aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--etc/inc/disable-X11.inc15
-rw-r--r--etc/inc/disable-x11.inc15
-rw-r--r--etc/profile-a-l/agetpkg.profile2
-rw-r--r--etc/profile-a-l/alpine.profile2
-rw-r--r--etc/profile-a-l/aria2c.profile2
-rw-r--r--etc/profile-a-l/bpftop.profile2
-rw-r--r--etc/profile-a-l/build-systems-common.profile2
-rw-r--r--etc/profile-a-l/clac.profile2
-rw-r--r--etc/profile-a-l/cloneit.profile2
-rw-r--r--etc/profile-a-l/cointop.profile2
-rw-r--r--etc/profile-a-l/curl.profile2
-rw-r--r--etc/profile-a-l/daisy.profile2
-rw-r--r--etc/profile-a-l/dbus-send.profile2
-rw-r--r--etc/profile-a-l/deadlink.profile2
-rw-r--r--etc/profile-a-l/dexios.profile2
-rw-r--r--etc/profile-a-l/dig.profile2
-rw-r--r--etc/profile-a-l/dnscrypt-proxy.profile2
-rw-r--r--etc/profile-a-l/dnsmasq.profile2
-rw-r--r--etc/profile-a-l/drill.profile2
-rw-r--r--etc/profile-a-l/editorconfiger.profile2
-rw-r--r--etc/profile-a-l/erd.profile2
-rw-r--r--etc/profile-a-l/fdns.profile2
-rw-r--r--etc/profile-a-l/ftp.profile2
-rw-r--r--etc/profile-a-l/gget.profile2
-rw-r--r--etc/profile-a-l/gist.profile2
-rw-r--r--etc/profile-a-l/git.profile2
-rw-r--r--etc/profile-a-l/gnome-keyring-daemon.profile4
-rw-r--r--etc/profile-a-l/googler-common.profile2
-rw-r--r--etc/profile-a-l/gpg-agent.profile2
-rw-r--r--etc/profile-a-l/gpg.profile2
-rw-r--r--etc/profile-a-l/links-common.profile2
-rw-r--r--etc/profile-a-l/lynx.profile2
-rw-r--r--etc/profile-m-z/makepkg.profile2
-rw-r--r--etc/profile-m-z/mimetype.profile2
-rw-r--r--etc/profile-m-z/mocp.profile2
-rw-r--r--etc/profile-m-z/mutt.profile2
-rw-r--r--etc/profile-m-z/neomutt.profile2
-rw-r--r--etc/profile-m-z/nodejs-common.profile2
-rw-r--r--etc/profile-m-z/nslookup.profile2
-rw-r--r--etc/profile-m-z/ping.profile2
-rw-r--r--etc/profile-m-z/qpdf.profile2
-rw-r--r--etc/profile-m-z/rsync-download_only.profile2
-rw-r--r--etc/profile-m-z/rtv.profile2
-rw-r--r--etc/profile-m-z/seahorse-daemon.profile2
-rw-r--r--etc/profile-m-z/server.profile2
-rw-r--r--etc/profile-m-z/signal-cli.profile2
-rw-r--r--etc/profile-m-z/ssh-agent.profile2
-rw-r--r--etc/profile-m-z/ssmtp.profile2
-rw-r--r--etc/profile-m-z/statusof.profile2
-rw-r--r--etc/profile-m-z/telnet.profile2
-rw-r--r--etc/profile-m-z/termshark.profile2
-rw-r--r--etc/profile-m-z/tin.profile2
-rw-r--r--etc/profile-m-z/tmux.profile2
-rw-r--r--etc/profile-m-z/tracker.profile2
-rw-r--r--etc/profile-m-z/tshark.profile2
-rw-r--r--etc/profile-m-z/tvnamer.profile2
-rw-r--r--etc/profile-m-z/unbound.profile2
-rw-r--r--etc/profile-m-z/w3m.profile2
-rw-r--r--etc/profile-m-z/wget.profile2
-rw-r--r--etc/profile-m-z/whois.profile2
-rw-r--r--etc/profile-m-z/yt-dlp.profile2
-rw-r--r--etc/templates/profile.template4
62 files changed, 81 insertions, 73 deletions
diff --git a/etc/inc/disable-X11.inc b/etc/inc/disable-X11.inc
index d227c7a0b..9f2bb47ae 100644
--- a/etc/inc/disable-X11.inc
+++ b/etc/inc/disable-X11.inc
@@ -2,14 +2,7 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include disable-X11.local 3include disable-X11.local
4 4
5blacklist /tmp/.X11-unix 5# Warning: This file is deprecated; use disable-x11.inc (lowercase) instead.
6blacklist ${HOME}/.Xauthority 6
7blacklist ${RUNUSER}/gdm/Xauthority 7# Redirect
8blacklist ${RUNUSER}/.mutter-Xwaylandauth* 8include disable-x11.inc
9blacklist ${RUNUSER}/xauth_*
10#blacklist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
11blacklist /tmp/xauth*
12blacklist /tmp/.ICE-unix
13blacklist ${RUNUSER}/ICEauthority
14rmenv DISPLAY
15rmenv XAUTHORITY
diff --git a/etc/inc/disable-x11.inc b/etc/inc/disable-x11.inc
new file mode 100644
index 000000000..d78329046
--- /dev/null
+++ b/etc/inc/disable-x11.inc
@@ -0,0 +1,15 @@
1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file.
