diff options
Diffstat (limited to 'etc/inc')
| -rw-r--r-- | etc/inc/allow-common-devel.inc | 5 | ||||
| -rw-r--r-- | etc/inc/allow-ruby.inc | 1 | ||||
| -rw-r--r-- | etc/inc/disable-common.inc | 8 | ||||
| -rw-r--r-- | etc/inc/disable-devel.inc | 2 | ||||
| -rw-r--r-- | etc/inc/disable-exec.inc | 1 | ||||
| -rw-r--r-- | etc/inc/disable-interpreters.inc | 1 | ||||
| -rw-r--r-- | etc/inc/disable-proc.inc | 82 | ||||
| -rw-r--r-- | etc/inc/disable-programs.inc | 355 | ||||
| -rw-r--r-- | etc/inc/whitelist-run-common.inc | 4 |
9 files changed, 279 insertions, 180 deletions
diff --git a/etc/inc/allow-common-devel.inc b/etc/inc/allow-common-devel.inc index 011bbe226..4e460fc10 100644 --- a/etc/inc/allow-common-devel.inc +++ b/etc/inc/allow-common-devel.inc | |||
| @@ -27,5 +27,8 @@ noblacklist ${HOME}/.python-history | |||
| 27 | noblacklist ${HOME}/.python_history | 27 | noblacklist ${HOME}/.python_history |
| 28 | noblacklist ${HOME}/.pythonhist | 28 | noblacklist ${HOME}/.pythonhist |
| 29 | 29 | ||
| 30 | # Ruby | ||
| 31 | noblacklist ${HOME}/.bundle | ||
| 32 | |||
| 30 | # Rust | 33 | # Rust |
| 31 | noblacklist ${HOME}/.cargo/* | 34 | noblacklist ${HOME}/.cargo |
diff --git a/etc/inc/allow-ruby.inc b/etc/inc/allow-ruby.inc index a8c701219..00276cac7 100644 --- a/etc/inc/allow-ruby.inc +++ b/etc/inc/allow-ruby.inc | |||
| @@ -4,3 +4,4 @@ include allow-ruby.local | |||
| 4 | 4 | ||
| 5 | noblacklist ${PATH}/ruby | 5 | noblacklist ${PATH}/ruby |
| 6 | noblacklist /usr/lib/ruby | 6 | noblacklist /usr/lib/ruby |
| 7 | noblacklist /usr/lib64/ruby | ||
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index ae84ee38a..f3d685d18 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
| @@ -458,7 +458,7 @@ blacklist /sbin | |||
| 458 | blacklist /usr/local/sbin | 458 | blacklist /usr/local/sbin |
| 459 | blacklist /usr/sbin | 459 | blacklist /usr/sbin |
| 460 | 460 | ||
| 461 | # system management | 461 | # system management and various SUID executables |
| 462 | blacklist ${PATH}/at | 462 | blacklist ${PATH}/at |
| 463 | blacklist ${PATH}/busybox | 463 | blacklist ${PATH}/busybox |
| 464 | blacklist ${PATH}/chage | 464 | blacklist ${PATH}/chage |
| @@ -493,6 +493,12 @@ blacklist ${PATH}/umount | |||
| 493 | blacklist ${PATH}/unix_chkpwd | 493 | blacklist ${PATH}/unix_chkpwd |
| 494 | blacklist ${PATH}/xev | 494 | blacklist ${PATH}/xev |
| 495 | blacklist ${PATH}/xinput | 495 | blacklist ${PATH}/xinput |
| 496 | blacklist /usr/lib/openssh/ssh-keysign | ||
| 497 | blacklist ${PATH}/passwd | ||
| 498 | blacklist /usr/lib/xorg/Xorg.wrap | ||
| 499 | blacklist /usr/lib/policykit-1/polkit-agent-helper-1 | ||
| 500 | blacklist /usr/lib/dbus-1.0/dbus-daemon-launch-helper | ||
| 501 | blacklist /usr/lib/eject/dmcrypt-get-device | ||
| 496 | 502 | ||
