644 --- a/etc/profile-m-z/slashem.profile +++ b/etc/profile-m-z/slashem.profile | |||
@@ -6,7 +6,7 @@ include slashem.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /var/games/slashem | 9 | nodeny /var/games/slashem |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -15,7 +15,7 @@ include disable-interpreters.inc | |||
15 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | whitelist /var/games/slashem | 18 | allow /var/games/slashem |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
diff --git a/etc/profile-m-z/smplayer.profile b/etc/profile-m-z/smplayer.profile index 01547e5c1..4e4334dc0 100644 --- a/etc/profile-m-z/smplayer.profile +++ b/etc/profile-m-z/smplayer.profile | |||
@@ -6,9 +6,9 @@ include smplayer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/smplayer | 9 | nodeny ${HOME}/.config/smplayer |
10 | noblacklist ${HOME}/.config/youtube-dl | 10 | nodeny ${HOME}/.config/youtube-dl |
11 | noblacklist ${HOME}/.mplayer | 11 | nodeny ${HOME}/.mplayer |
12 | 12 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -17,8 +17,8 @@ include allow-lua.inc | |||
17 | include allow-python2.inc | 17 | include allow-python2.inc |
18 | include allow-python3.inc | 18 | include allow-python3.inc |
19 | 19 | ||
20 | noblacklist ${MUSIC} | 20 | nodeny ${MUSIC} |
21 | noblacklist ${VIDEOS} | 21 | nodeny ${VIDEOS} |
22 | 22 | ||
23 | include disable-common.inc | 23 | include disable-common.inc |
24 | include disable-devel.inc | 24 | include disable-devel.inc |
@@ -29,9 +29,9 @@ include disable-programs.inc | |||
29 | include disable-shell.inc | 29 | include disable-shell.inc |
30 | include disable-xdg.inc | 30 | include disable-xdg.inc |
31 | 31 | ||
32 | whitelist /usr/share/lua* | 32 | allow /usr/share/lua* |
33 | whitelist /usr/share/smplayer | 33 | allow /usr/share/smplayer |
34 | whitelist /usr/share/vulkan | 34 | allow /usr/share/vulkan |
35 | include whitelist-usr-share-common.inc | 35 | include whitelist-usr-share-common.inc |
36 | include whitelist-var-common.inc | 36 | include whitelist-var-common.inc |
37 | 37 | ||
diff --git a/etc/profile-m-z/smtube.profile b/etc/profile-m-z/smtube.profile index 196950eaf..99d02ffdf 100644 --- a/etc/profile-m-z/smtube.profile +++ b/etc/profile-m-z/smtube.profile | |||
@@ -6,14 +6,14 @@ include smtube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/smplayer | 9 | nodeny ${HOME}/.config/smplayer |
10 | noblacklist ${HOME}/.config/smtube | 10 | nodeny ${HOME}/.config/smtube |
11 | noblacklist ${HOME}/.config/mpv | 11 | nodeny ${HOME}/.config/mpv |
12 | noblacklist ${HOME}/.mplayer | 12 | nodeny ${HOME}/.mplayer |
13 | noblacklist ${HOME}/.config/vlc | 13 | nodeny ${HOME}/.config/vlc |
14 | noblacklist ${HOME}/.local/share/vlc | 14 | nodeny ${HOME}/.local/share/vlc |
15 | noblacklist ${MUSIC} | 15 | nodeny ${MUSIC} |
16 | noblacklist ${VIDEOS} | 16 | nodeny ${VIDEOS} |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -23,8 +23,8 @@ include disable-passwdmgr.inc | |||
23 | include disable-programs.inc | 23 | include disable-programs.inc |
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | whitelist /usr/share/smplayer | 26 | allow /usr/share/smplayer |
27 | whitelist /usr/share/smtube | 27 | allow /usr/share/smtube |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
diff --git a/etc/profile-m-z/smuxi-frontend-gnome.profile b/etc/profile-m-z/smuxi-frontend-gnome.profile index c3a9bb858..3a79890cc 100644 --- a/etc/profile-m-z/smuxi-frontend-gnome.profile +++ b/etc/profile-m-z/smuxi-frontend-gnome.profile | |||
@@ -6,9 +6,9 @@ include smuxi-frontend-gnome.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/smuxi | 9 | nodeny ${HOME}/.cache/smuxi |
10 | noblacklist ${HOME}/.config/smuxi | 10 | nodeny ${HOME}/.config/smuxi |
11 | noblacklist ${HOME}/.local/share/smuxi | 11 | nodeny ${HOME}/.local/share/smuxi |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,10 +21,10 @@ include disable-xdg.inc | |||
21 | mkdir ${HOME}/.cache/smuxi | 21 | mkdir ${HOME}/.cache/smuxi |
22 | mkdir ${HOME}/.config/smuxi | 22 | mkdir ${HOME}/.config/smuxi |
23 | mkdir ${HOME}/.local/share/smuxi | 23 | mkdir ${HOME}/.local/share/smuxi |
24 | whitelist ${HOME}/.cache/smuxi | 24 | allow ${HOME}/.cache/smuxi |
25 | whitelist ${HOME}/.config/smuxi | 25 | allow ${HOME}/.config/smuxi |
26 | whitelist ${HOME}/.local/share/smuxi | 26 | allow ${HOME}/.local/share/smuxi |
27 | whitelist ${DOWNLOADS} | 27 | allow ${DOWNLOADS} |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/snox.profile b/etc/profile-m-z/snox.profile index 83493652c..1d315404e 100644 --- a/etc/profile-m-z/snox.profile +++ b/etc/profile-m-z/snox.profile | |||
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/snox | 13 | nodeny ${HOME}/.cache/snox |
14 | noblacklist ${HOME}/.config/snox | 14 | nodeny ${HOME}/.config/snox |
15 | 15 | ||
16 | #mkdir ${HOME}/.cache/dnox | 16 | #mkdir ${HOME}/.cache/dnox |
17 | #mkdir ${HOME}/.config/dnox | 17 | #mkdir ${HOME}/.config/dnox |
18 | mkdir ${HOME}/.cache/snox | 18 | mkdir ${HOME}/.cache/snox |
19 | mkdir ${HOME}/.config/snox | 19 | mkdir ${HOME}/.config/snox |
20 | whitelist ${HOME}/.cache/snox | 20 | allow ${HOME}/.cache/snox |
21 | whitelist ${HOME}/.config/snox | 21 | allow ${HOME}/.config/snox |
22 | 22 | ||
23 | # Redirect | 23 | # Redirect |
24 | include chromium-common.profile | 24 | include chromium-common.profile |
diff --git a/etc/profile-m-z/softmaker-common.profile b/etc/profile-m-z/softmaker-common.profile index 83315231f..bd4991e81 100644 --- a/etc/profile-m-z/softmaker-common.profile +++ b/etc/profile-m-z/softmaker-common.profile | |||
@@ -10,7 +10,7 @@ include softmaker-common.local | |||
10 | # with an absolute Exec line. These files are NOT handelt by firecfg, | 10 | # with an absolute Exec line. These files are NOT handelt by firecfg, |
11 | # therefore you must manualy copy them in you home and remove '/usr/bin/'. | 11 | # therefore you must manualy copy them in you home and remove '/usr/bin/'. |
12 | 12 | ||
13 | noblacklist ${HOME}/SoftMaker | 13 | nodeny ${HOME}/SoftMaker |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | whitelist /usr/share/office2018 | 22 | allow /usr/share/office2018 |
23 | whitelist /usr/share/freeoffice2018 | 23 | allow /usr/share/freeoffice2018 |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/sound-juicer.profile b/etc/profile-m-z/sound-juicer.profile index ef00fdfff..16ee39e09 100644 --- a/etc/profile-m-z/sound-juicer.profile +++ b/etc/profile-m-z/sound-juicer.profile | |||
@@ -6,8 +6,8 @@ include sound-juicer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/sound-juicer | 9 | nodeny ${HOME}/.config/sound-juicer |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/soundconverter.profile b/etc/profile-m-z/soundconverter.profile index 4dbf34100..46da7a453 100644 --- a/etc/profile-m-z/soundconverter.profile +++ b/etc/profile-m-z/soundconverter.profile | |||
@@ -10,7 +10,7 @@ include globals.local | |||
10 | include allow-python2.inc | 10 | include allow-python2.inc |
11 | include allow-python3.inc | 11 | include allow-python3.inc |
12 | 12 | ||
13 | noblacklist ${MUSIC} | 13 | nodeny ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | whitelist ${DOWNLOADS} | 23 | allow ${DOWNLOADS} |
24 | whitelist ${MUSIC} | 24 | allow ${MUSIC} |
25 | whitelist /usr/share/soundconverter | 25 | allow /usr/share/soundconverter |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/spectacle.profile b/etc/profile-m-z/spectacle.profile index 4468f21e7..08adb5861 100644 --- a/etc/profile-m-z/spectacle.profile +++ b/etc/profile-m-z/spectacle.profile | |||
@@ -12,8 +12,8 @@ include globals.local | |||
12 | #private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl | 12 | #private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl |
13 | #protocol unix,inet,inet6 | 13 | #protocol unix,inet,inet6 |
14 | 14 | ||
15 | noblacklist ${HOME}/.config/spectaclerc | 15 | nodeny ${HOME}/.config/spectaclerc |
16 | noblacklist ${PICTURES} | 16 | nodeny ${PICTURES} |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -24,10 +24,10 @@ include disable-programs.inc | |||
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | mkfile ${HOME}/.config/spectaclerc | 26 | mkfile ${HOME}/.config/spectaclerc |
27 | whitelist ${HOME}/.config/spectaclerc | 27 | allow ${HOME}/.config/spectaclerc |
28 | whitelist ${PICTURES} | 28 | allow ${PICTURES} |
29 | whitelist /usr/share/kconf_update/spectacle_newConfig.upd | 29 | allow /usr/share/kconf_update/spectacle_newConfig.upd |
30 | whitelist /usr/share/kconf_update/spectacle_shortcuts.upd | 30 | allow /usr/share/kconf_update/spectacle_shortcuts.upd |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
33 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile index 283674517..4c1b2d3e1 100644 --- a/etc/profile-m-z/spectral.profile +++ b/etc/profile-m-z/spectral.profile | |||
@@ -6,8 +6,8 @@ include spectral.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/ENCOM/Spectral | 9 | nodeny ${HOME}/.cache/ENCOM/Spectral |
10 | noblacklist ${HOME}/.config/ENCOM | 10 | nodeny ${HOME}/.config/ENCOM |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.cache/ENCOM/Spectral | 21 | mkdir ${HOME}/.cache/ENCOM/Spectral |
22 | mkdir ${HOME}/.config/ENCOM | 22 | mkdir ${HOME}/.config/ENCOM |
23 | whitelist ${HOME}/.cache/ENCOM/Spectral | 23 | allow ${HOME}/.cache/ENCOM/Spectral |
24 | whitelist ${HOME}/.config/ENCOM | 24 | allow ${HOME}/.config/ENCOM |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/spectre-meltdown-checker.profile b/etc/profile-m-z/spectre-meltdown-checker.profile index 984461f90..3a3fd838d 100644 --- a/etc/profile-m-z/spectre-meltdown-checker.profile +++ b/etc/profile-m-z/spectre-meltdown-checker.profile | |||
@@ -6,10 +6,10 @@ include spectre-meltdown-checker.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | noblacklist ${PATH}/mount | 11 | nodeny ${PATH}/mount |
12 | noblacklist ${PATH}/umount | 12 | nodeny ${PATH}/umount |
13 | 13 | ||
14 | # Allow perl (blacklisted by disable-interpreters.inc) | 14 | # Allow perl (blacklisted by disable-interpreters.inc) |
15 | include allow-perl.inc | 15 | include allow-perl.inc |
diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile index 01bc2bc05..e1c830268 100644 --- a/etc/profile-m-z/spotify.profile +++ b/etc/profile-m-z/spotify.profile | |||
@@ -5,11 +5,11 @@ include spotify.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/spotify | 8 | nodeny ${HOME}/.cache/spotify |
9 | noblacklist ${HOME}/.config/spotify | 9 | nodeny ${HOME}/.config/spotify |
10 | noblacklist ${HOME}/.local/share/spotify | 10 | nodeny ${HOME}/.local/share/spotify |
11 | 11 | ||
12 | blacklist ${HOME}/.bashrc | 12 | deny ${HOME}/.bashrc |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -21,9 +21,9 @@ include disable-programs.inc | |||
21 | mkdir ${HOME}/.cache/spotify | 21 | mkdir ${HOME}/.cache/spotify |
22 | mkdir ${HOME}/.config/spotify | 22 | mkdir ${HOME}/.config/spotify |
23 | mkdir ${HOME}/.local/share/spotify | 23 | mkdir ${HOME}/.local/share/spotify |
24 | whitelist ${HOME}/.cache/spotify | 24 | allow ${HOME}/.cache/spotify |
25 | whitelist ${HOME}/.config/spotify | 25 | allow ${HOME}/.config/spotify |
26 | whitelist ${HOME}/.local/share/spotify | 26 | allow ${HOME}/.local/share/spotify |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
diff --git a/etc/profile-m-z/sqlitebrowser.profile b/etc/profile-m-z/sqlitebrowser.profile index 4dd2c7262..aa577b63a 100644 --- a/etc/profile-m-z/sqlitebrowser.profile +++ b/etc/profile-m-z/sqlitebrowser.profile | |||
@@ -6,8 +6,8 @@ include sqlitebrowser.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/sqlitebrowser | 9 | nodeny ${HOME}/.config/sqlitebrowser |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/ssh-agent.profile b/etc/profile-m-z/ssh-agent.profile index 5802299a3..e456ebe07 100644 --- a/etc/profile-m-z/ssh-agent.profile +++ b/etc/profile-m-z/ssh-agent.profile | |||
@@ -9,8 +9,8 @@ include globals.local | |||
9 | # Allow ssh (blacklisted by disable-common.inc) | 9 | # Allow ssh (blacklisted by disable-common.inc) |
10 | include allow-ssh.inc | 10 | include allow-ssh.inc |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | deny /tmp/.X11-unix |
13 | blacklist ${RUNUSER}/wayland-* | 13 | deny ${RUNUSER}/wayland-* |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index a58642192..8a0d86150 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile | |||
@@ -8,8 +8,8 @@ include ssh.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # nc can be used as ProxyCommand, e.g. when using tor | 10 | # nc can be used as ProxyCommand, e.g. when using tor |
11 | noblacklist ${PATH}/nc | 11 | nodeny ${PATH}/nc |
12 | noblacklist ${PATH}/ncat | 12 | nodeny ${PATH}/ncat |
13 | 13 | ||
14 | # Allow ssh (blacklisted by disable-common.inc) | 14 | # Allow ssh (blacklisted by disable-common.inc) |
15 | include allow-ssh.inc | 15 | include allow-ssh.inc |
@@ -19,8 +19,8 @@ include disable-exec.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh | 22 | allow ${RUNUSER}/gnupg/S.gpg-agent.ssh |
23 | whitelist ${RUNUSER}/keyring/ssh | 23 | allow ${RUNUSER}/keyring/ssh |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/standardnotes-desktop.profile b/etc/profile-m-z/standardnotes-desktop.profile index 48a532876..75de118ab 100644 --- a/etc/profile-m-z/standardnotes-desktop.profile +++ b/etc/profile-m-z/standardnotes-desktop.profile | |||
@@ -5,8 +5,8 @@ include standardnotes-desktop.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/Standard Notes Backups | 8 | nodeny ${HOME}/Standard Notes Backups |
9 | noblacklist ${HOME}/.config/Standard Notes | 9 | nodeny ${HOME}/.config/Standard Notes |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | 17 | ||
18 | mkdir ${HOME}/Standard Notes Backups | 18 | mkdir ${HOME}/Standard Notes Backups |
19 | mkdir ${HOME}/.config/Standard Notes | 19 | mkdir ${HOME}/.config/Standard Notes |
20 | whitelist ${HOME}/Standard Notes Backups | 20 | allow ${HOME}/Standard Notes Backups |
21 | whitelist ${HOME}/.config/Standard Notes | 21 | allow ${HOME}/.config/Standard Notes |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | apparmor | 24 | apparmor |
diff --git a/etc/profile-m-z/start-tor-browser.desktop.profile b/etc/profile-m-z/start-tor-browser.desktop.profile index 2f73c9fee..8f75365e8 100644 --- a/etc/profile-m-z/start-tor-browser.desktop.profile +++ b/etc/profile-m-z/start-tor-browser.desktop.profile | |||
@@ -6,71 +6,71 @@ include start-tor-browser.desktop.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser* | 9 | nodeny ${HOME}/.tor-browser* |
10 | 10 | ||
11 | whitelist ${HOME}/.tor-browser-ar | 11 | allow ${HOME}/.tor-browser-ar |
12 | whitelist ${HOME}/.tor-browser-ca | 12 | allow ${HOME}/.tor-browser-ca |
13 | whitelist ${HOME}/.tor-browser-cs | 13 | allow ${HOME}/.tor-browser-cs |
14 | whitelist ${HOME}/.tor-browser-da | 14 | allow ${HOME}/.tor-browser-da |
15 | whitelist ${HOME}/.tor-browser-de | 15 | allow ${HOME}/.tor-browser-de |
16 | whitelist ${HOME}/.tor-browser-el | 16 | allow ${HOME}/.tor-browser-el |
17 | whitelist ${HOME}/.tor-browser-en | 17 | allow ${HOME}/.tor-browser-en |
18 | whitelist ${HOME}/.tor-browser-en-us | 18 | allow ${HOME}/.tor-browser-en-us |
19 | whitelist ${HOME}/.tor-browser-es | 19 | allow ${HOME}/.tor-browser-es |
20 | whitelist ${HOME}/.tor-browser-es-es | 20 | allow ${HOME}/.tor-browser-es-es |
21 | whitelist ${HOME}/.tor-browser-fa | 21 | allow ${HOME}/.tor-browser-fa |
22 | whitelist ${HOME}/.tor-browser-fr | 22 | allow ${HOME}/.tor-browser-fr |
23 | whitelist ${HOME}/.tor-browser-ga-ie | 23 | allow ${HOME}/.tor-browser-ga-ie |
24 | whitelist ${HOME}/.tor-browser-he | 24 | allow ${HOME}/.tor-browser-he |
25 | whitelist ${HOME}/.tor-browser-hu | 25 | allow ${HOME}/.tor-browser-hu |
26 | whitelist ${HOME}/.tor-browser-id | 26 | allow ${HOME}/.tor-browser-id |
27 | whitelist ${HOME}/.tor-browser-is | 27 | allow ${HOME}/.tor-browser-is |
28 | whitelist ${HOME}/.tor-browser-it | 28 | allow ${HOME}/.tor-browser-it |
29 | whitelist ${HOME}/.tor-browser-ja | 29 | allow ${HOME}/.tor-browser-ja |
30 | whitelist ${HOME}/.tor-browser-ka | 30 | allow ${HOME}/.tor-browser-ka |
31 | whitelist ${HOME}/.tor-browser-ko | 31 | allow ${HOME}/.tor-browser-ko |
32 | whitelist ${HOME}/.tor-browser-nb | 32 | allow ${HOME}/.tor-browser-nb |
33 | whitelist ${HOME}/.tor-browser-nl | 33 | allow ${HOME}/.tor-browser-nl |
34 | whitelist ${HOME}/.tor-browser-pl | 34 | allow ${HOME}/.tor-browser-pl |
35 | whitelist ${HOME}/.tor-browser-pt-br | 35 | allow ${HOME}/.tor-browser-pt-br |
36 | whitelist ${HOME}/.tor-browser-ru | 36 | allow ${HOME}/.tor-browser-ru |
37 | whitelist ${HOME}/.tor-browser-sv-se | 37 | allow ${HOME}/.tor-browser-sv-se |
38 | whitelist ${HOME}/.tor-browser-tr | 38 | allow ${HOME}/.tor-browser-tr |
39 | whitelist ${HOME}/.tor-browser-vi | 39 | allow ${HOME}/.tor-browser-vi |
40 | whitelist ${HOME}/.tor-browser-zh-cn | 40 | allow ${HOME}/.tor-browser-zh-cn |
41 | whitelist ${HOME}/.tor-browser-zh-tw | 41 | allow ${HOME}/.tor-browser-zh-tw |
42 | 42 | ||
43 | whitelist ${HOME}/.tor-browser_ar | 43 | allow ${HOME}/.tor-browser_ar |
44 | whitelist ${HOME}/.tor-browser_ca | 44 | allow ${HOME}/.tor-browser_ca |
45 | whitelist ${HOME}/.tor-browser_cs | 45 | allow ${HOME}/.tor-browser_cs |
46 | whitelist ${HOME}/.tor-browser_da | 46 | allow ${HOME}/.tor-browser_da |
47 | whitelist ${HOME}/.tor-browser_de | 47 | allow ${HOME}/.tor-browser_de |
48 | whitelist ${HOME}/.tor-browser_el | 48 | allow ${HOME}/.tor-browser_el |
49 | whitelist ${HOME}/.tor-browser_en | 49 | allow ${HOME}/.tor-browser_en |
50 | whitelist ${HOME}/.tor-browser_en_US | 50 | allow ${HOME}/.tor-browser_en_US |
51 | whitelist ${HOME}/.tor-browser_es | 51 | allow ${HOME}/.tor-browser_es |
52 | whitelist ${HOME}/.tor-browser_es-ES | 52 | allow ${HOME}/.tor-browser_es-ES |
53 | whitelist ${HOME}/.tor-browser_fa | 53 | allow ${HOME}/.tor-browser_fa |
54 | whitelist ${HOME}/.tor-browser_fr | 54 | allow ${HOME}/.tor-browser_fr |
55 | whitelist ${HOME}/.tor-browser_ga-IE | 55 | allow ${HOME}/.tor-browser_ga-IE |
56 | whitelist ${HOME}/.tor-browser_he | 56 | allow ${HOME}/.tor-browser_he |
57 | whitelist ${HOME}/.tor-browser_hu | 57 | allow ${HOME}/.tor-browser_hu |
58 | whitelist ${HOME}/.tor-browser_id | 58 | allow ${HOME}/.tor-browser_id |
59 | whitelist ${HOME}/.tor-browser_is | 59 | allow ${HOME}/.tor-browser_is |
60 | whitelist ${HOME}/.tor-browser_it | 60 | allow ${HOME}/.tor-browser_it |
61 | whitelist ${HOME}/.tor-browser_ja | 61 | allow ${HOME}/.tor-browser_ja |
62 | whitelist ${HOME}/.tor-browser_ka | 62 | allow ${HOME}/.tor-browser_ka |
63 | whitelist ${HOME}/.tor-browser_ko | 63 | allow ${HOME}/.tor-browser_ko |
64 | whitelist ${HOME}/.tor-browser_nb | 64 | allow ${HOME}/.tor-browser_nb |
65 | whitelist ${HOME}/.tor-browser_nl | 65 | allow ${HOME}/.tor-browser_nl |
66 | whitelist ${HOME}/.tor-browser_pl | 66 | allow ${HOME}/.tor-browser_pl |
67 | whitelist ${HOME}/.tor-browser_pt-BR | 67 | allow ${HOME}/.tor-browser_pt-BR |
68 | whitelist ${HOME}/.tor-browser_ru | 68 | allow ${HOME}/.tor-browser_ru |
69 | whitelist ${HOME}/.tor-browser_sv-SE | 69 | allow ${HOME}/.tor-browser_sv-SE |
70 | whitelist ${HOME}/.tor-browser_tr | 70 | allow ${HOME}/.tor-browser_tr |
71 | whitelist ${HOME}/.tor-browser_vi | 71 | allow ${HOME}/.tor-browser_vi |
72 | whitelist ${HOME}/.tor-browser_zh-CN | 72 | allow ${HOME}/.tor-browser_zh-CN |
73 | whitelist ${HOME}/.tor-browser_zh-TW | 73 | allow ${HOME}/.tor-browser_zh-TW |
74 | 74 | ||
75 | # Redirect | 75 | # Redirect |
76 | include torbrowser-launcher.profile | 76 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index 06d08f3a2..09e29373d 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile | |||
@@ -6,40 +6,40 @@ include steam.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Epic | 9 | nodeny ${HOME}/.config/Epic |
10 | noblacklist ${HOME}/.config/Loop_Hero | 10 | nodeny ${HOME}/.config/Loop_Hero |
11 | noblacklist ${HOME}/.config/ModTheSpire | 11 | nodeny ${HOME}/.config/ModTheSpire |
12 | noblacklist ${HOME}/.config/RogueLegacy | 12 | nodeny ${HOME}/.config/RogueLegacy |
13 | noblacklist ${HOME}/.config/RogueLegacyStorageContainer | 13 | nodeny ${HOME}/.config/RogueLegacyStorageContainer |
14 | noblacklist ${HOME}/.killingfloor | 14 | nodeny ${HOME}/.killingfloor |
15 | noblacklist ${HOME}/.klei | 15 | nodeny ${HOME}/.klei |
16 | noblacklist ${HOME}/.local/share/3909/PapersPlease | 16 | nodeny ${HOME}/.local/share/3909/PapersPlease |
17 | noblacklist ${HOME}/.local/share/aspyr-media | 17 | nodeny ${HOME}/.local/share/aspyr-media |
18 | noblacklist ${HOME}/.local/share/bohemiainteractive | 18 | nodeny ${HOME}/.local/share/bohemiainteractive |
19 | noblacklist ${HOME}/.local/share/cdprojektred | 19 | nodeny ${HOME}/.local/share/cdprojektred |
20 | noblacklist ${HOME}/.local/share/Dredmor | 20 | nodeny ${HOME}/.local/share/Dredmor |
21 | noblacklist ${HOME}/.local/share/FasterThanLight | 21 | nodeny ${HOME}/.local/share/FasterThanLight |
22 | noblacklist ${HOME}/.local/share/feral-interactive | 22 | nodeny ${HOME}/.local/share/feral-interactive |
23 | noblacklist ${HOME}/.local/share/IntoTheBreach | 23 | nodeny ${HOME}/.local/share/IntoTheBreach |
24 | noblacklist ${HOME}/.local/share/Paradox Interactive | 24 | nodeny ${HOME}/.local/share/Paradox Interactive |
25 | noblacklist ${HOME}/.local/share/PillarsOfEternity | 25 | nodeny ${HOME}/.local/share/PillarsOfEternity |
26 | noblacklist ${HOME}/.local/share/RogueLegacy | 26 | nodeny ${HOME}/.local/share/RogueLegacy |
27 | noblacklist ${HOME}/.local/share/RogueLegacyStorageContainer | 27 | nodeny ${HOME}/.local/share/RogueLegacyStorageContainer |
28 | noblacklist ${HOME}/.local/share/Steam | 28 | nodeny ${HOME}/.local/share/Steam |
29 | noblacklist ${HOME}/.local/share/SteamWorldDig | 29 | nodeny ${HOME}/.local/share/SteamWorldDig |
30 | noblacklist ${HOME}/.local/share/SteamWorld Dig 2 | 30 | nodeny ${HOME}/.local/share/SteamWorld Dig 2 |
31 | noblacklist ${HOME}/.local/share/SuperHexagon | 31 | nodeny ${HOME}/.local/share/SuperHexagon |
32 | noblacklist ${HOME}/.local/share/Terraria | 32 | nodeny ${HOME}/.local/share/Terraria |
33 | noblacklist ${HOME}/.local/share/vpltd | 33 | nodeny ${HOME}/.local/share/vpltd |
34 | noblacklist ${HOME}/.local/share/vulkan | 34 | nodeny ${HOME}/.local/share/vulkan |
35 | noblacklist ${HOME}/.mbwarband | 35 | nodeny ${HOME}/.mbwarband |
36 | noblacklist ${HOME}/.paradoxinteractive | 36 | nodeny ${HOME}/.paradoxinteractive |
37 | noblacklist ${HOME}/.steam | 37 | nodeny ${HOME}/.steam |
38 | noblacklist ${HOME}/.steampath | 38 | nodeny ${HOME}/.steampath |
39 | noblacklist ${HOME}/.steampid | 39 | nodeny ${HOME}/.steampid |
40 | # needed for STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 to work | 40 | # needed for STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 to work |
41 | noblacklist /sbin | 41 | nodeny /sbin |
42 | noblacklist /usr/sbin | 42 | nodeny /usr/sbin |
43 | 43 | ||
44 | # Allow java (blacklisted by disable-devel.inc) | 44 | # Allow java (blacklisted by disable-devel.inc) |
45 | include allow-java.inc | 45 | include allow-java.inc |
@@ -84,38 +84,38 @@ mkdir ${HOME}/.paradoxinteractive | |||
84 | mkdir ${HOME}/.steam | 84 | mkdir ${HOME}/.steam |
85 | mkfile ${HOME}/.steampath | 85 | mkfile ${HOME}/.steampath |
86 | mkfile ${HOME}/.steampid | 86 | mkfile ${HOME}/.steampid |
87 | whitelist ${HOME}/.config/Epic | 87 | allow ${HOME}/.config/Epic |
88 | whitelist ${HOME}/.config/Loop_Hero | 88 | allow ${HOME}/.config/Loop_Hero |
89 | whitelist ${HOME}/.config/ModTheSpire | 89 | allow ${HOME}/.config/ModTheSpire |
90 | whitelist ${HOME}/.config/RogueLegacy | 90 | allow ${HOME}/.config/RogueLegacy |
91 | whitelist ${HOME}/.config/RogueLegacyStorageContainer | 91 | allow ${HOME}/.config/RogueLegacyStorageContainer |
92 | whitelist ${HOME}/.config/unity3d | 92 | allow ${HOME}/.config/unity3d |
93 | whitelist ${HOME}/.killingfloor | 93 | allow ${HOME}/.killingfloor |
94 | whitelist ${HOME}/.klei | 94 | allow ${HOME}/.klei |
95 | whitelist ${HOME}/.local/share/3909/PapersPlease | 95 | allow ${HOME}/.local/share/3909/PapersPlease |
96 | whitelist ${HOME}/.local/share/aspyr-media | 96 | allow ${HOME}/.local/share/aspyr-media |
97 | whitelist ${HOME}/.local/share/bohemiainteractive | 97 | allow ${HOME}/.local/share/bohemiainteractive |
98 | whitelist ${HOME}/.local/share/cdprojektred | 98 | allow ${HOME}/.local/share/cdprojektred |
99 | whitelist ${HOME}/.local/share/Dredmor | 99 | allow ${HOME}/.local/share/Dredmor |
100 | whitelist ${HOME}/.local/share/FasterThanLight | 100 | allow ${HOME}/.local/share/FasterThanLight |
101 | whitelist ${HOME}/.local/share/feral-interactive | 101 | allow ${HOME}/.local/share/feral-interactive |
102 | whitelist ${HOME}/.local/share/IntoTheBreach | 102 | allow ${HOME}/.local/share/IntoTheBreach |
103 | whitelist ${HOME}/.local/share/Paradox Interactive | 103 | allow ${HOME}/.local/share/Paradox Interactive |
104 | whitelist ${HOME}/.local/share/PillarsOfEternity | 104 | allow ${HOME}/.local/share/PillarsOfEternity |
105 | whitelist ${HOME}/.local/share/RogueLegacy | 105 | allow ${HOME}/.local/share/RogueLegacy |
106 | whitelist ${HOME}/.local/share/RogueLegacyStorageContainer | 106 | allow ${HOME}/.local/share/RogueLegacyStorageContainer |
107 | whitelist ${HOME}/.local/share/Steam | 107 | allow ${HOME}/.local/share/Steam |
108 | whitelist ${HOME}/.local/share/SteamWorldDig | 108 | allow ${HOME}/.local/share/SteamWorldDig |
109 | whitelist ${HOME}/.local/share/SteamWorld Dig 2 | 109 | allow ${HOME}/.local/share/SteamWorld Dig 2 |
110 | whitelist ${HOME}/.local/share/SuperHexagon | 110 | allow ${HOME}/.local/share/SuperHexagon |
111 | whitelist ${HOME}/.local/share/Terraria | 111 | allow ${HOME}/.local/share/Terraria |
112 | whitelist ${HOME}/.local/share/vpltd | 112 | allow ${HOME}/.local/share/vpltd |
113 | whitelist ${HOME}/.local/share/vulkan | 113 | allow ${HOME}/.local/share/vulkan |
114 | whitelist ${HOME}/.mbwarband | 114 | allow ${HOME}/.mbwarband |
115 | whitelist ${HOME}/.paradoxinteractive | 115 | allow ${HOME}/.paradoxinteractive |
116 | whitelist ${HOME}/.steam | 116 | allow ${HOME}/.steam |
117 | whitelist ${HOME}/.steampath | 117 | allow ${HOME}/.steampath |
118 | whitelist ${HOME}/.steampid | 118 | allow ${HOME}/.steampid |
119 | include whitelist-common.inc | 119 | include whitelist-common.inc |
120 | include whitelist-var-common.inc | 120 | include whitelist-var-common.inc |
121 | 121 | ||
diff --git a/etc/profile-m-z/stellarium.profile b/etc/profile-m-z/stellarium.profile index a752ab53c..003d3a079 100644 --- a/etc/profile-m-z/stellarium.profile +++ b/etc/profile-m-z/stellarium.profile | |||
@@ -6,8 +6,8 @@ include stellarium.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/stellarium | 9 | nodeny ${HOME}/.config/stellarium |
10 | noblacklist ${HOME}/.stellarium | 10 | nodeny ${HOME}/.stellarium |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-shell.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.config/stellarium | 20 | mkdir ${HOME}/.config/stellarium |
21 | mkdir ${HOME}/.stellarium | 21 | mkdir ${HOME}/.stellarium |
22 | whitelist ${HOME}/.config/stellarium | 22 | allow ${HOME}/.config/stellarium |
23 | whitelist ${HOME}/.stellarium | 23 | allow ${HOME}/.stellarium |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/straw-viewer.profile b/etc/profile-m-z/straw-viewer.profile index d73927f2a..dd643bc20 100644 --- a/etc/profile-m-z/straw-viewer.profile +++ b/etc/profile-m-z/straw-viewer.profile | |||
@@ -7,13 +7,13 @@ include straw-viewer.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/straw-viewer | 10 | nodeny ${HOME}/.cache/straw-viewer |
11 | noblacklist ${HOME}/.config/straw-viewer | 11 | nodeny ${HOME}/.config/straw-viewer |
12 | 12 | ||
13 | mkdir ${HOME}/.config/straw-viewer | 13 | mkdir ${HOME}/.config/straw-viewer |
14 | mkdir ${HOME}/.cache/straw-viewer | 14 | mkdir ${HOME}/.cache/straw-viewer |
15 | whitelist ${HOME}/.cache/straw-viewer | 15 | allow ${HOME}/.cache/straw-viewer |
16 | whitelist ${HOME}/.config/straw-viewer | 16 | allow ${HOME}/.config/straw-viewer |
17 | 17 | ||
18 | private-bin gtk-straw-viewer,straw-viewer | 18 | private-bin gtk-straw-viewer,straw-viewer |
19 | 19 | ||
diff --git a/etc/profile-m-z/strawberry.profile b/etc/profile-m-z/strawberry.profile index b87906f55..aed0b7910 100644 --- a/etc/profile-m-z/strawberry.profile +++ b/etc/profile-m-z/strawberry.profile | |||
@@ -6,10 +6,10 @@ include strawberry.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/strawberry | 9 | nodeny ${HOME}/.cache/strawberry |
10 | noblacklist ${HOME}/.config/strawberry | 10 | nodeny ${HOME}/.config/strawberry |
11 | noblacklist ${HOME}/.local/share/strawberry | 11 | nodeny ${HOME}/.local/share/strawberry |
12 | noblacklist ${MUSIC} | 12 | nodeny ${MUSIC} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/strings.profile b/etc/profile-m-z/strings.profile index 1ebcded7f..5c820ef81 100644 --- a/etc/profile-m-z/strings.profile +++ b/etc/profile-m-z/strings.profile | |||
@@ -7,7 +7,7 @@ include strings.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | #include disable-common.inc | 12 | #include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/subdownloader.profile b/etc/profile-m-z/subdownloader.profile index bbe92fd38..0d07b5ea7 100644 --- a/etc/profile-m-z/subdownloader.profile +++ b/etc/profile-m-z/subdownloader.profile | |||
@@ -6,8 +6,8 @@ include subdownloader.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/SubDownloader | 9 | nodeny ${HOME}/.config/SubDownloader |
10 | noblacklist ${VIDEOS} | 10 | nodeny ${VIDEOS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-m-z/supertux2.profile b/etc/profile-m-z/supertux2.profile index cfd7a63ea..8cc547805 100644 --- a/etc/profile-m-z/supertux2.profile +++ b/etc/profile-m-z/supertux2.profile | |||
@@ -6,7 +6,7 @@ include supertux2.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/supertux2 | 9 | nodeny ${HOME}/.local/share/supertux2 |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/supertux2 | 20 | mkdir ${HOME}/.local/share/supertux2 |
21 | whitelist ${HOME}/.local/share/supertux2 | 21 | allow ${HOME}/.local/share/supertux2 |
22 | whitelist /usr/share/supertux2 | 22 | allow /usr/share/supertux2 |
23 | whitelist /usr/share/games/supertux2 # Debian version | 23 | allow /usr/share/games/supertux2 # Debian version |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile index 4eb8f921c..44dc1524f 100644 --- a/etc/profile-m-z/supertuxkart.profile +++ b/etc/profile-m-z/supertuxkart.profile | |||
@@ -6,11 +6,11 @@ include supertuxkart.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/supertuxkart | 9 | nodeny ${HOME}/.config/supertuxkart |
10 | noblacklist ${HOME}/.cache/supertuxkart | 10 | nodeny ${HOME}/.cache/supertuxkart |
11 | noblacklist ${HOME}/.local/share/supertuxkart | 11 | nodeny ${HOME}/.local/share/supertuxkart |
12 | 12 | ||
13 | blacklist /usr/libexec | 13 | deny /usr/libexec |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -24,11 +24,11 @@ include disable-xdg.inc | |||
24 | mkdir ${HOME}/.config/supertuxkart | 24 | mkdir ${HOME}/.config/supertuxkart |
25 | mkdir ${HOME}/.cache/supertuxkart | 25 | mkdir ${HOME}/.cache/supertuxkart |
26 | mkdir ${HOME}/.local/share/supertuxkart | 26 | mkdir ${HOME}/.local/share/supertuxkart |
27 | whitelist ${HOME}/.config/supertuxkart | 27 | allow ${HOME}/.config/supertuxkart |
28 | whitelist ${HOME}/.cache/supertuxkart | 28 | allow ${HOME}/.cache/supertuxkart |
29 | whitelist ${HOME}/.local/share/supertuxkart | 29 | allow ${HOME}/.local/share/supertuxkart |
30 | whitelist /usr/share/supertuxkart | 30 | allow /usr/share/supertuxkart |
31 | whitelist /usr/share/games/supertuxkart # Debian version | 31 | allow /usr/share/games/supertuxkart # Debian version |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/surf.profile b/etc/profile-m-z/surf.profile index 8db7d2433..fd1e7f9e9 100644 --- a/etc/profile-m-z/surf.profile +++ b/etc/profile-m-z/surf.profile | |||
@@ -6,7 +6,7 @@ include surf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.surf | 9 | nodeny ${HOME}/.surf |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -15,8 +15,8 @@ include disable-passwdmgr.inc | |||
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.surf | 17 | mkdir ${HOME}/.surf |
18 | whitelist ${HOME}/.surf | 18 | allow ${HOME}/.surf |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/profile-m-z/swell-foop.profile b/etc/profile-m-z/swell-foop.profile index 9efae815d..55cd0965a 100644 --- a/etc/profile-m-z/swell-foop.profile +++ b/etc/profile-m-z/swell-foop.profile | |||
@@ -6,12 +6,12 @@ include swell-foop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/swell-foop | 9 | nodeny ${HOME}/.local/share/swell-foop |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/swell-foop | 11 | mkdir ${HOME}/.local/share/swell-foop |
12 | whitelist ${HOME}/.local/share/swell-foop | 12 | allow ${HOME}/.local/share/swell-foop |
13 | 13 | ||
14 | whitelist /usr/share/swell-foop | 14 | allow /usr/share/swell-foop |
15 | 15 | ||
16 | private-bin swell-foop | 16 | private-bin swell-foop |
17 | 17 | ||
diff --git a/etc/profile-m-z/sylpheed.profile b/etc/profile-m-z/sylpheed.profile index 328812b04..447cdc99e 100644 --- a/etc/profile-m-z/sylpheed.profile +++ b/etc/profile-m-z/sylpheed.profile | |||
@@ -6,12 +6,12 @@ include sylpheed.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.sylpheed-2.0 | 9 | nodeny ${HOME}/.sylpheed-2.0 |
10 | 10 | ||
11 | mkdir ${HOME}/.sylpheed-2.0 | 11 | mkdir ${HOME}/.sylpheed-2.0 |
12 | whitelist ${HOME}/.sylpheed-2.0 | 12 | allow ${HOME}/.sylpheed-2.0 |
13 | 13 | ||
14 | whitelist /usr/share/sylpheed | 14 | allow /usr/share/sylpheed |
15 | 15 | ||
16 | # private-bin curl,gpg,gpg2,gpg-agent,gpgsm,pinentry,pinentry-gtk-2,sylpheed | 16 | # private-bin curl,gpg,gpg2,gpg-agent,gpgsm,pinentry,pinentry-gtk-2,sylpheed |
17 | 17 | ||
diff --git a/etc/profile-m-z/synfigstudio.profile b/etc/profile-m-z/synfigstudio.profile index c60186c42..7cbbafd54 100644 --- a/etc/profile-m-z/synfigstudio.profile +++ b/etc/profile-m-z/synfigstudio.profile | |||
@@ -6,8 +6,8 @@ include synfigstudio.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/synfig | 9 | nodeny ${HOME}/.config/synfig |