3include disable-x11.local
4
5blacklist /tmp/.X11-unix
6blacklist ${HOME}/.Xauthority
7blacklist ${RUNUSER}/gdm/Xauthority
8blacklist ${RUNUSER}/.mutter-Xwaylandauth*
9blacklist ${RUNUSER}/xauth_*
10#blacklist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]
11blacklist /tmp/xauth*
12blacklist /tmp/.ICE-unix
13blacklist ${RUNUSER}/ICEauthority
14rmenv DISPLAY
15rmenv XAUTHORITY
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile
index e455a17db..1bf954e3a 100644
--- a/etc/profile-a-l/agetpkg.profile
+++ b/etc/profile-a-l/agetpkg.profile
@@ -19,7 +19,7 @@ include disable-exec.inc
19include disable-interpreters.inc 19include disable-interpreters.inc
20include disable-programs.inc 20include disable-programs.inc
21include disable-shell.inc 21include disable-shell.inc
22include disable-X11.inc 22include disable-x11.inc
23include disable-xdg.inc 23include disable-xdg.inc
24 24
25whitelist ${DOWNLOADS} 25whitelist ${DOWNLOADS}
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile
index 2ded32959..7ff2058a5 100644
--- a/etc/profile-a-l/alpine.profile
+++ b/etc/profile-a-l/alpine.profile
@@ -38,7 +38,7 @@ include disable-exec.inc
38include disable-interpreters.inc 38include disable-interpreters.inc
39include disable-programs.inc 39include disable-programs.inc
40include disable-shell.inc 40include disable-shell.inc
41include disable-X11.inc 41include disable-x11.inc
42include disable-xdg.inc 42include disable-xdg.inc
43 43
44#whitelist ${DOCUMENTS} 44#whitelist ${DOCUMENTS}
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile
index 0d70cf381..a3add6a4d 100644
--- a/etc/profile-a-l/aria2c.profile
+++ b/etc/profile-a-l/aria2c.profile
@@ -18,7 +18,7 @@ include disable-devel.inc
18include disable-exec.inc 18include disable-exec.inc
19include disable-interpreters.inc 19include disable-interpreters.inc
20include disable-programs.inc 20include disable-programs.inc
21include disable-X11.inc 21include disable-x11.inc
22 22
23include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
24include whitelist-var-common.inc 24include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bpftop.profile b/etc/profile-a-l/bpftop.profile
index 7670f1b4b..d5b723f17 100644
--- a/etc/profile-a-l/bpftop.profile
+++ b/etc/profile-a-l/bpftop.profile
@@ -17,7 +17,7 @@ include disable-interpreters.inc
17include disable-proc.inc 17include disable-proc.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-shell.inc 19include disable-shell.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23include whitelist-common.inc 23include whitelist-common.inc
diff --git a/etc/profile-a-l/build-systems-common.profile b/etc/profile-a-l/build-systems-common.profile
index 8616996d2..9761efc72 100644
--- a/etc/profile-a-l/build-systems-common.profile
+++ b/etc/profile-a-l/build-systems-common.profile
@@ -25,7 +25,7 @@ include disable-exec.inc
25include disable-interpreters.inc 25include disable-interpreters.inc
26include disable-programs.inc 26include disable-programs.inc
27include disable-shell.inc 27include disable-shell.inc
28include disable-X11.inc 28include disable-x11.inc
29include disable-xdg.inc 29include disable-xdg.inc
30 30
31#whitelist ${HOME}/Projects 31#whitelist ${HOME}/Projects
diff --git a/etc/profile-a-l/clac.profile b/etc/profile-a-l/clac.profile
index cd2b2522d..7a8104b63 100644
--- a/etc/profile-a-l/clac.profile
+++ b/etc/profile-a-l/clac.profile
@@ -16,7 +16,7 @@ include disable-interpreters.inc
16include disable-proc.inc 16include disable-proc.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-shell.inc 18include disable-shell.inc
19#include disable-X11.inc # x11 none 19#include disable-x11.inc # x11 none
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22#include whitelist-common.inc # see #903 22#include whitelist-common.inc # see #903
diff --git a/etc/profile-a-l/cloneit.profile b/etc/profile-a-l/cloneit.profile
index 827dd1de2..abbeb9d77 100644
--- a/etc/profile-a-l/cloneit.profile
+++ b/etc/profile-a-l/cloneit.profile
@@ -17,7 +17,7 @@ include disable-interpreters.inc
17include disable-proc.inc 17include disable-proc.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-shell.inc 19include disable-shell.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23include whitelist-run-common.inc 23include whitelist-run-common.inc
diff --git a/etc/profile-a-l/cointop.profile b/etc/profile-a-l/cointop.profile
index aa053e2f7..fa30331e1 100644
--- a/etc/profile-a-l/cointop.profile
+++ b/etc/profile-a-l/cointop.profile
@@ -17,7 +17,7 @@ include disable-interpreters.inc
17include disable-proc.inc 17include disable-proc.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-shell.inc 19include disable-shell.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23mkdir ${HOME}/.config/cointop 23mkdir ${HOME}/.config/cointop
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile
index 1d9ec5fa4..9044e9ac0 100644
--- a/etc/profile-a-l/curl.profile
+++ b/etc/profile-a-l/curl.profile
@@ -25,7 +25,7 @@ blacklist ${RUNUSER}
25include disable-common.inc 25include disable-common.inc
26include disable-exec.inc 26include disable-exec.inc
27include disable-programs.inc 27include disable-programs.inc
28include disable-X11.inc 28include disable-x11.inc
29# Depending on workflow you can add 'include disable-xdg.inc' to your curl.local. 29# Depending on workflow you can add 'include disable-xdg.inc' to your curl.local.
