4 files changed, 0 insertions, 157 deletions
diff --git a/etc/inc/archiver-common.inc b/etc/inc/archiver-common.inc
deleted file mode 100644
index 74b0b6ef6..000000000
--- a/etc/inc/archiver-common.inc
+++ /dev/null
@@ -1,57 +0,0 @@
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
-include archiver-common.local
-# common profile for archiver/compression tools
-blacklist ${RUNUSER}
-# WARNING: Users can (un)restrict file access for **all** archivers by
-# commenting/uncommenting the needed include file(s) here or by putting those
-# into archiver-common.local.
-#
-# Another option is to do this **per archiver** in the relevant
-# <archiver>.local. Just beware that things tend to break when overtightening
-# profiles. For example, because you only need to (un)compress files in
-# ${DOWNLOADS}, other applications may need access to ${HOME}/.local/share.
-# Uncomment the next line (or put it into your archiver-common.local) if you
-# don't need to compress files in disable-common.inc.
-#include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-# Uncomment the next line (or put it into your archiver-common.local) if you
-# don't need to compress files in disable-programs.inc.
-#include disable-programs.inc
-include disable-shell.inc
-apparmor
-caps.drop all
-hostname archiver
-ipc-namespace
-machine-id
-net none
-no3d
-nodvd
-nogroups
-nonewprivs
-#noroot
-nosound
-notv
-nou2f
-novideo
-protocol unix
-seccomp
-shell none
-tracelog
-x11 none
-private-cache
-private-dev
-dbus-user none
-dbus-system none
-memory-deny-write-execute
diff --git a/etc/inc/chromium-common-hardened.inc b/etc/inc/chromium-common-hardened.inc
deleted file mode 100644
index f33ce3115..000000000
--- a/etc/inc/chromium-common-hardened.inc
+++ /dev/null
@@ -1,5 +0,0 @@
-caps.drop all
-nonewprivs
-noroot
-protocol unix,inet,inet6,netlink
-seccomp !chroot
diff --git a/etc/inc/feh-network.inc b/etc/inc/feh-network.inc
deleted file mode 100644
index e94e7205c..000000000
--- a/etc/inc/feh-network.inc
+++ /dev/null
@@ -1,4 +0,0 @@
-ignore net none
-netfilter
-protocol unix,inet,inet6
-private-etc ca-certificates,crypto-policies,hosts,pki,resolv.conf,ssl
diff --git a/etc/inc/firefox-common-addons.inc b/etc/inc/firefox-common-addons.inc
deleted file mode 100644
index ca7731442..000000000
--- a/etc/inc/firefox-common-addons.inc
+++ /dev/null
@@ -1,91 +0,0 @@
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
-include firefox-common-addons.local
-ignore include whitelist-runuser-common.inc
-noblacklist ${HOME}/.config/kgetrc
-noblacklist ${HOME}/.config/okularpartrc
-noblacklist ${HOME}/.config/okularrc
-noblacklist ${HOME}/.config/qpdfview
-noblacklist ${HOME}/.kde/share/apps/kget
-noblacklist ${HOME}/.kde/share/apps/okular
-noblacklist ${HOME}/.kde/share/config/kgetrc
-noblacklist ${HOME}/.kde/share/config/okularpartrc
-noblacklist ${HOME}/.kde/share/config/okularrc
-noblacklist ${HOME}/.kde4/share/apps/kget
-noblacklist ${HOME}/.kde4/share/apps/okular
-noblacklist ${HOME}/.kde4/share/config/kgetrc
-noblacklist ${HOME}/.kde4/share/config/okularpartrc
-noblacklist ${HOME}/.kde4/share/config/okularrc
-noblacklist ${HOME}/.local/share/kget
-noblacklist ${HOME}/.local/share/kxmlgui5/okular
-noblacklist ${HOME}/.local/share/okular
-noblacklist ${HOME}/.local/share/qpdfview
-whitelist ${HOME}/.cache/gnome-mplayer/plugin
-whitelist ${HOME}/.config/gnome-mplayer
-whitelist ${HOME}/.config/kgetrc
-whitelist ${HOME}/.config/okularpartrc
-whitelist ${HOME}/.config/okularrc
-whitelist ${HOME}/.config/pipelight-silverlight5.1
-whitelist ${HOME}/.config/pipelight-widevine
-whitelist ${HOME}/.config/qpdfview
-whitelist ${HOME}/.kde/share/apps/kget
-whitelist ${HOME}/.kde/share/apps/okular
-whitelist ${HOME}/.kde/share/config/kgetrc
-whitelist ${HOME}/.kde/share/config/okularpartrc
-whitelist ${HOME}/.kde/share/config/okularrc
-whitelist ${HOME}/.kde4/share/apps/kget
-whitelist ${HOME}/.kde4/share/apps/okular
-whitelist ${HOME}/.kde4/share/config/kgetrc
-whitelist ${HOME}/.kde4/share/config/okularpartrc
-whitelist ${HOME}/.kde4/share/config/okularrc
-whitelist ${HOME}/.keysnail.js
-whitelist ${HOME}/.lastpass
-whitelist ${HOME}/.local/share/kget
-whitelist ${HOME}/.local/share/kxmlgui5/okular
-whitelist ${HOME}/.local/share/okular
-whitelist ${HOME}/.local/share/qpdfview
-whitelist ${HOME}/.local/share/tridactyl
-whitelist ${HOME}/.pentadactyl
-whitelist ${HOME}/.pentadactylrc
-whitelist ${HOME}/.tridactylrc
-whitelist ${HOME}/.vimperator
-whitelist ${HOME}/.vimperatorrc
-whitelist ${HOME}/.wine-pipelight
-whitelist ${HOME}/.wine-pipelight64
-whitelist ${HOME}/.zotero
-whitelist ${HOME}/dwhelper
-# GNOME Shell integration (chrome-gnome-shell) needs dbus and python
-noblacklist ${HOME}/.local/share/gnome-shell
-whitelist ${HOME}/.local/share/gnome-shell
-ignore dbus-user none
-ignore dbus-system none
-# Allow python (blacklisted by disable-interpreters.inc)
-include allow-python3.inc
-# KeePassXC Browser Integration
-#private-bin keepassxc-proxy
-# Flash plugin
-# private-etc must first be enabled in firefox-common.profile and in profiles including it.