10 | noblacklist ${HOME}/.synfig | 10 | nodeny ${HOME}/.synfig |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/sysprof.profile b/etc/profile-m-z/sysprof.profile index b52b25b96..f20f88791 100644 --- a/etc/profile-m-z/sysprof.profile +++ b/etc/profile-m-z/sysprof.profile | |||
@@ -6,7 +6,7 @@ include sysprof.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | 12 | include disable-exec.inc |
@@ -24,15 +24,15 @@ include disable-xdg.inc | |||
24 | #nowhitelist /usr/share/yelp-tools | 24 | #nowhitelist /usr/share/yelp-tools |
25 | #nowhitelist /usr/share/yelp-xsl | 25 | #nowhitelist /usr/share/yelp-xsl |
26 | 26 | ||
27 | noblacklist ${HOME}/.config/yelp | 27 | nodeny ${HOME}/.config/yelp |
28 | mkdir ${HOME}/.config/yelp | 28 | mkdir ${HOME}/.config/yelp |
29 | whitelist ${HOME}/.config/yelp | 29 | allow ${HOME}/.config/yelp |
30 | whitelist /usr/share/help/C/sysprof | 30 | allow /usr/share/help/C/sysprof |
31 | whitelist /usr/share/yelp | 31 | allow /usr/share/yelp |
32 | whitelist /usr/share/yelp-tools | 32 | allow /usr/share/yelp-tools |
33 | whitelist /usr/share/yelp-xsl | 33 | allow /usr/share/yelp-xsl |
34 | 34 | ||
35 | whitelist ${DOCUMENTS} | 35 | allow ${DOCUMENTS} |
36 | include whitelist-common.inc | 36 | include whitelist-common.inc |
37 | include whitelist-runuser-common.inc | 37 | include whitelist-runuser-common.inc |
38 | include whitelist-usr-share-common.inc | 38 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/tar.profile b/etc/profile-m-z/tar.profile index 0d3a900e9..74c8a0849 100644 --- a/etc/profile-m-z/tar.profile +++ b/etc/profile-m-z/tar.profile | |||
@@ -12,7 +12,7 @@ ignore include disable-shell.inc | |||
12 | 12 | ||
13 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop | 13 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop |
14 | # all capabilities this is automatically read-only. | 14 | # all capabilities this is automatically read-only. |
15 | noblacklist /var/lib/pacman | 15 | nodeny /var/lib/pacman |
16 | 16 | ||
17 | private-etc alternatives,group,localtime,login.defs,passwd | 17 | private-etc alternatives,group,localtime,login.defs,passwd |
18 | #private-lib libfakeroot,liblzma.so.*,libreadline.so.* | 18 | #private-lib libfakeroot,liblzma.so.*,libreadline.so.* |
diff --git a/etc/profile-m-z/tb-starter-wrapper.profile b/etc/profile-m-z/tb-starter-wrapper.profile index ffe9605b6..691c33191 100644 --- a/etc/profile-m-z/tb-starter-wrapper.profile +++ b/etc/profile-m-z/tb-starter-wrapper.profile | |||
@@ -8,10 +8,10 @@ include tb-starter-wrapper.local | |||
8 | # added by included profile | 8 | # added by included profile |
9 | #include globals.local | 9 | #include globals.local |
10 | 10 | ||
11 | noblacklist ${HOME}/.tb | 11 | nodeny ${HOME}/.tb |
12 | 12 | ||
13 | mkdir ${HOME}/.tb | 13 | mkdir ${HOME}/.tb |
14 | whitelist ${HOME}/.tb | 14 | allow ${HOME}/.tb |
15 | 15 | ||
16 | private-bin tb-starter-wrapper | 16 | private-bin tb-starter-wrapper |
17 | 17 | ||
diff --git a/etc/profile-m-z/tcpdump.profile b/etc/profile-m-z/tcpdump.profile index e2ba5893c..b4c4873b3 100644 --- a/etc/profile-m-z/tcpdump.profile +++ b/etc/profile-m-z/tcpdump.profile | |||
@@ -6,9 +6,9 @@ include tcpdump.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /sbin | 9 | nodeny /sbin |
10 | noblacklist /usr/sbin | 10 | nodeny /usr/sbin |
11 | noblacklist ${PATH}/tcpdump | 11 | nodeny ${PATH}/tcpdump |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/teams-for-linux.profile b/etc/profile-m-z/teams-for-linux.profile index eee083332..24cbb42da 100644 --- a/etc/profile-m-z/teams-for-linux.profile +++ b/etc/profile-m-z/teams-for-linux.profile | |||
@@ -14,10 +14,10 @@ ignore include whitelist-usr-share-common.inc | |||
14 | ignore dbus-user none | 14 | ignore dbus-user none |
15 | ignore dbus-system none | 15 | ignore dbus-system none |
16 | 16 | ||
17 | noblacklist ${HOME}/.config/teams-for-linux | 17 | nodeny ${HOME}/.config/teams-for-linux |
18 | 18 | ||
19 | mkdir ${HOME}/.config/teams-for-linux | 19 | mkdir ${HOME}/.config/teams-for-linux |
20 | whitelist ${HOME}/.config/teams-for-linux | 20 | allow ${HOME}/.config/teams-for-linux |
21 | 21 | ||
22 | private-bin bash,cut,echo,egrep,grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh | 22 | private-bin bash,cut,echo,egrep,grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh |
23 | private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl | 23 | private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl |
diff --git a/etc/profile-m-z/teams.profile b/etc/profile-m-z/teams.profile index c8d98cbaa..8639edbc8 100644 --- a/etc/profile-m-z/teams.profile +++ b/etc/profile-m-z/teams.profile | |||
@@ -18,13 +18,13 @@ ignore apparmor | |||
18 | ignore dbus-user none | 18 | ignore dbus-user none |
19 | ignore dbus-system none | 19 | ignore dbus-system none |
20 | 20 | ||
21 | noblacklist ${HOME}/.config/teams | 21 | nodeny ${HOME}/.config/teams |
22 | noblacklist ${HOME}/.config/Microsoft | 22 | nodeny ${HOME}/.config/Microsoft |
23 | 23 | ||
24 | mkdir ${HOME}/.config/teams | 24 | mkdir ${HOME}/.config/teams |
25 | mkdir ${HOME}/.config/Microsoft | 25 | mkdir ${HOME}/.config/Microsoft |
26 | whitelist ${HOME}/.config/teams | 26 | allow ${HOME}/.config/teams |
27 | whitelist ${HOME}/.config/Microsoft | 27 | allow ${HOME}/.config/Microsoft |
28 | 28 | ||
29 | # Redirect | 29 | # Redirect |
30 | include electron.profile | 30 | include electron.profile |
diff --git a/etc/profile-m-z/teamspeak3.profile b/etc/profile-m-z/teamspeak3.profile index 02a2c8ae4..781a5f4eb 100644 --- a/etc/profile-m-z/teamspeak3.profile +++ b/etc/profile-m-z/teamspeak3.profile | |||
@@ -6,8 +6,8 @@ include teamspeak3.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.ts3client | 9 | nodeny ${HOME}/.ts3client |
10 | noblacklist ${PATH}/openssl | 10 | nodeny ${PATH}/openssl |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.ts3client | 19 | mkdir ${HOME}/.ts3client |
20 | whitelist ${DOWNLOADS} | 20 | allow ${DOWNLOADS} |
21 | whitelist ${HOME}/.ts3client | 21 | allow ${HOME}/.ts3client |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-m-z/teeworlds.profile b/etc/profile-m-z/teeworlds.profile index be01aee12..c9c444ffc 100644 --- a/etc/profile-m-z/teeworlds.profile +++ b/etc/profile-m-z/teeworlds.profile | |||
@@ -6,7 +6,7 @@ include teeworlds.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.teeworlds | 9 | nodeny ${HOME}/.teeworlds |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.teeworlds | 20 | mkdir ${HOME}/.teeworlds |
21 | whitelist ${HOME}/.teeworlds | 21 | allow ${HOME}/.teeworlds |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile index 05c621fb2..92689a461 100644 --- a/etc/profile-m-z/telegram.profile +++ b/etc/profile-m-z/telegram.profile | |||
@@ -5,8 +5,8 @@ include telegram.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.TelegramDesktop | 8 | nodeny ${HOME}/.TelegramDesktop |
9 | noblacklist ${HOME}/.local/share/TelegramDesktop | 9 | nodeny ${HOME}/.local/share/TelegramDesktop |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.TelegramDesktop | 20 | mkdir ${HOME}/.TelegramDesktop |
21 | mkdir ${HOME}/.local/share/TelegramDesktop | 21 | mkdir ${HOME}/.local/share/TelegramDesktop |
22 | whitelist ${HOME}/.TelegramDesktop | 22 | allow ${HOME}/.TelegramDesktop |
23 | whitelist ${HOME}/.local/share/TelegramDesktop | 23 | allow ${HOME}/.local/share/TelegramDesktop |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
@@ -39,7 +39,6 @@ protocol unix,inet,inet6,netlink | |||
39 | seccomp | 39 | seccomp |
40 | seccomp.block-secondary | 40 | seccomp.block-secondary |
41 | shell none | 41 | shell none |
42 | tracelog | ||
43 | 42 | ||
44 | disable-mnt | 43 | disable-mnt |
45 | #private-bin telegram,Telegram,telegram-desktop | 44 | #private-bin telegram,Telegram,telegram-desktop |
diff --git a/etc/profile-m-z/terasology.profile b/etc/profile-m-z/terasology.profile index ce2ca1d17..b2f98fbac 100644 --- a/etc/profile-m-z/terasology.profile +++ b/etc/profile-m-z/terasology.profile | |||
@@ -7,7 +7,7 @@ include globals.local | |||
7 | 7 | ||
8 | ignore noexec /tmp | 8 | ignore noexec /tmp |
9 | 9 | ||
10 | noblacklist ${HOME}/.local/share/terasology | 10 | nodeny ${HOME}/.local/share/terasology |
11 | 11 | ||
12 | # Allow java (blacklisted by disable-devel.inc) | 12 | # Allow java (blacklisted by disable-devel.inc) |
13 | include allow-java.inc | 13 | include allow-java.inc |
@@ -21,8 +21,8 @@ include disable-programs.inc | |||
21 | 21 | ||
22 | mkdir ${HOME}/.java | 22 | mkdir ${HOME}/.java |
23 | mkdir ${HOME}/.local/share/terasology | 23 | mkdir ${HOME}/.local/share/terasology |
24 | whitelist ${HOME}/.java | 24 | allow ${HOME}/.java |
25 | whitelist ${HOME}/.local/share/terasology | 25 | allow ${HOME}/.local/share/terasology |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | 27 | ||
28 | caps.drop all | 28 | caps.drop all |
diff --git a/etc/profile-m-z/thunderbird.profile b/etc/profile-m-z/thunderbird.profile index b478fbe1e..a539cadf8 100644 --- a/etc/profile-m-z/thunderbird.profile +++ b/etc/profile-m-z/thunderbird.profile | |||
@@ -22,14 +22,14 @@ writable-run-user | |||
22 | #writable-var | 22 | #writable-var |
23 | 23 | ||
24 | # These lines are needed to allow Firefox to load your profile when clicking a link in an email | 24 | # These lines are needed to allow Firefox to load your profile when clicking a link in an email |
25 | noblacklist ${HOME}/.mozilla | 25 | nodeny ${HOME}/.mozilla |
26 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 26 | allow ${HOME}/.mozilla/firefox/profiles.ini |
27 | read-only ${HOME}/.mozilla/firefox/profiles.ini | 27 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
28 | 28 | ||
29 | noblacklist ${HOME}/.cache/thunderbird | 29 | nodeny ${HOME}/.cache/thunderbird |
30 | noblacklist ${HOME}/.gnupg | 30 | nodeny ${HOME}/.gnupg |
31 | # noblacklist ${HOME}/.icedove | 31 | # noblacklist ${HOME}/.icedove |
32 | noblacklist ${HOME}/.thunderbird | 32 | nodeny ${HOME}/.thunderbird |
33 | 33 | ||
34 | include disable-passwdmgr.inc | 34 | include disable-passwdmgr.inc |
35 | include disable-xdg.inc | 35 | include disable-xdg.inc |
@@ -42,15 +42,15 @@ mkdir ${HOME}/.cache/thunderbird | |||
42 | mkdir ${HOME}/.gnupg | 42 | mkdir ${HOME}/.gnupg |
43 | # mkdir ${HOME}/.icedove | 43 | # mkdir ${HOME}/.icedove |
44 | mkdir ${HOME}/.thunderbird | 44 | mkdir ${HOME}/.thunderbird |
45 | whitelist ${HOME}/.cache/thunderbird | 45 | allow ${HOME}/.cache/thunderbird |
46 | whitelist ${HOME}/.gnupg | 46 | allow ${HOME}/.gnupg |
47 | # whitelist ${HOME}/.icedove | 47 | # whitelist ${HOME}/.icedove |
48 | whitelist ${HOME}/.thunderbird | 48 | allow ${HOME}/.thunderbird |
49 | 49 | ||
50 | whitelist /usr/share/gnupg | 50 | allow /usr/share/gnupg |
51 | whitelist /usr/share/mozilla | 51 | allow /usr/share/mozilla |
52 | whitelist /usr/share/thunderbird | 52 | allow /usr/share/thunderbird |
53 | whitelist /usr/share/webext | 53 | allow /usr/share/webext |
54 | include whitelist-usr-share-common.inc | 54 | include whitelist-usr-share-common.inc |
55 | 55 | ||
56 | # machine-id breaks audio in browsers; enable or put it in your thunderbird.local when sound is not required | 56 | # machine-id breaks audio in browsers; enable or put it in your thunderbird.local when sound is not required |
diff --git a/etc/profile-m-z/tilp.profile b/etc/profile-m-z/tilp.profile index dd4a372c4..b0fa54f08 100644 --- a/etc/profile-m-z/tilp.profile +++ b/etc/profile-m-z/tilp.profile | |||
@@ -5,7 +5,7 @@ include tilp.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.tilp | 8 | nodeny ${HOME}/.tilp |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile index e0ed3090a..3ee696b8b 100644 --- a/etc/profile-m-z/tin.profile +++ b/etc/profile-m-z/tin.profile | |||
@@ -6,12 +6,12 @@ include tin.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.newsrc | 9 | nodeny ${HOME}/.newsrc |
10 | noblacklist ${HOME}/.tin | 10 | nodeny ${HOME}/.tin |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | deny /tmp/.X11-unix |
13 | blacklist ${RUNUSER} | 13 | deny ${RUNUSER} |
14 | blacklist /usr/libexec | 14 | deny /usr/libexec |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-m-z/tmux.profile b/etc/profile-m-z/tmux.profile index 0139d7515..d2e90e356 100644 --- a/etc/profile-m-z/tmux.profile +++ b/etc/profile-m-z/tmux.profile | |||
@@ -7,10 +7,10 @@ include tmux.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | deny ${RUNUSER} |
12 | 12 | ||
13 | noblacklist /tmp/tmux-* | 13 | nodeny /tmp/tmux-* |
14 | 14 | ||
15 | # include disable-common.inc | 15 | # include disable-common.inc |
16 | # include disable-devel.inc | 16 | # include disable-devel.inc |
diff --git a/etc/profile-m-z/tor-browser-ar.profile b/etc/profile-m-z/tor-browser-ar.profile index 59f1bc3b1..49158b93e 100644 --- a/etc/profile-m-z/tor-browser-ar.profile +++ b/etc/profile-m-z/tor-browser-ar.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ar.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-ar | 9 | nodeny ${HOME}/.tor-browser-ar |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ar | 11 | mkdir ${HOME}/.tor-browser-ar |
12 | whitelist ${HOME}/.tor-browser-ar | 12 | allow ${HOME}/.tor-browser-ar |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ca.profile b/etc/profile-m-z/tor-browser-ca.profile index 68577e352..612f8bd7c 100644 --- a/etc/profile-m-z/tor-browser-ca.profile +++ b/etc/profile-m-z/tor-browser-ca.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ca.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-ca | 9 | nodeny ${HOME}/.tor-browser-ca |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ca | 11 | mkdir ${HOME}/.tor-browser-ca |
12 | whitelist ${HOME}/.tor-browser-ca | 12 | allow ${HOME}/.tor-browser-ca |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-cs.profile b/etc/profile-m-z/tor-browser-cs.profile index 33e51fcd0..a400fde05 100644 --- a/etc/profile-m-z/tor-browser-cs.profile +++ b/etc/profile-m-z/tor-browser-cs.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-cs.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-cs | 9 | nodeny ${HOME}/.tor-browser-cs |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-cs | 11 | mkdir ${HOME}/.tor-browser-cs |
12 | whitelist ${HOME}/.tor-browser-cs | 12 | allow ${HOME}/.tor-browser-cs |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-da.profile b/etc/profile-m-z/tor-browser-da.profile index 440bb7fc3..9010025e3 100644 --- a/etc/profile-m-z/tor-browser-da.profile +++ b/etc/profile-m-z/tor-browser-da.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-da.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-da | 9 | nodeny ${HOME}/.tor-browser-da |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-da | 11 | mkdir ${HOME}/.tor-browser-da |
12 | whitelist ${HOME}/.tor-browser-da | 12 | allow ${HOME}/.tor-browser-da |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-de.profile b/etc/profile-m-z/tor-browser-de.profile index b2b98cf82..cd556c32b 100644 --- a/etc/profile-m-z/tor-browser-de.profile +++ b/etc/profile-m-z/tor-browser-de.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-de.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-de | 9 | nodeny ${HOME}/.tor-browser-de |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-de | 11 | mkdir ${HOME}/.tor-browser-de |
12 | whitelist ${HOME}/.tor-browser-de | 12 | allow ${HOME}/.tor-browser-de |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-el.profile b/etc/profile-m-z/tor-browser-el.profile index 626757dd5..ee2b0fea7 100644 --- a/etc/profile-m-z/tor-browser-el.profile +++ b/etc/profile-m-z/tor-browser-el.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-el.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-el | 9 | nodeny ${HOME}/.tor-browser-el |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-el | 11 | mkdir ${HOME}/.tor-browser-el |
12 | whitelist ${HOME}/.tor-browser-el | 12 | allow ${HOME}/.tor-browser-el |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-en-us.profile b/etc/profile-m-z/tor-browser-en-us.profile index 15e690748..2be71a5aa 100644 --- a/etc/profile-m-z/tor-browser-en-us.profile +++ b/etc/profile-m-z/tor-browser-en-us.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-en-us.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-en-us | 9 | nodeny ${HOME}/.tor-browser-en-us |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-en-us | 11 | mkdir ${HOME}/.tor-browser-en-us |
12 | whitelist ${HOME}/.tor-browser-en-us | 12 | allow ${HOME}/.tor-browser-en-us |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-en.profile b/etc/profile-m-z/tor-browser-en.profile index ef8c1eb8b..633c2f4f9 100644 --- a/etc/profile-m-z/tor-browser-en.profile +++ b/etc/profile-m-z/tor-browser-en.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-en.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-en | 9 | nodeny ${HOME}/.tor-browser-en |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-en | 11 | mkdir ${HOME}/.tor-browser-en |
12 | whitelist ${HOME}/.tor-browser-en | 12 | allow ${HOME}/.tor-browser-en |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-es-es.profile b/etc/profile-m-z/tor-browser-es-es.profile index ad734662e..f7c2302a7 100644 --- a/etc/profile-m-z/tor-browser-es-es.profile +++ b/etc/profile-m-z/tor-browser-es-es.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-es-es.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-es-es | 9 | nodeny ${HOME}/.tor-browser-es-es |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-es-es | 11 | mkdir ${HOME}/.tor-browser-es-es |
12 | whitelist ${HOME}/.tor-browser-es-es | 12 | allow ${HOME}/.tor-browser-es-es |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-es.profile b/etc/profile-m-z/tor-browser-es.profile index 97d8d8577..d88dcdec1 100644 --- a/etc/profile-m-z/tor-browser-es.profile +++ b/etc/profile-m-z/tor-browser-es.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-es.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-es | 9 | nodeny ${HOME}/.tor-browser-es |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-es | 11 | mkdir ${HOME}/.tor-browser-es |
12 | whitelist ${HOME}/.tor-browser-es | 12 | allow ${HOME}/.tor-browser-es |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-fa.profile b/etc/profile-m-z/tor-browser-fa.profile index 095be69e4..3f7074fdb 100644 --- a/etc/profile-m-z/tor-browser-fa.profile +++ b/etc/profile-m-z/tor-browser-fa.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-fa.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-fa | 9 | nodeny ${HOME}/.tor-browser-fa |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-fa | 11 | mkdir ${HOME}/.tor-browser-fa |
12 | whitelist ${HOME}/.tor-browser-fa | 12 | allow ${HOME}/.tor-browser-fa |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-fr.profile b/etc/profile-m-z/tor-browser-fr.profile index 37f61fc3a..ef14f44a2 100644 --- a/etc/profile-m-z/tor-browser-fr.profile +++ b/etc/profile-m-z/tor-browser-fr.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-fr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-fr | 9 | nodeny ${HOME}/.tor-browser-fr |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-fr | 11 | mkdir ${HOME}/.tor-browser-fr |
12 | whitelist ${HOME}/.tor-browser-fr | 12 | allow ${HOME}/.tor-browser-fr |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ga-ie.profile b/etc/profile-m-z/tor-browser-ga-ie.profile index ab7141fc4..06baaf34f 100644 --- a/etc/profile-m-z/tor-browser-ga-ie.profile +++ b/etc/profile-m-z/tor-browser-ga-ie.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ga-ie.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-ga-ie | 9 | nodeny ${HOME}/.tor-browser-ga-ie |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ga-ie | 11 | mkdir ${HOME}/.tor-browser-ga-ie |
12 | whitelist ${HOME}/.tor-browser-ga-ie | 12 | allow ${HOME}/.tor-browser-ga-ie |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-he.profile b/etc/profile-m-z/tor-browser-he.profile index ae56f3b7f..57588ffc7 100644 --- a/etc/profile-m-z/tor-browser-he.profile +++ b/etc/profile-m-z/tor-browser-he.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-he.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-he | 9 | nodeny ${HOME}/.tor-browser-he |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-he | 11 | mkdir ${HOME}/.tor-browser-he |
12 | whitelist ${HOME}/.tor-browser-he | 12 | allow ${HOME}/.tor-browser-he |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-hu.profile b/etc/profile-m-z/tor-browser-hu.profile index 65cd18ac8..a10b66a24 100644 --- a/etc/profile-m-z/tor-browser-hu.profile +++ b/etc/profile-m-z/tor-browser-hu.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-hu.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-hu | 9 | nodeny ${HOME}/.tor-browser-hu |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-hu | 11 | mkdir ${HOME}/.tor-browser-hu |
12 | whitelist ${HOME}/.tor-browser-hu | 12 | allow ${HOME}/.tor-browser-hu |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-id.profile b/etc/profile-m-z/tor-browser-id.profile index 57fe09f47..fcdb822cd 100644 --- a/etc/profile-m-z/tor-browser-id.profile +++ b/etc/profile-m-z/tor-browser-id.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-id.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-id | 9 | nodeny ${HOME}/.tor-browser-id |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-id | 11 | mkdir ${HOME}/.tor-browser-id |
12 | whitelist ${HOME}/.tor-browser-id | 12 | allow ${HOME}/.tor-browser-id |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-is.profile b/etc/profile-m-z/tor-browser-is.profile index 54f1df42d..45b47c108 100644 --- a/etc/profile-m-z/tor-browser-is.profile +++ b/etc/profile-m-z/tor-browser-is.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-is.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-is | 9 | nodeny ${HOME}/.tor-browser-is |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-is | 11 | mkdir ${HOME}/.tor-browser-is |
12 | whitelist ${HOME}/.tor-browser-is | 12 | allow ${HOME}/.tor-browser-is |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-it.profile b/etc/profile-m-z/tor-browser-it.profile index a7d46e875..b5a2f7c13 100644 --- a/etc/profile-m-z/tor-browser-it.profile +++ b/etc/profile-m-z/tor-browser-it.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-it.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-it | 9 | nodeny ${HOME}/.tor-browser-it |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-it | 11 | mkdir ${HOME}/.tor-browser-it |
12 | whitelist ${HOME}/.tor-browser-it | 12 | allow ${HOME}/.tor-browser-it |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ja.profile b/etc/profile-m-z/tor-browser-ja.profile index b89016141..e1f023bd4 100644 --- a/etc/profile-m-z/tor-browser-ja.profile +++ b/etc/profile-m-z/tor-browser-ja.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ja.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-ja | 9 | nodeny ${HOME}/.tor-browser-ja |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ja | 11 | mkdir ${HOME}/.tor-browser-ja |
12 | whitelist ${HOME}/.tor-browser-ja | 12 | allow ${HOME}/.tor-browser-ja |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ka.profile b/etc/profile-m-z/tor-browser-ka.profile index b57cf10de..17930b58e 100644 --- a/etc/profile-m-z/tor-browser-ka.profile +++ b/etc/profile-m-z/tor-browser-ka.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ka.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-ka | 9 | nodeny ${HOME}/.tor-browser-ka |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ka | 11 | mkdir ${HOME}/.tor-browser-ka |
12 | whitelist ${HOME}/.tor-browser-ka | 12 | allow ${HOME}/.tor-browser-ka |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ko.profile b/etc/profile-m-z/tor-browser-ko.profile index a9bedb6fd..b33d1edb4 100644 --- a/etc/profile-m-z/tor-browser-ko.profile +++ b/etc/profile-m-z/tor-browser-ko.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ko.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-ko | 9 | nodeny ${HOME}/.tor-browser-ko |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ko | 11 | mkdir ${HOME}/.tor-browser-ko |
12 | whitelist ${HOME}/.tor-browser-ko | 12 | allow ${HOME}/.tor-browser-ko |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-nb.profile b/etc/profile-m-z/tor-browser-nb.profile index fbe9f92bd..b462eb9ac 100644 --- a/etc/profile-m-z/tor-browser-nb.profile +++ b/etc/profile-m-z/tor-browser-nb.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-nb.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-nb | 9 | nodeny ${HOME}/.tor-browser-nb |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-nb | 11 | mkdir ${HOME}/.tor-browser-nb |
12 | whitelist ${HOME}/.tor-browser-nb | 12 | allow ${HOME}/.tor-browser-nb |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-nl.profile b/etc/profile-m-z/tor-browser-nl.profile index 678ac1713..0225eb6fd 100644 --- a/etc/profile-m-z/tor-browser-nl.profile +++ b/etc/profile-m-z/tor-browser-nl.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-nl.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-nl | 9 | nodeny ${HOME}/.tor-browser-nl |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-nl | 11 | mkdir ${HOME}/.tor-browser-nl |
12 | whitelist ${HOME}/.tor-browser-nl | 12 | allow ${HOME}/.tor-browser-nl |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-pl.profile b/etc/profile-m-z/tor-browser-pl.profile index 25d473b1a..75604b458 100644 --- a/etc/profile-m-z/tor-browser-pl.profile +++ b/etc/profile-m-z/tor-browser-pl.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-pl.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-pl | 9 | nodeny ${HOME}/.tor-browser-pl |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-pl | 11 | mkdir ${HOME}/.tor-browser-pl |
12 | whitelist ${HOME}/.tor-browser-pl | 12 | allow ${HOME}/.tor-browser-pl |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-pt-br.profile b/etc/profile-m-z/tor-browser-pt-br.profile index 55adbd5ea..4d50d8034 100644 --- a/etc/profile-m-z/tor-browser-pt-br.profile +++ b/etc/profile-m-z/tor-browser-pt-br.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-pt-br.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-pt-br | 9 | nodeny ${HOME}/.tor-browser-pt-br |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-pt-br | 11 | mkdir ${HOME}/.tor-browser-pt-br |
12 | whitelist ${HOME}/.tor-browser-pt-br | 12 | allow ${HOME}/.tor-browser-pt-br |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ru.profile b/etc/profile-m-z/tor-browser-ru.profile index aea13be9d..4bca3c46f 100644 --- a/etc/profile-m-z/tor-browser-ru.profile +++ b/etc/profile-m-z/tor-browser-ru.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ru.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-ru | 9 | nodeny ${HOME}/.tor-browser-ru |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ru | 11 | mkdir ${HOME}/.tor-browser-ru |
12 | whitelist ${HOME}/.tor-browser-ru | 12 | allow ${HOME}/.tor-browser-ru |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-sv-se.profile b/etc/profile-m-z/tor-browser-sv-se.profile index b7882bd04..1b319dc43 100644 --- a/etc/profile-m-z/tor-browser-sv-se.profile +++ b/etc/profile-m-z/tor-browser-sv-se.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-sv-se.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-sv-se | 9 | nodeny ${HOME}/.tor-browser-sv-se |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-sv-se | 11 | mkdir ${HOME}/.tor-browser-sv-se |
12 | whitelist ${HOME}/.tor-browser-sv-se | 12 | allow ${HOME}/.tor-browser-sv-se |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-tr.profile b/etc/profile-m-z/tor-browser-tr.profile index c52e8c4c4..0775a0c08 100644 --- a/etc/profile-m-z/tor-browser-tr.profile +++ b/etc/profile-m-z/tor-browser-tr.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-tr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-tr | 9 | nodeny ${HOME}/.tor-browser-tr |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-tr | 11 | mkdir ${HOME}/.tor-browser-tr |
12 | whitelist ${HOME}/.tor-browser-tr | 12 | allow ${HOME}/.tor-browser-tr |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-vi.profile b/etc/profile-m-z/tor-browser-vi.profile index d5bf76655..c4d5a7a76 100644 --- a/etc/profile-m-z/tor-browser-vi.profile +++ b/etc/profile-m-z/tor-browser-vi.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-vi.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-vi | 9 | nodeny ${HOME}/.tor-browser-vi |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-vi | 11 | mkdir ${HOME}/.tor-browser-vi |
12 | whitelist ${HOME}/.tor-browser-vi | 12 | allow ${HOME}/.tor-browser-vi |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-zh-cn.profile b/etc/profile-m-z/tor-browser-zh-cn.profile index 6c8925a4a..4cd287e5d 100644 --- a/etc/profile-m-z/tor-browser-zh-cn.profile +++ b/etc/profile-m-z/tor-browser-zh-cn.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-zh-cn.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-zh-cn | 9 | nodeny ${HOME}/.tor-browser-zh-cn |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-zh-cn | 11 | mkdir ${HOME}/.tor-browser-zh-cn |
12 | whitelist ${HOME}/.tor-browser-zh-cn | 12 | allow ${HOME}/.tor-browser-zh-cn |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-zh-tw.profile b/etc/profile-m-z/tor-browser-zh-tw.profile index 141a6701e..c75baf522 100644 --- a/etc/profile-m-z/tor-browser-zh-tw.profile +++ b/etc/profile-m-z/tor-browser-zh-tw.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-zh-tw.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-zh-tw | 9 | nodeny ${HOME}/.tor-browser-zh-tw |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-zh-tw | 11 | mkdir ${HOME}/.tor-browser-zh-tw |
12 | whitelist ${HOME}/.tor-browser-zh-tw | 12 | allow ${HOME}/.tor-browser-zh-tw |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser.profile b/etc/profile-m-z/tor-browser.profile index 76a0e1fa5..8a2dbda53 100644 --- a/etc/profile-m-z/tor-browser.profile +++ b/etc/profile-m-z/tor-browser.profile | |||
@@ -6,10 +6,10 @@ include tor-browser.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser | 9 | nodeny ${HOME}/.tor-browser |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser | 11 | mkdir ${HOME}/.tor-browser |
12 | whitelist ${HOME}/.tor-browser | 12 | allow ${HOME}/.tor-browser |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ar.profile b/etc/profile-m-z/tor-browser_ar.profile index d811b7549..90b5a0960 100644 --- a/etc/profile-m-z/tor-browser_ar.profile +++ b/etc/profile-m-z/tor-browser_ar.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ar.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_ar | 9 | nodeny ${HOME}/.tor-browser_ar |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ar | 11 | mkdir ${HOME}/.tor-browser_ar |
12 | whitelist ${HOME}/.tor-browser_ar | 12 | allow ${HOME}/.tor-browser_ar |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ca.profile b/etc/profile-m-z/tor-browser_ca.profile index 8bf1f7cd4..a04207ccd 100644 --- a/etc/profile-m-z/tor-browser_ca.profile +++ b/etc/profile-m-z/tor-browser_ca.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ca.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_ca | 9 | nodeny ${HOME}/.tor-browser_ca |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ca | 11 | mkdir ${HOME}/.tor-browser_ca |
12 | whitelist ${HOME}/.tor-browser_ca | 12 | allow ${HOME}/.tor-browser_ca |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_cs.profile b/etc/profile-m-z/tor-browser_cs.profile index b41107bf1..b99ad14a8 100644 --- a/etc/profile-m-z/tor-browser_cs.profile +++ b/etc/profile-m-z/tor-browser_cs.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_cs.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_cs | 9 | nodeny ${HOME}/.tor-browser_cs |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_cs | 11 | mkdir ${HOME}/.tor-browser_cs |
12 | whitelist ${HOME}/.tor-browser_cs | 12 | allow ${HOME}/.tor-browser_cs |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_da.profile b/etc/profile-m-z/tor-browser_da.profile index cbec4ee2e..545e53b7e 100644 --- a/etc/profile-m-z/tor-browser_da.profile +++ b/etc/profile-m-z/tor-browser_da.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_da.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_da | 9 | nodeny ${HOME}/.tor-browser_da |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_da | 11 | mkdir ${HOME}/.tor-browser_da |
12 | whitelist ${HOME}/.tor-browser_da | 12 | allow ${HOME}/.tor-browser_da |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_de.profile b/etc/profile-m-z/tor-browser_de.profile index ea26765d3..545f82f72 100644 --- a/etc/profile-m-z/tor-browser_de.profile +++ b/etc/profile-m-z/tor-browser_de.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_de.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_de | 9 | nodeny ${HOME}/.tor-browser_de |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_de | 11 | mkdir ${HOME}/.tor-browser_de |
12 | whitelist ${HOME}/.tor-browser_de | 12 | allow ${HOME}/.tor-browser_de |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_el.profile b/etc/profile-m-z/tor-browser_el.profile index ff57a8722..3120b1701 100644 --- a/etc/profile-m-z/tor-browser_el.profile +++ b/etc/profile-m-z/tor-browser_el.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_el.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_el | 9 | nodeny ${HOME}/.tor-browser_el |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_el | 11 | mkdir ${HOME}/.tor-browser_el |
12 | whitelist ${HOME}/.tor-browser_el | 12 | allow ${HOME}/.tor-browser_el |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_en-US.profile b/etc/profile-m-z/tor-browser_en-US.profile index 18c92b638..6719ac057 100644 --- a/etc/profile-m-z/tor-browser_en-US.profile +++ b/etc/profile-m-z/tor-browser_en-US.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_en-US.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_en-US | 9 | nodeny ${HOME}/.tor-browser_en-US |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_en-US | 11 | mkdir ${HOME}/.tor-browser_en-US |
12 | whitelist ${HOME}/.tor-browser_en-US | 12 | allow ${HOME}/.tor-browser_en-US |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_en.profile b/etc/profile-m-z/tor-browser_en.profile index ebba83cc4..4cbd37109 100644 --- a/etc/profile-m-z/tor-browser_en.profile +++ b/etc/profile-m-z/tor-browser_en.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_en.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_en | 9 | nodeny ${HOME}/.tor-browser_en |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_en | 11 | mkdir ${HOME}/.tor-browser_en |