30#include disable-xdg.inc 30#include disable-xdg.inc
31 31
diff --git a/etc/profile-a-l/daisy.profile b/etc/profile-a-l/daisy.profile
index 40b29a1f5..c6e616414 100644
--- a/etc/profile-a-l/daisy.profile
+++ b/etc/profile-a-l/daisy.profile
@@ -15,7 +15,7 @@ include disable-interpreters.inc
15include disable-proc.inc 15include disable-proc.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18#include disable-X11.inc # x11 none 18#include disable-x11.inc # x11 none
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21include whitelist-common.inc 21include whitelist-common.inc
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile
index 3a552b929..b54724aa5 100644
--- a/etc/profile-a-l/dbus-send.profile
+++ b/etc/profile-a-l/dbus-send.profile
@@ -16,7 +16,7 @@ include disable-interpreters.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18include disable-write-mnt.inc 18include disable-write-mnt.inc
19include disable-X11.inc 19include disable-x11.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22#include whitelist-common.inc # see #903 22#include whitelist-common.inc # see #903
diff --git a/etc/profile-a-l/deadlink.profile b/etc/profile-a-l/deadlink.profile
index 9b378b455..dd7283ed9 100644
--- a/etc/profile-a-l/deadlink.profile
+++ b/etc/profile-a-l/deadlink.profile
@@ -22,7 +22,7 @@ include disable-interpreters.inc
22include disable-proc.inc 22include disable-proc.inc
23include disable-programs.inc 23include disable-programs.inc
24include disable-shell.inc 24include disable-shell.inc
25include disable-X11.inc 25include disable-x11.inc
26include disable-xdg.inc 26include disable-xdg.inc
27 27
28include whitelist-run-common.inc 28include whitelist-run-common.inc
diff --git a/etc/profile-a-l/dexios.profile b/etc/profile-a-l/dexios.profile
index 7d549d745..936aa9f05 100644
--- a/etc/profile-a-l/dexios.profile
+++ b/etc/profile-a-l/dexios.profile
@@ -17,7 +17,7 @@ include disable-interpreters.inc
17include disable-proc.inc 17include disable-proc.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-shell.inc 19include disable-shell.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23whitelist ${DOWNLOADS} 23whitelist ${DOWNLOADS}
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile
index 80eef569c..6a00475f9 100644
--- a/etc/profile-a-l/dig.profile
+++ b/etc/profile-a-l/dig.profile
@@ -17,7 +17,7 @@ include disable-common.inc
17include disable-exec.inc 17include disable-exec.inc
18#include disable-interpreters.inc 18#include disable-interpreters.inc
19include disable-programs.inc 19include disable-programs.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23#mkfile ${HOME}/.digrc # see #903 23#mkfile ${HOME}/.digrc # see #903
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile
index e27fa202b..49d201d76 100644
--- a/etc/profile-a-l/dnscrypt-proxy.profile
+++ b/etc/profile-a-l/dnscrypt-proxy.profile
@@ -17,7 +17,7 @@ include disable-devel.inc
17include disable-exec.inc 17include disable-exec.inc
18include disable-interpreters.inc 18include disable-interpreters.inc
19include disable-programs.inc 19include disable-programs.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23whitelist /usr/share/dnscrypt-proxy 23whitelist /usr/share/dnscrypt-proxy
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile
index b41eff3ae..2ce980cb1 100644
--- a/etc/profile-a-l/dnsmasq.profile
+++ b/etc/profile-a-l/dnsmasq.profile
@@ -17,7 +17,7 @@ include disable-common.inc
17include disable-devel.inc 17include disable-devel.inc
18include disable-interpreters.inc 18include disable-interpreters.inc
19include disable-programs.inc 19include disable-programs.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23whitelist /var/lib/libvirt/dnsmasq 23whitelist /var/lib/libvirt/dnsmasq
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile
index 95e86e5b9..2205f52a0 100644
--- a/etc/profile-a-l/drill.profile
+++ b/etc/profile-a-l/drill.profile
@@ -16,7 +16,7 @@ include disable-common.inc
16include disable-exec.inc 16include disable-exec.inc
17#include disable-interpreters.inc 17#include disable-interpreters.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-X11.inc 19include disable-x11.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22#include whitelist-common.inc # see #903 22#include whitelist-common.inc # see #903
diff --git a/etc/profile-a-l/editorconfiger.profile b/etc/profile-a-l/editorconfiger.profile
index 8812db35f..654d65ee0 100644
--- a/etc/profile-a-l/editorconfiger.profile
+++ b/etc/profile-a-l/editorconfiger.profile
@@ -16,7 +16,7 @@ include disable-interpreters.inc
16include disable-proc.inc 16include disable-proc.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-shell.inc 18include disable-shell.inc
19include disable-X11.inc 19include disable-x11.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22apparmor 22apparmor
diff --git a/etc/profile-a-l/erd.profile b/etc/profile-a-l/erd.profile
index d821f5882..e72b75e75 100644
--- a/etc/profile-a-l/erd.profile
+++ b/etc/profile-a-l/erd.profile
@@ -8,7 +8,7 @@ include erd.local
8include globals.local 8include globals.local
9 9
10include disable-exec.inc 10include disable-exec.inc
11#include disable-X11.inc # x11 none 11#include disable-x11.inc # x11 none
12 12
13apparmor 13apparmor
14caps.drop all 14caps.drop all
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile
index cacd7025d..2d956f5a4 100644