-#private-etc adobe
-# ff2mpv
-#ignore noexec ${HOME}
-#noblacklist ${HOME}/.config/mpv
-#noblacklist ${HOME}/.config/youtube-dl
-#noblacklist ${HOME}/.netrc
-#include allow-lua.inc
-#include allow-python3.inc
-#mkdir ${HOME}/.config/mpv
-#mkdir ${HOME}/.config/youtube-dl
-#whitelist ${HOME}/.config/mpv
-#whitelist ${HOME}/.config/youtube-dl
-#whitelist ${HOME}/.netrc
-#whitelist /usr/share/lua
-#whitelist /usr/share/lua*
-#whitelist /usr/share/vulkan
-#private-bin env,mpv,python3*,waf,youtube-dl

diff --git a/etc/inc/archiver-common.inc b/etc/inc/archiver-common.inc deleted file mode 100644 index 74b0b6ef6..000000000 --- a/etc/inc/archiver-common.inc +++ /dev/null
@@ -1,57 +0,0 @@
1	# This file is overwritten during software install.
2	# Persistent customizations should go in a .local file.
3	include archiver-common.local
4
5	# common profile for archiver/compression tools
6
7	blacklist ${RUNUSER}
8
9	# WARNING: Users can (un)restrict file access for all archivers by
10	# commenting/uncommenting the needed include file(s) here or by putting those
11	# into archiver-common.local.
12	#
13	# Another option is to do this per archiver in the relevant
14	# <archiver>.local. Just beware that things tend to break when overtightening
15	# profiles. For example, because you only need to (un)compress files in
16	# ${DOWNLOADS}, other applications may need access to ${HOME}/.local/share.
17
18	# Uncomment the next line (or put it into your archiver-common.local) if you
19	# don't need to compress files in disable-common.inc.
20	#include disable-common.inc
21	include disable-devel.inc
22	include disable-exec.inc
23	include disable-interpreters.inc
24	include disable-passwdmgr.inc
25	# Uncomment the next line (or put it into your archiver-common.local) if you
26	# don't need to compress files in disable-programs.inc.
27	#include disable-programs.inc
28	include disable-shell.inc
29
30	apparmor
31	caps.drop all
32	hostname archiver
33	ipc-namespace
34	machine-id
35	net none
36	no3d
37	nodvd
38	nogroups
39	nonewprivs
40	#noroot
41	nosound
42	notv
43	nou2f
44	novideo
45	protocol unix
46	seccomp
47	shell none
48	tracelog
49	x11 none
50
51	private-cache
52	private-dev
53
54	dbus-user none
55	dbus-system none
56
57	memory-deny-write-execute


diff --git a/etc/inc/chromium-common-hardened.inc b/etc/inc/chromium-common-hardened.inc deleted file mode 100644 index f33ce3115..000000000 --- a/etc/inc/chromium-common-hardened.inc +++ /dev/null
@@ -1,5 +0,0 @@
1	caps.drop all
2	nonewprivs
3	noroot
4	protocol unix,inet,inet6,netlink
5	seccomp !chroot


diff --git a/etc/inc/feh-network.inc b/etc/inc/feh-network.inc deleted file mode 100644 index e94e7205c..000000000 --- a/etc/inc/feh-network.inc +++ /dev/null
@@ -1,4 +0,0 @@
1	ignore net none
2	netfilter
3	protocol unix,inet,inet6
4	private-etc ca-certificates,crypto-policies,hosts,pki,resolv.conf,ssl


diff --git a/etc/inc/firefox-common-addons.inc b/etc/inc/firefox-common-addons.inc deleted file mode 100644 index ca7731442..000000000 --- a/etc/inc/firefox-common-addons.inc +++ /dev/null
@@ -1,91 +0,0 @@
1	# This file is overwritten during software install.