12 | whitelist ${HOME}/.tor-browser_en | 12 | allow ${HOME}/.tor-browser_en |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_es-ES.profile b/etc/profile-m-z/tor-browser_es-ES.profile index aecab38d5..6c8a5987c 100644 --- a/etc/profile-m-z/tor-browser_es-ES.profile +++ b/etc/profile-m-z/tor-browser_es-ES.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_es-ES.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_es-ES | 9 | nodeny ${HOME}/.tor-browser_es-ES |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_es-ES | 11 | mkdir ${HOME}/.tor-browser_es-ES |
12 | whitelist ${HOME}/.tor-browser_es-ES | 12 | allow ${HOME}/.tor-browser_es-ES |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_es.profile b/etc/profile-m-z/tor-browser_es.profile index e19e9b5e6..7d358b7ca 100644 --- a/etc/profile-m-z/tor-browser_es.profile +++ b/etc/profile-m-z/tor-browser_es.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_es.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_es | 9 | nodeny ${HOME}/.tor-browser_es |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_es | 11 | mkdir ${HOME}/.tor-browser_es |
12 | whitelist ${HOME}/.tor-browser_es | 12 | allow ${HOME}/.tor-browser_es |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_fa.profile b/etc/profile-m-z/tor-browser_fa.profile index 68414c277..fc4285c5d 100644 --- a/etc/profile-m-z/tor-browser_fa.profile +++ b/etc/profile-m-z/tor-browser_fa.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_fa.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_fa | 9 | nodeny ${HOME}/.tor-browser_fa |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_fa | 11 | mkdir ${HOME}/.tor-browser_fa |
12 | whitelist ${HOME}/.tor-browser_fa | 12 | allow ${HOME}/.tor-browser_fa |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_fr.profile b/etc/profile-m-z/tor-browser_fr.profile index 0a8bb30b7..2d0c0ff1f 100644 --- a/etc/profile-m-z/tor-browser_fr.profile +++ b/etc/profile-m-z/tor-browser_fr.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_fr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_fr | 9 | nodeny ${HOME}/.tor-browser_fr |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_fr | 11 | mkdir ${HOME}/.tor-browser_fr |
12 | whitelist ${HOME}/.tor-browser_fr | 12 | allow ${HOME}/.tor-browser_fr |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ga-IE.profile b/etc/profile-m-z/tor-browser_ga-IE.profile index 12354b900..2880e1e2a 100644 --- a/etc/profile-m-z/tor-browser_ga-IE.profile +++ b/etc/profile-m-z/tor-browser_ga-IE.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ga-IE.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_ga-IE | 9 | nodeny ${HOME}/.tor-browser_ga-IE |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ga-IE | 11 | mkdir ${HOME}/.tor-browser_ga-IE |
12 | whitelist ${HOME}/.tor-browser_ga-IE | 12 | allow ${HOME}/.tor-browser_ga-IE |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_he.profile b/etc/profile-m-z/tor-browser_he.profile index 19cbb0809..ac6993019 100644 --- a/etc/profile-m-z/tor-browser_he.profile +++ b/etc/profile-m-z/tor-browser_he.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_he.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_he | 9 | nodeny ${HOME}/.tor-browser_he |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_he | 11 | mkdir ${HOME}/.tor-browser_he |
12 | whitelist ${HOME}/.tor-browser_he | 12 | allow ${HOME}/.tor-browser_he |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_hu.profile b/etc/profile-m-z/tor-browser_hu.profile index 62b55e170..6877a6be4 100644 --- a/etc/profile-m-z/tor-browser_hu.profile +++ b/etc/profile-m-z/tor-browser_hu.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_hu.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_hu | 9 | nodeny ${HOME}/.tor-browser_hu |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_hu | 11 | mkdir ${HOME}/.tor-browser_hu |
12 | whitelist ${HOME}/.tor-browser_hu | 12 | allow ${HOME}/.tor-browser_hu |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_id.profile b/etc/profile-m-z/tor-browser_id.profile index 2970a7747..5f5601f74 100644 --- a/etc/profile-m-z/tor-browser_id.profile +++ b/etc/profile-m-z/tor-browser_id.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_id.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_id | 9 | nodeny ${HOME}/.tor-browser_id |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_id | 11 | mkdir ${HOME}/.tor-browser_id |
12 | whitelist ${HOME}/.tor-browser_id | 12 | allow ${HOME}/.tor-browser_id |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_is.profile b/etc/profile-m-z/tor-browser_is.profile index f922c7644..f0814d16e 100644 --- a/etc/profile-m-z/tor-browser_is.profile +++ b/etc/profile-m-z/tor-browser_is.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_is.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_is | 9 | nodeny ${HOME}/.tor-browser_is |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_is | 11 | mkdir ${HOME}/.tor-browser_is |
12 | whitelist ${HOME}/.tor-browser_is | 12 | allow ${HOME}/.tor-browser_is |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_it.profile b/etc/profile-m-z/tor-browser_it.profile index 406901759..fa01f6bca 100644 --- a/etc/profile-m-z/tor-browser_it.profile +++ b/etc/profile-m-z/tor-browser_it.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_it.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_it | 9 | nodeny ${HOME}/.tor-browser_it |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_it | 11 | mkdir ${HOME}/.tor-browser_it |
12 | whitelist ${HOME}/.tor-browser_it | 12 | allow ${HOME}/.tor-browser_it |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ja.profile b/etc/profile-m-z/tor-browser_ja.profile index 8f9d8d751..dde107dd3 100644 --- a/etc/profile-m-z/tor-browser_ja.profile +++ b/etc/profile-m-z/tor-browser_ja.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ja.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_ja | 9 | nodeny ${HOME}/.tor-browser_ja |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ja | 11 | mkdir ${HOME}/.tor-browser_ja |
12 | whitelist ${HOME}/.tor-browser_ja | 12 | allow ${HOME}/.tor-browser_ja |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ka.profile b/etc/profile-m-z/tor-browser_ka.profile index 4de4135e1..7de4dff65 100644 --- a/etc/profile-m-z/tor-browser_ka.profile +++ b/etc/profile-m-z/tor-browser_ka.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ka.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_ka | 9 | nodeny ${HOME}/.tor-browser_ka |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ka | 11 | mkdir ${HOME}/.tor-browser_ka |
12 | whitelist ${HOME}/.tor-browser_ka | 12 | allow ${HOME}/.tor-browser_ka |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ko.profile b/etc/profile-m-z/tor-browser_ko.profile index 125c733ce..7e3ceb4d9 100644 --- a/etc/profile-m-z/tor-browser_ko.profile +++ b/etc/profile-m-z/tor-browser_ko.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ko.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_ko | 9 | nodeny ${HOME}/.tor-browser_ko |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ko | 11 | mkdir ${HOME}/.tor-browser_ko |
12 | whitelist ${HOME}/.tor-browser_ko | 12 | allow ${HOME}/.tor-browser_ko |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_nb.profile b/etc/profile-m-z/tor-browser_nb.profile index dc6ac876b..c11001960 100644 --- a/etc/profile-m-z/tor-browser_nb.profile +++ b/etc/profile-m-z/tor-browser_nb.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_nb.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_nb | 9 | nodeny ${HOME}/.tor-browser_nb |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_nb | 11 | mkdir ${HOME}/.tor-browser_nb |
12 | whitelist ${HOME}/.tor-browser_nb | 12 | allow ${HOME}/.tor-browser_nb |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_nl.profile b/etc/profile-m-z/tor-browser_nl.profile index 2a3a5b519..2d1044f9d 100644 --- a/etc/profile-m-z/tor-browser_nl.profile +++ b/etc/profile-m-z/tor-browser_nl.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_nl.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_nl | 9 | nodeny ${HOME}/.tor-browser_nl |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_nl | 11 | mkdir ${HOME}/.tor-browser_nl |
12 | whitelist ${HOME}/.tor-browser_nl | 12 | allow ${HOME}/.tor-browser_nl |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_pl.profile b/etc/profile-m-z/tor-browser_pl.profile index b7dec32db..2818320a0 100644 --- a/etc/profile-m-z/tor-browser_pl.profile +++ b/etc/profile-m-z/tor-browser_pl.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_pl.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_pl | 9 | nodeny ${HOME}/.tor-browser_pl |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_pl | 11 | mkdir ${HOME}/.tor-browser_pl |
12 | whitelist ${HOME}/.tor-browser_pl | 12 | allow ${HOME}/.tor-browser_pl |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_pt-BR.profile b/etc/profile-m-z/tor-browser_pt-BR.profile index 7a7d4726c..8c33e2545 100644 --- a/etc/profile-m-z/tor-browser_pt-BR.profile +++ b/etc/profile-m-z/tor-browser_pt-BR.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_pt-BR.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_pt-BR | 9 | nodeny ${HOME}/.tor-browser_pt-BR |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_pt-BR | 11 | mkdir ${HOME}/.tor-browser_pt-BR |
12 | whitelist ${HOME}/.tor-browser_pt-BR | 12 | allow ${HOME}/.tor-browser_pt-BR |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ru.profile b/etc/profile-m-z/tor-browser_ru.profile index 7d2e6bc97..2553bb031 100644 --- a/etc/profile-m-z/tor-browser_ru.profile +++ b/etc/profile-m-z/tor-browser_ru.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ru.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_ru | 9 | nodeny ${HOME}/.tor-browser_ru |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ru | 11 | mkdir ${HOME}/.tor-browser_ru |
12 | whitelist ${HOME}/.tor-browser_ru | 12 | allow ${HOME}/.tor-browser_ru |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_sv-SE.profile b/etc/profile-m-z/tor-browser_sv-SE.profile index 585925e81..3152cb658 100644 --- a/etc/profile-m-z/tor-browser_sv-SE.profile +++ b/etc/profile-m-z/tor-browser_sv-SE.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_sv-SE.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_sv-SE | 9 | nodeny ${HOME}/.tor-browser_sv-SE |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_sv-SE | 11 | mkdir ${HOME}/.tor-browser_sv-SE |
12 | whitelist ${HOME}/.tor-browser_sv-SE | 12 | allow ${HOME}/.tor-browser_sv-SE |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_tr.profile b/etc/profile-m-z/tor-browser_tr.profile index 4b0cc3821..9808d4725 100644 --- a/etc/profile-m-z/tor-browser_tr.profile +++ b/etc/profile-m-z/tor-browser_tr.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_tr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_tr | 9 | nodeny ${HOME}/.tor-browser_tr |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_tr | 11 | mkdir ${HOME}/.tor-browser_tr |
12 | whitelist ${HOME}/.tor-browser_tr | 12 | allow ${HOME}/.tor-browser_tr |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_vi.profile b/etc/profile-m-z/tor-browser_vi.profile index 4dcfbf56d..364fca40b 100644 --- a/etc/profile-m-z/tor-browser_vi.profile +++ b/etc/profile-m-z/tor-browser_vi.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_vi.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_vi | 9 | nodeny ${HOME}/.tor-browser_vi |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_vi | 11 | mkdir ${HOME}/.tor-browser_vi |
12 | whitelist ${HOME}/.tor-browser_vi | 12 | allow ${HOME}/.tor-browser_vi |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_zh-CN.profile b/etc/profile-m-z/tor-browser_zh-CN.profile index 1e03b8d6b..193e8a399 100644 --- a/etc/profile-m-z/tor-browser_zh-CN.profile +++ b/etc/profile-m-z/tor-browser_zh-CN.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_zh-CN.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_zh-CN | 9 | nodeny ${HOME}/.tor-browser_zh-CN |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_zh-CN | 11 | mkdir ${HOME}/.tor-browser_zh-CN |
12 | whitelist ${HOME}/.tor-browser_zh-CN | 12 | allow ${HOME}/.tor-browser_zh-CN |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_zh-TW.profile b/etc/profile-m-z/tor-browser_zh-TW.profile index a2dcf5cf1..047be9b8e 100644 --- a/etc/profile-m-z/tor-browser_zh-TW.profile +++ b/etc/profile-m-z/tor-browser_zh-TW.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_zh-TW.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_zh-TW | 9 | nodeny ${HOME}/.tor-browser_zh-TW |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_zh-TW | 11 | mkdir ${HOME}/.tor-browser_zh-TW |
12 | whitelist ${HOME}/.tor-browser_zh-TW | 12 | allow ${HOME}/.tor-browser_zh-TW |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile index 7659ed1e9..65a37db5f 100644 --- a/etc/profile-m-z/torbrowser-launcher.profile +++ b/etc/profile-m-z/torbrowser-launcher.profile | |||
@@ -8,15 +8,15 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/torbrowser | 11 | nodeny ${HOME}/.config/torbrowser |
12 | noblacklist ${HOME}/.local/share/torbrowser | 12 | nodeny ${HOME}/.local/share/torbrowser |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
16 | include allow-python3.inc | 16 | include allow-python3.inc |
17 | 17 | ||
18 | blacklist /opt | 18 | deny /opt |
19 | blacklist /srv | 19 | deny /srv |
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-devel.inc | 22 | include disable-devel.inc |
@@ -28,10 +28,10 @@ include disable-xdg.inc | |||
28 | 28 | ||
29 | mkdir ${HOME}/.config/torbrowser | 29 | mkdir ${HOME}/.config/torbrowser |
30 | mkdir ${HOME}/.local/share/torbrowser | 30 | mkdir ${HOME}/.local/share/torbrowser |
31 | whitelist ${DOWNLOADS} | 31 | allow ${DOWNLOADS} |
32 | whitelist ${HOME}/.config/torbrowser | 32 | allow ${HOME}/.config/torbrowser |
33 | whitelist ${HOME}/.local/share/torbrowser | 33 | allow ${HOME}/.local/share/torbrowser |
34 | whitelist /usr/share/torbrowser-launcher | 34 | allow /usr/share/torbrowser-launcher |
35 | include whitelist-common.inc | 35 | include whitelist-common.inc |
36 | include whitelist-var-common.inc | 36 | include whitelist-var-common.inc |
37 | include whitelist-runuser-common.inc | 37 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/torcs.profile b/etc/profile-m-z/torcs.profile index 0f98a8f64..c5d89c3e3 100644 --- a/etc/profile-m-z/torcs.profile +++ b/etc/profile-m-z/torcs.profile | |||
@@ -6,7 +6,7 @@ include torcs.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.torcs | 9 | nodeny ${HOME}/.torcs |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.torcs | 19 | mkdir ${HOME}/.torcs |
20 | whitelist ${HOME}/.torcs | 20 | allow ${HOME}/.torcs |
21 | whitelist /usr/share/games/torcs | 21 | allow /usr/share/games/torcs |
22 | whitelist /var/games/torcs | 22 | allow /var/games/torcs |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/totem.profile b/etc/profile-m-z/totem.profile index 70d9e0aee..77d3c55f8 100644 --- a/etc/profile-m-z/totem.profile +++ b/etc/profile-m-z/totem.profile | |||
@@ -13,8 +13,8 @@ include allow-lua.inc | |||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python3.inc | 14 | include allow-python3.inc |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/totem | 16 | nodeny ${HOME}/.config/totem |
17 | noblacklist ${HOME}/.local/share/totem | 17 | nodeny ${HOME}/.local/share/totem |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
@@ -27,9 +27,9 @@ include disable-shell.inc | |||
27 | read-only ${DESKTOP} | 27 | read-only ${DESKTOP} |
28 | mkdir ${HOME}/.config/totem | 28 | mkdir ${HOME}/.config/totem |
29 | mkdir ${HOME}/.local/share/totem | 29 | mkdir ${HOME}/.local/share/totem |
30 | whitelist ${HOME}/.config/totem | 30 | allow ${HOME}/.config/totem |
31 | whitelist ${HOME}/.local/share/totem | 31 | allow ${HOME}/.local/share/totem |
32 | whitelist /usr/share/totem | 32 | allow /usr/share/totem |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-player-common.inc | 34 | include whitelist-player-common.inc |
35 | include whitelist-runuser-common.inc | 35 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/tracker.profile b/etc/profile-m-z/tracker.profile index 87c5de076..26f4abd0b 100644 --- a/etc/profile-m-z/tracker.profile +++ b/etc/profile-m-z/tracker.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | # Tracker is started by systemd on most systems. Therefore it is not firejailed by default | 9 | # Tracker is started by systemd on most systems. Therefore it is not firejailed by default |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | deny /tmp/.X11-unix |
12 | blacklist ${RUNUSER}/wayland-* | 12 | deny ${RUNUSER}/wayland-* |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/transgui.profile b/etc/profile-m-z/transgui.profile index ea118a9f0..d5920e2a2 100644 --- a/etc/profile-m-z/transgui.profile +++ b/etc/profile-m-z/transgui.profile | |||
@@ -6,7 +6,7 @@ include transgui.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/transgui | 9 | nodeny ${HOME}/.config/transgui |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/transgui | 20 | mkdir ${HOME}/.config/transgui |
21 | whitelist ${HOME}/.config/transgui | 21 | allow ${HOME}/.config/transgui |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/transmission-common.profile b/etc/profile-m-z/transmission-common.profile index 82671b709..5c2cf9d9a 100644 --- a/etc/profile-m-z/transmission-common.profile +++ b/etc/profile-m-z/transmission-common.profile | |||
@@ -7,8 +7,8 @@ include transmission-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/transmission | 10 | nodeny ${HOME}/.cache/transmission |
11 | noblacklist ${HOME}/.config/transmission | 11 | nodeny ${HOME}/.config/transmission |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-programs.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.cache/transmission | 20 | mkdir ${HOME}/.cache/transmission |
21 | mkdir ${HOME}/.config/transmission | 21 | mkdir ${HOME}/.config/transmission |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist ${HOME}/.cache/transmission | 23 | allow ${HOME}/.cache/transmission |
24 | whitelist ${HOME}/.config/transmission | 24 | allow ${HOME}/.config/transmission |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile index 348d3cb80..9f0c464fc 100644 --- a/etc/profile-m-z/transmission-daemon.profile +++ b/etc/profile-m-z/transmission-daemon.profile | |||
@@ -10,8 +10,8 @@ include globals.local | |||
10 | ignore caps.drop all | 10 | ignore caps.drop all |
11 | 11 | ||
12 | mkdir ${HOME}/.config/transmission-daemon | 12 | mkdir ${HOME}/.config/transmission-daemon |
13 | whitelist ${HOME}/.config/transmission-daemon | 13 | allow ${HOME}/.config/transmission-daemon |
14 | whitelist /var/lib/transmission | 14 | allow /var/lib/transmission |
15 | 15 | ||
16 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot | 16 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot |
17 | protocol packet | 17 | protocol packet |
diff --git a/etc/profile-m-z/transmission-remote-gtk.profile b/etc/profile-m-z/transmission-remote-gtk.profile index a6400e2c0..7c8eddcbc 100644 --- a/etc/profile-m-z/transmission-remote-gtk.profile +++ b/etc/profile-m-z/transmission-remote-gtk.profile | |||
@@ -7,10 +7,10 @@ include transmission-remote-gtk.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/transmission-remote-gtk | 10 | nodeny ${HOME}/.config/transmission-remote-gtk |
11 | 11 | ||
12 | mkdir ${HOME}/.config/transmission-remote-gtk | 12 | mkdir ${HOME}/.config/transmission-remote-gtk |
13 | whitelist ${HOME}/.config/transmission-remote-gtk | 13 | allow ${HOME}/.config/transmission-remote-gtk |
14 | 14 | ||
15 | private-etc fonts,hostname,hosts,resolv.conf | 15 | private-etc fonts,hostname,hosts,resolv.conf |
16 | # Problems with private-lib (see issue #2889) | 16 | # Problems with private-lib (see issue #2889) |
diff --git a/etc/profile-m-z/tremulous.profile b/etc/profile-m-z/tremulous.profile index aba563fac..c2797ddaa 100644 --- a/etc/profile-m-z/tremulous.profile +++ b/etc/profile-m-z/tremulous.profile | |||
@@ -6,7 +6,7 @@ include tremulous.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tremulous | 9 | nodeny ${HOME}/.tremulous |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.tremulous | 20 | mkdir ${HOME}/.tremulous |
21 | whitelist ${HOME}/.tremulous | 21 | allow ${HOME}/.tremulous |
22 | whitelist /usr/share/tremulous | 22 | allow /usr/share/tremulous |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile index 2d95081f6..95f39b35d 100644 --- a/etc/profile-m-z/trojita.profile +++ b/etc/profile-m-z/trojita.profile | |||
@@ -6,10 +6,10 @@ include trojita.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.abook | 9 | nodeny ${HOME}/.abook |
10 | noblacklist ${HOME}/.mozilla | 10 | nodeny ${HOME}/.mozilla |
11 | noblacklist ${HOME}/.cache/flaska.net/trojita | 11 | nodeny ${HOME}/.cache/flaska.net/trojita |
12 | noblacklist ${HOME}/.config/flaska.net | 12 | nodeny ${HOME}/.config/flaska.net |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -23,10 +23,10 @@ include disable-xdg.inc | |||
23 | mkdir ${HOME}/.abook | 23 | mkdir ${HOME}/.abook |
24 | mkdir ${HOME}/.cache/flaska.net/trojita | 24 | mkdir ${HOME}/.cache/flaska.net/trojita |
25 | mkdir ${HOME}/.config/flaska.net | 25 | mkdir ${HOME}/.config/flaska.net |
26 | whitelist ${HOME}/.abook | 26 | allow ${HOME}/.abook |
27 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 27 | allow ${HOME}/.mozilla/firefox/profiles.ini |
28 | whitelist ${HOME}/.cache/flaska.net/trojita | 28 | allow ${HOME}/.cache/flaska.net/trojita |
29 | whitelist ${HOME}/.config/flaska.net | 29 | allow ${HOME}/.config/flaska.net |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/truecraft.profile b/etc/profile-m-z/truecraft.profile index 749626475..76f289a27 100644 --- a/etc/profile-m-z/truecraft.profile +++ b/etc/profile-m-z/truecraft.profile | |||
@@ -5,8 +5,8 @@ include truecraft.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/mono | 8 | nodeny ${HOME}/.config/mono |
9 | noblacklist ${HOME}/.config/truecraft | 9 | nodeny ${HOME}/.config/truecraft |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | 17 | ||
18 | mkdir ${HOME}/.config/mono | 18 | mkdir ${HOME}/.config/mono |
19 | mkdir ${HOME}/.config/truecraft | 19 | mkdir ${HOME}/.config/truecraft |
20 | whitelist ${HOME}/.config/mono | 20 | allow ${HOME}/.config/mono |
21 | whitelist ${HOME}/.config/truecraft | 21 | allow ${HOME}/.config/truecraft |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-m-z/ts3client_runscript.sh.profile b/etc/profile-m-z/ts3client_runscript.sh.profile index 8d4675454..cd6ae96df 100644 --- a/etc/profile-m-z/ts3client_runscript.sh.profile +++ b/etc/profile-m-z/ts3client_runscript.sh.profile | |||
@@ -9,11 +9,11 @@ include ts3client_runscript.sh.local | |||
9 | 9 | ||
10 | ignore noexec ${HOME} | 10 | ignore noexec ${HOME} |
11 | 11 | ||
12 | noblacklist ${HOME}/TeamSpeak3-Client-linux_x86 | 12 | nodeny ${HOME}/TeamSpeak3-Client-linux_x86 |
13 | noblacklist ${HOME}/TeamSpeak3-Client-linux_amd64 | 13 | nodeny ${HOME}/TeamSpeak3-Client-linux_amd64 |
14 | 14 | ||
15 | whitelist ${HOME}/TeamSpeak3-Client-linux_x86 | 15 | allow ${HOME}/TeamSpeak3-Client-linux_x86 |
16 | whitelist ${HOME}/TeamSpeak3-Client-linux_amd64 | 16 | allow ${HOME}/TeamSpeak3-Client-linux_amd64 |
17 | 17 | ||
18 | # Redirect | 18 | # Redirect |
19 | include teamspeak3.profile | 19 | include teamspeak3.profile |
diff --git a/etc/profile-m-z/tutanota-desktop.profile b/etc/profile-m-z/tutanota-desktop.profile index d2cb0cc8a..e59a86ce6 100644 --- a/etc/profile-m-z/tutanota-desktop.profile +++ b/etc/profile-m-z/tutanota-desktop.profile | |||
@@ -6,8 +6,8 @@ include tutanota-desktop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/tuta_integration | 9 | nodeny ${HOME}/.config/tuta_integration |
10 | noblacklist ${HOME}/.config/tutanota-desktop | 10 | nodeny ${HOME}/.config/tutanota-desktop |
11 | 11 | ||
12 | ignore noexec /tmp | 12 | ignore noexec /tmp |
13 | 13 | ||
@@ -15,12 +15,12 @@ include disable-shell.inc | |||
15 | 15 | ||
16 | mkdir ${HOME}/.config/tuta_integration | 16 | mkdir ${HOME}/.config/tuta_integration |
17 | mkdir ${HOME}/.config/tutanota-desktop | 17 | mkdir ${HOME}/.config/tutanota-desktop |
18 | whitelist ${HOME}/.config/tuta_integration | 18 | allow ${HOME}/.config/tuta_integration |
19 | whitelist ${HOME}/.config/tutanota-desktop | 19 | allow ${HOME}/.config/tutanota-desktop |
20 | 20 | ||
21 | # These lines are needed to allow Firefox to open links | 21 | # These lines are needed to allow Firefox to open links |
22 | noblacklist ${HOME}/.mozilla | 22 | nodeny ${HOME}/.mozilla |
23 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 23 | allow ${HOME}/.mozilla/firefox/profiles.ini |
24 | read-only ${HOME}/.mozilla/firefox/profiles.ini | 24 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
25 | 25 | ||
26 | ?HAS_APPIMAGE: ignore private-dev | 26 | ?HAS_APPIMAGE: ignore private-dev |
diff --git a/etc/profile-m-z/tuxguitar.profile b/etc/profile-m-z/tuxguitar.profile index 3cd496412..5bb97e161 100644 --- a/etc/profile-m-z/tuxguitar.profile +++ b/etc/profile-m-z/tuxguitar.profile | |||
@@ -9,9 +9,9 @@ include globals.local | |||
9 | # tuxguitar fails to launch | 9 | # tuxguitar fails to launch |
10 | ignore noexec ${HOME} | 10 | ignore noexec ${HOME} |
11 | 11 | ||
12 | noblacklist ${HOME}/.tuxguitar* | 12 | nodeny ${HOME}/.tuxguitar* |
13 | noblacklist ${DOCUMENTS} | 13 | nodeny ${DOCUMENTS} |
14 | noblacklist ${MUSIC} | 14 | nodeny ${MUSIC} |
15 | 15 | ||
16 | # Allow java (blacklisted by disable-devel.inc) | 16 | # Allow java (blacklisted by disable-devel.inc) |
17 | include allow-java.inc | 17 | include allow-java.inc |
diff --git a/etc/profile-m-z/tvbrowser.profile b/etc/profile-m-z/tvbrowser.profile index dae7d86da..8febcd337 100644 --- a/etc/profile-m-z/tvbrowser.profile +++ b/etc/profile-m-z/tvbrowser.profile | |||
@@ -6,8 +6,8 @@ include tvbrowser.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/tvbrowser | 9 | nodeny ${HOME}/.config/tvbrowser |
10 | noblacklist ${HOME}/.tvbrowser | 10 | nodeny ${HOME}/.tvbrowser |
11 | 11 | ||
12 | # Allow java (blacklisted by disable-devel.inc) | 12 | # Allow java (blacklisted by disable-devel.inc) |
13 | include allow-java.inc | 13 | include allow-java.inc |
@@ -22,9 +22,9 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | mkdir ${HOME}/.config/tvbrowser | 23 | mkdir ${HOME}/.config/tvbrowser |
24 | mkdir ${HOME}/.tvbrowser | 24 | mkdir ${HOME}/.tvbrowser |
25 | whitelist ${HOME}/.config/tvbrowser | 25 | allow ${HOME}/.config/tvbrowser |
26 | whitelist ${HOME}/.tvbrowser | 26 | allow ${HOME}/.tvbrowser |
27 | whitelist /usr/share/tvbrowser | 27 | allow /usr/share/tvbrowser |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
30 | include whitelist-var-common.inc | 30 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile index 2f573c872..abcc885e6 100644 --- a/etc/profile-m-z/twitch.profile +++ b/etc/profile-m-z/twitch.profile | |||
@@ -10,12 +10,12 @@ include globals.local | |||
10 | ignore nou2f | 10 | ignore nou2f |
11 | ignore novideo | 11 | ignore novideo |
12 | 12 | ||
13 | noblacklist ${HOME}/.config/Twitch | 13 | nodeny ${HOME}/.config/Twitch |
14 | 14 | ||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.config/Twitch | 17 | mkdir ${HOME}/.config/Twitch |
18 | whitelist ${HOME}/.config/Twitch | 18 | allow ${HOME}/.config/Twitch |
19 | 19 | ||
20 | private-bin twitch | 20 | private-bin twitch |
21 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 21 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
diff --git a/etc/profile-m-z/uefitool.profile b/etc/profile-m-z/uefitool.profile index 3e4fdbb03..8c705c95f 100644 --- a/etc/profile-m-z/uefitool.profile +++ b/etc/profile-m-z/uefitool.profile | |||
@@ -5,7 +5,7 @@ include uefitool.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${DOCUMENTS} | 8 | nodeny ${DOCUMENTS} |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-m-z/uget-gtk.profile b/etc/profile-m-z/uget-gtk.profile index 4420099ff..eed2db541 100644 --- a/etc/profile-m-z/uget-gtk.profile +++ b/etc/profile-m-z/uget-gtk.profile | |||
@@ -5,7 +5,7 @@ include uget-gtk.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/uGet | 8 | nodeny ${HOME}/.config/uGet |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -14,8 +14,8 @@ include disable-programs.inc | |||
14 | include disable-shell.inc | 14 | include disable-shell.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.config/uGet | 16 | mkdir ${HOME}/.config/uGet |
17 | whitelist ${DOWNLOADS} | 17 | allow ${DOWNLOADS} |
18 | whitelist ${HOME}/.config/uGet | 18 | allow ${HOME}/.config/uGet |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/unbound.profile b/etc/profile-m-z/unbound.profile index 0c077babf..7e7b3fbec 100644 --- a/etc/profile-m-z/unbound.profile +++ b/etc/profile-m-z/unbound.profile | |||
@@ -6,11 +6,11 @@ include unbound.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /sbin | 9 | nodeny /sbin |
10 | noblacklist /usr/sbin | 10 | nodeny /usr/sbin |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | deny /tmp/.X11-unix |
13 | blacklist ${RUNUSER}/wayland-* | 13 | deny ${RUNUSER}/wayland-* |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | 24 | ||
25 | whitelist /var/lib/unbound | 25 | allow /var/lib/unbound |
26 | whitelist /var/run | 26 | allow /var/run |
27 | 27 | ||
28 | caps.keep net_admin,net_bind_service,setgid,setuid,sys_chroot,sys_resource | 28 | caps.keep net_admin,net_bind_service,setgid,setuid,sys_chroot,sys_resource |
29 | ipc-namespace | 29 | ipc-namespace |
diff --git a/etc/profile-m-z/unf.profile b/etc/profile-m-z/unf.profile index 6db7ba362..846271971 100644 --- a/etc/profile-m-z/unf.profile +++ b/etc/profile-m-z/unf.profile | |||
@@ -7,7 +7,7 @@ include unf.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/unknown-horizons.profile b/etc/profile-m-z/unknown-horizons.profile index 956492f52..3e1c6264d 100644 --- a/etc/profile-m-z/unknown-horizons.profile +++ b/etc/profile-m-z/unknown-horizons.profile | |||
@@ -6,7 +6,7 @@ include unknown-horizons.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.unknown-horizons | 9 | nodeny ${HOME}/.unknown-horizons |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-exec.inc | 12 | include disable-exec.inc |
@@ -14,10 +14,10 @@ include disable-passwdmgr.inc | |||
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.unknown-horizons | 16 | mkdir ${HOME}/.unknown-horizons |
17 | whitelist ${HOME}/.unknown-horizons | 17 | allow ${HOME}/.unknown-horizons |
18 | include whitelist-common.inc | 18 | include whitelist-common.inc |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | whitelist /usr/share/unknown-horizons | 20 | allow /usr/share/unknown-horizons |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile index 0231e3dba..99d2415ca 100644 --- a/etc/profile-m-z/unzip.profile +++ b/etc/profile-m-z/unzip.profile | |||
@@ -8,7 +8,7 @@ include unzip.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # GNOME Shell integration (chrome-gnome-shell) | 10 | # GNOME Shell integration (chrome-gnome-shell) |
11 | noblacklist ${HOME}/.local/share/gnome-shell | 11 | nodeny ${HOME}/.local/share/gnome-shell |
12 | 12 | ||
13 | private-etc alternatives,group,localtime,passwd | 13 | private-etc alternatives,group,localtime,passwd |
14 | 14 | ||
diff --git a/etc/profile-m-z/utox.profile b/etc/profile-m-z/utox.profile index dd881f091..3b0f7c646 100644 --- a/etc/profile-m-z/utox.profile +++ b/etc/profile-m-z/utox.profile | |||
@@ -6,8 +6,8 @@ include utox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Tox | 9 | nodeny ${HOME}/.cache/Tox |
10 | noblacklist ${HOME}/.config/tox | 10 | nodeny ${HOME}/.config/tox |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-shell.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.config/tox | 21 | mkdir ${HOME}/.config/tox |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist ${HOME}/.config/tox | 23 | allow ${HOME}/.config/tox |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/uudeview.profile b/etc/profile-m-z/uudeview.profile index 2adc044e5..3bda71666 100644 --- a/etc/profile-m-z/uudeview.profile +++ b/etc/profile-m-z/uudeview.profile | |||
@@ -7,7 +7,7 @@ include uudeview.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/uzbl-browser.profile b/etc/profile-m-z/uzbl-browser.profile index 41487a8f2..6899f4bf7 100644 --- a/etc/profile-m-z/uzbl-browser.profile +++ b/etc/profile-m-z/uzbl-browser.profile | |||
@@ -5,9 +5,9 @@ include uzbl-browser.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/uzbl | 8 | nodeny ${HOME}/.config/uzbl |
9 | noblacklist ${HOME}/.gnupg | 9 | nodeny ${HOME}/.gnupg |
10 | noblacklist ${HOME}/.local/share/uzbl | 10 | nodeny ${HOME}/.local/share/uzbl |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -22,11 +22,11 @@ mkdir ${HOME}/.config/uzbl | |||
22 | mkdir ${HOME}/.gnupg | 22 | mkdir ${HOME}/.gnupg |
23 | mkdir ${HOME}/.local/share/uzbl | 23 | mkdir ${HOME}/.local/share/uzbl |
24 | mkdir ${HOME}/.password-store | 24 | mkdir ${HOME}/.password-store |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | whitelist ${HOME}/.config/uzbl | 26 | allow ${HOME}/.config/uzbl |
27 | whitelist ${HOME}/.gnupg | 27 | allow ${HOME}/.gnupg |
28 | whitelist ${HOME}/.local/share/uzbl | 28 | allow ${HOME}/.local/share/uzbl |
29 | whitelist ${HOME}/.password-store | 29 | allow ${HOME}/.password-store |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | 31 | ||
32 | caps.drop all | 32 | caps.drop all |
diff --git a/etc/profile-m-z/viewnior.profile b/etc/profile-m-z/viewnior.profile index a9ba344dd..e0bf02706 100644 --- a/etc/profile-m-z/viewnior.profile +++ b/etc/profile-m-z/viewnior.profile | |||
@@ -6,11 +6,11 @@ include viewnior.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.Steam | 9 | nodeny ${HOME}/.Steam |
10 | noblacklist ${HOME}/.config/viewnior | 10 | nodeny ${HOME}/.config/viewnior |
11 | noblacklist ${HOME}/.steam | 11 | nodeny ${HOME}/.steam |
12 | 12 | ||
13 | blacklist ${HOME}/.bashrc | 13 | deny ${HOME}/.bashrc |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-m-z/viking.profile b/etc/profile-m-z/viking.profile index 8f8ef5939..b16f691d6 100644 --- a/etc/profile-m-z/viking.profile +++ b/etc/profile-m-z/viking.profile | |||