--- a/etc/profile-a-l/fdns.profile
+++ b/etc/profile-a-l/fdns.profile
@@ -15,7 +15,7 @@ include disable-devel.inc
15include disable-exec.inc 15include disable-exec.inc
16include disable-interpreters.inc 16include disable-interpreters.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-X11.inc 18include disable-x11.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21#include whitelist-usr-share-common.inc 21#include whitelist-usr-share-common.inc
diff --git a/etc/profile-a-l/ftp.profile b/etc/profile-a-l/ftp.profile
index f448ab932..e133deba2 100644
--- a/etc/profile-a-l/ftp.profile
+++ b/etc/profile-a-l/ftp.profile
@@ -17,7 +17,7 @@ include disable-proc.inc
17include disable-programs.inc 17include disable-programs.inc
18#include disable-shell.inc 18#include disable-shell.inc
19include disable-write-mnt.inc 19include disable-write-mnt.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23apparmor 23apparmor
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile
index e0268a68c..eff215381 100644
--- a/etc/profile-a-l/gget.profile
+++ b/etc/profile-a-l/gget.profile
@@ -15,7 +15,7 @@ include disable-exec.inc
15include disable-interpreters.inc 15include disable-interpreters.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18include disable-X11.inc 18include disable-x11.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21whitelist ${DOWNLOADS} 21whitelist ${DOWNLOADS}
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile
index c7be8dcc5..4dff73c54 100644
--- a/etc/profile-a-l/gist.profile
+++ b/etc/profile-a-l/gist.profile
@@ -19,7 +19,7 @@ include disable-devel.inc
19include disable-exec.inc 19include disable-exec.inc
20include disable-interpreters.inc 20include disable-interpreters.inc
21include disable-programs.inc 21include disable-programs.inc
22include disable-X11.inc 22include disable-x11.inc
23include disable-xdg.inc 23include disable-xdg.inc
24 24
25mkdir ${HOME}/.gist 25mkdir ${HOME}/.gist
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile
index a900e10f3..f2fd63e1b 100644
--- a/etc/profile-a-l/git.profile
+++ b/etc/profile-a-l/git.profile
@@ -33,7 +33,7 @@ blacklist ${RUNUSER}/wayland-*
33include disable-common.inc 33include disable-common.inc
34include disable-exec.inc 34include disable-exec.inc
35include disable-programs.inc 35include disable-programs.inc
36include disable-X11.inc 36include disable-x11.inc
37 37
38whitelist /usr/share/git 38whitelist /usr/share/git
39whitelist /usr/share/git-core 39whitelist /usr/share/git-core
diff --git a/etc/profile-a-l/gnome-keyring-daemon.profile b/etc/profile-a-l/gnome-keyring-daemon.profile
index 0370b0472..b8c51991c 100644
--- a/etc/profile-a-l/gnome-keyring-daemon.profile
+++ b/etc/profile-a-l/gnome-keyring-daemon.profile
@@ -14,8 +14,8 @@ include disable-devel.inc
14include disable-exec.inc 14include disable-exec.inc
15include disable-interpreters.inc 15include disable-interpreters.inc
16include disable-programs.inc 16include disable-programs.inc
17#include disable-X11.inc # x11 none 17#include disable-x11.inc # x11 none
18include disable-X11.inc 18include disable-x11.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21whitelist ${RUNUSER}/gnupg 21whitelist ${RUNUSER}/gnupg
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile
index e1ec5f4b9..823228612 100644
--- a/etc/profile-a-l/googler-common.profile
+++ b/etc/profile-a-l/googler-common.profile
@@ -22,7 +22,7 @@ include disable-exec.inc
22include disable-interpreters.inc 22include disable-interpreters.inc
23include disable-programs.inc 23include disable-programs.inc
24include disable-shell.inc 24include disable-shell.inc
25include disable-X11.inc 25include disable-x11.inc
26include disable-xdg.inc 26include disable-xdg.inc
27 27
28whitelist ${HOME}/.w3m 28whitelist ${HOME}/.w3m
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile
index 29249cf21..102a4ef24 100644
--- a/etc/profile-a-l/gpg-agent.profile
+++ b/etc/profile-a-l/gpg-agent.profile
@@ -15,7 +15,7 @@ include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
16include disable-interpreters.inc 16include disable-interpreters.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-X11.inc 18include disable-x11.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21mkdir ${HOME}/.gnupg 21mkdir ${HOME}/.gnupg
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile
index 02dd3b076..6becc80eb 100644
--- a/etc/profile-a-l/gpg.profile
+++ b/etc/profile-a-l/gpg.profile
@@ -15,7 +15,7 @@ include disable-common.inc
15include disable-devel.inc 15include disable-devel.inc
16include disable-interpreters.inc 16include disable-interpreters.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-X11.inc 18include disable-x11.inc
19 19
20whitelist ${RUNUSER}/gnupg 20whitelist ${RUNUSER}/gnupg
21whitelist ${RUNUSER}/keyring 21whitelist ${RUNUSER}/keyring
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile
index 4bab6b0cc..fd0aab879 100644
--- a/etc/profile-a-l/links-common.profile
+++ b/etc/profile-a-l/links-common.profile
@@ -13,7 +13,7 @@ include disable-interpreters.inc
13# Additional noblacklist files/directories (blacklisted in disable-programs.inc) 13# Additional noblacklist files/directories (blacklisted in disable-programs.inc)
14# used as associated programs can be added in your links-common.local. 14# used as associated programs can be added in your links-common.local.