2	# Persistent customizations should go in a .local file.
3	include firefox-common-addons.local
4
5	ignore include whitelist-runuser-common.inc
6
7	noblacklist ${HOME}/.config/kgetrc
8	noblacklist ${HOME}/.config/okularpartrc
9	noblacklist ${HOME}/.config/okularrc
10	noblacklist ${HOME}/.config/qpdfview
11	noblacklist ${HOME}/.kde/share/apps/kget
12	noblacklist ${HOME}/.kde/share/apps/okular
13	noblacklist ${HOME}/.kde/share/config/kgetrc
14	noblacklist ${HOME}/.kde/share/config/okularpartrc
15	noblacklist ${HOME}/.kde/share/config/okularrc
16	noblacklist ${HOME}/.kde4/share/apps/kget
17	noblacklist ${HOME}/.kde4/share/apps/okular
18	noblacklist ${HOME}/.kde4/share/config/kgetrc
19	noblacklist ${HOME}/.kde4/share/config/okularpartrc
20	noblacklist ${HOME}/.kde4/share/config/okularrc
21	noblacklist ${HOME}/.local/share/kget
22	noblacklist ${HOME}/.local/share/kxmlgui5/okular
23	noblacklist ${HOME}/.local/share/okular
24	noblacklist ${HOME}/.local/share/qpdfview
25
26	whitelist ${HOME}/.cache/gnome-mplayer/plugin
27	whitelist ${HOME}/.config/gnome-mplayer
28	whitelist ${HOME}/.config/kgetrc
29	whitelist ${HOME}/.config/okularpartrc
30	whitelist ${HOME}/.config/okularrc
31	whitelist ${HOME}/.config/pipelight-silverlight5.1
32	whitelist ${HOME}/.config/pipelight-widevine
33	whitelist ${HOME}/.config/qpdfview
34	whitelist ${HOME}/.kde/share/apps/kget
35	whitelist ${HOME}/.kde/share/apps/okular
36	whitelist ${HOME}/.kde/share/config/kgetrc
37	whitelist ${HOME}/.kde/share/config/okularpartrc
38	whitelist ${HOME}/.kde/share/config/okularrc
39	whitelist ${HOME}/.kde4/share/apps/kget
40	whitelist ${HOME}/.kde4/share/apps/okular
41	whitelist ${HOME}/.kde4/share/config/kgetrc
42	whitelist ${HOME}/.kde4/share/config/okularpartrc
43	whitelist ${HOME}/.kde4/share/config/okularrc
44	whitelist ${HOME}/.keysnail.js
45	whitelist ${HOME}/.lastpass
46	whitelist ${HOME}/.local/share/kget
47	whitelist ${HOME}/.local/share/kxmlgui5/okular
48	whitelist ${HOME}/.local/share/okular
49	whitelist ${HOME}/.local/share/qpdfview
50	whitelist ${HOME}/.local/share/tridactyl
51	whitelist ${HOME}/.pentadactyl
52	whitelist ${HOME}/.pentadactylrc
53	whitelist ${HOME}/.tridactylrc
54	whitelist ${HOME}/.vimperator
55	whitelist ${HOME}/.vimperatorrc
56	whitelist ${HOME}/.wine-pipelight
57	whitelist ${HOME}/.wine-pipelight64
58	whitelist ${HOME}/.zotero
59	whitelist ${HOME}/dwhelper
60
61	# GNOME Shell integration (chrome-gnome-shell) needs dbus and python
62	noblacklist ${HOME}/.local/share/gnome-shell
63	whitelist ${HOME}/.local/share/gnome-shell
64	ignore dbus-user none
65	ignore dbus-system none
66	# Allow python (blacklisted by disable-interpreters.inc)
67	include allow-python3.inc
68
69	# KeePassXC Browser Integration
70	#private-bin keepassxc-proxy
71
72	# Flash plugin
73	# private-etc must first be enabled in firefox-common.profile and in profiles including it.
74	#private-etc adobe
75
76	# ff2mpv
77	#ignore noexec ${HOME}
78	#noblacklist ${HOME}/.config/mpv
79	#noblacklist ${HOME}/.config/youtube-dl
80	#noblacklist ${HOME}/.netrc
81	#include allow-lua.inc
82	#include allow-python3.inc
83	#mkdir ${HOME}/.config/mpv
84	#mkdir ${HOME}/.config/youtube-dl
85	#whitelist ${HOME}/.config/mpv
86	#whitelist ${HOME}/.config/youtube-dl
87	#whitelist ${HOME}/.netrc
88	#whitelist /usr/share/lua
89	#whitelist /usr/share/lua*
90	#whitelist /usr/share/vulkan
91	#private-bin env,mpv,python3*,waf,youtube-dl