@@ -6,9 +6,9 @@ include viking.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.viking | 9 | nodeny ${HOME}/.viking |
10 | noblacklist ${HOME}/.viking-maps | 10 | nodeny ${HOME}/.viking-maps |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/vim.profile b/etc/profile-m-z/vim.profile index c3cfe5980..b535225dd 100644 --- a/etc/profile-m-z/vim.profile +++ b/etc/profile-m-z/vim.profile | |||
@@ -6,9 +6,9 @@ include vim.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.vim | 9 | nodeny ${HOME}/.vim |
10 | noblacklist ${HOME}/.viminfo | 10 | nodeny ${HOME}/.viminfo |
11 | noblacklist ${HOME}/.vimrc | 11 | nodeny ${HOME}/.vimrc |
12 | 12 | ||
13 | # Allows files commonly used by IDEs | 13 | # Allows files commonly used by IDEs |
14 | include allow-common-devel.inc | 14 | include allow-common-devel.inc |
diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile index c22fb0ff9..f28828338 100644 --- a/etc/profile-m-z/virtualbox.profile +++ b/etc/profile-m-z/virtualbox.profile | |||
@@ -6,12 +6,12 @@ include virtualbox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.VirtualBox | 9 | nodeny ${HOME}/.VirtualBox |
10 | noblacklist ${HOME}/.config/VirtualBox | 10 | nodeny ${HOME}/.config/VirtualBox |
11 | noblacklist ${HOME}/VirtualBox VMs | 11 | nodeny ${HOME}/VirtualBox VMs |
12 | # noblacklist /usr/bin/virtualbox | 12 | # noblacklist /usr/bin/virtualbox |
13 | noblacklist /usr/lib/virtualbox | 13 | nodeny /usr/lib/virtualbox |
14 | noblacklist /usr/lib64/virtualbox | 14 | nodeny /usr/lib64/virtualbox |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -23,10 +23,10 @@ include disable-xdg.inc | |||
23 | 23 | ||
24 | mkdir ${HOME}/.config/VirtualBox | 24 | mkdir ${HOME}/.config/VirtualBox |
25 | mkdir ${HOME}/VirtualBox VMs | 25 | mkdir ${HOME}/VirtualBox VMs |
26 | whitelist ${HOME}/.config/VirtualBox | 26 | allow ${HOME}/.config/VirtualBox |
27 | whitelist ${HOME}/VirtualBox VMs | 27 | allow ${HOME}/VirtualBox VMs |
28 | whitelist ${DOWNLOADS} | 28 | allow ${DOWNLOADS} |
29 | whitelist /usr/share/virtualbox | 29 | allow /usr/share/virtualbox |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/vivaldi.profile b/etc/profile-m-z/vivaldi.profile index fdeb0307f..3858405db 100644 --- a/etc/profile-m-z/vivaldi.profile +++ b/etc/profile-m-z/vivaldi.profile | |||
@@ -8,26 +8,26 @@ include globals.local | |||
8 | # Allow HTML5 Proprietary Media & DRM/EME (Widevine) | 8 | # Allow HTML5 Proprietary Media & DRM/EME (Widevine) |
9 | ignore apparmor | 9 | ignore apparmor |
10 | ignore noexec /var | 10 | ignore noexec /var |
11 | noblacklist /var/opt | 11 | nodeny /var/opt |
12 | whitelist /var/opt/vivaldi | 12 | allow /var/opt/vivaldi |
13 | writable-var | 13 | writable-var |
14 | 14 | ||
15 | noblacklist ${HOME}/.cache/vivaldi | 15 | nodeny ${HOME}/.cache/vivaldi |
16 | noblacklist ${HOME}/.cache/vivaldi-snapshot | 16 | nodeny ${HOME}/.cache/vivaldi-snapshot |
17 | noblacklist ${HOME}/.config/vivaldi | 17 | nodeny ${HOME}/.config/vivaldi |
18 | noblacklist ${HOME}/.config/vivaldi-snapshot | 18 | nodeny ${HOME}/.config/vivaldi-snapshot |
19 | noblacklist ${HOME}/.local/lib/vivaldi | 19 | nodeny ${HOME}/.local/lib/vivaldi |
20 | 20 | ||
21 | mkdir ${HOME}/.cache/vivaldi | 21 | mkdir ${HOME}/.cache/vivaldi |
22 | mkdir ${HOME}/.cache/vivaldi-snapshot | 22 | mkdir ${HOME}/.cache/vivaldi-snapshot |
23 | mkdir ${HOME}/.config/vivaldi | 23 | mkdir ${HOME}/.config/vivaldi |
24 | mkdir ${HOME}/.config/vivaldi-snapshot | 24 | mkdir ${HOME}/.config/vivaldi-snapshot |
25 | mkdir ${HOME}/.local/lib/vivaldi | 25 | mkdir ${HOME}/.local/lib/vivaldi |
26 | whitelist ${HOME}/.cache/vivaldi | 26 | allow ${HOME}/.cache/vivaldi |
27 | whitelist ${HOME}/.cache/vivaldi-snapshot | 27 | allow ${HOME}/.cache/vivaldi-snapshot |
28 | whitelist ${HOME}/.config/vivaldi | 28 | allow ${HOME}/.config/vivaldi |
29 | whitelist ${HOME}/.config/vivaldi-snapshot | 29 | allow ${HOME}/.config/vivaldi-snapshot |
30 | whitelist ${HOME}/.local/lib/vivaldi | 30 | allow ${HOME}/.local/lib/vivaldi |
31 | 31 | ||
32 | #private-bin bash,cat,dirname,readlink,rm,vivaldi,vivaldi-stable,vivaldi-snapshot | 32 | #private-bin bash,cat,dirname,readlink,rm,vivaldi,vivaldi-stable,vivaldi-snapshot |
33 | 33 | ||
diff --git a/etc/profile-m-z/vlc.profile b/etc/profile-m-z/vlc.profile index cd7dccd8a..ede2d4525 100644 --- a/etc/profile-m-z/vlc.profile +++ b/etc/profile-m-z/vlc.profile | |||
@@ -6,10 +6,10 @@ include vlc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/vlc | 9 | nodeny ${HOME}/.cache/vlc |
10 | noblacklist ${HOME}/.config/vlc | 10 | nodeny ${HOME}/.config/vlc |
11 | noblacklist ${HOME}/.config/aacs | 11 | nodeny ${HOME}/.config/aacs |
12 | noblacklist ${HOME}/.local/share/vlc | 12 | nodeny ${HOME}/.local/share/vlc |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -22,10 +22,10 @@ read-only ${DESKTOP} | |||
22 | mkdir ${HOME}/.cache/vlc | 22 | mkdir ${HOME}/.cache/vlc |
23 | mkdir ${HOME}/.config/vlc | 23 | mkdir ${HOME}/.config/vlc |
24 | mkdir ${HOME}/.local/share/vlc | 24 | mkdir ${HOME}/.local/share/vlc |
25 | whitelist ${HOME}/.cache/vlc | 25 | allow ${HOME}/.cache/vlc |
26 | whitelist ${HOME}/.config/vlc | 26 | allow ${HOME}/.config/vlc |
27 | whitelist ${HOME}/.config/aacs | 27 | allow ${HOME}/.config/aacs |
28 | whitelist ${HOME}/.local/share/vlc | 28 | allow ${HOME}/.local/share/vlc |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-player-common.inc | 30 | include whitelist-player-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/vmware-view.profile b/etc/profile-m-z/vmware-view.profile index f07c31b68..f23e90e84 100644 --- a/etc/profile-m-z/vmware-view.profile +++ b/etc/profile-m-z/vmware-view.profile | |||
@@ -6,10 +6,10 @@ include vmware-view.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.vmware | 9 | nodeny ${HOME}/.vmware |
10 | 10 | ||
11 | noblacklist /sbin | 11 | nodeny /sbin |
12 | noblacklist /usr/sbin | 12 | nodeny /usr/sbin |
13 | 13 | ||
14 | include allow-bin-sh.inc | 14 | include allow-bin-sh.inc |
15 | 15 | ||
@@ -23,7 +23,7 @@ include disable-shell.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.vmware | 25 | mkdir ${HOME}/.vmware |
26 | whitelist ${HOME}/.vmware | 26 | allow ${HOME}/.vmware |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/vmware.profile b/etc/profile-m-z/vmware.profile index 5241e27b3..3a535588f 100644 --- a/etc/profile-m-z/vmware.profile +++ b/etc/profile-m-z/vmware.profile | |||
@@ -6,8 +6,8 @@ include vmware.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/vmware | 9 | nodeny ${HOME}/.cache/vmware |
10 | noblacklist ${HOME}/.vmware | 10 | nodeny ${HOME}/.vmware |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.cache/vmware | 20 | mkdir ${HOME}/.cache/vmware |
21 | mkdir ${HOME}/.vmware | 21 | mkdir ${HOME}/.vmware |
22 | whitelist ${HOME}/.cache/vmware | 22 | allow ${HOME}/.cache/vmware |
23 | whitelist ${HOME}/.vmware | 23 | allow ${HOME}/.vmware |
24 | # Add the next lines to your vmware.local if you need to use "shared VM". | 24 | # Add the next lines to your vmware.local if you need to use "shared VM". |
25 | #whitelist /var/lib/vmware | 25 | #whitelist /var/lib/vmware |
26 | #writable-var | 26 | #writable-var |
diff --git a/etc/profile-m-z/vscodium.profile b/etc/profile-m-z/vscodium.profile index a4a4fb7d8..7996113f5 100644 --- a/etc/profile-m-z/vscodium.profile +++ b/etc/profile-m-z/vscodium.profile | |||
@@ -6,7 +6,7 @@ include vscodium.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.VSCodium | 9 | nodeny ${HOME}/.VSCodium |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include code.profile | 12 | include code.profile |
diff --git a/etc/profile-m-z/vulturesclaw.profile b/etc/profile-m-z/vulturesclaw.profile index fa6ddf1fb..a6c38c1f1 100644 --- a/etc/profile-m-z/vulturesclaw.profile +++ b/etc/profile-m-z/vulturesclaw.profile | |||
@@ -6,8 +6,8 @@ include vulturesclaw.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist /var/games/vulturesclaw | 9 | nodeny /var/games/vulturesclaw |
10 | whitelist /var/games/vulturesclaw | 10 | allow /var/games/vulturesclaw |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
13 | include nethack-vultures.profile | 13 | include nethack-vultures.profile |
diff --git a/etc/profile-m-z/vultureseye.profile b/etc/profile-m-z/vultureseye.profile index 49d3fa94f..763c50bf6 100644 --- a/etc/profile-m-z/vultureseye.profile +++ b/etc/profile-m-z/vultureseye.profile | |||
@@ -6,8 +6,8 @@ include vultureseye.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist /var/games/vultureseye | 9 | nodeny /var/games/vultureseye |
10 | whitelist /var/games/vultureseye | 10 | allow /var/games/vultureseye |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
13 | include nethack-vultures.profile | 13 | include nethack-vultures.profile |
diff --git a/etc/profile-m-z/vym.profile b/etc/profile-m-z/vym.profile index 5421c4e4b..1f2462c32 100644 --- a/etc/profile-m-z/vym.profile +++ b/etc/profile-m-z/vym.profile | |||
@@ -6,7 +6,7 @@ include vym.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/InSilmaril | 9 | nodeny ${HOME}/.config/InSilmaril |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile index 69b2c6c59..6b38bbf13 100644 --- a/etc/profile-m-z/w3m.profile +++ b/etc/profile-m-z/w3m.profile | |||
@@ -12,10 +12,10 @@ include globals.local | |||
12 | #ignore private-dev | 12 | #ignore private-dev |
13 | #ignore private-etc | 13 | #ignore private-etc |
14 | 14 | ||
15 | noblacklist ${HOME}/.w3m | 15 | nodeny ${HOME}/.w3m |
16 | 16 | ||
17 | blacklist /tmp/.X11-unix | 17 | deny /tmp/.X11-unix |
18 | blacklist ${RUNUSER}/wayland-* | 18 | deny ${RUNUSER}/wayland-* |
19 | 19 | ||
20 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 20 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
21 | include allow-bin-sh.inc | 21 | include allow-bin-sh.inc |
@@ -33,9 +33,9 @@ include disable-shell.inc | |||
33 | include disable-xdg.inc | 33 | include disable-xdg.inc |
34 | 34 | ||
35 | mkdir ${HOME}/.w3m | 35 | mkdir ${HOME}/.w3m |
36 | whitelist /usr/share/w3m | 36 | allow /usr/share/w3m |
37 | whitelist ${DOWNLOADS} | 37 | allow ${DOWNLOADS} |
38 | whitelist ${HOME}/.w3m | 38 | allow ${HOME}/.w3m |
39 | include whitelist-runuser-common.inc | 39 | include whitelist-runuser-common.inc |
40 | include whitelist-usr-share-common.inc | 40 | include whitelist-usr-share-common.inc |
41 | include whitelist-var-common.inc | 41 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/warmux.profile b/etc/profile-m-z/warmux.profile index 1227a202c..6658ac5db 100644 --- a/etc/profile-m-z/warmux.profile +++ b/etc/profile-m-z/warmux.profile | |||
@@ -6,9 +6,9 @@ include warmux.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/wormux | 9 | nodeny ${HOME}/.config/wormux |
10 | noblacklist ${HOME}/.local/share/wormux | 10 | nodeny ${HOME}/.local/share/wormux |
11 | noblacklist ${HOME}/.wormux | 11 | nodeny ${HOME}/.wormux |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,10 +22,10 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.config/wormux | 22 | mkdir ${HOME}/.config/wormux |
23 | mkdir ${HOME}/.local/share/wormux | 23 | mkdir ${HOME}/.local/share/wormux |
24 | mkdir ${HOME}/.wormux | 24 | mkdir ${HOME}/.wormux |
25 | whitelist ${HOME}/.config/wormux | 25 | allow ${HOME}/.config/wormux |
26 | whitelist ${HOME}/.local/share/wormux | 26 | allow ${HOME}/.local/share/wormux |
27 | whitelist ${HOME}/.wormux | 27 | allow ${HOME}/.wormux |
28 | whitelist /usr/share/warmux | 28 | allow /usr/share/warmux |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/warsow.profile b/etc/profile-m-z/warsow.profile index e0cd3daad..fac4d0555 100644 --- a/etc/profile-m-z/warsow.profile +++ b/etc/profile-m-z/warsow.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/warsow-2.1 | 11 | nodeny ${HOME}/.cache/warsow-2.1 |
12 | noblacklist ${HOME}/.local/share/warsow-2.1 | 12 | nodeny ${HOME}/.local/share/warsow-2.1 |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -22,9 +22,9 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | mkdir ${HOME}/.cache/warsow-2.1 | 23 | mkdir ${HOME}/.cache/warsow-2.1 |
24 | mkdir ${HOME}/.local/share/warsow-2.1 | 24 | mkdir ${HOME}/.local/share/warsow-2.1 |
25 | whitelist ${HOME}/.cache/warsow-2.1 | 25 | allow ${HOME}/.cache/warsow-2.1 |
26 | whitelist ${HOME}/.local/share/warsow-2.1 | 26 | allow ${HOME}/.local/share/warsow-2.1 |
27 | whitelist /usr/share/warsow | 27 | allow /usr/share/warsow |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/warzone2100.profile b/etc/profile-m-z/warzone2100.profile index 420e8927e..081ae349b 100644 --- a/etc/profile-m-z/warzone2100.profile +++ b/etc/profile-m-z/warzone2100.profile | |||
@@ -6,7 +6,7 @@ include warzone2100.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.warzone2100-3.* | 9 | nodeny ${HOME}/.warzone2100-3.* |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.warzone2100-3.1 | 19 | mkdir ${HOME}/.warzone2100-3.1 |
20 | mkdir ${HOME}/.warzone2100-3.2 | 20 | mkdir ${HOME}/.warzone2100-3.2 |
21 | whitelist ${HOME}/.warzone2100-3.1 | 21 | allow ${HOME}/.warzone2100-3.1 |
22 | whitelist ${HOME}/.warzone2100-3.2 | 22 | allow ${HOME}/.warzone2100-3.2 |
23 | whitelist /usr/share/games | 23 | allow /usr/share/games |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/waterfox.profile b/etc/profile-m-z/waterfox.profile index 18f1ca79a..4081b29b9 100644 --- a/etc/profile-m-z/waterfox.profile +++ b/etc/profile-m-z/waterfox.profile | |||
@@ -5,13 +5,13 @@ include waterfox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/waterfox | 8 | nodeny ${HOME}/.cache/waterfox |
9 | noblacklist ${HOME}/.waterfox | 9 | nodeny ${HOME}/.waterfox |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/waterfox | 11 | mkdir ${HOME}/.cache/waterfox |
12 | mkdir ${HOME}/.waterfox | 12 | mkdir ${HOME}/.waterfox |
13 | whitelist ${HOME}/.cache/waterfox | 13 | allow ${HOME}/.cache/waterfox |
14 | whitelist ${HOME}/.waterfox | 14 | allow ${HOME}/.waterfox |
15 | 15 | ||
16 | # Add the next lines to your watefox.local if you want to use the migration wizard. | 16 | # Add the next lines to your watefox.local if you want to use the migration wizard. |
17 | #noblacklist ${HOME}/.mozilla | 17 | #noblacklist ${HOME}/.mozilla |
diff --git a/etc/profile-m-z/webstorm.profile b/etc/profile-m-z/webstorm.profile index 69e96d0cd..1f42dae2c 100644 --- a/etc/profile-m-z/webstorm.profile +++ b/etc/profile-m-z/webstorm.profile | |||
@@ -5,12 +5,12 @@ include webstorm.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.WebStorm* | 8 | nodeny ${HOME}/.WebStorm* |
9 | noblacklist ${HOME}/.android | 9 | nodeny ${HOME}/.android |
10 | noblacklist ${HOME}/.local/share/JetBrains | 10 | nodeny ${HOME}/.local/share/JetBrains |
11 | noblacklist ${HOME}/.tooling | 11 | nodeny ${HOME}/.tooling |
12 | # Allow KDE file manager to open with log directories (blacklisted by disable-programs.inc) | 12 | # Allow KDE file manager to open with log directories (blacklisted by disable-programs.inc) |
13 | noblacklist ${HOME}/.config/dolphinrc | 13 | nodeny ${HOME}/.config/dolphinrc |
14 | 14 | ||
15 | # Allows files commonly used by IDEs | 15 | # Allows files commonly used by IDEs |
16 | include allow-common-devel.inc | 16 | include allow-common-devel.inc |
@@ -18,8 +18,8 @@ include allow-common-devel.inc | |||
18 | # Allow ssh (blacklisted by disable-common.inc) | 18 | # Allow ssh (blacklisted by disable-common.inc) |
19 | include allow-ssh.inc | 19 | include allow-ssh.inc |
20 | 20 | ||
21 | noblacklist ${PATH}/node | 21 | nodeny ${PATH}/node |
22 | noblacklist ${HOME}/.nvm | 22 | nodeny ${HOME}/.nvm |
23 | 23 | ||
24 | include disable-common.inc | 24 | include disable-common.inc |
25 | include disable-devel.inc | 25 | include disable-devel.inc |
diff --git a/etc/profile-m-z/webui-aria2.profile b/etc/profile-m-z/webui-aria2.profile index d5a998f35..d1bbcfb67 100644 --- a/etc/profile-m-z/webui-aria2.profile +++ b/etc/profile-m-z/webui-aria2.profile | |||
@@ -6,7 +6,7 @@ include webui-aria2.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PATH}/node | 9 | nodeny ${PATH}/node |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/weechat.profile b/etc/profile-m-z/weechat.profile index 76935212f..99941a590 100644 --- a/etc/profile-m-z/weechat.profile +++ b/etc/profile-m-z/weechat.profile | |||
@@ -6,12 +6,12 @@ include weechat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.weechat | 9 | nodeny ${HOME}/.weechat |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-programs.inc | 12 | include disable-programs.inc |
13 | 13 | ||
14 | whitelist /usr/share/weechat | 14 | allow /usr/share/weechat |
15 | include whitelist-usr-share-common.inc | 15 | include whitelist-usr-share-common.inc |
16 | include whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
17 | 17 | ||
diff --git a/etc/profile-m-z/wesnoth.profile b/etc/profile-m-z/wesnoth.profile index 199b3c6f0..47b923e6a 100644 --- a/etc/profile-m-z/wesnoth.profile +++ b/etc/profile-m-z/wesnoth.profile | |||
@@ -6,9 +6,9 @@ include wesnoth.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/wesnoth | 9 | nodeny ${HOME}/.cache/wesnoth |
10 | noblacklist ${HOME}/.config/wesnoth | 10 | nodeny ${HOME}/.config/wesnoth |
11 | noblacklist ${HOME}/.local/share/wesnoth | 11 | nodeny ${HOME}/.local/share/wesnoth |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-programs.inc | |||
19 | mkdir ${HOME}/.cache/wesnoth | 19 | mkdir ${HOME}/.cache/wesnoth |
20 | mkdir ${HOME}/.config/wesnoth | 20 | mkdir ${HOME}/.config/wesnoth |
21 | mkdir ${HOME}/.local/share/wesnoth | 21 | mkdir ${HOME}/.local/share/wesnoth |
22 | whitelist ${HOME}/.cache/wesnoth | 22 | allow ${HOME}/.cache/wesnoth |
23 | whitelist ${HOME}/.config/wesnoth | 23 | allow ${HOME}/.config/wesnoth |
24 | whitelist ${HOME}/.local/share/wesnoth | 24 | allow ${HOME}/.local/share/wesnoth |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-m-z/wget.profile b/etc/profile-m-z/wget.profile index 53c4711bd..3c4a4eb63 100644 --- a/etc/profile-m-z/wget.profile +++ b/etc/profile-m-z/wget.profile | |||
@@ -7,12 +7,12 @@ include wget.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.netrc | 10 | nodeny ${HOME}/.netrc |
11 | noblacklist ${HOME}/.wget-hsts | 11 | nodeny ${HOME}/.wget-hsts |
12 | noblacklist ${HOME}/.wgetrc | 12 | nodeny ${HOME}/.wgetrc |
13 | 13 | ||
14 | blacklist /tmp/.X11-unix | 14 | deny /tmp/.X11-unix |
15 | blacklist ${RUNUSER} | 15 | deny ${RUNUSER} |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/profile-m-z/whalebird.profile b/etc/profile-m-z/whalebird.profile index 22a84274d..fdbd406c2 100644 --- a/etc/profile-m-z/whalebird.profile +++ b/etc/profile-m-z/whalebird.profile | |||
@@ -13,10 +13,10 @@ ignore include whitelist-usr-share-common.inc | |||
13 | ignore dbus-user none | 13 | ignore dbus-user none |
14 | ignore dbus-system none | 14 | ignore dbus-system none |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/Whalebird | 16 | nodeny ${HOME}/.config/Whalebird |
17 | 17 | ||
18 | mkdir ${HOME}/.config/Whalebird | 18 | mkdir ${HOME}/.config/Whalebird |
19 | whitelist ${HOME}/.config/Whalebird | 19 | allow ${HOME}/.config/Whalebird |
20 | 20 | ||
21 | no3d | 21 | no3d |
22 | 22 | ||
diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile index 93871a5a4..35d7fe9cb 100644 --- a/etc/profile-m-z/whois.profile +++ b/etc/profile-m-z/whois.profile | |||
@@ -7,8 +7,8 @@ include whois.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | deny ${RUNUSER} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/widelands.profile b/etc/profile-m-z/widelands.profile index 0dc26b11d..8f5adb0fc 100644 --- a/etc/profile-m-z/widelands.profile +++ b/etc/profile-m-z/widelands.profile | |||
@@ -6,7 +6,7 @@ include widelands.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.widelands | 9 | nodeny ${HOME}/.widelands |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.widelands | 20 | mkdir ${HOME}/.widelands |
21 | whitelist ${HOME}/.widelands | 21 | allow ${HOME}/.widelands |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/wine.profile b/etc/profile-m-z/wine.profile index 0ea24aafd..6bc68c829 100644 --- a/etc/profile-m-z/wine.profile +++ b/etc/profile-m-z/wine.profile | |||
@@ -6,13 +6,13 @@ include wine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/winetricks | 9 | nodeny ${HOME}/.cache/winetricks |
10 | noblacklist ${HOME}/.Steam | 10 | nodeny ${HOME}/.Steam |
11 | noblacklist ${HOME}/.local/share/Steam | 11 | nodeny ${HOME}/.local/share/Steam |
12 | noblacklist ${HOME}/.local/share/steam | 12 | nodeny ${HOME}/.local/share/steam |
13 | noblacklist ${HOME}/.steam | 13 | nodeny ${HOME}/.steam |
14 | noblacklist ${HOME}/.wine | 14 | nodeny ${HOME}/.wine |
15 | noblacklist /tmp/.wine-* | 15 | nodeny /tmp/.wine-* |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/profile-m-z/wire-desktop.profile b/etc/profile-m-z/wire-desktop.profile index 151cd2adb..5f40bbd48 100644 --- a/etc/profile-m-z/wire-desktop.profile +++ b/etc/profile-m-z/wire-desktop.profile | |||
@@ -20,10 +20,10 @@ ignore private-cache | |||
20 | ignore dbus-user none | 20 | ignore dbus-user none |
21 | ignore dbus-system none | 21 | ignore dbus-system none |
22 | 22 | ||
23 | noblacklist ${HOME}/.config/Wire | 23 | nodeny ${HOME}/.config/Wire |
24 | 24 | ||
25 | mkdir ${HOME}/.config/Wire | 25 | mkdir ${HOME}/.config/Wire |
26 | whitelist ${HOME}/.config/Wire | 26 | allow ${HOME}/.config/Wire |
27 | 27 | ||
28 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop | 28 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop |
29 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl | 29 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl |
diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile index 1824026a8..f3f347283 100644 --- a/etc/profile-m-z/wireshark.profile +++ b/etc/profile-m-z/wireshark.profile | |||
@@ -6,9 +6,9 @@ include wireshark.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/wireshark | 9 | nodeny ${HOME}/.config/wireshark |
10 | noblacklist ${HOME}/.wireshark | 10 | nodeny ${HOME}/.wireshark |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc | |||
21 | include disable-programs.inc | 21 | include disable-programs.inc |
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | whitelist /usr/share/wireshark | 24 | allow /usr/share/wireshark |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-m-z/wordwarvi.profile b/etc/profile-m-z/wordwarvi.profile index 9c724a5d2..1f1541a20 100644 --- a/etc/profile-m-z/wordwarvi.profile +++ b/etc/profile-m-z/wordwarvi.profile | |||
@@ -6,7 +6,7 @@ include wordwarvi.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.wordwarvi | 9 | nodeny ${HOME}/.wordwarvi |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.wordwarvi | 20 | mkdir ${HOME}/.wordwarvi |
21 | whitelist ${HOME}/.wordwarvi | 21 | allow ${HOME}/.wordwarvi |
22 | whitelist /usr/share/wordwarvi | 22 | allow /usr/share/wordwarvi |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/wps.profile b/etc/profile-m-z/wps.profile index a44b6490e..6d16dfb04 100644 --- a/etc/profile-m-z/wps.profile +++ b/etc/profile-m-z/wps.profile | |||
@@ -6,9 +6,9 @@ include wps.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.kingsoft | 9 | nodeny ${HOME}/.kingsoft |
10 | noblacklist ${HOME}/.config/Kingsoft | 10 | nodeny ${HOME}/.config/Kingsoft |
11 | noblacklist ${HOME}/.local/share/Kingsoft | 11 | nodeny ${HOME}/.local/share/Kingsoft |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/x2goclient.profile b/etc/profile-m-z/x2goclient.profile index 557f07cd9..311746cd9 100644 --- a/etc/profile-m-z/x2goclient.profile +++ b/etc/profile-m-z/x2goclient.profile | |||
@@ -6,8 +6,8 @@ include x2goclient.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.x2go | 9 | nodeny ${HOME}/.x2go |
10 | noblacklist ${HOME}/.x2goclient | 10 | nodeny ${HOME}/.x2goclient |
11 | 11 | ||
12 | # Allow ssh (blacklisted by disable-common.inc) | 12 | # Allow ssh (blacklisted by disable-common.inc) |
13 | include allow-ssh.inc | 13 | include allow-ssh.inc |
diff --git a/etc/profile-m-z/xbill.profile b/etc/profile-m-z/xbill.profile index 384f76acc..e545aa3a0 100644 --- a/etc/profile-m-z/xbill.profile +++ b/etc/profile-m-z/xbill.profile | |||
@@ -15,8 +15,8 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/xbill | 18 | allow /usr/share/xbill |
19 | whitelist /var/games/xbill/scores | 19 | allow /var/games/xbill/scores |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/xchat.profile b/etc/profile-m-z/xchat.profile index a94444aab..7d0adbcc2 100644 --- a/etc/profile-m-z/xchat.profile +++ b/etc/profile-m-z/xchat.profile | |||
@@ -6,7 +6,7 @@ include xchat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/xchat | 9 | nodeny ${HOME}/.config/xchat |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xed.profile b/etc/profile-m-z/xed.profile index 4a3022e83..5db709bd1 100644 --- a/etc/profile-m-z/xed.profile +++ b/etc/profile-m-z/xed.profile | |||
@@ -5,10 +5,10 @@ include xed.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/xed | 8 | nodeny ${HOME}/.config/xed |
9 | noblacklist ${HOME}/.python-history | 9 | nodeny ${HOME}/.python-history |
10 | noblacklist ${HOME}/.python_history | 10 | nodeny ${HOME}/.python_history |
11 | noblacklist ${HOME}/.pythonhist | 11 | nodeny ${HOME}/.pythonhist |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-m-z/xfburn.profile b/etc/profile-m-z/xfburn.profile index cd9561e74..297ff6164 100644 --- a/etc/profile-m-z/xfburn.profile +++ b/etc/profile-m-z/xfburn.profile | |||
@@ -6,7 +6,7 @@ include xfburn.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/xfburn | 9 | nodeny ${HOME}/.config/xfburn |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xfce4-dict.profile b/etc/profile-m-z/xfce4-dict.profile index ecd321c7e..8ecd84116 100644 --- a/etc/profile-m-z/xfce4-dict.profile +++ b/etc/profile-m-z/xfce4-dict.profile | |||
@@ -6,7 +6,7 @@ include xfce4-dict.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/xfce4-dict | 9 | nodeny ${HOME}/.config/xfce4-dict |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xfce4-mixer.profile b/etc/profile-m-z/xfce4-mixer.profile index bb38dbebd..8a6f9e921 100644 --- a/etc/profile-m-z/xfce4-mixer.profile +++ b/etc/profile-m-z/xfce4-mixer.profile | |||
@@ -6,7 +6,7 @@ include xfce4-mixer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml | 9 | nodeny ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,10 +18,10 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml | 20 | mkfile ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml |
21 | whitelist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml | 21 | allow ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml |
22 | whitelist /usr/share/gstreamer-* | 22 | allow /usr/share/gstreamer-* |
23 | whitelist /usr/share/xfce4 | 23 | allow /usr/share/xfce4 |
24 | whitelist /usr/share/xfce4-mixer | 24 | allow /usr/share/xfce4-mixer |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/xfce4-notes.profile b/etc/profile-m-z/xfce4-notes.profile index ebfb4333c..fe88f9b27 100644 --- a/etc/profile-m-z/xfce4-notes.profile +++ b/etc/profile-m-z/xfce4-notes.profile | |||
@@ -6,9 +6,9 @@ include xfce4-notes.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc | 9 | nodeny ${HOME}/.config/xfce4/xfce4-notes.gtkrc |
10 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc | 10 | nodeny ${HOME}/.config/xfce4/xfce4-notes.rc |
11 | noblacklist ${HOME}/.local/share/notes | 11 | nodeny ${HOME}/.local/share/notes |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xfce4-screenshooter.profile b/etc/profile-m-z/xfce4-screenshooter.profile index b1e5bafbf..baf222354 100644 --- a/etc/profile-m-z/xfce4-screenshooter.profile +++ b/etc/profile-m-z/xfce4-screenshooter.profile | |||
@@ -6,7 +6,7 @@ include xfce4-screenshooter.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist /usr/share/xfce4 | 20 | allow /usr/share/xfce4 |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/xiphos.profile b/etc/profile-m-z/xiphos.profile index 81d98db7a..5c11cbd66 100644 --- a/etc/profile-m-z/xiphos.profile +++ b/etc/profile-m-z/xiphos.profile | |||
@@ -6,10 +6,10 @@ include xiphos.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.sword | 9 | nodeny ${HOME}/.sword |
10 | noblacklist ${HOME}/.xiphos | 10 | nodeny ${HOME}/.xiphos |
11 | 11 | ||
12 | blacklist ${HOME}/.bashrc | 12 | deny ${HOME}/.bashrc |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -21,8 +21,8 @@ include disable-shell.inc | |||
21 | 21 | ||
22 | mkdir ${HOME}/.sword | 22 | mkdir ${HOME}/.sword |
23 | mkdir ${HOME}/.xiphos | 23 | mkdir ${HOME}/.xiphos |
24 | whitelist ${HOME}/.sword | 24 | allow ${HOME}/.sword |
25 | whitelist ${HOME}/.xiphos | 25 | allow ${HOME}/.xiphos |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-m-z/xlinks.profile b/etc/profile-m-z/xlinks.profile index d5e25cfe7..da4801101 100644 --- a/etc/profile-m-z/xlinks.profile +++ b/etc/profile-m-z/xlinks.profile | |||
@@ -7,7 +7,7 @@ include xlinks.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist /tmp/.X11-unix | 10 | nodeny /tmp/.X11-unix |
11 | 11 | ||
12 | include whitelist-common.inc | 12 | include whitelist-common.inc |
13 | 13 | ||
diff --git a/etc/profile-m-z/xlinks2 b/etc/profile-m-z/xlinks2 index 1ae6a60ca..a7612cb2a 100644 --- a/etc/profile-m-z/xlinks2 +++ b/etc/profile-m-z/xlinks2 | |||
@@ -7,7 +7,7 @@ include xlinks2.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist /tmp/.X11-unix | 10 | nodeny /tmp/.X11-unix |
11 | 11 | ||
12 | include whitelist-common.inc | 12 | include whitelist-common.inc |
13 | 13 | ||
diff --git a/etc/profile-m-z/xmms.profile b/etc/profile-m-z/xmms.profile index 25261d925..1ed35f29a 100644 --- a/etc/profile-m-z/xmms.profile +++ b/etc/profile-m-z/xmms.profile | |||
@@ -5,8 +5,8 @@ include xmms.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.xmms | 8 | nodeny ${HOME}/.xmms |
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xmr-stak.profile b/etc/profile-m-z/xmr-stak.profile index e7020f36b..c97c12f56 100644 --- a/etc/profile-m-z/xmr-stak.profile +++ b/etc/profile-m-z/xmr-stak.profile | |||
@@ -5,7 +5,7 @@ include xmr-stak.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.xmr-stak | 8 | nodeny ${HOME}/.xmr-stak |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile index 53c9a0a08..94a09198c 100644 --- a/etc/profile-m-z/xonotic.profile +++ b/etc/profile-m-z/xonotic.profile | |||
@@ -6,7 +6,7 @@ include xonotic.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.xonotic | 9 | nodeny ${HOME}/.xonotic |
10 | 10 | ||
11 | include allow-bin-sh.inc | 11 | include allow-bin-sh.inc |
12 | include allow-opengl-game.inc | 12 | include allow-opengl-game.inc |
@@ -21,8 +21,8 @@ include disable-shell.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.xonotic | 23 | mkdir ${HOME}/.xonotic |
24 | whitelist ${HOME}/.xonotic | 24 | allow ${HOME}/.xonotic |
25 | whitelist /usr/share/xonotic | 25 | allow /usr/share/xonotic |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/xournal.profile b/etc/profile-m-z/xournal.profile index c4f092d50..34a188a4e 100644 --- a/etc/profile-m-z/xournal.profile +++ b/etc/profile-m-z/xournal.profile | |||
@@ -6,7 +6,7 @@ include xournal.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist /usr/share/xournal | 20 | allow /usr/share/xournal |
21 | whitelist /usr/share/poppler | 21 | allow /usr/share/poppler |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/xournalpp.profile b/etc/profile-m-z/xournalpp.profile index 988b878b9..f82d2a5d3 100644 --- a/etc/profile-m-z/xournalpp.profile +++ b/etc/profile-m-z/xournalpp.profile | |||
@@ -7,13 +7,13 @@ include xournalpp.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.xournalpp | 10 | nodeny ${HOME}/.xournalpp |
11 | 11 | ||
12 | include allow-lua.inc | 12 | include allow-lua.inc |
13 | 13 | ||
14 | whitelist /usr/share/texlive | 14 | allow /usr/share/texlive |
15 | whitelist /usr/share/xournalpp | 15 | allow /usr/share/xournalpp |
16 | whitelist /var/lib/texmf | 16 | allow /var/lib/texmf |
17 | include whitelist-runuser-common.inc | 17 | include whitelist-runuser-common.inc |
18 | 18 | ||
19 | #mkdir ${HOME}/.xournalpp | 19 | #mkdir ${HOME}/.xournalpp |
diff --git a/etc/profile-m-z/xpdf.profile b/etc/profile-m-z/xpdf.profile index 1447ec9a7..9da63b52a 100644 --- a/etc/profile-m-z/xpdf.profile +++ b/etc/profile-m-z/xpdf.profile | |||
@@ -6,8 +6,8 @@ include xpdf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.xpdfrc | 9 | nodeny ${HOME}/.xpdfrc |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xplayer.profile b/etc/profile-m-z/xplayer.profile index c3bb3292c..4af4586e3 100644 --- a/etc/profile-m-z/xplayer.profile +++ b/etc/profile-m-z/xplayer.profile | |||
@@ -5,8 +5,8 @@ include xplayer.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/xplayer | 8 | nodeny ${HOME}/.config/xplayer |
9 | noblacklist ${HOME}/.local/share/xplayer | 9 | nodeny ${HOME}/.local/share/xplayer |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,8 +22,8 @@ include disable-programs.inc | |||
22 | read-only ${DESKTOP} | 22 | read-only ${DESKTOP} |
23 | mkdir ${HOME}/.config/xplayer | 23 | mkdir ${HOME}/.config/xplayer |
24 | mkdir ${HOME}/.local/share/xplayer | 24 | mkdir ${HOME}/.local/share/xplayer |
25 | whitelist ${HOME}/.config/xplayer | 25 | allow ${HOME}/.config/xplayer |
26 | whitelist ${HOME}/.local/share/xplayer | 26 | allow ${HOME}/.local/share/xplayer |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-player-common.inc | 28 | include whitelist-player-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/xpra.profile b/etc/profile-m-z/xpra.profile index 6e409e1aa..28fbc94dd 100644 --- a/etc/profile-m-z/xpra.profile +++ b/etc/profile-m-z/xpra.profile | |||
@@ -25,7 +25,7 @@ include disable-interpreters.inc | |||
25 | include disable-passwdmgr.inc | 25 | include disable-passwdmgr.inc |
26 | include disable-programs.inc | 26 | include disable-programs.inc |
27 | 27 | ||
28 | whitelist /var/lib/xkb | 28 | allow /var/lib/xkb |
29 | # whitelisting home directory, or including whitelist-common.inc | 29 | # whitelisting home directory, or including whitelist-common.inc |
30 | # will crash xpra on some platforms | 30 | # will crash xpra on some platforms |
31 | 31 | ||
diff --git a/etc/profile-m-z/xreader.profile b/etc/profile-m-z/xreader.profile index 3ab35edfc..440f26af2 100644 --- a/etc/profile-m-z/xreader.profile +++ b/etc/profile-m-z/xreader.profile | |||