15include disable-programs.inc 15include disable-programs.inc
16include disable-X11.inc 16include disable-x11.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19whitelist ${DOWNLOADS} 19whitelist ${DOWNLOADS}
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile
index 2c61147ec..233bdafb6 100644
--- a/etc/profile-a-l/lynx.profile
+++ b/etc/profile-a-l/lynx.profile
@@ -13,7 +13,7 @@ include disable-common.inc
13include disable-devel.inc 13include disable-devel.inc
14include disable-interpreters.inc 14include disable-interpreters.inc
15include disable-programs.inc 15include disable-programs.inc
16include disable-X11.inc 16include disable-x11.inc
17include disable-xdg.inc 17include disable-xdg.inc
18 18
19include whitelist-runuser-common.inc 19include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile
index a8dd3988b..148e06840 100644
--- a/etc/profile-m-z/makepkg.profile
+++ b/etc/profile-m-z/makepkg.profile
@@ -32,7 +32,7 @@ noblacklist /var/lib/pacman
32include disable-common.inc 32include disable-common.inc
33include disable-exec.inc 33include disable-exec.inc
34include disable-programs.inc 34include disable-programs.inc
35include disable-X11.inc 35include disable-x11.inc
36 36
37caps.drop all 37caps.drop all
38ipc-namespace 38ipc-namespace
diff --git a/etc/profile-m-z/mimetype.profile b/etc/profile-m-z/mimetype.profile
index 4b62624bb..6d9af90cb 100644
--- a/etc/profile-m-z/mimetype.profile
+++ b/etc/profile-m-z/mimetype.profile
@@ -11,7 +11,7 @@ blacklist ${RUNUSER}/wayland-*
11 11
12include disable-exec.inc 12include disable-exec.inc
13include disable-proc.inc 13include disable-proc.inc
14include disable-X11.inc 14include disable-x11.inc
15 15
16apparmor 16apparmor
17caps.drop all 17caps.drop all
diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile
index d80e263b6..18e7331f3 100644
--- a/etc/profile-m-z/mocp.profile
+++ b/etc/profile-m-z/mocp.profile
@@ -18,7 +18,7 @@ include disable-exec.inc
18include disable-interpreters.inc 18include disable-interpreters.inc
19include disable-proc.inc 19include disable-proc.inc
20include disable-programs.inc 20include disable-programs.inc
21include disable-X11.inc 21include disable-x11.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.moc 24mkdir ${HOME}/.moc
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile
index 447301d46..0f43a9335 100644
--- a/etc/profile-m-z/mutt.profile
+++ b/etc/profile-m-z/mutt.profile
@@ -50,7 +50,7 @@ include disable-devel.inc
50include disable-exec.inc 50include disable-exec.inc
51include disable-interpreters.inc 51include disable-interpreters.inc
52include disable-programs.inc 52include disable-programs.inc
53include disable-X11.inc 53include disable-x11.inc
54include disable-xdg.inc 54include disable-xdg.inc
55 55
56mkdir ${HOME}/.Mail 56mkdir ${HOME}/.Mail
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile
index 22720422b..4101e74ee 100644
--- a/etc/profile-m-z/neomutt.profile
+++ b/etc/profile-m-z/neomutt.profile
@@ -48,7 +48,7 @@ include disable-devel.inc
48include disable-exec.inc 48include disable-exec.inc
49include disable-interpreters.inc 49include disable-interpreters.inc
50include disable-programs.inc 50include disable-programs.inc
51include disable-X11.inc 51include disable-x11.inc
52include disable-xdg.inc 52include disable-xdg.inc
53 53
54mkdir ${HOME}/.Mail 54mkdir ${HOME}/.Mail
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile
index f301196c6..43fafc3de 100644
--- a/etc/profile-m-z/nodejs-common.profile
+++ b/etc/profile-m-z/nodejs-common.profile
@@ -39,7 +39,7 @@ include disable-common.inc
39include disable-exec.inc 39include disable-exec.inc
40include disable-programs.inc 40include disable-programs.inc
41include disable-shell.inc 41include disable-shell.inc
42include disable-X11.inc 42include disable-x11.inc
43include disable-xdg.inc 43include disable-xdg.inc
44 44
45# If you want whitelisting, change ${HOME}/Projects below to your node projects directory 45# If you want whitelisting, change ${HOME}/Projects below to your node projects directory
diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile
index aae506b0b..5313d2906 100644
--- a/etc/profile-m-z/nslookup.profile
+++ b/etc/profile-m-z/nslookup.profile
@@ -16,7 +16,7 @@ include disable-devel.inc
16include disable-exec.inc 16include disable-exec.inc
17include disable-interpreters.inc 17include disable-interpreters.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-X11.inc 19include disable-x11.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22whitelist ${HOME}/.nslookuprc 22whitelist ${HOME}/.nslookuprc
diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile
index c3aa0a501..785de68cb 100644
--- a/etc/profile-m-z/ping.profile
+++ b/etc/profile-m-z/ping.profile
@@ -15,7 +15,7 @@ include disable-exec.inc
15include disable-interpreters.inc 15include disable-interpreters.inc
16include disable-proc.inc 16include disable-proc.inc
17include disable-programs.inc 17include disable-programs.inc
18include disable-X11.inc 18include disable-x11.inc
19include disable-xdg.inc 19include disable-xdg.inc
20 20
21#include whitelist-common.inc # see #903 21#include whitelist-common.inc # see #903
diff --git a/etc/profile-m-z/qpdf.profile b/etc/profile-m-z/qpdf.profile
index edec7cf0a..a5b65aa8e 100644
--- a/etc/profile-m-z/qpdf.profile
+++ b/etc/profile-m-z/qpdf.profile
@@ -18,7 +18,7 @@ include disable-interpreters.inc
18include disable-proc.inc 18include disable-proc.inc
19include disable-programs.inc 19include disable-programs.inc
20include disable-shell.inc 20include disable-shell.inc
21include disable-X11.inc 21include disable-x11.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24whitelist ${DOCUMENTS} 24whitelist ${DOCUMENTS}
diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile
index 52ccb4309..12724a077 100644
--- a/etc/profile-m-z/rsync-download_only.profile
+++ b/etc/profile-m-z/rsync-download_only.profile
@@ -19,7 +19,7 @@ include disable-exec.inc
19include disable-interpreters.inc 19include disable-interpreters.inc
20include disable-programs.inc 20include disable-programs.inc
21include disable-shell.inc 21include disable-shell.inc
22include disable-X11.inc 22include disable-x11.inc
23include disable-xdg.inc 23include disable-xdg.inc
24 24
25# Add the next line to your rsync-download_only.local to enable extra hardening. 25# Add the next line to your rsync-download_only.local to enable extra hardening.
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile
index e719b0d0d..5219f73f6 100644
--- a/etc/profile-m-z/rtv.profile
+++ b/etc/profile-m-z/rtv.profile
@@ -27,7 +27,7 @@ include disable-devel.inc
27include disable-exec.inc 27include disable-exec.inc
28include disable-interpreters.inc 28include disable-interpreters.inc
29include disable-programs.inc 29include disable-programs.inc
30include disable-X11.inc 30include disable-x11.inc
31include disable-xdg.inc 31include disable-xdg.inc
32 32
33mkdir ${HOME}/.config/rtv 33mkdir ${HOME}/.config/rtv
diff --git a/etc/profile-m-z/seahorse-daemon.profile b/etc/profile-m-z/seahorse-daemon.profile
index b3ead7191..f409b1930 100644
--- a/etc/profile-m-z/seahorse-daemon.profile
+++ b/etc/profile-m-z/seahorse-daemon.profile
@@ -9,7 +9,7 @@ include seahorse-daemon.local
9#include globals.local 9#include globals.local
10 10
11blacklist ${RUNUSER}/wayland-* 11blacklist ${RUNUSER}/wayland-*
12include disable-X11.inc 12include disable-x11.inc
13 13
14memory-deny-write-execute 14memory-deny-write-execute
15 15
diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile
index a77cf7e0b..a2978ab19 100644
--- a/etc/profile-m-z/server.profile
+++ b/etc/profile-m-z/server.profile
@@ -44,7 +44,7 @@ include disable-common.inc
44#include disable-interpreters.inc 44#include disable-interpreters.inc
45include disable-programs.inc 45include disable-programs.inc
46include disable-write-mnt.inc 46include disable-write-mnt.inc
47include disable-X11.inc 47include disable-x11.inc
48include disable-xdg.inc 48include disable-xdg.inc
49 49
50#include whitelist-runuser-common.inc 50#include whitelist-runuser-common.inc
diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile
index 979d71b33..67bb45141 100644
--- a/etc/profile-m-z/signal-cli.profile
+++ b/etc/profile-m-z/signal-cli.profile
@@ -17,7 +17,7 @@ include disable-devel.inc
17include disable-exec.inc 17include disable-exec.inc
18include disable-interpreters.inc 18include disable-interpreters.inc
19include disable-programs.inc 19include disable-programs.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23mkdir ${HOME}/.local/share/signal-cli 23mkdir ${HOME}/.local/share/signal-cli
diff --git a/etc/profile-m-z/ssh-agent.profile b/etc/profile-m-z/ssh-agent.profile
index 6630244be..97ddfd292 100644
--- a/etc/profile-m-z/ssh-agent.profile
+++ b/etc/profile-m-z/ssh-agent.profile
@@ -13,7 +13,7 @@ blacklist ${RUNUSER}/wayland-*
13 13
14include disable-common.inc 14include disable-common.inc
15include disable-programs.inc 15include disable-programs.inc
16include disable-X11.inc 16include disable-x11.inc
