diff options
Diffstat (limited to 'etc/inc/disable-common.inc')
-rw-r--r-- | etc/inc/disable-common.inc | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 65159b951..4277100ce 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -69,6 +69,9 @@ blacklist ${HOME}/.xsessionrc | |||
69 | blacklist /etc/X11/Xsession.d | 69 | blacklist /etc/X11/Xsession.d |
70 | blacklist /etc/xdg/autostart | 70 | blacklist /etc/xdg/autostart |
71 | read-only ${HOME}/.Xauthority | 71 | read-only ${HOME}/.Xauthority |
72 | read-only ${HOME}/.config/awesome/autorun.sh | ||
73 | read-only ${HOME}/.config/openbox/autostart | ||
74 | read-only ${HOME}/.config/openbox/environment | ||
72 | 75 | ||
73 | # Session manager | 76 | # Session manager |
74 | # see #3358 | 77 | # see #3358 |
@@ -123,6 +126,7 @@ read-only ${HOME}/.config/kio_httprc | |||
123 | read-only ${HOME}/.config/kiorc | 126 | read-only ${HOME}/.config/kiorc |
124 | read-only ${HOME}/.config/kioslaverc | 127 | read-only ${HOME}/.config/kioslaverc |
125 | read-only ${HOME}/.config/ksslcablacklist | 128 | read-only ${HOME}/.config/ksslcablacklist |
129 | read-only ${HOME}/.config/lxqt | ||
126 | read-only ${HOME}/.kde/share/apps/konsole | 130 | read-only ${HOME}/.kde/share/apps/konsole |
127 | read-only ${HOME}/.kde/share/apps/kssl | 131 | read-only ${HOME}/.kde/share/apps/kssl |
128 | read-only ${HOME}/.kde/share/config/*notifyrc | 132 | read-only ${HOME}/.kde/share/config/*notifyrc |
@@ -329,6 +333,7 @@ read-only ${HOME}/.ssh/config.d | |||
329 | # Initialization files that allow arbitrary command execution | 333 | # Initialization files that allow arbitrary command execution |
330 | read-only ${HOME}/.caffrc | 334 | read-only ${HOME}/.caffrc |
331 | read-only ${HOME}/.cargo/env | 335 | read-only ${HOME}/.cargo/env |
336 | read-only ${HOME}/.config/mpv | ||
332 | read-only ${HOME}/.config/nano | 337 | read-only ${HOME}/.config/nano |
333 | read-only ${HOME}/.config/nvim | 338 | read-only ${HOME}/.config/nvim |
334 | read-only ${HOME}/.config/pkcs11 | 339 | read-only ${HOME}/.config/pkcs11 |
@@ -337,6 +342,7 @@ read-only ${HOME}/.elinks | |||
337 | read-only ${HOME}/.emacs | 342 | read-only ${HOME}/.emacs |
338 | read-only ${HOME}/.emacs.d | 343 | read-only ${HOME}/.emacs.d |
339 | read-only ${HOME}/.exrc | 344 | read-only ${HOME}/.exrc |
345 | read-only ${HOME}/.gnupg/gpg.conf | ||
340 | read-only ${HOME}/.gvimrc | 346 | read-only ${HOME}/.gvimrc |
341 | read-only ${HOME}/.homesick | 347 | read-only ${HOME}/.homesick |
342 | read-only ${HOME}/.iscreenrc | 348 | read-only ${HOME}/.iscreenrc |
@@ -345,6 +351,7 @@ read-only ${HOME}/.local/share/cool-retro-term | |||
345 | read-only ${HOME}/.local/share/nvim | 351 | read-only ${HOME}/.local/share/nvim |
346 | read-only ${HOME}/.local/state/nvim | 352 | read-only ${HOME}/.local/state/nvim |
347 | read-only ${HOME}/.mailcap | 353 | read-only ${HOME}/.mailcap |
354 | read-only ${HOME}/.mozilla/firefox/profiles.ini | ||
348 | read-only ${HOME}/.msmtprc | 355 | read-only ${HOME}/.msmtprc |
349 | read-only ${HOME}/.mutt/muttrc | 356 | read-only ${HOME}/.mutt/muttrc |
350 | read-only ${HOME}/.muttrc | 357 | read-only ${HOME}/.muttrc |
@@ -366,6 +373,10 @@ read-only ${HOME}/_gvimrc | |||
366 | read-only ${HOME}/_vimrc | 373 | read-only ${HOME}/_vimrc |
367 | read-only ${HOME}/dotfiles | 374 | read-only ${HOME}/dotfiles |
368 | 375 | ||
376 | # System package managers and AUR helpers | ||
377 | blacklist ${HOME}/.config/cower | ||
378 | read-only ${HOME}/.config/cower/config | ||
379 | |||
369 | # Make directories commonly found in $PATH read-only | 380 | # Make directories commonly found in $PATH read-only |
370 | read-only ${HOME}/.bin | 381 | read-only ${HOME}/.bin |
371 | read-only ${HOME}/.cargo/bin | 382 | read-only ${HOME}/.cargo/bin |
@@ -391,6 +402,11 @@ read-only ${HOME}/.config/user-dirs.dirs | |||
391 | read-only ${HOME}/.config/user-dirs.locale | 402 | read-only ${HOME}/.config/user-dirs.locale |
392 | read-only ${HOME}/.local/share/mime | 403 | read-only ${HOME}/.local/share/mime |
393 | 404 | ||
405 | # Configuration files that do not allow arbitrary command execution but that | ||
406 | # are intended to be modified manually (in a text editor and/or by a program | ||
407 | # dedicated to managing them) | ||
408 | read-only ${HOME}/.config/MangoHud | ||
409 | |||
394 | # Write-protection for thumbnailer dir | 410 | # Write-protection for thumbnailer dir |
395 | read-only ${HOME}/.local/share/thumbnailers | 411 | read-only ${HOME}/.local/share/thumbnailers |
396 | 412 | ||
@@ -556,6 +572,7 @@ blacklist ${PATH}/ss | |||
556 | blacklist ${PATH}/traceroute | 572 | blacklist ${PATH}/traceroute |
557 | 573 | ||
558 | # other SUID binaries | 574 | # other SUID binaries |
575 | blacklist /opt/microsoft/msedge*/msedge-sandbox | ||
559 | blacklist /usr/lib/virtualbox | 576 | blacklist /usr/lib/virtualbox |
560 | blacklist /usr/lib64/virtualbox | 577 | blacklist /usr/lib64/virtualbox |
561 | 578 | ||