@@ -6,9 +6,9 @@ include xreader.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/xreader | 9 | nodeny ${HOME}/.cache/xreader |
10 | noblacklist ${HOME}/.config/xreader | 10 | nodeny ${HOME}/.config/xreader |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xviewer.profile b/etc/profile-m-z/xviewer.profile index 4d454f81c..671e0cf5b 100644 --- a/etc/profile-m-z/xviewer.profile +++ b/etc/profile-m-z/xviewer.profile | |||
@@ -5,10 +5,10 @@ include xviewer.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.Steam | 8 | nodeny ${HOME}/.Steam |
9 | noblacklist ${HOME}/.config/xviewer | 9 | nodeny ${HOME}/.config/xviewer |
10 | noblacklist ${HOME}/.local/share/Trash | 10 | nodeny ${HOME}/.local/share/Trash |
11 | noblacklist ${HOME}/.steam | 11 | nodeny ${HOME}/.steam |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/yandex-browser.profile b/etc/profile-m-z/yandex-browser.profile index 81cd021f7..27d0eb411 100644 --- a/etc/profile-m-z/yandex-browser.profile +++ b/etc/profile-m-z/yandex-browser.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/yandex-browser | 13 | nodeny ${HOME}/.cache/yandex-browser |
14 | noblacklist ${HOME}/.cache/yandex-browser-beta | 14 | nodeny ${HOME}/.cache/yandex-browser-beta |
15 | noblacklist ${HOME}/.config/yandex-browser | 15 | nodeny ${HOME}/.config/yandex-browser |
16 | noblacklist ${HOME}/.config/yandex-browser-beta | 16 | nodeny ${HOME}/.config/yandex-browser-beta |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/yandex-browser | 18 | mkdir ${HOME}/.cache/yandex-browser |
19 | mkdir ${HOME}/.cache/yandex-browser-beta | 19 | mkdir ${HOME}/.cache/yandex-browser-beta |
20 | mkdir ${HOME}/.config/yandex-browser | 20 | mkdir ${HOME}/.config/yandex-browser |
21 | mkdir ${HOME}/.config/yandex-browser-beta | 21 | mkdir ${HOME}/.config/yandex-browser-beta |
22 | whitelist ${HOME}/.cache/yandex-browser | 22 | allow ${HOME}/.cache/yandex-browser |
23 | whitelist ${HOME}/.cache/yandex-browser-beta | 23 | allow ${HOME}/.cache/yandex-browser-beta |
24 | whitelist ${HOME}/.config/yandex-browser | 24 | allow ${HOME}/.config/yandex-browser |
25 | whitelist ${HOME}/.config/yandex-browser-beta | 25 | allow ${HOME}/.config/yandex-browser-beta |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile index dee154409..b288993f2 100644 --- a/etc/profile-m-z/yelp.profile +++ b/etc/profile-m-z/yelp.profile | |||
@@ -6,7 +6,7 @@ include yelp.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/yelp | 9 | nodeny ${HOME}/.config/yelp |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,15 +18,15 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/yelp | 20 | mkdir ${HOME}/.config/yelp |
21 | whitelist ${HOME}/.config/yelp | 21 | allow ${HOME}/.config/yelp |
22 | whitelist /usr/libexec/webkit2gtk-4.0 | 22 | allow /usr/libexec/webkit2gtk-4.0 |
23 | whitelist /usr/share/doc | 23 | allow /usr/share/doc |
24 | whitelist /usr/share/groff | 24 | allow /usr/share/groff |
25 | whitelist /usr/share/help | 25 | allow /usr/share/help |
26 | whitelist /usr/share/man | 26 | allow /usr/share/man |
27 | whitelist /usr/share/yelp | 27 | allow /usr/share/yelp |
28 | whitelist /usr/share/yelp-tools | 28 | allow /usr/share/yelp-tools |
29 | whitelist /usr/share/yelp-xsl | 29 | allow /usr/share/yelp-xsl |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/youtube-dl-gui.profile b/etc/profile-m-z/youtube-dl-gui.profile index b52271a2c..26ea3acaa 100644 --- a/etc/profile-m-z/youtube-dl-gui.profile +++ b/etc/profile-m-z/youtube-dl-gui.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | include allow-python2.inc | 8 | include allow-python2.inc |
9 | include allow-python3.inc | 9 | include allow-python3.inc |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/youtube-dlg | 11 | nodeny ${HOME}/.config/youtube-dlg |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,8 +20,8 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.config/youtube-dlg | 22 | mkdir ${HOME}/.config/youtube-dlg |
23 | whitelist ${HOME}/.config/youtube-dlg | 23 | allow ${HOME}/.config/youtube-dlg |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/youtube-dl.profile b/etc/profile-m-z/youtube-dl.profile index 24c4d6db3..37f87d0b5 100644 --- a/etc/profile-m-z/youtube-dl.profile +++ b/etc/profile-m-z/youtube-dl.profile | |||
@@ -10,18 +10,18 @@ include globals.local | |||
10 | # breaks when installed under ${HOME} via `pip install --user` (see #2833) | 10 | # breaks when installed under ${HOME} via `pip install --user` (see #2833) |
11 | ignore noexec ${HOME} | 11 | ignore noexec ${HOME} |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/youtube-dl | 13 | nodeny ${HOME}/.cache/youtube-dl |
14 | noblacklist ${HOME}/.config/youtube-dl | 14 | nodeny ${HOME}/.config/youtube-dl |
15 | noblacklist ${HOME}/.netrc | 15 | nodeny ${HOME}/.netrc |
16 | noblacklist ${MUSIC} | 16 | nodeny ${MUSIC} |
17 | noblacklist ${VIDEOS} | 17 | nodeny ${VIDEOS} |
18 | 18 | ||
19 | # Allow python (blacklisted by disable-interpreters.inc) | 19 | # Allow python (blacklisted by disable-interpreters.inc) |
20 | include allow-python2.inc | 20 | include allow-python2.inc |
21 | include allow-python3.inc | 21 | include allow-python3.inc |
22 | 22 | ||
23 | blacklist /tmp/.X11-unix | 23 | deny /tmp/.X11-unix |
24 | blacklist ${RUNUSER} | 24 | deny ${RUNUSER} |
25 | 25 | ||
26 | include disable-common.inc | 26 | include disable-common.inc |
27 | include disable-devel.inc | 27 | include disable-devel.inc |
diff --git a/etc/profile-m-z/youtube-viewer.profile b/etc/profile-m-z/youtube-viewer.profile index b54dd37ad..84b8bbc6a 100644 --- a/etc/profile-m-z/youtube-viewer.profile +++ b/etc/profile-m-z/youtube-viewer.profile | |||
@@ -7,13 +7,13 @@ include youtube-viewer.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/youtube-viewer | 10 | nodeny ${HOME}/.cache/youtube-viewer |
11 | noblacklist ${HOME}/.config/youtube-viewer | 11 | nodeny ${HOME}/.config/youtube-viewer |
12 | 12 | ||
13 | mkdir ${HOME}/.cache/youtube-viewer | 13 | mkdir ${HOME}/.cache/youtube-viewer |
14 | mkdir ${HOME}/.config/youtube-viewer | 14 | mkdir ${HOME}/.config/youtube-viewer |
15 | whitelist ${HOME}/.cache/youtube-viewer | 15 | allow ${HOME}/.cache/youtube-viewer |
16 | whitelist ${HOME}/.config/youtube-viewer | 16 | allow ${HOME}/.config/youtube-viewer |
17 | 17 | ||
18 | private-bin gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,youtube-viewer | 18 | private-bin gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,youtube-viewer |
19 | 19 | ||
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile index 25a073d4a..f531f815e 100644 --- a/etc/profile-m-z/youtube-viewers-common.profile +++ b/etc/profile-m-z/youtube-viewers-common.profile | |||
@@ -7,7 +7,7 @@ include youtube-viewers-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/youtube-dl | 10 | nodeny ${HOME}/.cache/youtube-dl |
11 | 11 | ||
12 | # Allow lua (blacklisted by disable-interpreters.inc) | 12 | # Allow lua (blacklisted by disable-interpreters.inc) |
13 | include allow-lua.inc | 13 | include allow-lua.inc |
@@ -27,8 +27,8 @@ include disable-passwdmgr.inc | |||
27 | include disable-programs.inc | 27 | include disable-programs.inc |
28 | include disable-xdg.inc | 28 | include disable-xdg.inc |
29 | 29 | ||
30 | whitelist ${DOWNLOADS} | 30 | allow ${DOWNLOADS} |
31 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs | 31 | allow ${HOME}/.cache/youtube-dl/youtube-sigfuncs |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile index ad7ceaee4..b015fb013 100644 --- a/etc/profile-m-z/youtube.profile +++ b/etc/profile-m-z/youtube.profile | |||
@@ -9,12 +9,12 @@ include globals.local | |||
9 | # Disabled until someone reported positive feedback | 9 | # Disabled until someone reported positive feedback |
10 | ignore nou2f | 10 | ignore nou2f |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/Youtube | 12 | nodeny ${HOME}/.config/Youtube |
13 | 13 | ||
14 | include disable-shell.inc | 14 | include disable-shell.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.config/Youtube | 16 | mkdir ${HOME}/.config/Youtube |
17 | whitelist ${HOME}/.config/Youtube | 17 | allow ${HOME}/.config/Youtube |
18 | 18 | ||
19 | private-bin youtube | 19 | private-bin youtube |
20 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 20 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile index 74b0e38b9..d594a3d0f 100644 --- a/etc/profile-m-z/youtubemusic-nativefier.profile +++ b/etc/profile-m-z/youtubemusic-nativefier.profile | |||
@@ -6,12 +6,12 @@ include youtube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/youtubemusic-nativefier-040164 | 9 | nodeny ${HOME}/.config/youtubemusic-nativefier-040164 |
10 | 10 | ||
11 | include disable-shell.inc | 11 | include disable-shell.inc |
12 | 12 | ||
13 | mkdir ${HOME}/.config/youtubemusic-nativefier-040164 | 13 | mkdir ${HOME}/.config/youtubemusic-nativefier-040164 |
14 | whitelist ${HOME}/.config/youtubemusic-nativefier-040164 | 14 | allow ${HOME}/.config/youtubemusic-nativefier-040164 |
15 | 15 | ||
16 | private-bin youtubemusic-nativefier | 16 | private-bin youtubemusic-nativefier |
17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile index ab46fccc2..9987c953e 100644 --- a/etc/profile-m-z/ytmdesktop.profile +++ b/etc/profile-m-z/ytmdesktop.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | 8 | ||
9 | ignore dbus-user none | 9 | ignore dbus-user none |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/youtube-music-desktop-app | 11 | nodeny ${HOME}/.config/youtube-music-desktop-app |
12 | 12 | ||
13 | mkdir ${HOME}/.config/youtube-music-desktop-app | 13 | mkdir ${HOME}/.config/youtube-music-desktop-app |
14 | whitelist ${HOME}/.config/youtube-music-desktop-app | 14 | allow ${HOME}/.config/youtube-music-desktop-app |
15 | 15 | ||
16 | # private-bin env,ytmdesktop | 16 | # private-bin env,ytmdesktop |
17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
diff --git a/etc/profile-m-z/zaproxy.profile b/etc/profile-m-z/zaproxy.profile index 5a168feb6..2f18a8c45 100644 --- a/etc/profile-m-z/zaproxy.profile +++ b/etc/profile-m-z/zaproxy.profile | |||
@@ -6,7 +6,7 @@ include zaproxy.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.ZAP | 9 | nodeny ${HOME}/.ZAP |
10 | 10 | ||
11 | # Allow java (blacklisted by disable-devel.inc) | 11 | # Allow java (blacklisted by disable-devel.inc) |
12 | include allow-java.inc | 12 | include allow-java.inc |
@@ -20,8 +20,8 @@ include disable-programs.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.java | 21 | mkdir ${HOME}/.java |
22 | mkdir ${HOME}/.ZAP | 22 | mkdir ${HOME}/.ZAP |
23 | whitelist ${HOME}/.java | 23 | allow ${HOME}/.java |
24 | whitelist ${HOME}/.ZAP | 24 | allow ${HOME}/.ZAP |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-m-z/zart.profile b/etc/profile-m-z/zart.profile index 10f83aa30..32ff4f8ed 100644 --- a/etc/profile-m-z/zart.profile +++ b/etc/profile-m-z/zart.profile | |||
@@ -6,8 +6,8 @@ include zart.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${PICTURES} | 10 | nodeny ${PICTURES} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/zathura.profile b/etc/profile-m-z/zathura.profile index d0e68c980..4bc841f63 100644 --- a/etc/profile-m-z/zathura.profile +++ b/etc/profile-m-z/zathura.profile | |||
@@ -6,9 +6,9 @@ include zathura.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/zathura | 9 | nodeny ${HOME}/.config/zathura |
10 | noblacklist ${HOME}/.local/share/zathura | 10 | nodeny ${HOME}/.local/share/zathura |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | mkdir ${HOME}/.config/zathura | 23 | mkdir ${HOME}/.config/zathura |
24 | mkdir ${HOME}/.local/share/zathura | 24 | mkdir ${HOME}/.local/share/zathura |
25 | whitelist /usr/share/doc | 25 | allow /usr/share/doc |
26 | whitelist /usr/share/zathura | 26 | allow /usr/share/zathura |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/zcat.profile b/etc/profile-m-z/zcat.profile index 5de13ab90..904ea9f05 100644 --- a/etc/profile-m-z/zcat.profile +++ b/etc/profile-m-z/zcat.profile | |||
@@ -9,7 +9,7 @@ include zcat.local | |||
9 | 9 | ||
10 | # Allow running kernel config check | 10 | # Allow running kernel config check |
11 | ignore include disable-shell.inc | 11 | ignore include disable-shell.inc |
12 | noblacklist /proc/config.gz | 12 | nodeny /proc/config.gz |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include gzip.profile | 15 | include gzip.profile |
diff --git a/etc/profile-m-z/zeal.profile b/etc/profile-m-z/zeal.profile index 2c6f6910f..458df2a46 100644 --- a/etc/profile-m-z/zeal.profile +++ b/etc/profile-m-z/zeal.profile | |||
@@ -6,9 +6,9 @@ include zeal.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Zeal | 9 | nodeny ${HOME}/.config/Zeal |
10 | noblacklist ${HOME}/.cache/Zeal | 10 | nodeny ${HOME}/.cache/Zeal |
11 | noblacklist ${HOME}/.local/share/Zeal | 11 | nodeny ${HOME}/.local/share/Zeal |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -23,9 +23,9 @@ mkdir ${HOME}/.cache/Zeal | |||
23 | mkdir ${HOME}/.config/qt5ct | 23 | mkdir ${HOME}/.config/qt5ct |
24 | mkdir ${HOME}/.config/Zeal | 24 | mkdir ${HOME}/.config/Zeal |
25 | mkdir ${HOME}/.local/share/Zeal | 25 | mkdir ${HOME}/.local/share/Zeal |
26 | whitelist ${HOME}/.cache/Zeal | 26 | allow ${HOME}/.cache/Zeal |
27 | whitelist ${HOME}/.config/Zeal | 27 | allow ${HOME}/.config/Zeal |
28 | whitelist ${HOME}/.local/share/Zeal | 28 | allow ${HOME}/.local/share/Zeal |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-var-common.inc | 30 | include whitelist-var-common.inc |
31 | 31 | ||
diff --git a/etc/profile-m-z/zgrep.profile b/etc/profile-m-z/zgrep.profile index f63dc871f..e2dfbd105 100644 --- a/etc/profile-m-z/zgrep.profile +++ b/etc/profile-m-z/zgrep.profile | |||
@@ -9,7 +9,7 @@ include zgrep.local | |||
9 | 9 | ||
10 | # Allow running kernel config check | 10 | # Allow running kernel config check |
11 | ignore include disable-shell.inc | 11 | ignore include disable-shell.inc |
12 | noblacklist /proc/config.gz | 12 | nodeny /proc/config.gz |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include gzip.profile | 15 | include gzip.profile |
diff --git a/etc/profile-m-z/zim.profile b/etc/profile-m-z/zim.profile new file mode 100644 index 000000000..5ae9cddb3 --- /dev/null +++ b/etc/profile-m-z/zim.profile | |||
@@ -0,0 +1,72 @@ | |||
1 | # Firejail profile for Zim | ||
2 | # Description: Desktop wiki & notekeeper | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include zim.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | nodeny ${HOME}/.cache/zim | ||
10 | nodeny ${HOME}/.config/zim | ||
11 | |||
12 | # Allow python (blacklisted by disable-interpreters.inc) | ||
13 | include allow-python2.inc | ||
14 | include allow-python3.inc | ||
15 | |||
16 | deny /usr/libexec | ||
17 | |||
18 | include disable-common.inc | ||
19 | include disable-devel.inc | ||
20 | include disable-exec.inc | ||
21 | include disable-interpreters.inc | ||
22 | include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | ||
24 | include disable-shell.inc | ||
25 | |||
26 | mkdir ${HOME}/.cache/zim | ||
27 | mkdir ${HOME}/.config/zim | ||
28 | mkdir ${HOME}/Notebooks | ||
29 | allow ${HOME}/.cache/zim | ||
30 | allow ${HOME}/.config/zim | ||
31 | allow ${HOME}/Notebooks | ||
32 | allow ${DESKTOP} | ||
33 | allow ${DOCUMENTS} | ||
34 | allow ${DOWNLOADS} | ||
35 | allow ${MUSIC} | ||
36 | allow ${PICTURES} | ||
37 | allow ${VIDEOS} | ||
38 | allow /usr/share/zim | ||
39 | include whitelist-common.inc | ||
40 | include whitelist-runuser-common.inc | ||
41 | include whitelist-usr-share-common.inc | ||
42 | include whitelist-var-common.inc | ||
43 | |||
44 | apparmor | ||
45 | caps.drop all | ||
46 | machine-id | ||
47 | net none | ||
48 | no3d | ||
49 | nodvd | ||
50 | nogroups | ||
51 | noinput | ||
52 | nonewprivs | ||
53 | noroot | ||
54 | nosound | ||
55 | notv | ||
56 | nou2f | ||
57 | novideo | ||
58 | protocol unix | ||
59 | seccomp | ||
60 | seccomp.block-secondary | ||
61 | shell none | ||
62 | tracelog | ||
63 | |||
64 | disable-mnt | ||
65 | private-bin python*,zim | ||
66 | private-cache | ||
67 | private-dev | ||
68 | private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | ||
69 | private-tmp | ||
70 | |||
71 | dbus-user none | ||
72 | dbus-system none | ||
diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile index ac615d861..6b0417b56 100644 --- a/etc/profile-m-z/zoom.profile +++ b/etc/profile-m-z/zoom.profile | |||
@@ -16,17 +16,17 @@ ignore dbus-system none | |||
16 | # If you use such a system, add 'ignore nogroups' to your zoom.local. | 16 | # If you use such a system, add 'ignore nogroups' to your zoom.local. |
17 | #ignore nogroups | 17 | #ignore nogroups |
18 | 18 | ||
19 | noblacklist ${HOME}/.config/zoomus.conf | 19 | nodeny ${HOME}/.config/zoomus.conf |
20 | noblacklist ${HOME}/.zoom | 20 | nodeny ${HOME}/.zoom |
21 | 21 | ||
22 | nowhitelist ${DOWNLOADS} | 22 | noallow ${DOWNLOADS} |
23 | 23 | ||
24 | mkdir ${HOME}/.cache/zoom | 24 | mkdir ${HOME}/.cache/zoom |
25 | mkfile ${HOME}/.config/zoomus.conf | 25 | mkfile ${HOME}/.config/zoomus.conf |
26 | mkdir ${HOME}/.zoom | 26 | mkdir ${HOME}/.zoom |
27 | whitelist ${HOME}/.cache/zoom | 27 | allow ${HOME}/.cache/zoom |
28 | whitelist ${HOME}/.config/zoomus.conf | 28 | allow ${HOME}/.config/zoomus.conf |
29 | whitelist ${HOME}/.zoom | 29 | allow ${HOME}/.zoom |
30 | 30 | ||
31 | # Disable for now, see https://github.com/netblue30/firejail/issues/3726 | 31 | # Disable for now, see https://github.com/netblue30/firejail/issues/3726 |
32 | #private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 32 | #private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl |
diff --git a/etc/profile-m-z/zulip.profile b/etc/profile-m-z/zulip.profile index 093da5212..cdbbdccf1 100644 --- a/etc/profile-m-z/zulip.profile +++ b/etc/profile-m-z/zulip.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec /tmp | 9 | ignore noexec /tmp |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/Zulip | 11 | nodeny ${HOME}/.config/Zulip |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,8 +20,8 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.config/Zulip | 22 | mkdir ${HOME}/.config/Zulip |
23 | whitelist ${HOME}/.config/Zulip | 23 | allow ${HOME}/.config/Zulip |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/templates/syscalls.txt b/etc/templates/syscalls.txt index 0775f60ff..3992c984a 100644 --- a/etc/templates/syscalls.txt +++ b/etc/templates/syscalls.txt | |||
@@ -33,7 +33,7 @@ Definition of groups | |||
33 | @clock=adjtimex,clock_adjtime,clock_settime,settimeofday,stime | 33 | @clock=adjtimex,clock_adjtime,clock_settime,settimeofday,stime |
34 | @cpu-emulation=modify_ldt,subpage_prot,switch_endian,vm86,vm86old | 34 | @cpu-emulation=modify_ldt,subpage_prot,switch_endian,vm86,vm86old |
35 | @debug=lookup_dcookie,perf_event_open,process_vm_writev,rtas,s390_runtime_instr,sys_debug_setcontext | 35 | @debug=lookup_dcookie,perf_event_open,process_vm_writev,rtas,s390_runtime_instr,sys_debug_setcontext |
36 | @default=@clock,@cpu-emulation,@debug,@module,@mount,@obsolete,@raw-io,@reboot,@swap,open_by_handle_at,name_to_handle_at,ioprio_set,ni_syscall,syslog,fanotify_init,kcmp,add_key,request_key,mbind,migrate_pages,move_pages,keyctl,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,set_mempolicyvmsplice,userfaultfd,acct,bpf,nfsservctl,setdomainname,sethostname,vhangup | 36 | @default=@clock,@cpu-emulation,@debug,@module,@mount,@obsolete,@raw-io,@reboot,@swap,open_by_handle_at,name_to_handle_at,ioprio_set,ni_syscall,syslog,fanotify_init,add_key,request_key,mbind,migrate_pages,move_pages,keyctl,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,set_mempolicyvmsplice,userfaultfd,acct,bpf,nfsservctl,setdomainname,sethostname,vhangup |
37 | @default-nodebuggers=@default,ptrace,personality,process_vm_readv | 37 | @default-nodebuggers=@default,ptrace,personality,process_vm_readv |
38 | @default-keep=execveat,execve,prctl | 38 | @default-keep=execveat,execve,prctl |
39 | @file-system=access,chdir,chmod,close,creat,faccessat,faccessat2,fallocate,fchdir,fchmod,fchmodat,fcntl,fcntl64,fgetxattr,flistxattr,fremovexattr,fsetxattr,fstat,fstat64,fstatat64,fstatfs,fstatfs64,ftruncate,ftruncate64,futimesat,getcwd,getdents,getdents64,getxattr,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,lgetxattr,link,linkat,listxattr,llistxattr,lremovexattr,lsetxattr,lstat,lstat64,mkdir,mkdirat,mknod,mknodat,mmap,mmap2,munmap,newfstatat,oldfstat,oldlstat,oldstat,open,openat,readlink,readlinkat,removexattr,rename,renameat,renameat2,rmdir,setxattr,stat,stat64,statfs,statfs64,statx,symlink,symlinkat,truncate,truncate64,unlink,unlinkat,utime,utimensat,utimes | 39 | @file-system=access,chdir,chmod,close,creat,faccessat,faccessat2,fallocate,fchdir,fchmod,fchmodat,fcntl,fcntl64,fgetxattr,flistxattr,fremovexattr,fsetxattr,fstat,fstat64,fstatat64,fstatfs,fstatfs64,ftruncate,ftruncate64,futimesat,getcwd,getdents,getdents64,getxattr,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,lgetxattr,link,linkat,listxattr,llistxattr,lremovexattr,lsetxattr,lstat,lstat64,mkdir,mkdirat,mknod,mknodat,mmap,mmap2,munmap,newfstatat,oldfstat,oldlstat,oldstat,open,openat,readlink,readlinkat,removexattr,rename,renameat,renameat2,rmdir,setxattr,stat,stat64,statfs,statfs64,statx,symlink,symlinkat,truncate,truncate64,unlink,unlinkat,utime,utimensat,utimes |
diff --git a/src/common.mk.in b/src/common.mk.in index f88da55ac..5ae8bf204 100644 --- a/src/common.mk.in +++ b/src/common.mk.in | |||
@@ -15,7 +15,6 @@ HAVE_NETWORK=@HAVE_NETWORK@ | |||
15 | HAVE_USERNS=@HAVE_USERNS@ | 15 | HAVE_USERNS=@HAVE_USERNS@ |
16 | HAVE_X11=@HAVE_X11@ | 16 | HAVE_X11=@HAVE_X11@ |
17 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | 17 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ |
18 | HAVE_WHITELIST=@HAVE_WHITELIST@ | ||
19 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | 18 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ |
20 | HAVE_APPARMOR=@HAVE_APPARMOR@ | 19 | HAVE_APPARMOR=@HAVE_APPARMOR@ |
21 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | 20 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ |
@@ -42,7 +41,7 @@ BINOBJS = $(foreach file, $(OBJS), $file) | |||
42 | CFLAGS = @CFLAGS@ | 41 | CFLAGS = @CFLAGS@ |
43 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | 42 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) |
44 | CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' | 43 | CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' |
45 | MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) $(HAVE_SUID) $(HAVE_FORCE_NONEWPRIVS) | 44 | MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_SELINUX) $(HAVE_SUID) $(HAVE_FORCE_NONEWPRIVS) |
46 | CFLAGS += $(MANFLAGS) | 45 | CFLAGS += $(MANFLAGS) |
47 | CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security | 46 | CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security |
48 | LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread | 47 | LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread |
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index 8700e0ba1..019c3ac5a 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
@@ -182,12 +182,12 @@ static void var_callback(char *ptr) { | |||
182 | void build_var(const char *fname, FILE *fp) { | 182 | void build_var(const char *fname, FILE *fp) { |
183 | assert(fname); | 183 | assert(fname); |
184 | 184 | ||
185 | var_skip = filedb_load_whitelist(var_skip, "whitelist-var-common.inc", "whitelist /var/"); | 185 | var_skip = filedb_load_whitelist(var_skip, "whitelist-var-common.inc", "allow /var/"); |
186 | process_files(fname, "/var", var_callback); | 186 | process_files(fname, "/var", var_callback); |
187 | 187 | ||
188 | // always whitelist /var | 188 | // always whitelist /var |
189 | if (var_out) | 189 | if (var_out) |
190 | filedb_print(var_out, "whitelist /var/", fp); | 190 | filedb_print(var_out, "allow /var/", fp); |
191 | fprintf(fp, "include whitelist-var-common.inc\n"); | 191 | fprintf(fp, "include whitelist-var-common.inc\n"); |
192 | } | 192 | } |
193 | 193 | ||
@@ -222,12 +222,12 @@ static void share_callback(char *ptr) { | |||
222 | void build_share(const char *fname, FILE *fp) { | 222 | void build_share(const char *fname, FILE *fp) { |
223 | assert(fname); | 223 | assert(fname); |
224 | 224 | ||
225 | share_skip = filedb_load_whitelist(share_skip, "whitelist-usr-share-common.inc", "whitelist /usr/share/"); | 225 | share_skip = filedb_load_whitelist(share_skip, "whitelist-usr-share-common.inc", "allow /usr/share/"); |
226 | process_files(fname, "/usr/share", share_callback); | 226 | process_files(fname, "/usr/share", share_callback); |
227 | 227 | ||
228 | // always whitelist /usr/share | 228 | // always whitelist /usr/share |
229 | if (share_out) | 229 | if (share_out) |
230 | filedb_print(share_out, "whitelist /usr/share/", fp); | 230 | filedb_print(share_out, "allow /usr/share/", fp); |
231 | fprintf(fp, "include whitelist-usr-share-common.inc\n"); | 231 | fprintf(fp, "include whitelist-usr-share-common.inc\n"); |
232 | } | 232 | } |
233 | 233 | ||
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c index b3ec6cffd..f283a0cce 100644 --- a/src/fbuilder/build_home.c +++ b/src/fbuilder/build_home.c | |||
@@ -138,7 +138,7 @@ void build_home(const char *fname, FILE *fp) { | |||
138 | assert(fname); | 138 | assert(fname); |
139 | 139 | ||
140 | // load whitelist common | 140 | // load whitelist common |
141 | db_skip = filedb_load_whitelist(db_skip, "whitelist-common.inc", "whitelist ${HOME}/"); | 141 | db_skip = filedb_load_whitelist(db_skip, "whitelist-common.inc", "allow ${HOME}/"); |
142 | 142 | ||
143 | // find user home directory | 143 | // find user home directory |
144 | struct passwd *pw = getpwuid(getuid()); | 144 | struct passwd *pw = getpwuid(getuid()); |
@@ -166,7 +166,7 @@ void build_home(const char *fname, FILE *fp) { | |||
166 | 166 | ||
167 | // print the out list if any | 167 | // print the out list if any |
168 | if (db_out) { | 168 | if (db_out) { |
169 | filedb_print(db_out, "whitelist ${HOME}/", fp); | 169 | filedb_print(db_out, "allow ${HOME}/", fp); |
170 | fprintf(fp, "include whitelist-common.inc\n"); | 170 | fprintf(fp, "include whitelist-common.inc\n"); |
171 | } | 171 | } |
172 | else | 172 | else |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index e58fe39ec..3b0ad0aed 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -45,8 +45,8 @@ amule | |||
45 | amuled | 45 | amuled |
46 | android-studio | 46 | android-studio |
47 | anydesk | 47 | anydesk |
48 | apostrophe | ||
49 | apktool | 48 | apktool |
49 | apostrophe | ||
50 | # ar - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 50 | # ar - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
51 | arch-audit | 51 | arch-audit |
52 | archaudit-report | 52 | archaudit-report |
@@ -142,8 +142,9 @@ claws-mail | |||
142 | clawsker | 142 | clawsker |
143 | clementine | 143 | clementine |
144 | clion | 144 | clion |
145 | clipit | 145 | clion-eap |
146 | clipgrab | 146 | clipgrab |
147 | clipit | ||
147 | cliqz | 148 | cliqz |
148 | clocks | 149 | clocks |
149 | cmus | 150 | cmus |
@@ -167,6 +168,7 @@ crow | |||
167 | cryptocat | 168 | cryptocat |
168 | cvlc | 169 | cvlc |
169 | cyberfox | 170 | cyberfox |
171 | d-feet | ||
170 | darktable | 172 | darktable |
171 | dconf-editor | 173 | dconf-editor |
172 | ddgr | 174 | ddgr |
@@ -197,13 +199,12 @@ dragon | |||
197 | drawio | 199 | drawio |
198 | drill | 200 | drill |
199 | dropbox | 201 | dropbox |
200 | d-feet | ||
201 | easystroke | 202 | easystroke |
202 | ebook-viewer | ||
203 | ebook-convert | 203 | ebook-convert |
204 | ebook-edit | 204 | ebook-edit |
205 | ebook-meta | 205 | ebook-meta |
206 | ebook-polish | 206 | ebook-polish |
207 | ebook-viewer | ||
207 | electron-mail | 208 | electron-mail |
208 | electrum | 209 | electrum |
209 | element-desktop | 210 | element-desktop |
@@ -294,8 +295,8 @@ gimp-2.10 | |||
294 | gimp-2.8 | 295 | gimp-2.8 |
295 | gist | 296 | gist |
296 | gist-paste | 297 | gist-paste |
297 | gitg | ||
298 | git-cola | 298 | git-cola |
299 | gitg | ||
299 | github-desktop | 300 | github-desktop |
300 | gitter | 301 | gitter |
301 | # gjs -- https://github.com/netblue30/firejail/issues/3333#issuecomment-612601102 | 302 | # gjs -- https://github.com/netblue30/firejail/issues/3333#issuecomment-612601102 |
@@ -386,14 +387,15 @@ icecat | |||
386 | icedove | 387 | icedove |
387 | iceweasel | 388 | iceweasel |
388 | idea | 389 | idea |
389 | ideaIC | ||
390 | idea.sh | 390 | idea.sh |
391 | ideaIC | ||
391 | imagej | 392 | imagej |
392 | img2txt | 393 | img2txt |
393 | impressive | 394 | impressive |
394 | inkscape | 395 | inkscape |
395 | inkview | 396 | inkview |
396 | inox | 397 | inox |
398 | io.github.lainsce.Notejot | ||
397 | ipcalc | 399 | ipcalc |
398 | ipcalc-ng | 400 | ipcalc-ng |
399 | iridium | 401 | iridium |
@@ -452,6 +454,7 @@ librecad | |||
452 | libreoffice | 454 | libreoffice |
453 | librewolf | 455 | librewolf |
454 | librewolf-nightly | 456 | librewolf-nightly |
457 | lifeograph | ||
455 | liferea | 458 | liferea |
456 | lightsoff | 459 | lightsoff |
457 | lincity-ng | 460 | lincity-ng |
@@ -507,6 +510,7 @@ mendeleydesktop | |||
507 | menulibre | 510 | menulibre |
508 | meteo-qt | 511 | meteo-qt |
509 | microsoft-edge | 512 | microsoft-edge |
513 | microsoft-edge-beta | ||
510 | microsoft-edge-dev | 514 | microsoft-edge-dev |
511 | midori | 515 | midori |
512 | min | 516 | min |
@@ -523,7 +527,6 @@ mp3splt-gtk | |||
523 | mp3wrap | 527 | mp3wrap |
524 | mpDris2 | 528 | mpDris2 |
525 | mpg123 | 529 | mpg123 |
526 | mpg123.bin | ||
527 | mpg123-alsa | 530 | mpg123-alsa |
528 | mpg123-id3dump | 531 | mpg123-id3dump |
529 | mpg123-jack | 532 | mpg123-jack |
@@ -533,6 +536,7 @@ mpg123-oss | |||
533 | mpg123-portaudio | 536 | mpg123-portaudio |
534 | mpg123-pulse | 537 | mpg123-pulse |
535 | mpg123-strip | 538 | mpg123-strip |
539 | mpg123.bin | ||
536 | mplayer | 540 | mplayer |
537 | mpsyt | 541 | mpsyt |
538 | mpv | 542 | mpv |
@@ -674,6 +678,7 @@ qupzilla | |||
674 | qutebrowser | 678 | qutebrowser |
675 | rambox | 679 | rambox |
676 | redeclipse | 680 | redeclipse |
681 | rednotebook | ||
677 | redshift | 682 | redshift |
678 | regextester | 683 | regextester |
679 | remmina | 684 | remmina |
@@ -734,8 +739,8 @@ steam | |||
734 | steam-native | 739 | steam-native |
735 | steam-runtime | 740 | steam-runtime |
736 | stellarium | 741 | stellarium |
737 | strawberry | ||
738 | straw-viewer | 742 | straw-viewer |
743 | strawberry | ||
739 | strings | 744 | strings |
740 | studio.sh | 745 | studio.sh |
741 | subdownloader | 746 | subdownloader |
@@ -862,10 +867,10 @@ wire-desktop | |||
862 | wireshark | 867 | wireshark |
863 | wireshark-gtk | 868 | wireshark-gtk |
864 | wireshark-qt | 869 | wireshark-qt |
870 | wordwarvi | ||
865 | wpp | 871 | wpp |
866 | wps | 872 | wps |
867 | wpspdf | 873 | wpspdf |
868 | wordwarvi | ||
869 | x2goclient | 874 | x2goclient |
870 | xbill | 875 | xbill |
871 | xcalc | 876 | xcalc |
@@ -907,6 +912,7 @@ zaproxy | |||
907 | zart | 912 | zart |
908 | zathura | 913 | zathura |
909 | zeal | 914 | zeal |
915 | zim | ||
910 | zoom | 916 | zoom |
911 | # zpaq - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 917 | # zpaq - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
912 | # zstd - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) | 918 | # zstd - disable until we fix CLI archivers for makepkg on Arch (see discussion in #3095) |
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index a96415985..2266fa499 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c | |||
@@ -21,6 +21,7 @@ | |||
21 | // sudo mount -o loop krita-3.0-x86_64.appimage mnt | 21 | // sudo mount -o loop krita-3.0-x86_64.appimage mnt |
22 | 22 | ||
23 | #include "firejail.h" | 23 | #include "firejail.h" |
24 | #include "../include/gcov_wrapper.h" | ||
24 | #include <sys/types.h> | 25 | #include <sys/types.h> |
25 | #include <sys/stat.h> | 26 | #include <sys/stat.h> |
26 | #include <sys/mount.h> | 27 | #include <sys/mount.h> |
@@ -28,10 +29,6 @@ | |||
28 | #include <linux/loop.h> | 29 | #include <linux/loop.h> |
29 | #include <errno.h> | 30 | #include <errno.h> |
30 | 31 | ||
31 | #ifdef HAVE_GCOV | ||
32 | #include <gcov.h> | ||
33 | #endif | ||
34 | |||
35 | static char *devloop = NULL; // device file | 32 | static char *devloop = NULL; // device file |
36 | static long unsigned size = 0; // offset into appimage file | 33 | static long unsigned size = 0; // offset into appimage file |
37 | #define MAXBUF 4096 | 34 | #define MAXBUF 4096 |
@@ -144,9 +141,8 @@ void appimage_set(const char *appimage) { | |||
144 | 141 | ||
145 | if (cfg.cwd) | 142 | if (cfg.cwd) |
146 | env_store_name_val("OWD", cfg.cwd, SETENV); | 143 | env_store_name_val("OWD", cfg.cwd, SETENV); |
147 | #ifdef HAVE_GCOV | 144 | |
148 | __gcov_flush(); | 145 | __gcov_flush(); |
149 | #endif | ||
150 | #else | 146 | #else |
151 | fprintf(stderr, "Error: /dev/loop-control interface is not supported by your kernel\n"); | 147 | fprintf(stderr, "Error: /dev/loop-control interface is not supported by your kernel\n"); |
152 | exit(1); | 148 | exit(1); |
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 1e9f4b641..06e6f0ccb 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -106,7 +106,6 @@ int checkcfg(int val) { | |||
106 | PARSE_YESNO(CFG_FIREJAIL_PROMPT, "firejail-prompt") | 106 | PARSE_YESNO(CFG_FIREJAIL_PROMPT, "firejail-prompt") |
107 | PARSE_YESNO(CFG_FORCE_NONEWPRIVS, "force-nonewprivs") | 107 | PARSE_YESNO(CFG_FORCE_NONEWPRIVS, "force-nonewprivs") |
108 | PARSE_YESNO(CFG_SECCOMP, "seccomp") | 108 | PARSE_YESNO(CFG_SECCOMP, "seccomp") |
109 | PARSE_YESNO(CFG_WHITELIST, "whitelist") | ||
110 | PARSE_YESNO(CFG_NETWORK, "network") | 109 | PARSE_YESNO(CFG_NETWORK, "network") |
111 | PARSE_YESNO(CFG_RESTRICTED_NETWORK, "restricted-network") | 110 | PARSE_YESNO(CFG_RESTRICTED_NETWORK, "restricted-network") |
112 | PARSE_YESNO(CFG_XEPHYR_WINDOW_TITLE, "xephyr-window-title") | 111 | PARSE_YESNO(CFG_XEPHYR_WINDOW_TITLE, "xephyr-window-title") |
@@ -342,14 +341,6 @@ void print_compiletime_support(void) { | |||
342 | #endif | 341 | #endif |
343 | ); | 342 | ); |
344 | 343 | ||
345 | printf("\t- file and directory whitelisting support is %s\n", | ||
346 | #ifdef HAVE_WHITELIST | ||
347 | "enabled" | ||
348 | #else | ||
349 | "disabled" | ||