17 17
18include whitelist-usr-share-common.inc 18include whitelist-usr-share-common.inc
19 19
diff --git a/etc/profile-m-z/ssmtp.profile b/etc/profile-m-z/ssmtp.profile
index 356a732e7..8e2c21498 100644
--- a/etc/profile-m-z/ssmtp.profile
+++ b/etc/profile-m-z/ssmtp.profile
@@ -24,7 +24,7 @@ include disable-interpreters.inc
24include disable-proc.inc 24include disable-proc.inc
25include disable-programs.inc 25include disable-programs.inc
26include disable-shell.inc 26include disable-shell.inc
27include disable-X11.inc 27include disable-x11.inc
28include disable-xdg.inc 28include disable-xdg.inc
29 29
30mkfile ${HOME}/dead.letter 30mkfile ${HOME}/dead.letter
diff --git a/etc/profile-m-z/statusof.profile b/etc/profile-m-z/statusof.profile
index 45da84e11..6422f979b 100644
--- a/etc/profile-m-z/statusof.profile
+++ b/etc/profile-m-z/statusof.profile
@@ -20,7 +20,7 @@ include disable-interpreters.inc
20include disable-proc.inc 20include disable-proc.inc
21include disable-programs.inc 21include disable-programs.inc
22include disable-shell.inc 22include disable-shell.inc
23include disable-X11.inc 23include disable-x11.inc
24include disable-xdg.inc 24include disable-xdg.inc
25 25
26include whitelist-common.inc 26include whitelist-common.inc
diff --git a/etc/profile-m-z/telnet.profile b/etc/profile-m-z/telnet.profile
index 13a47c958..ec27b89a8 100644
--- a/etc/profile-m-z/telnet.profile
+++ b/etc/profile-m-z/telnet.profile
@@ -17,7 +17,7 @@ include disable-proc.inc
17include disable-programs.inc 17include disable-programs.inc
18#include disable-shell.inc 18#include disable-shell.inc
19include disable-write-mnt.inc 19include disable-write-mnt.inc
20include disable-X11.inc 20include disable-x11.inc
21include disable-xdg.inc 21include disable-xdg.inc
22 22
23apparmor 23apparmor
diff --git a/etc/profile-m-z/termshark.profile b/etc/profile-m-z/termshark.profile
index bdee14e64..64f52cf6d 100644
--- a/etc/profile-m-z/termshark.profile
+++ b/etc/profile-m-z/termshark.profile
@@ -10,7 +10,7 @@ include termshark.local
10 10
11blacklist ${RUNUSER} 11blacklist ${RUNUSER}
12 12
13include disable-X11.inc 13include disable-x11.inc
14 14
15# Redirect 15# Redirect
16include wireshark.profile 16include wireshark.profile
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile
index 7c1d534e9..865735a79 100644
--- a/etc/profile-m-z/tin.profile
+++ b/etc/profile-m-z/tin.profile
@@ -18,7 +18,7 @@ include disable-exec.inc
18include disable-interpreters.inc 18include disable-interpreters.inc
19include disable-programs.inc 19include disable-programs.inc
20include disable-shell.inc 20include disable-shell.inc
21include disable-X11.inc 21include disable-x11.inc
22include disable-xdg.inc 22include disable-xdg.inc
23 23
24mkdir ${HOME}/.tin 24mkdir ${HOME}/.tin
diff --git a/etc/profile-m-z/tmux.profile b/etc/profile-m-z/tmux.profile
index 55d84a618..a846b7f02 100644
--- a/etc/profile-m-z/tmux.profile
+++ b/etc/profile-m-z/tmux.profile
@@ -15,7 +15,7 @@ noblacklist /tmp/tmux-*
15#include disable-devel.inc 15#include disable-devel.inc
16#include disable-exec.inc 16#include disable-exec.inc
17#include disable-programs.inc 17#include disable-programs.inc
18include disable-X11.inc 18include disable-x11.inc
19 19
20caps.drop all 20caps.drop all
21ipc-namespace 21ipc-namespace
diff --git a/etc/profile-m-z/tracker.profile b/etc/profile-m-z/tracker.profile
index 8a3464496..d7de4310f 100644
--- a/etc/profile-m-z/tracker.profile
+++ b/etc/profile-m-z/tracker.profile
@@ -15,7 +15,7 @@ include disable-devel.inc
15include disable-interpreters.inc 15include disable-interpreters.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-shell.inc 17include disable-shell.inc
18include disable-X11.inc 18include disable-x11.inc
19 19
20include whitelist-runuser-common.inc 20include whitelist-runuser-common.inc
21 21
diff --git a/etc/profile-m-z/tshark.profile b/etc/profile-m-z/tshark.profile
index fab45a334..8e57de6cb 100644
--- a/etc/profile-m-z/tshark.profile
+++ b/etc/profile-m-z/tshark.profile
@@ -9,7 +9,7 @@ include tshark.local
9 9
10blacklist ${RUNUSER} 10blacklist ${RUNUSER}
11 11
12include disable-X11.inc 12include disable-x11.inc
13 13
14# Redirect 14# Redirect
15include wireshark.profile 15include wireshark.profile
diff --git a/etc/profile-m-z/tvnamer.profile b/etc/profile-m-z/tvnamer.profile
index 19c94feea..c71434f2a 100644
--- a/etc/profile-m-z/tvnamer.profile
+++ b/etc/profile-m-z/tvnamer.profile
@@ -23,7 +23,7 @@ include disable-interpreters.inc
23include disable-programs.inc 23include disable-programs.inc
