aboutsummaryrefslogtreecommitdiffstats
path: root/etc/inc/disable-common.inc
diff options
context:
space:
mode:
Diffstat (limited to 'etc/inc/disable-common.inc')
-rw-r--r--etc/inc/disable-common.inc17
1 files changed, 17 insertions, 0 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 65159b951..4277100ce 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -69,6 +69,9 @@ blacklist ${HOME}/.xsessionrc
69blacklist /etc/X11/Xsession.d 69blacklist /etc/X11/Xsession.d
70blacklist /etc/xdg/autostart 70blacklist /etc/xdg/autostart
71read-only ${HOME}/.Xauthority 71read-only ${HOME}/.Xauthority
72read-only ${HOME}/.config/awesome/autorun.sh
73read-only ${HOME}/.config/openbox/autostart
74read-only ${HOME}/.config/openbox/environment
72 75
73# Session manager 76# Session manager
74# see #3358 77# see #3358
@@ -123,6 +126,7 @@ read-only ${HOME}/.config/kio_httprc
123read-only ${HOME}/.config/kiorc 126read-only ${HOME}/.config/kiorc
124read-only ${HOME}/.config/kioslaverc 127read-only ${HOME}/.config/kioslaverc
125read-only ${HOME}/.config/ksslcablacklist 128read-only ${HOME}/.config/ksslcablacklist
129read-only ${HOME}/.config/lxqt
126read-only ${HOME}/.kde/share/apps/konsole 130read-only ${HOME}/.kde/share/apps/konsole
127read-only ${HOME}/.kde/share/apps/kssl 131read-only ${HOME}/.kde/share/apps/kssl
128read-only ${HOME}/.kde/share/config/*notifyrc 132read-only ${HOME}/.kde/share/config/*notifyrc
@@ -329,6 +333,7 @@ read-only ${HOME}/.ssh/config.d
329# Initialization files that allow arbitrary command execution 333# Initialization files that allow arbitrary command execution
330read-only ${HOME}/.caffrc 334read-only ${HOME}/.caffrc
331read-only ${HOME}/.cargo/env 335read-only ${HOME}/.cargo/env
336read-only ${HOME}/.config/mpv
332read-only ${HOME}/.config/nano 337read-only ${HOME}/.config/nano
333read-only ${HOME}/.config/nvim 338read-only ${HOME}/.config/nvim
334read-only ${HOME}/.config/pkcs11 339read-only ${HOME}/.config/pkcs11
@@ -337,6 +342,7 @@ read-only ${HOME}/.elinks
337read-only ${HOME}/.emacs 342read-only ${HOME}/.emacs
338read-only ${HOME}/.emacs.d 343read-only ${HOME}/.emacs.d
339read-only ${HOME}/.exrc 344read-only ${HOME}/.exrc
345read-only ${HOME}/.gnupg/gpg.conf
340read-only ${HOME}/.gvimrc 346read-only ${HOME}/.gvimrc
341read-only ${HOME}/.homesick 347read-only ${HOME}/.homesick
342read-only ${HOME}/.iscreenrc 348read-only ${HOME}/.iscreenrc
@@ -345,6 +351,7 @@ read-only ${HOME}/.local/share/cool-retro-term
345read-only ${HOME}/.local/share/nvim 351read-only ${HOME}/.local/share/nvim
346read-only ${HOME}/.local/state/nvim 352read-only ${HOME}/.local/state/nvim
347read-only ${HOME}/.mailcap 353read-only ${HOME}/.mailcap
354read-only ${HOME}/.mozilla/firefox/profiles.ini
348read-only ${HOME}/.msmtprc 355read-only ${HOME}/.msmtprc
349read-only ${HOME}/.mutt/muttrc 356read-only ${HOME}/.mutt/muttrc
350read-only ${HOME}/.muttrc 357read-only ${HOME}/.muttrc
@@ -366,6 +373,10 @@ read-only ${HOME}/_gvimrc
366read-only ${HOME}/_vimrc 373read-only ${HOME}/_vimrc
367read-only ${HOME}/dotfiles 374read-only ${HOME}/dotfiles
368 375
376# System package managers and AUR helpers
377blacklist ${HOME}/.config/cower
378read-only ${HOME}/.config/cower/config
379
369# Make directories commonly found in $PATH read-only 380# Make directories commonly found in $PATH read-only
370read-only ${HOME}/.bin 381read-only ${HOME}/.bin
371read-only ${HOME}/.cargo/bin 382read-only ${HOME}/.cargo/bin
@@ -391,6 +402,11 @@ read-only ${HOME}/.config/user-dirs.dirs
391read-only ${HOME}/.config/user-dirs.locale 402read-only ${HOME}/.config/user-dirs.locale
392read-only ${HOME}/.local/share/mime 403read-only ${HOME}/.local/share/mime
393 404
405# Configuration files that do not allow arbitrary command execution but that
406# are intended to be modified manually (in a text editor and/or by a program
407# dedicated to managing them)
408read-only ${HOME}/.config/MangoHud
409
394# Write-protection for thumbnailer dir 410# Write-protection for thumbnailer dir
395read-only ${HOME}/.local/share/thumbnailers 411read-only ${HOME}/.local/share/thumbnailers
396 412
@@ -556,6 +572,7 @@ blacklist ${PATH}/ss
556blacklist ${PATH}/traceroute 572blacklist ${PATH}/traceroute
557 573
558# other SUID binaries 574# other SUID binaries
575blacklist /opt/microsoft/msedge*/msedge-sandbox
559blacklist /usr/lib/virtualbox 576blacklist /usr/lib/virtualbox
560blacklist /usr/lib64/virtualbox 577blacklist /usr/lib64/virtualbox
561 578
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-21 11:24:22 +0000