350 | #endif | ||
351 | ); | ||
352 | |||
353 | printf("\t- file transfer support is %s\n", | 344 | printf("\t- file transfer support is %s\n", |
354 | #ifdef HAVE_FILE_TRANSFER | 345 | #ifdef HAVE_FILE_TRANSFER |
355 | "enabled" | 346 | "enabled" |
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c index edc31cdea..37ec22117 100644 --- a/src/firejail/chroot.c +++ b/src/firejail/chroot.c | |||
@@ -20,6 +20,7 @@ | |||
20 | 20 | ||
21 | #ifdef HAVE_CHROOT | 21 | #ifdef HAVE_CHROOT |
22 | #include "firejail.h" | 22 | #include "firejail.h" |
23 | #include "../include/gcov_wrapper.h" | ||
23 | #include <sys/mount.h> | 24 | #include <sys/mount.h> |
24 | #include <sys/sendfile.h> | 25 | #include <sys/sendfile.h> |
25 | #include <errno.h> | 26 | #include <errno.h> |
@@ -29,10 +30,6 @@ | |||
29 | #define O_PATH 010000000 | 30 | #define O_PATH 010000000 |
30 | #endif | 31 | #endif |
31 | 32 | ||
32 | #ifdef HAVE_GCOV | ||
33 | #include <gcov.h> | ||
34 | #endif | ||
35 | |||
36 | // exit if error | 33 | // exit if error |
37 | void fs_check_chroot_dir(void) { | 34 | void fs_check_chroot_dir(void) { |
38 | EUID_ASSERT(); | 35 | EUID_ASSERT(); |
@@ -263,9 +260,8 @@ void fs_chroot(const char *rootdir) { | |||
263 | // update chroot resolv.conf | 260 | // update chroot resolv.conf |
264 | update_file(parentfd, "etc/resolv.conf"); | 261 | update_file(parentfd, "etc/resolv.conf"); |
265 | 262 | ||
266 | #ifdef HAVE_GCOV | ||
267 | __gcov_flush(); | 263 | __gcov_flush(); |
268 | #endif | 264 | |
269 | // create /run/firejail/mnt/oroot | 265 | // create /run/firejail/mnt/oroot |
270 | char *oroot = RUN_OVERLAY_ROOT; | 266 | char *oroot = RUN_OVERLAY_ROOT; |
271 | if (mkdir(oroot, 0755) == -1) | 267 | if (mkdir(oroot, 0755) == -1) |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 9971d30b6..545573c08 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -156,6 +156,8 @@ typedef struct config_t { | |||
156 | 156 | ||
157 | // filesystem | 157 | // filesystem |
158 | ProfileEntry *profile; | 158 | ProfileEntry *profile; |
159 | ProfileEntry *profile_rebuild_etc; // blacklist files in /etc directory used by fs_rebuild_etc() | ||
160 | |||
159 | #define MAX_PROFILE_IGNORE 32 | 161 | #define MAX_PROFILE_IGNORE 32 |
160 | char *profile_ignore[MAX_PROFILE_IGNORE]; | 162 | char *profile_ignore[MAX_PROFILE_IGNORE]; |
161 | char *chrootdir; // chroot directory | 163 | char *chrootdir; // chroot directory |
@@ -625,7 +627,6 @@ void fs_trace(void); | |||
625 | 627 | ||
626 | // fs_hostname.c | 628 | // fs_hostname.c |
627 | void fs_hostname(const char *hostname); | 629 | void fs_hostname(const char *hostname); |
628 | void fs_resolvconf(void); | ||
629 | char *fs_check_hosts_file(const char *fname); | 630 | char *fs_check_hosts_file(const char *fname); |
630 | void fs_store_hosts_file(void); | 631 | void fs_store_hosts_file(void); |
631 | void fs_mount_hosts_file(void); | 632 | void fs_mount_hosts_file(void); |
@@ -668,6 +669,7 @@ void fs_machineid(void); | |||
668 | void fs_private_dir_copy(const char *private_dir, const char *private_run_dir, const char *private_list); | 669 | void fs_private_dir_copy(const char *private_dir, const char *private_run_dir, const char *private_list); |
669 | void fs_private_dir_mount(const char *private_dir, const char *private_run_dir); | 670 | void fs_private_dir_mount(const char *private_dir, const char *private_run_dir); |
670 | void fs_private_dir_list(const char *private_dir, const char *private_run_dir, const char *private_list); | 671 | void fs_private_dir_list(const char *private_dir, const char *private_run_dir, const char *private_list); |
672 | void fs_rebuild_etc(void); | ||
671 | 673 | ||
672 | // no_sandbox.c | 674 | // no_sandbox.c |
673 | int check_namespace_virt(void); | 675 | int check_namespace_virt(void); |
@@ -776,7 +778,6 @@ enum { | |||
776 | CFG_NETWORK, | 778 | CFG_NETWORK, |
777 | CFG_RESTRICTED_NETWORK, | 779 | CFG_RESTRICTED_NETWORK, |
778 | CFG_FORCE_NONEWPRIVS, | 780 | CFG_FORCE_NONEWPRIVS, |
779 | CFG_WHITELIST, | ||
780 | CFG_XEPHYR_WINDOW_TITLE, | 781 | CFG_XEPHYR_WINDOW_TITLE, |
781 | CFG_OVERLAYFS, | 782 | CFG_OVERLAYFS, |
782 | CFG_PRIVATE_BIN, | 783 | CFG_PRIVATE_BIN, |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 4ae7dbfa4..5ac2da164 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -18,6 +18,7 @@ | |||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "firejail.h" | 20 | #include "firejail.h" |
21 | #include "../include/gcov_wrapper.h" | ||
21 | #include <sys/mount.h> | 22 | #include <sys/mount.h> |
22 | #include <sys/stat.h> | 23 | #include <sys/stat.h> |
23 | #include <sys/statvfs.h> | 24 | #include <sys/statvfs.h> |
@@ -33,10 +34,6 @@ | |||
33 | #define O_PATH 010000000 | 34 | #define O_PATH 010000000 |
34 | #endif | 35 | #endif |
35 | 36 | ||
36 | #ifdef HAVE_GCOV | ||
37 | #include <gcov.h> | ||
38 | #endif | ||
39 | |||
40 | #define MAX_BUF 4096 | 37 | #define MAX_BUF 4096 |
41 | #define EMPTY_STRING ("") | 38 | #define EMPTY_STRING ("") |
42 | // check noblacklist statements not matched by a proper blacklist in disable-*.inc files | 39 | // check noblacklist statements not matched by a proper blacklist in disable-*.inc files |
@@ -165,6 +162,19 @@ static void disable_file(OPERATION op, const char *filename) { | |||
165 | fs_logger2("blacklist", fname); | 162 | fs_logger2("blacklist", fname); |
166 | else | 163 | else |
167 | fs_logger2("blacklist-nolog", fname); | 164 | fs_logger2("blacklist-nolog", fname); |
165 | |||
166 | // files in /etc will be reprocessed during /etc rebuild | ||
167 | if (strncmp(fname, "/etc/", 5) == 0) { | ||
168 | ProfileEntry *prf = malloc(sizeof(ProfileEntry)); | ||
169 | if (!prf) | ||
170 | errExit("malloc"); | ||
171 | memset(prf, 0, sizeof(ProfileEntry)); | ||
172 | prf->data = strdup(fname); | ||
173 | if (!prf->data) | ||
174 | errExit("strdup"); | ||
175 | prf->next = cfg.profile_rebuild_etc; | ||
176 | cfg.profile_rebuild_etc = prf; | ||
177 | } | ||
168 | } | 178 | } |
169 | } | 179 | } |
170 | else if (op == MOUNT_READONLY || op == MOUNT_RDWR || op == MOUNT_NOEXEC) { | 180 | else if (op == MOUNT_READONLY || op == MOUNT_RDWR || op == MOUNT_NOEXEC) { |
@@ -492,7 +502,7 @@ void fs_tmpfs(const char *dir, unsigned check_owner) { | |||
492 | struct statvfs buf; | 502 | struct statvfs buf; |
493 | if (fstatvfs(fd, &buf) == -1) | 503 | if (fstatvfs(fd, &buf) == -1) |
494 | errExit("fstatvfs"); | 504 | errExit("fstatvfs"); |
495 | unsigned long flags = buf.f_flag & ~(MS_RDONLY|MS_BIND); | 505 | unsigned long flags = buf.f_flag & ~(MS_RDONLY|MS_BIND|MS_REMOUNT); |
496 | // mount via the symbolic link in /proc/self/fd | 506 | // mount via the symbolic link in /proc/self/fd |
497 | EUID_ROOT(); | 507 | EUID_ROOT(); |
498 | char *proc; | 508 | char *proc; |
@@ -1213,9 +1223,8 @@ void fs_overlayfs(void) { | |||
1213 | fs_logger("whitelist /tmp"); | 1223 | fs_logger("whitelist /tmp"); |
1214 | 1224 | ||
1215 | // chroot in the new filesystem | 1225 | // chroot in the new filesystem |
1216 | #ifdef HAVE_GCOV | ||
1217 | __gcov_flush(); | 1226 | __gcov_flush(); |
1218 | #endif | 1227 | |
1219 | if (chroot(oroot) == -1) | 1228 | if (chroot(oroot) == -1) |
1220 | errExit("chroot"); | 1229 | errExit("chroot"); |
1221 | 1230 | ||
@@ -1281,6 +1290,9 @@ void fs_private_tmp(void) { | |||
1281 | // read-only x11 directory | 1290 | // read-only x11 directory |
1282 | profile_add("read-only /tmp/.X11-unix"); | 1291 | profile_add("read-only /tmp/.X11-unix"); |
1283 | 1292 | ||
1293 | // whitelist sndio directory | ||
1294 | profile_add("whitelist /tmp/sndio"); | ||
1295 | |||
1284 | // whitelist any pulse* file in /tmp directory | 1296 | // whitelist any pulse* file in /tmp directory |
1285 | // some distros use PulseAudio sockets under /tmp instead of the socket in /urn/user | 1297 | // some distros use PulseAudio sockets under /tmp instead of the socket in /urn/user |
1286 | DIR *dir; | 1298 | DIR *dir; |
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index b0e1e1bf1..76054b485 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
@@ -24,6 +24,7 @@ | |||
24 | #include <sys/types.h> | 24 | #include <sys/types.h> |
25 | #include <time.h> | 25 | #include <time.h> |
26 | #include <unistd.h> | 26 | #include <unistd.h> |
27 | #include <dirent.h> | ||
27 | 28 | ||
28 | // spoof /etc/machine_id | 29 | // spoof /etc/machine_id |
29 | void fs_machineid(void) { | 30 | void fs_machineid(void) { |
@@ -250,3 +251,128 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c | |||
250 | fs_private_dir_mount(private_dir, private_run_dir); | 251 | fs_private_dir_mount(private_dir, private_run_dir); |
251 | fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end()); | 252 | fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end()); |
252 | } | 253 | } |
254 | |||
255 | void fs_rebuild_etc(void) { | ||
256 | int have_dhcp = 1; | ||
257 | if (cfg.dns1 == NULL && !any_dhcp()) | ||
258 | have_dhcp = 0; | ||
259 | |||
260 | if (arg_debug) | ||
261 | printf("rebuilding /etc directory\n"); | ||
262 | if (mkdir(RUN_DNS_ETC, 0755)) | ||
263 | errExit("mkdir"); | ||
264 | selinux_relabel_path(RUN_DNS_ETC, "/etc"); | ||
265 | fs_logger("tmpfs /etc"); | ||
266 | |||
267 | DIR *dir = opendir("/etc"); | ||
268 | if (!dir) | ||
269 | errExit("opendir"); | ||
270 | |||
271 | struct stat s; | ||
272 | struct dirent *entry; | ||
273 | while ((entry = readdir(dir))) { | ||
274 | if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) | ||
275 | continue; | ||
276 | |||
277 | // skip files in cfg.profile_rebuild_etc list | ||
278 | // these files are already blacklisted | ||
279 | { | ||
280 | ProfileEntry *prf = cfg.profile_rebuild_etc; | ||
281 | int found = 0; | ||
282 | while (prf) { | ||
283 | if (strcmp(entry->d_name, prf->data + 5) == 0) { // 5 is strlen("/etc/") | ||
284 | found = 1; | ||
285 | break; | ||
286 | } | ||
287 | prf = prf->next; | ||
288 | } | ||
289 | if (found) | ||
290 | continue; | ||
291 | } | ||
292 | |||
293 | // for resolv.conf we might have to create a brand new file later | ||
294 | if (have_dhcp && | ||
295 | (strcmp(entry->d_name, "resolv.conf") == 0 || | ||
296 | strcmp(entry->d_name, "resolv.conf.dhclient-new") == 0)) | ||
297 | continue; | ||
298 | // printf("linking %s\n", entry->d_name); | ||
299 | |||
300 | char *src; | ||
301 | if (asprintf(&src, "/etc/%s", entry->d_name) == -1) | ||
302 | errExit("asprintf"); | ||
303 | if (stat(src, &s) != 0) { | ||
304 | free(src); | ||
305 | continue; | ||
306 | } | ||
307 | |||
308 | char *dest; | ||
309 | if (asprintf(&dest, "%s/%s", RUN_DNS_ETC, entry->d_name) == -1) | ||
310 | errExit("asprintf"); | ||
311 | |||
312 | int symlink_done = 0; | ||
313 | if (is_link(src)) { | ||
314 | char *rp =realpath(src, NULL); | ||
315 | if (rp == NULL) { | ||
316 | free(src); | ||
317 | free(dest); | ||
318 | continue; | ||
319 | } | ||
320 | if (symlink(rp, dest)) | ||
321 | errExit("symlink"); | ||
322 | else | ||
323 | symlink_done = 1; | ||
324 | } | ||
325 | else if (S_ISDIR(s.st_mode)) | ||
326 | create_empty_dir_as_root(dest, s.st_mode); | ||
327 | else | ||
328 | create_empty_file_as_root(dest, s.st_mode); | ||
329 | |||
330 | // bind-mount src on top of dest | ||
331 | if (!symlink_done) { | ||
332 | if (mount(src, dest, NULL, MS_BIND|MS_REC, NULL) < 0) | ||
333 | errExit("mount bind mirroring /etc"); | ||
334 | } | ||
335 | fs_logger2("clone", src); | ||
336 | |||
337 | free(src); | ||
338 | free(dest); | ||
339 | } | ||
340 | closedir(dir); | ||
341 | |||
342 | // mount bind our private etc directory on top of /etc | ||
343 | if (arg_debug) | ||
344 | printf("Mount-bind %s on top of /etc\n", RUN_DNS_ETC); | ||
345 | if (mount(RUN_DNS_ETC, "/etc", NULL, MS_BIND|MS_REC, NULL) < 0) | ||
346 | errExit("mount bind mirroring /etc"); | ||
347 | fs_logger("mount /etc"); | ||
348 | |||
349 | if (have_dhcp == 0) | ||
350 | return; | ||
351 | |||
352 | if (arg_debug) | ||
353 | printf("Creating a new /etc/resolv.conf file\n"); | ||
354 | FILE *fp = fopen("/etc/resolv.conf", "wxe"); | ||
355 | if (!fp) { | ||
356 | fprintf(stderr, "Error: cannot create /etc/resolv.conf file\n"); | ||
357 | exit(1); | ||
358 | } | ||
359 | |||
360 | if (cfg.dns1) { | ||
361 | if (any_dhcp()) | ||
362 | fwarning("network setup uses DHCP, nameservers will likely be overwritten\n"); | ||
363 | fprintf(fp, "nameserver %s\n", cfg.dns1); | ||
364 | } | ||
365 | if (cfg.dns2) | ||
366 | fprintf(fp, "nameserver %s\n", cfg.dns2); | ||
367 | if (cfg.dns3) | ||
368 | fprintf(fp, "nameserver %s\n", cfg.dns3); | ||
369 | if (cfg.dns4) | ||
370 | fprintf(fp, "nameserver %s\n", cfg.dns4); | ||
371 | |||
372 | // mode and owner | ||
373 | SET_PERMS_STREAM(fp, 0, 0, 0644); | ||
374 | |||
375 | fclose(fp); | ||
376 | |||
377 | fs_logger("create /etc/resolv.conf"); | ||
378 | } | ||
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index 80046f7ae..1a9a78ceb 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c | |||
@@ -88,109 +88,6 @@ errexit: | |||
88 | exit(1); | 88 | exit(1); |
89 | } | 89 | } |
90 | 90 | ||
91 | void fs_resolvconf(void) { | ||
92 | if (cfg.dns1 == NULL && !any_dhcp()) | ||
93 | return; | ||
94 | |||
95 | if (arg_debug) | ||
96 | printf("mirroring /etc directory\n"); | ||
97 | if (mkdir(RUN_DNS_ETC, 0755)) | ||
98 | errExit("mkdir"); | ||
99 | selinux_relabel_path(RUN_DNS_ETC, "/etc"); | ||
100 | fs_logger("tmpfs /etc"); | ||
101 | |||
102 | DIR *dir = opendir("/etc"); | ||
103 | if (!dir) | ||
104 | errExit("opendir"); | ||
105 | |||
106 | struct stat s; | ||
107 | struct dirent *entry; | ||
108 | while ((entry = readdir(dir))) { | ||
109 | if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) | ||
110 | continue; | ||
111 | // for resolv.conf we create a brand new file | ||
112 | if (strcmp(entry->d_name, "resolv.conf") == 0 || | ||
113 | strcmp(entry->d_name, "resolv.conf.dhclient-new") == 0) | ||
114 | continue; | ||
115 | // printf("linking %s\n", entry->d_name); | ||
116 | |||
117 | char *src; | ||
118 | if (asprintf(&src, "/etc/%s", entry->d_name) == -1) | ||
119 | errExit("asprintf"); | ||
120 | if (stat(src, &s) != 0) { | ||
121 | free(src); | ||
122 | continue; | ||
123 | } | ||
124 | |||
125 | char *dest; | ||
126 | if (asprintf(&dest, "%s/%s", RUN_DNS_ETC, entry->d_name) == -1) | ||
127 | errExit("asprintf"); | ||
128 | |||
129 | int symlink_done = 0; | ||
130 | if (is_link(src)) { | ||
131 | char *rp =realpath(src, NULL); | ||
132 | if (rp == NULL) { | ||
133 | free(src); | ||
134 | free(dest); | ||
135 | continue; | ||
136 | } | ||
137 | if (symlink(rp, dest)) | ||
138 | errExit("symlink"); | ||
139 | else | ||
140 | symlink_done = 1; | ||
141 | } | ||
142 | else if (S_ISDIR(s.st_mode)) | ||
143 | create_empty_dir_as_root(dest, s.st_mode); | ||
144 | else | ||
145 | create_empty_file_as_root(dest, s.st_mode); | ||
146 | |||
147 | // bind-mount src on top of dest | ||
148 | if (!symlink_done) { | ||
149 | if (mount(src, dest, NULL, MS_BIND|MS_REC, NULL) < 0) | ||
150 | errExit("mount bind mirroring /etc"); | ||
151 | } | ||
152 | fs_logger2("clone", src); | ||
153 | |||
154 | free(src); | ||
155 | free(dest); | ||
156 | } | ||
157 | closedir(dir); | ||
158 | |||
159 | // mount bind our private etc directory on top of /etc | ||
160 | if (arg_debug) | ||
161 | printf("Mount-bind %s on top of /etc\n", RUN_DNS_ETC); | ||
162 | if (mount(RUN_DNS_ETC, "/etc", NULL, MS_BIND|MS_REC, NULL) < 0) | ||
163 | errExit("mount bind mirroring /etc"); | ||
164 | fs_logger("mount /etc"); | ||
165 | |||
166 | if (arg_debug) | ||
167 | printf("Creating a new /etc/resolv.conf file\n"); | ||
168 | FILE *fp = fopen("/etc/resolv.conf", "wxe"); | ||
169 | if (!fp) { | ||
170 | fprintf(stderr, "Error: cannot create /etc/resolv.conf file\n"); | ||
171 | exit(1); | ||
172 | } | ||
173 | |||
174 | if (cfg.dns1) { | ||
175 | if (any_dhcp()) | ||
176 | fwarning("network setup uses DHCP, nameservers will likely be overwritten\n"); | ||
177 | fprintf(fp, "nameserver %s\n", cfg.dns1); | ||
178 | } | ||
179 | if (cfg.dns2) | ||
180 | fprintf(fp, "nameserver %s\n", cfg.dns2); | ||
181 | if (cfg.dns3) | ||
182 | fprintf(fp, "nameserver %s\n", cfg.dns3); | ||
183 | if (cfg.dns4) | ||
184 | fprintf(fp, "nameserver %s\n", cfg.dns4); | ||
185 | |||
186 | // mode and owner | ||
187 | SET_PERMS_STREAM(fp, 0, 0, 0644); | ||
188 | |||
189 | fclose(fp); | ||
190 | |||
191 | fs_logger("create /etc/resolv.conf"); | ||
192 | } | ||
193 | |||
194 | char *fs_check_hosts_file(const char *fname) { | 91 | char *fs_check_hosts_file(const char *fname) { |
195 | assert(fname); | 92 | assert(fname); |
196 | invalid_filename(fname, 0); // no globbing | 93 | invalid_filename(fname, 0); // no globbing |
diff --git a/src/firejail/fs_mkdir.c b/src/firejail/fs_mkdir.c index bbc2aa938..4983db0a0 100644 --- a/src/firejail/fs_mkdir.c +++ b/src/firejail/fs_mkdir.c | |||
@@ -18,6 +18,7 @@ | |||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "firejail.h" | 20 | #include "firejail.h" |
21 | #include "../include/gcov_wrapper.h" | ||
21 | #include <sys/types.h> | 22 | #include <sys/types.h> |
22 | #include <sys/stat.h> | 23 | #include <sys/stat.h> |
23 | #include <unistd.h> | 24 | #include <unistd.h> |
@@ -25,10 +26,6 @@ | |||
25 | #include <sys/wait.h> | 26 | #include <sys/wait.h> |
26 | #include <string.h> | 27 | #include <string.h> |
27 | 28 | ||
28 | #ifdef HAVE_GCOV | ||
29 | #include <gcov.h> | ||
30 | #endif | ||
31 | |||
32 | static void check(const char *fname) { | 29 | static void check(const char *fname) { |
33 | // manufacture /run/user directory | 30 | // manufacture /run/user directory |
34 | char *runuser; | 31 | char *runuser; |
@@ -98,9 +95,9 @@ void fs_mkdir(const char *name) { | |||
98 | 95 | ||
99 | // create directory | 96 | // create directory |
100 | mkdir_recursive(expanded); | 97 | mkdir_recursive(expanded); |
101 | #ifdef HAVE_GCOV | 98 | |
102 | __gcov_flush(); | 99 | __gcov_flush(); |
103 | #endif | 100 | |
104 | _exit(0); | 101 | _exit(0); |
105 | } | 102 | } |
106 | // wait for the child to finish | 103 | // wait for the child to finish |
diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 6ee557648..70985ba9e 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c | |||
@@ -19,6 +19,7 @@ | |||
19 | */ | 19 | */ |
20 | 20 | ||
21 | #include "firejail.h" | 21 | #include "firejail.h" |
22 | #include "../include/gcov_wrapper.h" | ||
22 | #include <sys/types.h> | 23 | #include <sys/types.h> |
23 | #include <sys/stat.h> | 24 | #include <sys/stat.h> |
24 | #include <sys/wait.h> | 25 | #include <sys/wait.h> |
@@ -31,10 +32,6 @@ | |||
31 | //#include <stdio.h> | 32 | //#include <stdio.h> |
32 | //#include <stdlib.h> | 33 | //#include <stdlib.h> |
33 | 34 | ||
34 | #ifdef HAVE_GCOV | ||
35 | #include <gcov.h> | ||
36 | #endif | ||
37 | |||
38 | // uid/gid cache | 35 | // uid/gid cache |
39 | static uid_t c_uid = 0; | 36 | static uid_t c_uid = 0; |
40 | static char *c_uid_name = NULL; | 37 | static char *c_uid_name = NULL; |
@@ -353,9 +350,8 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
353 | ls(fname1); | 350 | ls(fname1); |
354 | else | 351 | else |
355 | cat(fname1); | 352 | cat(fname1); |
356 | #ifdef HAVE_GCOV | 353 | |
357 | __gcov_flush(); | 354 | __gcov_flush(); |
358 | #endif | ||
359 | } | 355 | } |
360 | // get file from host and store it in the sandbox | 356 | // get file from host and store it in the sandbox |
361 | else if (op == SANDBOX_FS_PUT && path2) { | 357 | else if (op == SANDBOX_FS_PUT && path2) { |
@@ -387,9 +383,9 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
387 | // copy the file | 383 | // copy the file |
388 | if (copy_file(src_fname, tmp_fname, getuid(), getgid(), 0600)) // already a regular user | 384 | if (copy_file(src_fname, tmp_fname, getuid(), getgid(), 0600)) // already a regular user |
389 | _exit(1); | 385 | _exit(1); |
390 | #ifdef HAVE_GCOV | 386 | |
391 | __gcov_flush(); | 387 | __gcov_flush(); |
392 | #endif | 388 | |
393 | _exit(0); | 389 | _exit(0); |
394 | } | 390 | } |
395 | 391 | ||
@@ -419,9 +415,9 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
419 | // copy the file | 415 | // copy the file |
420 | if (copy_file(tmp_fname, dest_fname, getuid(), getgid(), 0600)) // already a regular user | 416 | if (copy_file(tmp_fname, dest_fname, getuid(), getgid(), 0600)) // already a regular user |
421 | _exit(1); | 417 | _exit(1); |
422 | #ifdef HAVE_GCOV | 418 | |
423 | __gcov_flush(); | 419 | __gcov_flush(); |
424 | #endif | 420 | |
425 | _exit(0); | 421 | _exit(0); |
426 | } | 422 | } |
427 | 423 | ||
diff --git a/src/firejail/main.c b/src/firejail/main.c index a59d508e5..655e6e9d0 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -20,6 +20,7 @@ | |||
20 | #include "firejail.h" | 20 | #include "firejail.h" |
21 | #include "../include/pid.h" | 21 | #include "../include/pid.h" |
22 | #include "../include/firejail_user.h" | 22 | #include "../include/firejail_user.h" |
23 | #include "../include/gcov_wrapper.h" | ||
23 | #include "../include/syscall.h" | 24 | #include "../include/syscall.h" |
24 | #include "../include/seccomp.h" | 25 | #include "../include/seccomp.h" |
25 | #define _GNU_SOURCE | 26 | #define _GNU_SOURCE |
@@ -44,10 +45,6 @@ | |||
44 | #define O_PATH 010000000 | 45 | #define O_PATH 010000000 |
45 | #endif | 46 | #endif |
46 | 47 | ||
47 | #ifdef HAVE_GCOV | ||
48 | #include <gcov.h> | ||
49 | #endif | ||
50 | |||
51 | #ifdef __ia64__ | 48 | #ifdef __ia64__ |
52 | /* clone(2) has a different interface on ia64, as it needs to know | 49 | /* clone(2) has a different interface on ia64, as it needs to know |
53 | the size of the stack */ | 50 | the size of the stack */ |
@@ -1262,9 +1259,9 @@ int main(int argc, char **argv, char **envp) { | |||
1262 | arg_debug = 1; | 1259 | arg_debug = 1; |
1263 | arg_quiet = 0; | 1260 | arg_quiet = 0; |
1264 | } | 1261 | } |
1265 | else if (strcmp(argv[i], "--debug-blacklists") == 0) | 1262 | else if (strcmp(argv[i], "--debug-deny") == 0) |
1266 | arg_debug_blacklists = 1; | 1263 | arg_debug_blacklists = 1; |
1267 | else if (strcmp(argv[i], "--debug-whitelists") == 0) | 1264 | else if (strcmp(argv[i], "--debug-allow") == 0) |
1268 | arg_debug_whitelists = 1; | 1265 | arg_debug_whitelists = 1; |
1269 | else if (strcmp(argv[i], "--debug-private-lib") == 0) | 1266 | else if (strcmp(argv[i], "--debug-private-lib") == 0) |
1270 | arg_debug_private_lib = 1; | 1267 | arg_debug_private_lib = 1; |
@@ -1564,6 +1561,8 @@ int main(int argc, char **argv, char **envp) { | |||
1564 | profile_check_line(line, 0, NULL); // will exit if something wrong | 1561 | profile_check_line(line, 0, NULL); // will exit if something wrong |
1565 | profile_add(line); | 1562 | profile_add(line); |
1566 | } | 1563 | } |
1564 | |||
1565 | // blacklist/deny | ||
1567 | else if (strncmp(argv[i], "--blacklist=", 12) == 0) { | 1566 | else if (strncmp(argv[i], "--blacklist=", 12) == 0) { |
1568 | char *line; | 1567 | char *line; |
1569 | if (asprintf(&line, "blacklist %s", argv[i] + 12) == -1) | 1568 | if (asprintf(&line, "blacklist %s", argv[i] + 12) == -1) |
@@ -1572,6 +1571,14 @@ int main(int argc, char **argv, char **envp) { | |||
1572 | profile_check_line(line, 0, NULL); // will exit if something wrong | 1571 | profile_check_line(line, 0, NULL); // will exit if something wrong |
1573 | profile_add(line); | 1572 | profile_add(line); |
1574 | } | 1573 | } |
1574 | else if (strncmp(argv[i], "--deny=", 7) == 0) { | ||
1575 | char *line; | ||
1576 | if (asprintf(&line, "blacklist %s", argv[i] + 7) == -1) | ||
1577 | errExit("asprintf"); | ||
1578 | |||
1579 | profile_check_line(line, 0, NULL); // will exit if something wrong | ||
1580 | profile_add(line); | ||
1581 | } | ||
1575 | else if (strncmp(argv[i], "--noblacklist=", 14) == 0) { | 1582 | else if (strncmp(argv[i], "--noblacklist=", 14) == 0) { |
1576 | char *line; | 1583 | char *line; |
1577 | if (asprintf(&line, "noblacklist %s", argv[i] + 14) == -1) | 1584 | if (asprintf(&line, "noblacklist %s", argv[i] + 14) == -1) |
@@ -1580,19 +1587,31 @@ int main(int argc, char **argv, char **envp) { | |||
1580 | profile_check_line(line, 0, NULL); // will exit if something wrong | 1587 | profile_check_line(line, 0, NULL); // will exit if something wrong |
1581 | profile_add(line); | 1588 | profile_add(line); |
1582 | } | 1589 | } |
1590 | else if (strncmp(argv[i], "--nodeny=", 9) == 0) { | ||
1591 | char *line; | ||
1592 | if (asprintf(&line, "noblacklist %s", argv[i] + 9) == -1) | ||
1593 | errExit("asprintf"); | ||
1594 | |||
1595 | profile_check_line(line, 0, NULL); // will exit if something wrong | ||
1596 | profile_add(line); | ||
1597 | } | ||
1583 | 1598 | ||
1584 | #ifdef HAVE_WHITELIST | 1599 | // whitelist |
1585 | else if (strncmp(argv[i], "--whitelist=", 12) == 0) { | 1600 | else if (strncmp(argv[i], "--whitelist=", 12) == 0) { |
1586 | if (checkcfg(CFG_WHITELIST)) { | 1601 | char *line; |
1587 | char *line; | 1602 | if (asprintf(&line, "whitelist %s", argv[i] + 12) == -1) |
1588 | if (asprintf(&line, "whitelist %s", argv[i] + 12) == -1) | 1603 | errExit("asprintf"); |
1589 | errExit("asprintf"); | ||
1590 | 1604 | ||
1591 | profile_check_line(line, 0, NULL); // will exit if something wrong | 1605 | profile_check_line(line, 0, NULL); // will exit if something wrong |
1592 | profile_add(line); | 1606 | profile_add(line); |
1593 | } | 1607 | } |
1594 | else | 1608 | else if (strncmp(argv[i], "--allow=", 8) == 0) { |
1595 | exit_err_feature("whitelist"); | 1609 | char *line; |
1610 | if (asprintf(&line, "whitelist %s", argv[i] + 8) == -1) | ||
1611 | errExit("asprintf"); | ||
1612 | |||
1613 | profile_check_line(line, 0, NULL); // will exit if something wrong | ||
1614 | profile_add(line); | ||
1596 | } | 1615 | } |
1597 | else if (strncmp(argv[i], "--nowhitelist=", 14) == 0) { | 1616 | else if (strncmp(argv[i], "--nowhitelist=", 14) == 0) { |
1598 | char *line; | 1617 | char *line; |
@@ -1602,7 +1621,16 @@ int main(int argc, char **argv, char **envp) { | |||
1602 | profile_check_line(line, 0, NULL); // will exit if something wrong | 1621 | profile_check_line(line, 0, NULL); // will exit if something wrong |
1603 | profile_add(line); | 1622 | profile_add(line); |
1604 | } | 1623 | } |
1605 | #endif | 1624 | else if (strncmp(argv[i], "--noallow=", 10) == 0) { |
1625 | char *line; | ||
1626 | if (asprintf(&line, "nowhitelist %s", argv[i] + 10) == -1) | ||
1627 | errExit("asprintf"); | ||
1628 | |||
1629 | profile_check_line(line, 0, NULL); // will exit if something wrong | ||
1630 | profile_add(line); | ||
1631 | } | ||
1632 | |||
1633 | |||
1606 | else if (strncmp(argv[i], "--mkdir=", 8) == 0) { | 1634 | else if (strncmp(argv[i], "--mkdir=", 8) == 0) { |
1607 | char *line; | 1635 | char *line; |
1608 | if (asprintf(&line, "mkdir %s", argv[i] + 8) == -1) | 1636 | if (asprintf(&line, "mkdir %s", argv[i] + 8) == -1) |
@@ -3036,9 +3064,9 @@ int main(int argc, char **argv, char **envp) { | |||
3036 | network_main(child); | 3064 | network_main(child); |
3037 | if (arg_debug) | 3065 | if (arg_debug) |
3038 | printf("Host network configured\n"); | 3066 | printf("Host network configured\n"); |
3039 | #ifdef HAVE_GCOV | 3067 | |
3040 | __gcov_flush(); | 3068 | __gcov_flush(); |
3041 | #endif | 3069 | |
3042 | _exit(0); | 3070 | _exit(0); |
3043 | } | 3071 | } |
3044 | 3072 | ||
diff --git a/src/firejail/output.c b/src/firejail/output.c index 835dff2db..ce10ab157 100644 --- a/src/firejail/output.c +++ b/src/firejail/output.c | |||
@@ -50,13 +50,21 @@ void check_output(int argc, char **argv) { | |||
50 | if (!outindex) | 50 | if (!outindex) |
51 | return; | 51 | return; |
52 | 52 | ||
53 | |||
54 | // check filename | ||
55 | drop_privs(0); | 53 | drop_privs(0); |
56 | char *outfile = argv[outindex]; | 54 | char *outfile = argv[outindex]; |
57 | outfile += (enable_stderr)? 16:9; | 55 | outfile += (enable_stderr)? 16:9; |
56 | |||
57 | // check filename | ||
58 | invalid_filename(outfile, 0); // no globbing | 58 | invalid_filename(outfile, 0); // no globbing |
59 | 59 | ||
60 | // expand user home directory | ||
61 | if (outfile[0] == '~') { | ||
62 | char *full; | ||
63 | if (asprintf(&full, "%s%s", cfg.homedir, outfile + 1) == -1) | ||
64 | errExit("asprintf"); | ||
65 | outfile = full; | ||
66 | } | ||
67 | |||
60 | // do not accept directories, links, and files with ".." | 68 | // do not accept directories, links, and files with ".." |
61 | if (strstr(outfile, "..") || is_link(outfile) || is_dir(outfile)) { | 69 | if (strstr(outfile, "..") || is_link(outfile) || is_dir(outfile)) { |
62 | fprintf(stderr, "Error: invalid output file. Links, directories and files with \"..\" are not allowed.\n"); | 70 | fprintf(stderr, "Error: invalid output file. Links, directories and files with \"..\" are not allowed.\n"); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 5b1478918..b7c7185a6 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -18,15 +18,12 @@ | |||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "firejail.h" | 20 | #include "firejail.h" |
21 | #include "../include/gcov_wrapper.h" | ||
21 | #include "../include/seccomp.h" | 22 | #include "../include/seccomp.h" |
22 | #include "../include/syscall.h" | 23 | #include "../include/syscall.h" |
23 | #include <dirent.h> | 24 | #include <dirent.h> |
24 | #include <sys/stat.h> | 25 | #include <sys/stat.h> |
25 | 26 | ||
26 | #ifdef HAVE_GCOV | ||
27 | #include <gcov.h> | ||
28 | #endif | ||
29 | |||
30 | extern char *xephyr_screen; | 27 | extern char *xephyr_screen; |
31 | 28 | ||
32 | #define MAX_READ 8192 // line buffer for profile files | 29 | #define MAX_READ 8192 // line buffer for profile files |
@@ -1592,22 +1589,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1592 | else if (strncmp(ptr, "noblacklist ", 12) == 0) | 1589 | else if (strncmp(ptr, "noblacklist ", 12) == 0) |
1593 | ptr += 12; | 1590 | ptr += 12; |
1594 | else if (strncmp(ptr, "whitelist ", 10) == 0) { | 1591 | else if (strncmp(ptr, "whitelist ", 10) == 0) { |
1595 | #ifdef HAVE_WHITELIST | 1592 | arg_whitelist = 1; |
1596 | if (checkcfg(CFG_WHITELIST)) { | 1593 | ptr += 10; |
1597 | arg_whitelist = 1; | ||
1598 | ptr += 10; | ||
1599 | } | ||
1600 | else { | ||
1601 | static int whitelist_warning_printed = 0; | ||
1602 | if (!whitelist_warning_printed) { | ||
1603 | warning_feature_disabled("whitelist"); | ||
1604 | whitelist_warning_printed = 1; | ||
1605 | } | ||
1606 | return 0; | ||
1607 | } | ||
1608 | #else | ||
1609 | return 0; | ||
1610 | #endif | ||
1611 | } | 1594 | } |
1612 | else if (strncmp(ptr, "nowhitelist ", 12) == 0) | 1595 | else if (strncmp(ptr, "nowhitelist ", 12) == 0) |
1613 | ptr += 12; | 1596 | ptr += 12; |
@@ -1753,6 +1736,44 @@ void profile_read(const char *fname) { | |||
1753 | continue; | 1736 | continue; |
1754 | } | 1737 | } |
1755 | 1738 | ||
1739 | // translate allow/deny to whitelist/blacklist | ||
1740 | if (strncmp(ptr, "allow ", 6) == 0) { | ||
1741 | char *tmp; | ||
1742 | if (asprintf(&tmp, "whitelist %s", ptr + 6) == -1) | ||
1743 | errExit("asprintf"); | ||
1744 | free(ptr); | ||
1745 | ptr = tmp; | ||
1746 | } | ||
1747 | else if (strncmp(ptr, "deny ", 5) == 0) { | ||
1748 | char *tmp; | ||
1749 | if (asprintf(&tmp, "blacklist %s", ptr + 5) == -1) | ||
1750 | errExit("asprintf"); | ||
1751 | free(ptr); | ||
1752 | ptr = tmp; | ||
1753 | } | ||
1754 | else if (strncmp(ptr, "deny-nolog ", 11) == 0) { | ||
1755 | char *tmp; | ||
1756 | if (asprintf(&tmp, "blacklist-nolog %s", ptr + 11) == -1) | ||
1757 | errExit("asprintf"); | ||
1758 | free(ptr); | ||
1759 | ptr = tmp; | ||
1760 | } | ||
1761 | // translate noallow/nodeny to nowhitelist/noblacklist | ||
1762 | else if (strncmp(ptr, "noallow ", 8) == 0) { | ||
1763 | char *tmp; | ||
1764 | if (asprintf(&tmp, "nowhitelist %s", ptr + 8) == -1) | ||
1765 | errExit("asprintf"); | ||
1766 | free(ptr); | ||
1767 | ptr = tmp; | ||
1768 | } | ||
1769 | else if (strncmp(ptr, "nodeny ", 7) == 0) { | ||
1770 | char *tmp; | ||
1771 | if (asprintf(&tmp, "noblacklist %s", ptr + 7) == -1) | ||
1772 | errExit("asprintf"); | ||
1773 | free(ptr); | ||
1774 | ptr = tmp; | ||
1775 | } | ||
1776 | |||
1756 | // process quiet | 1777 | // process quiet |
1757 | // todo: a quiet in the profile file cannot be disabled by --ignore on command line | 1778 | // todo: a quiet in the profile file cannot be disabled by --ignore on command line |
1758 | if (strcmp(ptr, "quiet") == 0) { | 1779 | if (strcmp(ptr, "quiet") == 0) { |
@@ -1805,9 +1826,8 @@ void profile_read(const char *fname) { | |||
1805 | // else { | 1826 | // else { |
1806 | // free(ptr); | 1827 | // free(ptr); |
1807 | // } | 1828 | // } |
1808 | #ifdef HAVE_GCOV | 1829 | |
1809 | __gcov_flush(); | 1830 | __gcov_flush(); |
1810 | #endif | ||
1811 | } | 1831 | } |
1812 | fclose(fp); | 1832 | fclose(fp); |
1813 | } | 1833 | } |
diff --git a/src/firejail/rlimit.c b/src/firejail/rlimit.c index dd6fec972..f177f4b89 100644 --- a/src/firejail/rlimit.c +++ b/src/firejail/rlimit.c | |||
@@ -18,13 +18,10 @@ | |||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "firejail.h" | 20 | #include "firejail.h" |
21 | #include "../include/gcov_wrapper.h" | ||
21 | #include <sys/time.h> | 22 | #include <sys/time.h> |
22 | #include <sys/resource.h> | 23 | #include <sys/resource.h> |
23 | 24 | ||
24 | #ifdef HAVE_GCOV | ||
25 | #include <gcov.h> | ||
26 | #endif | ||
27 | |||
28 | void set_rlimits(void) { | 25 | void set_rlimits(void) { |
29 | EUID_ASSERT(); | 26 | EUID_ASSERT(); |
30 | // resource limits | 27 | // resource limits |
@@ -37,9 +34,9 @@ void set_rlimits(void) { | |||
37 | // set the new limit | 34 | // set the new limit |
38 | rl.rlim_cur = (rlim_t) cfg.rlimit_cpu; | 35 | rl.rlim_cur = (rlim_t) cfg.rlimit_cpu; |
39 | rl.rlim_max = (rlim_t) cfg.rlimit_cpu; | 36 | rl.rlim_max = (rlim_t) cfg.rlimit_cpu; |
40 | #ifdef HAVE_GCOV | 37 | |
41 | __gcov_dump(); | 38 | __gcov_dump(); |
42 | #endif | 39 | |
43 | if (setrlimit(RLIMIT_CPU, &rl) == -1) | 40 | if (setrlimit(RLIMIT_CPU, &rl) == -1) |
44 | errExit("setrlimit"); | 41 | errExit("setrlimit"); |
45 | if (arg_debug) | 42 | if (arg_debug) |
@@ -54,9 +51,10 @@ void set_rlimits(void) { | |||
54 | // set the new limit | 51 | // set the new limit |
55 | rl.rlim_cur = (rlim_t) cfg.rlimit_nofile; | 52 | rl.rlim_cur = (rlim_t) cfg.rlimit_nofile; |
56 | rl.rlim_max = (rlim_t) cfg.rlimit_nofile; | 53 | rl.rlim_max = (rlim_t) cfg.rlimit_nofile; |
57 | #ifdef HAVE_GCOV // gcov-instrumented programs might crash at this point | 54 | |