24include disable-proc.inc 24include disable-proc.inc
25include disable-shell.inc 25include disable-shell.inc
26include disable-X11.inc 26include disable-x11.inc
27include disable-xdg.inc 27include disable-xdg.inc
28 28
29mkdir ${HOME}/.config/tvnamer 29mkdir ${HOME}/.config/tvnamer
diff --git a/etc/profile-m-z/unbound.profile b/etc/profile-m-z/unbound.profile
index dfce92e2d..c12054d47 100644
--- a/etc/profile-m-z/unbound.profile
+++ b/etc/profile-m-z/unbound.profile
@@ -16,7 +16,7 @@ include disable-devel.inc
16include disable-exec.inc 16include disable-exec.inc
17include disable-interpreters.inc 17include disable-interpreters.inc
18include disable-programs.inc 18include disable-programs.inc
19include disable-X11.inc 19include disable-x11.inc
20include disable-xdg.inc 20include disable-xdg.inc
21 21
22whitelist /usr/share/dns 22whitelist /usr/share/dns
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile
index 4e2f1bb3e..6c8d84ea4 100644
--- a/etc/profile-m-z/w3m.profile
+++ b/etc/profile-m-z/w3m.profile
@@ -28,7 +28,7 @@ include disable-exec.inc
28include disable-interpreters.inc 28include disable-interpreters.inc
29include disable-programs.inc 29include disable-programs.inc
30include disable-shell.inc 30include disable-shell.inc
31include disable-X11.inc 31include disable-x11.inc
32include disable-xdg.inc 32include disable-xdg.inc
33 33
34mkdir ${HOME}/.w3m 34mkdir ${HOME}/.w3m
diff --git a/etc/profile-m-z/wget.profile b/etc/profile-m-z/wget.profile
index 90a1d3d7a..dacfd739e 100644
--- a/etc/profile-m-z/wget.profile
+++ b/etc/profile-m-z/wget.profile
@@ -23,7 +23,7 @@ include disable-exec.inc
23include disable-interpreters.inc 23include disable-interpreters.inc
24include disable-programs.inc 24include disable-programs.inc
25include disable-shell.inc 25include disable-shell.inc
26include disable-X11.inc 26include disable-x11.inc
27# Depending on workflow you can add the next line to your wget.local. 27# Depending on workflow you can add the next line to your wget.local.
28#include disable-xdg.inc 28#include disable-xdg.inc
29 29
diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile
index e7f66cf76..42ce3bc5c 100644
--- a/etc/profile-m-z/whois.profile
+++ b/etc/profile-m-z/whois.profile
@@ -14,7 +14,7 @@ include disable-devel.inc
14include disable-exec.inc 14include disable-exec.inc
15include disable-interpreters.inc 15include disable-interpreters.inc
16include disable-programs.inc 16include disable-programs.inc
17include disable-X11.inc 17include disable-x11.inc
18include disable-xdg.inc 18include disable-xdg.inc
19 19
20include whitelist-usr-share-common.inc 20include whitelist-usr-share-common.inc
diff --git a/etc/profile-m-z/yt-dlp.profile b/etc/profile-m-z/yt-dlp.profile
index 6dd9d03a3..41cf907bd 100644
--- a/etc/profile-m-z/yt-dlp.profile
+++ b/etc/profile-m-z/yt-dlp.profile
@@ -37,7 +37,7 @@ include disable-exec.inc
37include disable-interpreters.inc 37include disable-interpreters.inc
38include disable-programs.inc 38include disable-programs.inc
39include disable-shell.inc 39include disable-shell.inc
40include disable-X11.inc 40include disable-x11.inc
41include disable-xdg.inc 41include disable-xdg.inc
42 42
43include whitelist-usr-share-common.inc 43include whitelist-usr-share-common.inc
diff --git a/etc/templates/profile.template b/etc/templates/profile.template
index 29ea55439..347cbeb3c 100644
--- a/etc/templates/profile.template
+++ b/etc/templates/profile.template
@@ -120,7 +120,7 @@ include globals.local
120#include disable-programs.inc 120#include disable-programs.inc
121#include disable-shell.inc 121#include disable-shell.inc
122#include disable-write-mnt.inc 122#include disable-write-mnt.inc
123#include disable-X11.inc 123#include disable-x11.inc
124#include disable-xdg.inc 124#include disable-xdg.inc
125 125
126# This section often mirrors noblacklist section above. The idea is 126# This section often mirrors noblacklist section above. The idea is
@@ -181,7 +181,7 @@ include globals.local
181#seccomp.block-secondary 181#seccomp.block-secondary
182##seccomp-error-action log (only for debugging seccomp issues) 182##seccomp-error-action log (only for debugging seccomp issues)
183#tracelog 183#tracelog
184# Prefer 'x11 none' instead of 'disable-X11.inc' if 'net none' is set 184# Prefer 'x11 none' instead of 'disable-x11.inc' if 'net none' is set
185##x11 none 185##x11 none
186 186
187#disable-mnt 187#disable-mnt
generated by cgit v1.2.3-54-g00ecf (git 2.45.0) at 2024-05-10 16:24:15 +0000