55 | // gcov-instrumented programs might crash at this point | ||
58 | __gcov_dump(); | 56 | __gcov_dump(); |
59 | #endif | 57 | |
60 | if (setrlimit(RLIMIT_NOFILE, &rl) == -1) | 58 | if (setrlimit(RLIMIT_NOFILE, &rl) == -1) |
61 | errExit("setrlimit"); | 59 | errExit("setrlimit"); |
62 | if (arg_debug) | 60 | if (arg_debug) |
@@ -71,9 +69,9 @@ void set_rlimits(void) { | |||
71 | // set the new limit | 69 | // set the new limit |
72 | rl.rlim_cur = (rlim_t) cfg.rlimit_nproc; | 70 | rl.rlim_cur = (rlim_t) cfg.rlimit_nproc; |
73 | rl.rlim_max = (rlim_t) cfg.rlimit_nproc; | 71 | rl.rlim_max = (rlim_t) cfg.rlimit_nproc; |
74 | #ifdef HAVE_GCOV | 72 | |
75 | __gcov_dump(); | 73 | __gcov_dump(); |
76 | #endif | 74 | |
77 | if (setrlimit(RLIMIT_NPROC, &rl) == -1) | 75 | if (setrlimit(RLIMIT_NPROC, &rl) == -1) |
78 | errExit("setrlimit"); | 76 | errExit("setrlimit"); |
79 | if (arg_debug) | 77 | if (arg_debug) |
@@ -88,9 +86,9 @@ void set_rlimits(void) { | |||
88 | // set the new limit | 86 | // set the new limit |
89 | rl.rlim_cur = (rlim_t) cfg.rlimit_fsize; | 87 | rl.rlim_cur = (rlim_t) cfg.rlimit_fsize; |
90 | rl.rlim_max = (rlim_t) cfg.rlimit_fsize; | 88 | rl.rlim_max = (rlim_t) cfg.rlimit_fsize; |
91 | #ifdef HAVE_GCOV | 89 | |
92 | __gcov_dump(); | 90 | __gcov_dump(); |
93 | #endif | 91 | |
94 | if (setrlimit(RLIMIT_FSIZE, &rl) == -1) | 92 | if (setrlimit(RLIMIT_FSIZE, &rl) == -1) |
95 | errExit("setrlimit"); | 93 | errExit("setrlimit"); |
96 | if (arg_debug) | 94 | if (arg_debug) |
@@ -105,9 +103,9 @@ void set_rlimits(void) { | |||
105 | // set the new limit | 103 | // set the new limit |
106 | rl.rlim_cur = (rlim_t) cfg.rlimit_sigpending; | 104 | rl.rlim_cur = (rlim_t) cfg.rlimit_sigpending; |
107 | rl.rlim_max = (rlim_t) cfg.rlimit_sigpending; | 105 | rl.rlim_max = (rlim_t) cfg.rlimit_sigpending; |
108 | #ifdef HAVE_GCOV | 106 | |
109 | __gcov_dump(); | 107 | __gcov_dump(); |
110 | #endif | 108 | |
111 | if (setrlimit(RLIMIT_SIGPENDING, &rl) == -1) | 109 | if (setrlimit(RLIMIT_SIGPENDING, &rl) == -1) |
112 | errExit("setrlimit"); | 110 | errExit("setrlimit"); |
113 | if (arg_debug) | 111 | if (arg_debug) |
@@ -122,9 +120,9 @@ void set_rlimits(void) { | |||
122 | // set the new limit | 120 | // set the new limit |
123 | rl.rlim_cur = (rlim_t) cfg.rlimit_as; | 121 | rl.rlim_cur = (rlim_t) cfg.rlimit_as; |
124 | rl.rlim_max = (rlim_t) cfg.rlimit_as; | 122 | rl.rlim_max = (rlim_t) cfg.rlimit_as; |
125 | #ifdef HAVE_GCOV | 123 | |
126 | __gcov_dump(); | 124 | __gcov_dump(); |
127 | #endif | 125 | |
128 | if (setrlimit(RLIMIT_AS, &rl) == -1) | 126 | if (setrlimit(RLIMIT_AS, &rl) == -1) |
129 | errExit("setrlimit"); | 127 | errExit("setrlimit"); |
130 | if (arg_debug) | 128 | if (arg_debug) |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 95be3335f..59ddfb855 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -19,6 +19,7 @@ | |||
19 | */ | 19 | */ |
20 | 20 | ||
21 | #include "firejail.h" | 21 | #include "firejail.h" |
22 | #include "../include/gcov_wrapper.h" | ||
22 | #include "../include/seccomp.h" | 23 | #include "../include/seccomp.h" |
23 | #include <sys/mman.h> | 24 | #include <sys/mman.h> |
24 | #include <sys/mount.h> | 25 | #include <sys/mount.h> |
@@ -49,10 +50,6 @@ | |||
49 | #include <sys/apparmor.h> | 50 | #include <sys/apparmor.h> |
50 | #endif | 51 | #endif |
51 | 52 | ||
52 | #ifdef HAVE_GCOV | ||
53 | #include <gcov.h> | ||
54 | #endif | ||
55 | |||
56 | static int force_nonewprivs = 0; | 53 | static int force_nonewprivs = 0; |
57 | 54 | ||
58 | static int monitored_pid = 0; | 55 | static int monitored_pid = 0; |
@@ -507,9 +504,8 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) { | |||
507 | exit(1); | 504 | exit(1); |
508 | } | 505 | } |
509 | 506 | ||
510 | #ifdef HAVE_GCOV | ||
511 | __gcov_dump(); | 507 | __gcov_dump(); |
512 | #endif | 508 | |
513 | seccomp_install_filters(); | 509 | seccomp_install_filters(); |
514 | 510 | ||
515 | if (set_sandbox_status) | 511 | if (set_sandbox_status) |
@@ -563,9 +559,8 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) { | |||
563 | if (!arg_command && !arg_quiet) | 559 | if (!arg_command && !arg_quiet) |
564 | print_time(); | 560 | print_time(); |
565 | 561 | ||
566 | #ifdef HAVE_GCOV | ||
567 | __gcov_dump(); | 562 | __gcov_dump(); |
568 | #endif | 563 | |
569 | seccomp_install_filters(); | 564 | seccomp_install_filters(); |
570 | 565 | ||
571 | if (set_sandbox_status) | 566 | if (set_sandbox_status) |
@@ -1048,7 +1043,7 @@ int sandbox(void* sandbox_arg) { | |||
1048 | //**************************** | 1043 | //**************************** |
1049 | // set dns | 1044 | // set dns |
1050 | //**************************** | 1045 | //**************************** |
1051 | fs_resolvconf(); | 1046 | fs_rebuild_etc(); |
1052 | 1047 | ||
1053 | //**************************** | 1048 | //**************************** |
1054 | // start dhcp client | 1049 | // start dhcp client |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 888a6ffed..b4f3021c7 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -28,6 +28,7 @@ static char *usage_str = | |||
28 | "\n" | 28 | "\n" |
29 | "Options:\n" | 29 | "Options:\n" |
30 | " -- - signal the end of options and disables further option processing.\n" | 30 | " -- - signal the end of options and disables further option processing.\n" |
31 | " --allow=filename - allow file system access.\n" | ||
31 | " --allow-debuggers - allow tools such as strace and gdb inside the sandbox.\n" | 32 | " --allow-debuggers - allow tools such as strace and gdb inside the sandbox.\n" |
32 | " --allusers - all user home directories are visible inside the sandbox.\n" | 33 | " --allusers - all user home directories are visible inside the sandbox.\n" |
33 | " --apparmor - enable AppArmor confinement.\n" | 34 | " --apparmor - enable AppArmor confinement.\n" |
@@ -38,13 +39,12 @@ static char *usage_str = | |||
38 | #endif | 39 | #endif |
39 | " --bind=dirname1,dirname2 - mount-bind dirname1 on top of dirname2.\n" | 40 | " --bind=dirname1,dirname2 - mount-bind dirname1 on top of dirname2.\n" |
40 | " --bind=filename1,filename2 - mount-bind filename1 on top of filename2.\n" | 41 | " --bind=filename1,filename2 - mount-bind filename1 on top of filename2.\n" |
41 | " --blacklist=filename - blacklist directory or file.\n" | 42 | " --build - build a profile for the application.\n" |
42 | " --build - build a whitelisted profile for the application.\n" | 43 | " --build=filename - build a profile for the application.\n" |
43 | " --build=filename - build a whitelisted profile for the application.\n" | ||
44 | " --caps - enable default Linux capabilities filter.\n" | 44 | " --caps - enable default Linux capabilities filter.\n" |
45 | " --caps.drop=all - drop all capabilities.\n" | 45 | " --caps.drop=all - drop all capabilities.\n" |
46 | " --caps.drop=capability,capability - blacklist capabilities filter.\n" | 46 | " --caps.drop=capability,capability - drop capabilities.\n" |
47 | " --caps.keep=capability,capability - whitelist capabilities filter.\n" | 47 | " --caps.keep=capability,capability - allow capabilities.\n" |
48 | " --caps.print=name|pid - print the caps filter.\n" | 48 | " --caps.print=name|pid - print the caps filter.\n" |
49 | #ifdef HAVE_FILE_TRANSFER | 49 | #ifdef HAVE_FILE_TRANSFER |
50 | " --cat=name|pid filename - print content of file from sandbox container.\n" | 50 | " --cat=name|pid filename - print content of file from sandbox container.\n" |
@@ -58,34 +58,35 @@ static char *usage_str = | |||
58 | #ifdef HAVE_DBUSPROXY | 58 | #ifdef HAVE_DBUSPROXY |
59 | " --dbus-log=file - set DBus log file location.\n" | 59 | " --dbus-log=file - set DBus log file location.\n" |
60 | " --dbus-system=filter|none - set system DBus access policy.\n" | 60 | " --dbus-system=filter|none - set system DBus access policy.\n" |
61 | " --dbus-system.broadcast=rule - allow signals on the system DBus according to rule.\n" | 61 | " --dbus-system.broadcast=rule - allow signals on the system DBus according\n" |
62 | "\tto rule.\n" | ||
62 | " --dbus-system.call=rule - allow calls on the system DBus according to rule.\n" | 63 | " --dbus-system.call=rule - allow calls on the system DBus according to rule.\n" |
63 | " --dbus-system.log - turn on logging for the system DBus." | 64 | " --dbus-system.log - turn on logging for the system DBus.\n" |
64 | " --dbus-system.own=name - allow ownership of name on the system DBus.\n" | 65 | " --dbus-system.own=name - allow ownership of name on the system DBus.\n" |
65 | " --dbus-system.see=name - allow seeing name on the system DBus.\n" | 66 | " --dbus-system.see=name - allow seeing name on the system DBus.\n" |
66 | " --dbus-system.talk=name - allow talking to name on the system DBus.\n" | 67 | " --dbus-system.talk=name - allow talking to name on the system DBus.\n" |
67 | " --dbus-user=filter|none - set session DBus access policy.\n" | 68 | " --dbus-user=filter|none - set session DBus access policy.\n" |
68 | " --dbus-user.broadcast=rule - allow signals on the session DBus according to rule.\n" | 69 | " --dbus-user.broadcast=rule - allow signals on the session DBus according\n" |
70 | "\tto rule.\n" | ||
69 | " --dbus-user.call=rule - allow calls on the session DBus according to rule.\n" | 71 | " --dbus-user.call=rule - allow calls on the session DBus according to rule.\n" |
70 | " --dbus-user.log - turn on logging for the user DBus." | 72 | " --dbus-user.log - turn on logging for the user DBus.\n" |
71 | " --dbus-user.own=name - allow ownership of name on the session DBus.\n" | 73 | " --dbus-user.own=name - allow ownership of name on the session DBus.\n" |
72 | " --dbus-user.see=name - allow seeing name on the session DBus.\n" | 74 | " --dbus-user.see=name - allow seeing name on the session DBus.\n" |
73 | " --dbus-user.talk=name - allow talking to name on the session DBus.\n" | 75 | " --dbus-user.talk=name - allow talking to name on the session DBus.\n" |
74 | #endif | 76 | #endif |
75 | " --debug - print sandbox debug messages.\n" | 77 | " --debug - print sandbox debug messages.\n" |
76 | " --debug-blacklists - debug blacklisting.\n" | 78 | " --debug-allow - debug file system access.\n" |
79 | " --debug-deny - debug file system access.\n" | ||
77 | " --debug-caps - print all recognized capabilities.\n" | 80 | " --debug-caps - print all recognized capabilities.\n" |
78 | " --debug-errnos - print all recognized error numbers.\n" | 81 | " --debug-errnos - print all recognized error numbers.\n" |
79 | " --debug-private-lib - debug for --private-lib option.\n" | 82 | " --debug-private-lib - debug for --private-lib option.\n" |
80 | " --debug-protocols - print all recognized protocols.\n" | 83 | " --debug-protocols - print all recognized protocols.\n" |
81 | " --debug-syscalls - print all recognized system calls.\n" | 84 | " --debug-syscalls - print all recognized system calls.\n" |
82 | " --debug-syscalls32 - print all recognized 32 bit system calls.\n" | 85 | " --debug-syscalls32 - print all recognized 32 bit system calls.\n" |
83 | #ifdef HAVE_WHITELIST | ||
84 | " --debug-whitelists - debug whitelisting.\n" | ||
85 | #endif | ||
86 | #ifdef HAVE_NETWORK | 86 | #ifdef HAVE_NETWORK |
87 | " --defaultgw=address - configure default gateway.\n" | 87 | " --defaultgw=address - configure default gateway.\n" |
88 | #endif | 88 | #endif |
89 | " --deny=filename - deny access to directory or file.\n" | ||
89 | " --deterministic-exit-code - always exit with first child's status code.\n" | 90 | " --deterministic-exit-code - always exit with first child's status code.\n" |
90 | " --dns=address - set DNS server.\n" | 91 | " --dns=address - set DNS server.\n" |
91 | " --dns.print=name|pid - print DNS configuration.\n" | 92 | " --dns.print=name|pid - print DNS configuration.\n" |
@@ -143,14 +144,15 @@ static char *usage_str = | |||
143 | " --netfilter.print=name|pid - print the firewall.\n" | 144 | " --netfilter.print=name|pid - print the firewall.\n" |
144 | " --netfilter6=filename - enable IPv6 firewall.\n" | 145 | " --netfilter6=filename - enable IPv6 firewall.\n" |
145 | " --netfilter6.print=name|pid - print the IPv6 firewall.\n" | 146 | " --netfilter6.print=name|pid - print the IPv6 firewall.\n" |
146 | " --netmask=address - define a network mask when dealing with unconfigured" | 147 | " --netmask=address - define a network mask when dealing with unconfigured\n" |
147 | "\tparrent interfaces.\n" | 148 | "\tparrent interfaces.\n" |
148 | " --netns=name - Run the program in a named, persistent network namespace.\n" | 149 | " --netns=name - Run the program in a named, persistent network namespace.\n" |
149 | " --netstats - monitor network statistics.\n" | 150 | " --netstats - monitor network statistics.\n" |
150 | #endif | 151 | #endif |
151 | " --nice=value - set nice value.\n" | 152 | " --nice=value - set nice value.\n" |
152 | " --no3d - disable 3D hardware acceleration.\n" | 153 | " --no3d - disable 3D hardware acceleration.\n" |
153 | " --noblacklist=filename - disable blacklist for file or directory.\n" | 154 | " --noallow=filename - disable allow command for file or directory.\n" |
155 | " --nodeny=filename - disable deny command for file or directory.\n" | ||
154 | " --nodbus - disable D-Bus access.\n" | 156 | " --nodbus - disable D-Bus access.\n" |
155 | " --nodvd - disable DVD and audio CD devices.\n" | 157 | " --nodvd - disable DVD and audio CD devices.\n" |
156 | " --noexec=filename - remount the file or directory noexec nosuid and nodev.\n" | 158 | " --noexec=filename - remount the file or directory noexec nosuid and nodev.\n" |
@@ -165,7 +167,6 @@ static char *usage_str = | |||
165 | " --noautopulse - disable automatic ~/.config/pulse init.\n" | 167 | " --noautopulse - disable automatic ~/.config/pulse init.\n" |
166 | " --novideo - disable video devices.\n" | 168 | " --novideo - disable video devices.\n" |
167 | " --nou2f - disable U2F devices.\n" | 169 | " --nou2f - disable U2F devices.\n" |
168 | " --nowhitelist=filename - disable whitelist for file or directory.\n" | ||
169 | #ifdef HAVE_OUTPUT | 170 | #ifdef HAVE_OUTPUT |
170 | " --output=logfile - stdout logging and log rotation.\n" | 171 | " --output=logfile - stdout logging and log rotation.\n" |
171 | " --output-stderr=logfile - stdout and stderr logging and log rotation.\n" | 172 | " --output-stderr=logfile - stdout and stderr logging and log rotation.\n" |
@@ -222,14 +223,14 @@ static char *usage_str = | |||
222 | #ifdef HAVE_NETWORK | 223 | #ifdef HAVE_NETWORK |
223 | " --scan - ARP-scan all the networks from inside a network namespace.\n" | 224 | " --scan - ARP-scan all the networks from inside a network namespace.\n" |
224 | #endif | 225 | #endif |
225 | " --seccomp - enable seccomp filter and apply the default blacklist.\n" | 226 | " --seccomp - enable seccomp filter and drop the default syscalls.\n" |
226 | " --seccomp=syscall,syscall,syscall - enable seccomp filter, blacklist the\n" | 227 | " --seccomp=syscall,syscall,syscall - enable seccomp filter, drop the\n" |
227 | "\tdefault syscall list and the syscalls specified by the command.\n" | 228 | "\tdefault syscall list and the syscalls specified by the command.\n" |
228 | " --seccomp.block-secondary - build only the native architecture filters.\n" | 229 | " --seccomp.block-secondary - build only the native architecture filters.\n" |
229 | " --seccomp.drop=syscall,syscall,syscall - enable seccomp filter, and\n" | 230 | " --seccomp.drop=syscall,syscall,syscall - enable seccomp filter, and\n" |
230 | "\tblacklist the syscalls specified by the command.\n" | 231 | "\tdrop the syscalls specified by the command.\n" |
231 | " --seccomp.keep=syscall,syscall,syscall - enable seccomp filter, and\n" | 232 | " --seccomp.keep=syscall,syscall,syscall - enable seccomp filter, and\n" |
232 | "\twhitelist the syscalls specified by the command.\n" | 233 | "\tallow the syscalls specified by the command.\n" |
233 | " --seccomp.print=name|pid - print the seccomp filter for the sandbox\n" | 234 | " --seccomp.print=name|pid - print the seccomp filter for the sandbox\n" |
234 | "\tidentified by name or PID.\n" | 235 | "\tidentified by name or PID.\n" |
235 | " --seccomp.32[.drop,.keep][=syscall] - like above but for 32 bit architecture.\n" | 236 | " --seccomp.32[.drop,.keep][=syscall] - like above but for 32 bit architecture.\n" |
@@ -244,7 +245,7 @@ static char *usage_str = | |||
244 | " --top - monitor the most CPU-intensive sandboxes.\n" | 245 | " --top - monitor the most CPU-intensive sandboxes.\n" |
245 | " --trace - trace open, access and connect system calls.\n" | 246 | " --trace - trace open, access and connect system calls.\n" |
246 | " --tracelog - add a syslog message for every access to files or\n" | 247 | " --tracelog - add a syslog message for every access to files or\n" |
247 | "\tdirectories blacklisted by the security profile.\n" | 248 | "\tdirectories dropped by the security profile.\n" |
248 | " --tree - print a tree of all sandboxed processes.\n" | 249 | " --tree - print a tree of all sandboxed processes.\n" |
249 | " --tunnel[=devname] - connect the sandbox to a tunnel created by\n" | 250 | " --tunnel[=devname] - connect the sandbox to a tunnel created by\n" |
250 | "\tfiretunnel utility.\n" | 251 | "\tfiretunnel utility.\n" |
@@ -252,9 +253,6 @@ static char *usage_str = | |||
252 | #ifdef HAVE_NETWORK | 253 | #ifdef HAVE_NETWORK |
253 | " --veth-name=name - use this name for the interface connected to the bridge.\n" | 254 | " --veth-name=name - use this name for the interface connected to the bridge.\n" |
254 | #endif | 255 | #endif |
255 | #ifdef HAVE_WHITELIST | ||
256 | " --whitelist=filename - whitelist directory or file.\n" | ||
257 | #endif | ||
258 | " --writable-etc - /etc directory is mounted read-write.\n" | 256 | " --writable-etc - /etc directory is mounted read-write.\n" |
259 | " --writable-run-user - allow access to /run/user/$UID/systemd and\n" | 257 | " --writable-run-user - allow access to /run/user/$UID/systemd and\n" |
260 | "\t/run/user/$UID/gnupg.\n" | 258 | "\t/run/user/$UID/gnupg.\n" |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 2ff2d2973..094a68c60 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -19,6 +19,7 @@ | |||
19 | */ | 19 | */ |
20 | #define _XOPEN_SOURCE 500 | 20 | #define _XOPEN_SOURCE 500 |
21 | #include "firejail.h" | 21 | #include "firejail.h" |
22 | #include "../include/gcov_wrapper.h" | ||
22 | #include <ftw.h> | 23 | #include <ftw.h> |
23 | #include <sys/stat.h> | 24 | #include <sys/stat.h> |
24 | #include <sys/mount.h> | 25 | #include <sys/mount.h> |
@@ -44,10 +45,6 @@ | |||
44 | #include <linux/openat2.h> | 45 | #include <linux/openat2.h> |
45 | #endif | 46 | #endif |
46 | 47 | ||
47 | #ifdef HAVE_GCOV | ||
48 | #include <gcov.h> | ||
49 | #endif | ||
50 | |||
51 | #define MAX_GROUPS 1024 | 48 | #define MAX_GROUPS 1024 |
52 | #define MAXBUF 4098 | 49 | #define MAXBUF 4098 |
53 | #define EMPTY_STRING ("") | 50 | #define EMPTY_STRING ("") |
@@ -382,9 +379,9 @@ void copy_file_as_user(const char *srcname, const char *destname, mode_t mode) { | |||
382 | int rv = copy_file(srcname, destname, -1, -1, mode); // already a regular user | 379 | int rv = copy_file(srcname, destname, -1, -1, mode); // already a regular user |
383 | if (rv) | 380 | if (rv) |
384 | fwarning("cannot copy %s\n", srcname); | 381 | fwarning("cannot copy %s\n", srcname); |
385 | #ifdef HAVE_GCOV | 382 | |
386 | __gcov_flush(); | 383 | __gcov_flush(); |
387 | #endif | 384 | |
388 | _exit(0); | 385 | _exit(0); |
389 | } | 386 | } |
390 | // wait for the child to finish | 387 | // wait for the child to finish |
@@ -416,9 +413,9 @@ void copy_file_from_user_to_root(const char *srcname, const char *destname, uid_ | |||
416 | close(src); | 413 | close(src); |
417 | } | 414 | } |
418 | close(dst); | 415 | close(dst); |
419 | #ifdef HAVE_GCOV | 416 | |
420 | __gcov_flush(); | 417 | __gcov_flush(); |
421 | #endif | 418 | |
422 | _exit(0); | 419 | _exit(0); |
423 | } | 420 | } |
424 | // wait for the child to finish | 421 | // wait for the child to finish |
@@ -447,9 +444,9 @@ void touch_file_as_user(const char *fname, mode_t mode) { | |||
447 | } | 444 | } |
448 | else | 445 | else |
449 | fwarning("cannot create %s\n", fname); | 446 | fwarning("cannot create %s\n", fname); |
450 | #ifdef HAVE_GCOV | 447 | |
451 | __gcov_flush(); | 448 | __gcov_flush(); |
452 | #endif | 449 | |
453 | _exit(0); | 450 | _exit(0); |
454 | } | 451 | } |
455 | // wait for the child to finish | 452 | // wait for the child to finish |
@@ -1056,9 +1053,9 @@ int remove_overlay_directory(void) { | |||
1056 | // remove ~/.firejail | 1053 | // remove ~/.firejail |
1057 | if (rmdir(path) == -1) | 1054 | if (rmdir(path) == -1) |
1058 | errExit("rmdir"); | 1055 | errExit("rmdir"); |
1059 | #ifdef HAVE_GCOV | 1056 | |
1060 | __gcov_flush(); | 1057 | __gcov_flush(); |
1061 | #endif | 1058 | |
1062 | _exit(0); | 1059 | _exit(0); |
1063 | } | 1060 | } |
1064 | // wait for the child to finish | 1061 | // wait for the child to finish |
@@ -1114,9 +1111,9 @@ int create_empty_dir_as_user(const char *dir, mode_t mode) { | |||
1114 | } | 1111 | } |
1115 | else if (arg_debug) | 1112 | else if (arg_debug) |
1116 | printf("Directory %s not created: %s\n", dir, strerror(errno)); | 1113 | printf("Directory %s not created: %s\n", dir, strerror(errno)); |
1117 | #ifdef HAVE_GCOV | 1114 | |
1118 | __gcov_flush(); | 1115 | __gcov_flush(); |
1119 | #endif | 1116 | |
1120 | _exit(0); | 1117 | _exit(0); |
1121 | } | 1118 | } |
1122 | waitpid(child, NULL, 0); | 1119 | waitpid(child, NULL, 0); |
diff --git a/src/firemon/interface.c b/src/firemon/interface.c index b93d4a5a2..780e3d706 100644 --- a/src/firemon/interface.c +++ b/src/firemon/interface.c | |||
@@ -18,6 +18,7 @@ | |||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "firemon.h" | 20 | #include "firemon.h" |
21 | #include "../include/gcov_wrapper.h" | ||
21 | #include <sys/types.h> | 22 | #include <sys/types.h> |
22 | #include <sys/wait.h> | 23 | #include <sys/wait.h> |
23 | #include <netdb.h> | 24 | #include <netdb.h> |
@@ -33,10 +34,6 @@ | |||
33 | //#include <net/route.h> | 34 | //#include <net/route.h> |
34 | //#include <linux/if_bridge.h> | 35 | //#include <linux/if_bridge.h> |
35 | 36 | ||
36 | #ifdef HAVE_GCOV | ||
37 | #include <gcov.h> | ||
38 | #endif | ||
39 | |||
40 | // print IP addresses for all interfaces | 37 | // print IP addresses for all interfaces |
41 | static void net_ifprint(void) { | 38 | static void net_ifprint(void) { |
42 | uint32_t ip; | 39 | uint32_t ip; |
@@ -149,9 +146,9 @@ static void print_sandbox(pid_t pid) { | |||
149 | if (rv) | 146 | if (rv) |
150 | return; | 147 | return; |
151 | net_ifprint(); | 148 | net_ifprint(); |
152 | #ifdef HAVE_GCOV | 149 | |
153 | __gcov_flush(); | 150 | __gcov_flush(); |
154 | #endif | 151 | |
155 | _exit(0); | 152 | _exit(0); |
156 | } | 153 | } |
157 | 154 | ||
diff --git a/src/firemon/netstats.c b/src/firemon/netstats.c index 23d228e26..9d8e5d7f5 100644 --- a/src/firemon/netstats.c +++ b/src/firemon/netstats.c | |||
@@ -18,16 +18,13 @@ | |||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "firemon.h" | 20 | #include "firemon.h" |
21 | #include "../include/gcov_wrapper.h" | ||
21 | #include <termios.h> | 22 | #include <termios.h> |
22 | #include <sys/ioctl.h> | 23 | #include <sys/ioctl.h> |
23 | #include <sys/types.h> | 24 | #include <sys/types.h> |
24 | #include <sys/stat.h> | 25 | #include <sys/stat.h> |
25 | #include <unistd.h> | 26 | #include <unistd.h> |
26 | 27 | ||
27 | #ifdef HAVE_GCOV | ||
28 | #include <gcov.h> | ||
29 | #endif | ||
30 | |||
31 | #define MAXBUF 4096 | 28 | #define MAXBUF 4096 |
32 | 29 | ||
33 | // ip -s link: device stats | 30 | // ip -s link: device stats |
@@ -246,8 +243,7 @@ void netstats(void) { | |||
246 | print_proc(i, itv, col); | 243 | print_proc(i, itv, col); |
247 | } | 244 | } |
248 | } | 245 | } |
249 | #ifdef HAVE_GCOV | 246 | |
250 | __gcov_flush(); | 247 | __gcov_flush(); |
251 | #endif | ||
252 | } | 248 | } |
253 | } | 249 | } |
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 4e809681e..716a9cba4 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c | |||
@@ -18,6 +18,7 @@ | |||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "firemon.h" | 20 | #include "firemon.h" |
21 | #include "../include/gcov_wrapper.h" | ||
21 | #include <sys/socket.h> | 22 | #include <sys/socket.h> |
22 | #include <linux/connector.h> | 23 | #include <linux/connector.h> |
23 | #include <linux/netlink.h> | 24 | #include <linux/netlink.h> |
@@ -30,10 +31,6 @@ | |||
30 | #include <fcntl.h> | 31 | #include <fcntl.h> |
31 | #include <sys/uio.h> | 32 | #include <sys/uio.h> |
32 | 33 | ||
33 | #ifdef HAVE_GCOV | ||
34 | #include <gcov.h> | ||
35 | #endif | ||
36 | |||
37 | #define PIDS_BUFLEN 4096 | 34 | #define PIDS_BUFLEN 4096 |
38 | #define SERVER_PORT 889 // 889-899 is left unassigned by IANA | 35 | #define SERVER_PORT 889 // 889-899 is left unassigned by IANA |
39 | 36 | ||
@@ -234,9 +231,7 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my | |||
234 | tv.tv_usec = 0; | 231 | tv.tv_usec = 0; |
235 | 232 | ||
236 | while (1) { | 233 | while (1) { |
237 | #ifdef HAVE_GCOV | ||
238 | __gcov_flush(); | 234 | __gcov_flush(); |
239 | #endif | ||
240 | 235 | ||
241 | #define BUFFSIZE 4096 | 236 | #define BUFFSIZE 4096 |
242 | char __attribute__ ((aligned(NLMSG_ALIGNTO)))buf[BUFFSIZE]; | 237 | char __attribute__ ((aligned(NLMSG_ALIGNTO)))buf[BUFFSIZE]; |
diff --git a/src/firemon/top.c b/src/firemon/top.c index 9d6f34991..2217cc7de 100644 --- a/src/firemon/top.c +++ b/src/firemon/top.c | |||
@@ -18,16 +18,13 @@ | |||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "firemon.h" | 20 | #include "firemon.h" |
21 | #include "../include/gcov_wrapper.h" | ||
21 | #include <termios.h> | 22 | #include <termios.h> |
22 | #include <sys/ioctl.h> | 23 | #include <sys/ioctl.h> |
23 | #include <sys/types.h> | 24 | #include <sys/types.h> |
24 | #include <sys/stat.h> | 25 | #include <sys/stat.h> |
25 | #include <unistd.h> | 26 | #include <unistd.h> |
26 | 27 | ||
27 | #ifdef HAVE_GCOV | ||
28 | #include <gcov.h> | ||
29 | #endif | ||
30 | |||
31 | static unsigned pgs_rss = 0; | 28 | static unsigned pgs_rss = 0; |
32 | static unsigned pgs_shared = 0; | 29 | static unsigned pgs_shared = 0; |
33 | static unsigned clocktick = 0; | 30 | static unsigned clocktick = 0; |
@@ -330,8 +327,7 @@ void top(void) { | |||
330 | } | 327 | } |
331 | } | 328 | } |
332 | head_print(col, row); | 329 | head_print(col, row); |
333 | #ifdef HAVE_GCOV | 330 | |
334 | __gcov_flush(); | 331 | __gcov_flush(); |
335 | #endif | ||
336 | } | 332 | } |
337 | } | 333 | } |
diff --git a/src/include/gcov_wrapper.h b/src/include/gcov_wrapper.h new file mode 100644 index 000000000..4aafb8e18 --- /dev/null +++ b/src/include/gcov_wrapper.h | |||
@@ -0,0 +1,46 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2021 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | |||
21 | #ifndef GCOV_WRAPPER_H | ||
22 | #define GCOV_WRAPPER_H | ||
23 | |||
24 | #ifdef HAS_GCOV | ||
25 | #include <gcov.h> | ||
26 | |||
27 | /* | ||
28 | * __gcov_flush was removed on gcc 11.1.0 (as it's no longer needed), but it | ||
29 | * appears to be the safe/"correct" way to do things on previous versions (as | ||
30 | * it ensured proper locking, which is now done elsewhere). Thus, keep using | ||
31 | * it in the code and ensure that it exists, in order to support gcc <11.1.0 | ||
32 | * and gcc >=11.1.0, respectively. | ||
33 | */ | ||
34 | #if __GNUC__ > 11 || (__GNUC__ == 11 && __GNUC_MINOR__ >= 1) | ||
35 | static void __gcov_flush(void) { | ||
36 | __gcov_dump(); | ||
37 | __gcov_reset(); | ||
38 | } | ||
39 | #endif | ||
40 | #else | ||
41 | #define __gcov_dump() ((void)0) | ||
42 | #define __gcov_reset() ((void)0) | ||
43 | #define __gcov_flush() ((void)0) | ||
44 | #endif /* HAS_GCOV */ | ||
45 | |||
46 | #endif /* GCOV_WRAPPER_H */ | ||
diff --git a/src/lib/syscall.c b/src/lib/syscall.c index b3131ac17..d0d9ff5aa 100644 --- a/src/lib/syscall.c +++ b/src/lib/syscall.c | |||
@@ -253,9 +253,6 @@ static const SyscallGroupList sysgroups[] = { | |||
253 | #ifdef SYS_fanotify_init | 253 | #ifdef SYS_fanotify_init |
254 | "fanotify_init," | 254 | "fanotify_init," |
255 | #endif | 255 | #endif |
256 | #ifdef SYS_kcmp | ||
257 | "kcmp," | ||
258 | #endif | ||
259 | #ifdef SYS_add_key | 256 | #ifdef SYS_add_key |
260 | "add_key," | 257 | "add_key," |
261 | #endif | 258 | #endif |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index db58e0910..34f5e8bf9 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -156,7 +156,7 @@ Scripting commands: | |||
156 | \fBFile and directory names | 156 | \fBFile and directory names |
157 | File and directory names containing spaces are supported. The space character ' ' should not be escaped. | 157 | File and directory names containing spaces are supported. The space character ' ' should not be escaped. |
158 | 158 | ||
159 | Example: "blacklist ~/My Virtual Machines" | 159 | Example: "deny ~/My Virtual Machines" |
160 | 160 | ||
161 | .TP | 161 | .TP |
162 | \fB# this is a comment | 162 | \fB# this is a comment |
@@ -170,9 +170,9 @@ net none # this command creates an empty network namespace | |||
170 | \fB?CONDITIONAL: profile line | 170 | \fB?CONDITIONAL: profile line |
171 | Conditionally add profile line. | 171 | Conditionally add profile line. |
172 | 172 | ||
173 | Example: "?HAS_APPIMAGE: whitelist ${HOME}/special/appimage/dir" | 173 | Example: "?HAS_APPIMAGE: allow ${HOME}/special/appimage/dir" |
174 | 174 | ||
175 | This example will load the whitelist profile line only if the \-\-appimage option has been specified on the command line. | 175 | This example will load the profile line only if the \-\-appimage option has been specified on the command line. |
176 | 176 | ||
177 | Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NET, HAS_NODBUS, HAS_NOSOUND, HAS_PRIVATE and HAS_X11. The conditionals BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM | 177 | Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NET, HAS_NODBUS, HAS_NOSOUND, HAS_PRIVATE and HAS_X11. The conditionals BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM |
178 | can be enabled or disabled globally in Firejail's configuration file. | 178 | can be enabled or disabled globally in Firejail's configuration file. |
@@ -205,16 +205,16 @@ storing modifications to the persistent configuration. Persistent .local files | |||
205 | are included at the start of regular profile files. | 205 | are included at the start of regular profile files. |
206 | 206 | ||
207 | .TP | 207 | .TP |
208 | \fBnoblacklist file_name | 208 | \fBnoallow file_name |
209 | If the file name matches file_name, the file will not be blacklisted in any blacklist commands that follow. | 209 | If the file name matches file_name, the file will not be allowed in any allow commands that follow. |
210 | 210 | ||
211 | Example: "noblacklist ${HOME}/.mozilla" | 211 | Example: "nowhitelist ~/.config" |
212 | 212 | ||
213 | .TP | 213 | .TP |
214 | \fBnowhitelist file_name | 214 | \fBnodeny file_name |
215 | If the file name matches file_name, the file will not be whitelisted in any whitelist commands that follow. | 215 | If the file name matches file_name, the file will not be denied any deny commands that follow. |
216 | 216 | ||
217 | Example: "nowhitelist ~/.config" | 217 | Example: "nodeny ${HOME}/.mozilla" |
218 | 218 | ||
219 | .TP | 219 | .TP |
220 | \fBignore | 220 | \fBignore |
@@ -242,19 +242,17 @@ HOME directories are searched, see the \fBfirejail\f(1) \fBFILE GLOBBING\fR sect | |||
242 | for more details. | 242 | for more details. |
243 | Examples: | 243 | Examples: |
244 | .TP | 244 | .TP |
245 | \fBblacklist file_or_directory | 245 | \fBallow file_or_directory |
246 | Blacklist directory or file. Examples: | 246 | Allow directory or file. A temporary file system is mounted on the top directory, and the |
247 | allowed files are mount-binded inside. Modifications to allowd files are persistent, | ||
248 | everything else is discarded when the sandbox is closed. The top directory can be | ||
249 | all directories in / (except /proc and /sys), /sys/module, /run/user/$UID, $HOME and | ||
250 | all directories in /usr. | ||
247 | .br | 251 | .br |
248 | 252 | ||
249 | .br | 253 | .br |
250 | blacklist /usr/bin | 254 | Symbolic link handling: with the exception of user home, both the link and the real file should be in |
251 | .br | 255 | the same top directory. For user home, both the link and the real file should be owned by the user. |
252 | blacklist /usr/bin/gcc* | ||
253 | .br | ||
254 | blacklist ${PATH}/ifconfig | ||
255 | .br | ||
256 | blacklist ${HOME}/.ssh | ||
257 | |||
258 | .TP | 256 | .TP |
259 | \fBblacklist-nolog file_or_directory | 257 | \fBblacklist-nolog file_or_directory |
260 | When --tracelog flag is set, blacklisting generates syslog messages if the sandbox tries to access the file or directory. | 258 | When --tracelog flag is set, blacklisting generates syslog messages if the sandbox tries to access the file or directory. |
@@ -273,6 +271,20 @@ Mount-bind directory1 on top of directory2. This option is only available when r | |||
273 | \fBbind file1,file2 | 271 | \fBbind file1,file2 |
274 | Mount-bind file1 on top of file2. This option is only available when running as root. | 272 | Mount-bind file1 on top of file2. This option is only available when running as root. |
275 | .TP | 273 | .TP |
274 | \fBdeny file_or_directory | ||
275 | Deny access to directory or file. Examples: | ||
276 | .br | ||
277 | |||
278 | .br | ||
279 | deny /usr/bin | ||
280 | .br | ||
281 | deny /usr/bin/gcc* | ||
282 | .br | ||
283 | deny ${PATH}/ifconfig | ||
284 | .br | ||
285 | deny ${HOME}/.ssh | ||
286 | |||
287 | .TP | ||
276 | \fBdisable-mnt | 288 | \fBdisable-mnt |
277 | Disable /mnt, /media, /run/mount and /run/media access. | 289 | Disable /mnt, /media, /run/mount and /run/media access. |
278 | .TP | 290 | .TP |
@@ -292,7 +304,7 @@ The directory is created if it doesn't already exist. | |||
292 | .br | 304 | .br |
293 | 305 | ||
294 | .br | 306 | .br |
295 | Use this command for whitelisted directories you need to preserve | 307 | Use this command for allowed directories you need to preserve |
296 | when the sandbox is closed. Without it, the application will create the directory, and the directory | 308 | when the sandbox is closed. Without it, the application will create the directory, and the directory |
297 | will be deleted when the sandbox is closed. Subdirectories are recursively created. Example from | 309 | will be deleted when the sandbox is closed. Subdirectories are recursively created. Example from |
298 | firefox profile: | 310 | firefox profile: |
@@ -305,7 +317,7 @@ whitelist ~/.mozilla | |||
305 | .br | 317 | .br |
306 | mkdir ~/.cache/mozilla/firefox | 318 | mkdir ~/.cache/mozilla/firefox |
307 | .br | 319 | .br |
308 | whitelist ~/.cache/mozilla/firefox | 320 | allow ~/.cache/mozilla/firefox |
309 | .br | 321 | .br |
310 | 322 | ||
311 | .br | 323 | .br |
@@ -411,7 +423,7 @@ expressed as foo/bar -- is disallowed). | |||
411 | All modifications are discarded when the sandbox is closed. | 423 | All modifications are discarded when the sandbox is closed. |
412 | .TP | 424 | .TP |
413 | \fBprivate-tmp | 425 | \fBprivate-tmp |
414 | Mount an empty temporary filesystem on top of /tmp directory whitelisting /tmp/.X11-unix. | 426 | Mount an empty temporary filesystem on top of /tmp directory allowing /tmp/.X11-unix. |
415 | .TP | 427 | .TP |
416 | \fBread-only file_or_directory | 428 | \fBread-only file_or_directory |
417 | Make directory or file read-only. | 429 | Make directory or file read-only. |
@@ -423,25 +435,13 @@ Make directory or file read-write. | |||
423 | Mount an empty tmpfs filesystem on top of directory. Directories outside user home or not owned by the user are not allowed. Sandboxes running as root are exempt from these restrictions. | 435 | Mount an empty tmpfs filesystem on top of directory. Directories outside user home or not owned by the user are not allowed. Sandboxes running as root are exempt from these restrictions. |
424 | .TP | 436 | .TP |
425 | \fBtracelog | 437 | \fBtracelog |
426 | Blacklist violations logged to syslog. | 438 | File system deny violations logged to syslog. |
427 | .TP | ||
428 | \fBwhitelist file_or_directory | ||
429 | Whitelist directory or file. A temporary file system is mounted on the top directory, and the | ||
430 | whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent, | ||
431 | everything else is discarded when the sandbox is closed. The top directory can be | ||
432 | all directories in / (except /proc and /sys), /sys/module, /run/user/$UID, $HOME and | ||
433 | all directories in /usr. | ||
434 | .br | ||
435 | |||
436 | .br | ||
437 | Symbolic link handling: with the exception of user home, both the link and the real file should be in | ||
438 | the same top directory. For user home, both the link and the real file should be owned by the user. | ||
439 | .TP | 439 | .TP |
440 | \fBwritable-etc | 440 | \fBwritable-etc |
441 | Mount /etc directory read-write. | 441 | Mount /etc directory read-write. |
442 | .TP | 442 | .TP |
443 | \fBwritable-run-user | 443 | \fBwritable-run-user |
444 | Disable the default blacklisting of run/user/$UID/systemd and /run/user/$UID/gnupg. | 444 | Disable the default denying of run/user/$UID/systemd and /run/user/$UID/gnupg. |
445 | .TP | 445 | .TP |
446 | \fBwritable-var | 446 | \fBwritable-var |
447 | Mount /var directory read-write. | 447 | Mount /var directory read-write. |
@@ -455,7 +455,7 @@ The following security filters are currently implemented: | |||
455 | 455 | ||
456 | .TP | 456 | .TP |
457 | \fBallow-debuggers | 457 | \fBallow-debuggers |
458 | Allow tools such as strace and gdb inside the sandbox by whitelisting system calls ptrace and process_vm_readv. | 458 | Allow tools such as strace and gdb inside the sandbox by allowing system calls ptrace and process_vm_readv. |
459 | #ifdef HAVE_APPARMOR | 459 | #ifdef HAVE_APPARMOR |
460 | .TP | 460 | .TP |
461 | \fBapparmor | 461 | \fBapparmor |
@@ -466,13 +466,13 @@ Enable AppArmor confinement. | |||
466 | Enable default Linux capabilities filter. | 466 | Enable default Linux capabilities filter. |
467 | .TP | 467 | .TP |
468 | \fBcaps.drop capability,capability,capability | 468 | \fBcaps.drop capability,capability,capability |
469 | Blacklist given Linux capabilities. | 469 | Deny given Linux capabilities. |
470 | .TP | 470 | .TP |
471 | \fBcaps.drop all | 471 | \fBcaps.drop all |
472 | Blacklist all Linux capabilities. | 472 | Deny all Linux capabilities. |
473 | .TP | 473 | .TP |
474 | \fBcaps.keep capability,capability,capability | 474 | \fBcaps.keep capability,capability,capability |
475 | Whitelist given Linux capabilities. | 475 | Allow given Linux capabilities. |
476 | .TP | 476 | .TP |
477 | \fBmemory-deny-write-execute | 477 | \fBmemory-deny-write-execute |
478 | Install a seccomp filter to block attempts to create memory mappings | 478 | Install a seccomp filter to block attempts to create memory mappings |
@@ -497,32 +497,32 @@ first argument to socket system call. Recognized values: \fBunix\fR, | |||
497 | \fBinet\fR, \fBinet6\fR, \fBnetlink\fR, \fBpacket\fR and \fBbluetooth\fR. | 497 | \fBinet\fR, \fBinet6\fR, \fBnetlink\fR, \fBpacket\fR and \fBbluetooth\fR. |
498 | .TP | 498 | .TP |
499 | \fBseccomp | 499 | \fBseccomp |
500 | Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details. | 500 | Enable seccomp filter and deny the syscalls in the default list. See man 1 firejail for more details. |
501 | .TP | 501 | .TP |
502 | \fBseccomp.32 | 502 | \fBseccomp.32 |
503 | Enable seccomp filter and blacklist the syscalls in the default list for 32 bit system calls on a 64 bit architecture system. | 503 | Enable seccomp filter and deny the syscalls in the default list for 32 bit system calls on a 64 bit architecture system. |
504 | .TP | 504 | .TP |
505 | \fBseccomp syscall,syscall,syscall | 505 | \fBseccomp syscall,syscall,syscall |
506 | Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter. | 506 | Enable seccomp filter and deny the system calls in the list on top of default seccomp filter. |
507 | .TP | 507 | .TP |
508 | \fBseccomp.32 syscall,syscall,syscall | 508 | \fBseccomp.32 syscall,syscall,syscall |
509 | Enable seccomp filter and blacklist the system calls in the list on top of default seccomp filter for 32 bit system calls on a 64 bit architecture system. | 509 | Enable seccomp filter and deny the system calls in the list on top of default seccomp filter for 32 bit system calls on a 64 bit architecture system. |
510 | .TP | 510 | .TP |
511 | \fBseccomp.block-secondary | 511 | \fBseccomp.block-secondary |
512 | Enable seccomp filter and filter system call architectures | 512 | Enable seccomp filter and filter system call architectures |
513 | so that only the native architecture is allowed. | 513 | so that only the native architecture is allowed. |
514 | .TP | 514 | .TP |
515 | \fBseccomp.drop syscall,syscall,syscall | 515 | \fBseccomp.drop syscall,syscall,syscall |
516 | Enable seccomp filter and blacklist the system calls in the list. | 516 | Enable seccomp filter and deny the system calls in the list. |
517 | .TP | 517 | .TP |
518 | \fBseccomp.32.drop syscall,syscall,syscall | 518 | \fBseccomp.32.drop syscall,syscall,syscall |
519 | Enable seccomp filter and blacklist the system calls in the list for 32 bit system calls on a 64 bit architecture system. | 519 | Enable seccomp filter and deny the system calls in the list for 32 bit system calls on a 64 bit architecture system. |
520 | .TP | 520 | .TP |
521 | \fBseccomp.keep syscall,syscall,syscall | 521 | \fBseccomp.keep syscall,syscall,syscall |
522 | Enable seccomp filter and whitelist the system calls in the list. | 522 | Enable seccomp filter and allow the system calls in the list. |
523 | .TP | 523 | .TP |
524 | \fBseccomp.32.keep syscall,syscall,syscall | 524 | \fBseccomp.32.keep syscall,syscall,syscall |
525 | Enable seccomp filter and whitelist the system calls in the list for 32 bit system calls on a 64 bit architecture system. | 525 | Enable seccomp filter and allow the system calls in the list for 32 bit system calls on a 64 bit architecture system. |
526 | .TP | 526 | .TP |
527 | \fBseccomp-error-action kill | log | ERRNO | 527 | \fBseccomp-error-action kill | log | ERRNO |
528 | Return a different error instead of EPERM to the process, kill it when | 528 | Return a different error instead of EPERM to the process, kill it when |
@@ -534,7 +534,7 @@ attempt. | |||
534 | Enable X11 sandboxing. | 534 | Enable X11 sandboxing. |
535 | .TP | 535 | .TP |
536 | \fBx11 none | 536 | \fBx11 none |
537 | Blacklist /tmp/.X11-unix directory, ${HOME}/.Xauthority and file specified in ${XAUTHORITY} environment variable. | 537 | Deny access to /tmp/.X11-unix directory, ${HOME}/.Xauthority and file specified in ${XAUTHORITY} environment variable. |
538 | Remove DISPLAY and XAUTHORITY environment variables. | 538 | Remove DISPLAY and XAUTHORITY environment variables. |
539 | Stop with error message if X11 abstract socket will be accessible in jail. | 539 | Stop with error message if X11 abstract socket will be accessible in jail. |
540 | .TP | 540 | .TP |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 0462705c0..498ff9aa9 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -99,6 +99,40 @@ $ firejail [OPTIONS] firefox # starting Mozilla Firefox | |||
99 | \fB\-\- | 99 | \fB\-\- |
100 | Signal the end of options and disables further option processing. | 100 | Signal the end of options and disables further option processing. |
101 | .TP | 101 | .TP |
102 | \fB\-\-allow=dirname_or_filename | ||
103 | Allow access to a directory or file. A temporary file system is mounted on the top directory, and the | ||
104 | allowed files are mount-binded inside. Modifications to allowed files are persistent, | ||
105 | everything else is discarded when the sandbox is closed. The top directory can be | ||
106 | all directories in / (except /proc and /sys), /sys/module, /run/user/$UID, $HOME and | ||
107 | all directories in /usr. | ||
108 | .br | ||
109 | |||
110 | .br | ||
111 | Symbolic link handling: with the exception of user home, both the link and the real file should be in | ||
112 | the same top directory. For user home, both the link and the real file should be owned by the user. | ||
113 | .br | ||
114 | |||
115 | .br | ||
116 | File globbing is supported, see \fBFILE GLOBBING\fR section for more details. | ||
117 | .br | ||
118 | |||
119 | .br | ||
120 | Example: | ||
121 | .br | ||
122 | $ firejail \-\-noprofile \-\-allow=~/.mozilla | ||
123 | .br | ||
124 | $ firejail \-\-allow=/tmp/.X11-unix --allow=/dev/null | ||
125 | .br | ||
126 | $ firejail "\-\-allow=/home/username/My Virtual Machines" | ||
127 | .br | ||
128 | $ firejail \-\-allow=~/work* \-\-allow=/var/backups* | ||
129 | |||
130 | |||
131 | |||
132 | |||
133 | |||
134 | |||
135 | .TP | ||
102 | \fB\-\-allow-debuggers | 136 | \fB\-\-allow-debuggers |
103 | Allow tools such as strace and gdb inside the sandbox by whitelisting | 137 | Allow tools such as strace and gdb inside the sandbox by whitelisting |
104 | system calls ptrace and process_vm_readv. This option is only | 138 | system calls ptrace and process_vm_readv. This option is only |
@@ -169,21 +203,6 @@ Example: | |||
169 | .br | 203 | .br |
170 | # firejail \-\-bind=/config/etc/passwd,/etc/passwd | 204 | # firejail \-\-bind=/config/etc/passwd,/etc/passwd |
171 | .TP | 205 | .TP |
172 | \fB\-\-blacklist=dirname_or_filename | ||
173 | Blacklist directory or file. File globbing is supported, see \fBFILE GLOBBING\fR section for more details. | ||
174 | .br | ||
175 | |||
176 | .br | ||
177 | Example: | ||
178 | .br | ||
179 | $ firejail \-\-blacklist=/sbin \-\-blacklist=/usr/sbin | ||
180 | .br | ||
181 | $ firejail \-\-blacklist=~/.mozilla | ||
182 | .br | ||
183 | $ firejail "\-\-blacklist=/home/username/My Virtual Machines" | ||
184 | .br | ||
185 | $ firejail \-\-blacklist=/home/username/My\\ Virtual\\ Machines | ||
186 | .TP | ||
187 | \fB\-\-build | 206 | \fB\-\-build |
188 | The command builds a whitelisted profile. The profile is printed on the screen. If /usr/bin/strace is installed on the system, it also | 207 | The command builds a whitelisted profile. The profile is printed on the screen. If /usr/bin/strace is installed on the system, it also |
189 | builds a whitelisted seccomp profile. The program is run in a very relaxed sandbox, | 208 | builds a whitelisted seccomp profile. The program is run in a very relaxed sandbox, |
@@ -243,7 +262,7 @@ $ firejail \-\-caps.drop=all warzone2100 | |||
243 | 262 | ||
244 | .TP | 263 | .TP |
245 | \fB\-\-caps.drop=capability,capability,capability | 264 | \fB\-\-caps.drop=capability,capability,capability |
246 | Define a custom blacklist Linux capabilities filter. | 265 | Define a custom Linux capabilities filter. |
247 | .br | 266 | .br |
248 | 267 | ||
249 | .br | 268 | .br |
@@ -624,14 +643,14 @@ Example: | |||
624 | $ firejail \-\-debug firefox | 643 | $ firejail \-\-debug firefox |
625 | 644 | ||
626 | .TP | 645 | .TP |
627 | \fB\-\-debug-blacklists\fR | 646 | \fB\-\-debug-allow\fR |
628 | Debug blacklisting. | 647 | Debug file system access. |
629 | .br | 648 | .br |
630 | 649 | ||
631 | .br | 650 | .br |
632 | Example: | 651 | Example: |
633 | .br | 652 | .br |
634 | $ firejail \-\-debug-blacklists firefox | 653 | $ firejail \-\-debug-allow firefox |
635 | 654 | ||
636 | .TP | 655 | .TP |
637 | \fB\-\-debug-caps | 656 | \fB\-\-debug-caps |
@@ -644,6 +663,16 @@ Example: | |||
644 | $ firejail \-\-debug-caps | 663 | $ firejail \-\-debug-caps |
645 | 664 | ||
646 | .TP | 665 | .TP |
666 | \fB\-\-debug-deny\fR | ||
667 | Debug file access. | ||
668 | .br | ||
669 | |||
670 | .br | ||
671 | Example: | ||
672 | .br | ||
673 | $ firejail \-\-debug-deny firefox | ||
674 | |||
675 | .TP | ||
647 | \fB\-\-debug-errnos | 676 | \fB\-\-debug-errnos |
648 | Print all recognized error numbers in the current Firejail software build and exit. | 677 | Print all recognized error numbers in the current Firejail software build and exit. |
649 | .br | 678 | .br |
@@ -677,15 +706,7 @@ $ firejail \-\-debug-syscalls | |||
677 | \fB\-\-debug-syscalls32 | 706 | \fB\-\-debug-syscalls32 |
678 | Print all recognized 32 bit system calls in the current Firejail software build and exit. | 707 | Print all recognized 32 bit system calls in the current Firejail software build and exit. |
679 | .br | 708 | .br |
680 | .TP | ||
681 | \fB\-\-debug-whitelists\fR | ||
682 | Debug whitelisting. | ||
683 | .br | ||
684 | 709 | ||
685 | .br | ||
686 | Example: | ||
687 | .br | ||
688 | $ firejail \-\-debug-whitelists firefox | ||
689 | #ifdef HAVE_NETWORK | 710 | #ifdef HAVE_NETWORK |
690 | .TP | 711 | .TP |
691 | \fB\-\-defaultgw=address | 712 | \fB\-\-defaultgw=address |
@@ -697,13 +718,32 @@ Example: | |||
697 | .br | 718 | .br |
698 | $ firejail \-\-net=eth0 \-\-defaultgw=10.10.20.1 firefox | 719 | $ firejail \-\-net=eth0 \-\-defaultgw=10.10.20.1 firefox |
699 | #endif | 720 | #endif |
721 | |||
722 | .TP | ||
723 | \fB\-\-deny=dirname_or_filename | ||
724 | Deny access to directory or file. File globbing is supported, see \fBFILE GLOBBING\fR section for more details. | ||
725 | .br | ||
726 | |||
727 | .br | ||
728 | Example: | ||
729 | .br | ||
730 | $ firejail \-\-deny=/sbin \-\-deny=/usr/sbin | ||
731 | .br | ||
732 | $ firejail \-\-deny=~/.mozilla | ||
733 | .br | ||
734 | $ firejail "\-\-deny=/home/username/My Virtual Machines" | ||
735 | .br | ||
736 | $ firejail \-\-deny=/home/username/My\\ Virtual\\ Machines | ||
737 | |||
738 | |||
739 | |||
700 | .TP | 740 | .TP |
701 | \fB\-\-deterministic-exit-code | 741 | \fB\-\-deterministic-exit-code |
702 | Always exit firejail with the first child's exit status. The default behavior is to use the exit status of the final child to exit, which can be nondeterministic. | 742 | Always exit firejail with the first child's exit status. The default behavior is to use the exit status of the final child to exit, which can be nondeterministic. |
703 | .br | 743 | .br |
704 | .TP | 744 | .TP |
705 | \fB\-\-disable-mnt | 745 | \fB\-\-disable-mnt |
706 | Blacklist /mnt, /media, /run/mount and /run/media access. | 746 | Deny access to /mnt, /media, /run/mount and /run/media. |
707 | .br | 747 | .br |
708 | 748 | ||
709 | .br | 749 | .br |
@@ -1471,12 +1511,16 @@ Example: | |||
1471 | $ firejail --no3d firefox | 1511 | $ firejail --no3d firefox |
1472 | 1512 | ||
1473 | .TP | 1513 | .TP |
1514 | \fB\-\-noallow=dirname_or_filename | ||
1515 | Disable \-\-allow for this directory or file. | ||
1516 | |||
1517 | .TP | ||
1474 | \fB\-\-noautopulse \fR(deprecated) | 1518 | \fB\-\-noautopulse \fR(deprecated) |
1475 | See --keep-config-pulse. | 1519 | See --keep-config-pulse. |
1476 | 1520 | ||
1477 | .TP | 1521 | .TP |
1478 | \fB\-\-noblacklist=dirname_or_filename | 1522 | \fB\-\-nodeny=dirname_or_filename |
1479 | Disable blacklist for this directory or file. | 1523 | Disable \-\-deny for this directory or file. |
1480 | .br | 1524 | .br |
1481 | 1525 | ||
1482 | .br | 1526 | .br |
@@ -1492,7 +1536,7 @@ $ exit | |||
1492 | .br | 1536 | .br |
1493 | 1537 | ||
1494 | .br | 1538 | .br |
1495 | $ firejail --noblacklist=/bin/nc | 1539 | $ firejail --nodeny=/bin/nc |
1496 | .br | 1540 | .br |
1497 | $ nc dict.org 2628 | 1541 | $ nc dict.org 2628 |
1498 | .br | 1542 | .br |
@@ -1666,10 +1710,6 @@ $ firejail \-\-nou2f | |||
1666 | Disable video devices. | 1710 | Disable video devices. |
1667 | .br | 1711 | .br |
1668 | 1712 | ||
1669 | .TP | ||
1670 | \fB\-\-nowhitelist=dirname_or_filename | ||
1671 | Disable whitelist for this directory or file. | ||
1672 | |||
1673 | #ifdef HAVE_OUTPUT | 1713 | #ifdef HAVE_OUTPUT |
1674 | .TP | 1714 | .TP |
1675 | \fB\-\-output=logfile | 1715 | \fB\-\-output=logfile |
@@ -2733,34 +2773,6 @@ Example: | |||
2733 | .br | 2773 | .br |
2734 | $ firejail \-\-net=br0 --veth-name=if0 | 2774 | $ firejail \-\-net=br0 --veth-name=if0 |
2735 | #endif | 2775 | #endif |
2736 | .TP | ||
2737 | \fB\-\-whitelist=dirname_or_filename | ||
2738 | Whitelist directory or file. A temporary file system is mounted on the top directory, and the | ||
2739 | whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent, | ||
2740 | everything else is discarded when the sandbox is closed. The top directory can be | ||
2741 | all directories in / (except /proc and /sys), /sys/module, /run/user/$UID, $HOME and | ||
2742 | all directories in /usr. | ||
2743 | .br | ||
2744 | |||
2745 | .br | ||
2746 | Symbolic link handling: with the exception of user home, both the link and the real file should be in | ||
2747 | the same top directory. For user home, both the link and the real file should be owned by the user. | ||
2748 | .br | ||
2749 | |||
2750 | .br | ||
2751 | File globbing is supported, see \fBFILE GLOBBING\fR section for more details. | ||
2752 | .br | ||
2753 | |||
2754 | .br | ||
2755 | Example: | ||
2756 | .br | ||
2757 | $ firejail \-\-noprofile \-\-whitelist=~/.mozilla | ||
2758 | .br | ||
2759 | $ firejail \-\-whitelist=/tmp/.X11-unix --whitelist=/dev/null | ||
2760 | .br | ||
2761 | $ firejail "\-\-whitelist=/home/username/My Virtual Machines" | ||
2762 | .br | ||
2763 | $ firejail \-\-whitelist=~/work* \-\-whitelist=/var/backups* | ||
2764 | 2776 | ||
2765 | .TP | 2777 | .TP |
2766 | \fB\-\-writable-etc | 2778 | \fB\-\-writable-etc |
diff --git a/src/tools/profcleaner.c b/src/tools/profcleaner.c new file mode 100644 index 000000000..93bb3f73d --- /dev/null +++ b/src/tools/profcleaner.c | |||
@@ -0,0 +1,75 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2021 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | |||
21 | //************************************************************* | ||
22 | // Small utility program to convert profiles from blacklist/whitelist to deny/allow | ||
23 | // Compile: | ||
24 | // gcc -o profcleaner profcleaner.c | ||
25 | // Usage: | ||
26 | // profcleaner *.profile | ||
27 | //************************************************************* | ||
28 | |||
29 | #include <stdio.h> | ||
30 | #include <stdlib.h> | ||
31 | #include <string.h> | ||
32 | #include <unistd.h> | ||
33 | #define MAXBUF 4096 | ||
34 | |||
35 | int main(int argc, char **argv) { | ||
36 | printf("Usage: profcleaner files\n"); | ||
37 | int i; | ||
38 | |||
39 | for (i = 1; i < argc; i++) { | ||
40 | FILE *fp = fopen(argv[i], "r"); | ||
41 | if (!fp) { | ||
42 | fprintf(stderr, "Error: cannot open %s\n", argv[i]); | ||
43 | return 1; | ||
44 | } | ||
45 | |||
46 | FILE *fpout = fopen("profcleaner-tmp", "w"); | ||
47 | if (!fpout) { | ||
48 | fprintf(stderr, "Error: cannot open output file\n"); | ||
49 | return 1; | ||
50 | } | ||
51 | |||
52 | char buf[MAXBUF]; | ||
53 | while (fgets(buf, MAXBUF, fp)) { | ||
54 | if (strncmp(buf, "blacklist-nolog", 15) == 0) | ||
55 | fprintf(fpout, "deny-nolog %s", buf + 15); | ||
56 | else if (strncmp(buf, "blacklist", 9) == 0) | ||
57 | fprintf(fpout, "deny %s", buf + 9); | ||
58 | else if (strncmp(buf, "noblacklist", 11) == 0) | ||
59 | fprintf(fpout, "nodeny %s", buf + 11); | ||
60 | else if (strncmp(buf, "whitelist", 9) == 0) | ||
61 | fprintf(fpout, "allow %s", buf + 9); | ||
62 | else if (strncmp(buf, "nowhitelist", 11) == 0) | ||
63 | fprintf(fpout, "noallow %s", buf + 11); | ||
64 | else | ||
65 | fprintf(fpout, "%s", buf); | ||
66 | } | ||
67 | |||
68 | fclose(fp); | ||
69 | fclose(fpout); | ||
70 | unlink(argv[i]); | ||
71 | rename("profcleaner-tmp", argv[i]); | ||
72 | } | ||
73 | |||
74 | return 0; | ||
75 | } \ No newline at end of file | ||
diff --git a/src/tools/profcleaner.sh b/src/tools/profcleaner.sh new file mode 100755 index 000000000..709008e08 --- /dev/null +++ b/src/tools/profcleaner.sh | |||
@@ -0,0 +1,45 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | # Copyright (C) 2021 Firejail Authors | ||
4 | # | ||
5 | # This file is part of firejail project | ||
6 | # | ||
7 | # This program is free software; you can redistribute it and/or modify | ||
8 | # it under the terms of the GNU General Public License as published by | ||
9 | # the Free Software Foundation; either version 2 of the License, or | ||
10 | # (at your option) any later version. | ||
11 | # | ||
12 | # This program is distributed in the hope that it will be useful, | ||
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
15 | # GNU General Public License for more details. | ||
16 | # | ||
17 | # You should have received a copy of the GNU General Public License along | ||
18 | # with this program; if not, write to the Free Software Foundation, Inc., | ||
19 | # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
20 | |||
21 | if [[ $1 == --help ]]; then | ||
22 | cat <<-EOM | ||
23 | USAGE: | ||
24 | profcleaner.sh --help Show this help message and exit | ||
25 | profcleaner.sh --system Clean all profiles in /etc/firejail | ||
26 | profcleaner.sh --user Clean all profiles in ~/.config/firejail | ||
27 | profcleaner.sh /path/to/profile1 /path/to/profile2 ... | ||
28 | EOM | ||
29 | exit 0 | ||
30 | fi | ||
31 | |||
32 | if [[ $1 == --system ]]; then | ||
33 | profiles=(/etc/firejail/*.{inc,local,profile}) | ||
34 | elif [[ $1 == --user ]]; then | ||
35 | profiles=("$HOME"/.config/firejail/*.{inc,local,profile}) | ||
36 | else | ||
37 | profiles=("$@") | ||
38 | fi | ||
39 | |||
40 | sed -i -E \ | ||
41 | -e "s/^(# |#)?blacklist/\1deny/" \ | ||
42 | -e "s/^(# |#)?noblacklist/\1nodeny/" \ | ||
43 | -e "s/^(# |#)?whitelist/\1allow/" \ | ||
44 | -e "s/^(# |#)?nowhitelist/\1noallow/" \ | ||
45 | "${profiles[@]}" | ||
diff --git a/src/zsh_completion/_firejail.in b/src/zsh_completion/_firejail.in index f1a19b86d..b703783b0 100644 --- a/src/zsh_completion/_firejail.in +++ b/src/zsh_completion/_firejail.in | |||
@@ -48,8 +48,8 @@ _firejail_args=( | |||
48 | '*::arguments:_normal' | 48 | '*::arguments:_normal' |
49 | 49 | ||
50 | '--appimage[sandbox an AppImage application]' | 50 | '--appimage[sandbox an AppImage application]' |
51 | '--build[build a whitelisted profile for the application and print it on stdout]' | 51 | '--build[build a profile for the application and print it on stdout]' |
52 | '--build=-[build a whitelisted profile for the application and save it]: :_files' | 52 | '--build=-[build a profile for the application and save it]: :_files' |
53 | # Ignore that you can do -? too as it's the only short option | 53 | # Ignore that you can do -? too as it's the only short option |
54 | '--help[this help screen]' | 54 | '--help[this help screen]' |
55 | '--join=-[join the sandbox name|pid]: :_all_firejails' | 55 | '--join=-[join the sandbox name|pid]: :_all_firejails' |
@@ -63,14 +63,14 @@ _firejail_args=( | |||
63 | '--version[print program version and exit]' | 63 | '--version[print program version and exit]' |
64 | 64 | ||
65 | '--debug[print sandbox debug messages]' | 65 | '--debug[print sandbox debug messages]' |
66 | '--debug-blacklists[debug blacklisting]' | 66 | '--debug-allow[debug file system access]' |
67 | '--debug-caps[print all recognized capabilities]' | 67 | '--debug-caps[print all recognized capabilities]' |
68 | '--debug-deny[debug file system access]' | ||
68 | '--debug-errnos[print all recognized error numbers]' | 69 | '--debug-errnos[print all recognized error numbers]' |
69 | '--debug-private-lib[debug for --private-lib option]' | 70 | '--debug-private-lib[debug for --private-lib option]' |
70 | '--debug-protocols[print all recognized protocols]' | 71 | '--debug-protocols[print all recognized protocols]' |
71 | '--debug-syscalls[print all recognized system calls]' | 72 | '--debug-syscalls[print all recognized system calls]' |
72 | '--debug-syscalls32[print all recognized 32 bit system calls]' | 73 | '--debug-syscalls32[print all recognized 32 bit system calls]' |
73 | '--debug-whitelists[debug whitelisting]' | ||
74 | 74 | ||
75 | '--caps.print=-[print the caps filter name|pid]:firejail:_all_firejails' | 75 | '--caps.print=-[print the caps filter name|pid]:firejail:_all_firejails' |
76 | '--cpu.print=-[print the cpus in use name|pid]: :_all_firejails' | 76 | '--cpu.print=-[print the cpus in use name|pid]: :_all_firejails' |
@@ -83,13 +83,13 @@ _firejail_args=( | |||
83 | '--allusers[all user home directories are visible inside the sandbox]' | 83 | '--allusers[all user home directories are visible inside the sandbox]' |
84 | # Should be _files, a comma and files or files -/ | 84 | # Should be _files, a comma and files or files -/ |
85 | '*--bind=-[mount-bind dirname1/filename1 on top of dirname2/filename2]: :(file1,file2 dir1,dir2)' | 85 | '*--bind=-[mount-bind dirname1/filename1 on top of dirname2/filename2]: :(file1,file2 dir1,dir2)' |
86 | '*--blacklist=-[blacklist directory or file]: :_files' | ||
87 | '--caps[enable default Linux capabilities filter]' | 86 | '--caps[enable default Linux capabilities filter]' |
88 | '--caps.drop=all[drop all capabilities]' | 87 | '--caps.drop=all[drop all capabilities]' |
89 | '*--caps.drop=-[drop capabilities: all|cap1,cap2,...]: :_caps' | 88 | '*--caps.drop=-[drop capabilities: all|cap1,cap2,...]: :_caps' |
90 | '*--caps.keep=-[keep capabilities: cap1,cap2,...]: :_caps' | 89 | '*--caps.keep=-[keep capabilities: cap1,cap2,...]: :_caps' |
91 | '--cgroup=-[place the sandbox in the specified control group]: :' | 90 | '--cgroup=-[place the sandbox in the specified control group]: :' |
92 | '--cpu=-[set cpu affinity]: :->cpus' | 91 | '--cpu=-[set cpu affinity]: :->cpus' |
92 | '*--deny=-[deny access to directory or file]: :_files' | ||
93 | "--deterministic-exit-code[always exit with first child's status code]" | 93 | "--deterministic-exit-code[always exit with first child's status code]" |
94 | '*--dns=-[set DNS server]: :' | 94 | '*--dns=-[set DNS server]: :' |
95 | '*--env=-[set environment variable]: :' | 95 | '*--env=-[set environment variable]: :' |
@@ -112,7 +112,7 @@ _firejail_args=( | |||
112 | '--nice=-[set nice value]: :(1 10 15 20)' | 112 | '--nice=-[set nice value]: :(1 10 15 20)' |
113 | '--no3d[disable 3D hardware acceleration]' | 113 | '--no3d[disable 3D hardware acceleration]' |
114 | '--noautopulse[disable automatic ~/.config/pulse init]' | 114 | '--noautopulse[disable automatic ~/.config/pulse init]' |
115 | '--noblacklist=-[disable blacklist for file or directory]: :_files' | 115 | '--nodeny=-[disable deny command for file or directory]: :_files' |
116 | '--nodbus[disable D-Bus access]' | 116 | '--nodbus[disable D-Bus access]' |
117 | '--nodvd[disable DVD and audio CD devices]' | 117 | '--nodvd[disable DVD and audio CD devices]' |
118 | '*--noexec=-[remount the file or directory noexec nosuid and nodev]: :_files' | 118 | '*--noexec=-[remount the file or directory noexec nosuid and nodev]: :_files' |
@@ -143,13 +143,13 @@ _firejail_args=( | |||
143 | '--rlimit-nproc=-[set the maximum number of processes that can be created for the real user ID of the calling process]: :' | 143 | '--rlimit-nproc=-[set the maximum number of processes that can be created for the real user ID of the calling process]: :' |
144 | '--rlimit-sigpending=-[set the maximum number of pending signals for a process]: :' | 144 | '--rlimit-sigpending=-[set the maximum number of pending signals for a process]: :' |
145 | '*--rmenv=-[remove environment variable in the new sandbox]: :_values environment-variables $(env | cut -d= -f1)' | 145 | '*--rmenv=-[remove environment variable in the new sandbox]: :_values environment-variables $(env | cut -d= -f1)' |
146 | '--seccomp[enable seccomp filter and apply the default blacklist]: :' | 146 | '--seccomp[enable seccomp filter and drop the default syscalls]: :' |
147 | '--seccomp=-[enable seccomp filter, blacklist the default syscall list and the syscalls specified by the command]: :->seccomp' | 147 | '--seccomp=-[enable seccomp filter, drop the default syscall list and the syscalls specified by the command]: :->seccomp' |
148 | '--seccomp.block-secondary[build only the native architecture filters]' | 148 | '--seccomp.block-secondary[build only the native architecture filters]' |
149 | '*--seccomp.drop=-[enable seccomp filter, and blacklist the syscalls specified by the command]: :->seccomp' | 149 | '*--seccomp.drop=-[enable seccomp filter, and drop the syscalls specified by the command]: :->seccomp' |
150 | '*--seccomp.keep=-[enable seccomp filter, and whitelist the syscalls specified by the command]: :->seccomp' | 150 | '*--seccomp.keep=-[enable seccomp filter, and allow the syscalls specified by the command]: :->seccomp' |
151 | '*--seccomp.32.drop=-[enable seccomp filter, and blacklist the 32 bit syscalls specified by the command]: :' | 151 | '*--seccomp.32.drop=-[enable seccomp filter, and drop the 32 bit syscalls specified by the command]: :' |
152 | '*--seccomp.32.keep=-[enable seccomp filter, and whitelist the 32 bit syscalls specified by the command]: :' | 152 | '*--seccomp.32.keep=-[enable seccomp filter, and drop the 32 bit syscalls specified by the command]: :' |
153 | # FIXME: Add errnos | 153 | # FIXME: Add errnos |
154 | '--seccomp-error-action=-[change error code, kill process or log the attempt]: :(kill log)' | 154 | '--seccomp-error-action=-[change error code, kill process or log the attempt]: :(kill log)' |
155 | '--shell=none[run the program directly without a user shell]' | 155 | '--shell=none[run the program directly without a user shell]' |
@@ -157,7 +157,7 @@ _firejail_args=( | |||
157 | '--timeout=-[kill the sandbox automatically after the time has elapsed]: :' | 157 | '--timeout=-[kill the sandbox automatically after the time has elapsed]: :' |
158 | #'(--tracelog)--trace[trace open, access and connect system calls]' | 158 | #'(--tracelog)--trace[trace open, access and connect system calls]' |
159 | '(--tracelog)--trace=-[trace open, access and connect system calls]: :_files' | 159 | '(--tracelog)--trace=-[trace open, access and connect system calls]: :_files' |
160 | '(--trace)--tracelog[add a syslog message for every access to files or directories blacklisted by the security profile]' | 160 | '(--trace)--tracelog[add a syslog message for every access to files or directories dropped by the security profile]' |
161 | '(--private-etc)--writable-etc[/etc directory is mounted read-write]' | 161 | '(--private-etc)--writable-etc[/etc directory is mounted read-write]' |
162 | '--writable-run-user[allow access to /run/user/$UID/systemd and /run/user/$UID/gnupg]' | 162 | '--writable-run-user[allow access to /run/user/$UID/systemd and /run/user/$UID/gnupg]' |
163 | '--writable-var[/var directory is mounted read-write]' | 163 | '--writable-var[/var directory is mounted read-write]' |
@@ -251,10 +251,8 @@ _firejail_args=( | |||
251 | '*--tmpfs=-[mount a tmpfs filesystem on directory dirname]: :_files -/' | 251 | '*--tmpfs=-[mount a tmpfs filesystem on directory dirname]: :_files -/' |
252 | #endif | 252 | #endif |
253 | 253 | ||
254 | #ifdef HAVE_WHITELIST | 254 | '*--noallow=-[disable allow command for file or directory]: :_files' |
255 | '*--nowhitelist=-[disable whitelist for file or directory]: :_files' | 255 | '*--allow=-[allow file system access]: :_files' |
256 | '*--whitelist=-[whitelist directory or file]: :_files' | ||
257 | #endif | ||
258 | 256 | ||
259 | #ifdef HAVE_X11 | 257 | #ifdef HAVE_X11 |
260 | '--x11[enable X11 sandboxing. The software checks first if Xpra is installed, then it checks if Xephyr is installed. If all fails, it will attempt to use X11 security extension]' | 258 | '--x11[enable X11 sandboxing. The software checks first if Xpra is installed, then it checks if Xephyr is installed. If all fails, it will attempt to use X11 security extension]' |
diff --git a/test/profiles/profile_syntax.exp b/test/profiles/profile_syntax.exp index 258089a39..a2cccb0d4 100755 --- a/test/profiles/profile_syntax.exp +++ b/test/profiles/profile_syntax.exp | |||
@@ -22,7 +22,7 @@ expect { | |||
22 | } | 22 | } |
23 | 23 | ||
24 | sleep 1 | 24 | sleep 1 |
25 | send -- "ls -l /etc/shadow\r" | 25 | send -- "ls -l /dev/console\r" |
26 | expect { | 26 | expect { |
27 | timeout {puts "TESTING ERROR 3\n";exit} | 27 | timeout {puts "TESTING ERROR 3\n";exit} |
28 | "root root" | 28 | "root root" |
diff --git a/test/profiles/test.profile b/test/profiles/test.profile index 26d6de849..27cb99606 100644 --- a/test/profiles/test.profile +++ b/test/profiles/test.profile | |||
@@ -1,5 +1,5 @@ | |||
1 | blacklist /sbin/iptables | 1 | blacklist /sbin/iptables |
2 | blacklist /etc/shadow | 2 | blacklist /dev/console |
3 | blacklist /bin/rmdir | 3 | blacklist /bin/rmdir |
4 | blacklist ${PATH}/umount | 4 | blacklist ${PATH}/umount |
5 | blacklist ${PATH}/mount | 5 | blacklist ${PATH}/mount |