| 497 | # other SUID binaries | 503 | # other SUID binaries |
| 498 | blacklist /usr/lib/virtualbox | 504 | blacklist /usr/lib/virtualbox |
diff --git a/etc/inc/disable-devel.inc b/etc/inc/disable-devel.inc index e74b1b40b..98bf5ecc8 100644 --- a/etc/inc/disable-devel.inc +++ b/etc/inc/disable-devel.inc | |||
| @@ -60,9 +60,7 @@ blacklist /usr/lib/tcc | |||
| 60 | blacklist ${PATH}/valgrind* | 60 | blacklist ${PATH}/valgrind* |
| 61 | blacklist /usr/lib/valgrind | 61 | blacklist /usr/lib/valgrind |
| 62 | 62 | ||
| 63 | |||
| 64 | # Source-Code | 63 | # Source-Code |
| 65 | |||
| 66 | blacklist /usr/src | 64 | blacklist /usr/src |
| 67 | blacklist /usr/local/src | 65 | blacklist /usr/local/src |
| 68 | blacklist /usr/include | 66 | blacklist /usr/include |
diff --git a/etc/inc/disable-exec.inc b/etc/inc/disable-exec.inc index 9b5c40a2b..d7dcef7e7 100644 --- a/etc/inc/disable-exec.inc +++ b/etc/inc/disable-exec.inc | |||
| @@ -6,6 +6,7 @@ noexec ${HOME} | |||
| 6 | noexec ${RUNUSER} | 6 | noexec ${RUNUSER} |
| 7 | noexec /dev/mqueue | 7 | noexec /dev/mqueue |
| 8 | noexec /dev/shm | 8 | noexec /dev/shm |
| 9 | noexec /run/shm | ||
| 9 | noexec /tmp | 10 | noexec /tmp |
| 10 | # /var is noexec by default for unprivileged users | 11 | # /var is noexec by default for unprivileged users |
| 11 | # except there is a writable-var option, so just in case: | 12 | # except there is a writable-var option, so just in case: |
diff --git a/etc/inc/disable-interpreters.inc b/etc/inc/disable-interpreters.inc index 5d8a236fb..804869e2a 100644 --- a/etc/inc/disable-interpreters.inc +++ b/etc/inc/disable-interpreters.inc | |||
| @@ -48,6 +48,7 @@ blacklist /usr/share/php* | |||
| 48 | # Ruby | 48 | # Ruby |
| 49 | blacklist ${PATH}/ruby | 49 | blacklist ${PATH}/ruby |
| 50 | blacklist /usr/lib/ruby | 50 | blacklist /usr/lib/ruby |
| 51 | blacklist /usr/lib64/ruby | ||
| 51 | 52 | ||
| 52 | # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus | 53 | # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus |
| 53 | # Python 2 | 54 | # Python 2 |
diff --git a/etc/inc/disable-proc.inc b/etc/inc/disable-proc.inc new file mode 100644 index 000000000..81a8883f3 --- /dev/null +++ b/etc/inc/disable-proc.inc | |||
| @@ -0,0 +1,82 @@ | |||
| 1 | # This file is overwritten during software install. | ||
| 2 | # Persistent customizations should go in a .local file. | ||
| 3 | include disable-proc.local | ||
| 4 | |||
| 5 | blacklist /proc/acpi | ||
| 6 | blacklist /proc/asound | ||
| 7 | blacklist /proc/bootconfig | ||
| 8 | blacklist /proc/buddyinfo | ||
| 9 | blacklist /proc/cgroups | ||
| 10 | blacklist /proc/cmdline | ||
| 11 | blacklist /proc/config.gz | ||
| 12 | blacklist /proc/consoles | ||
| 13 | #blacklist /proc/cpuinfo | ||
| 14 | blacklist /proc/crypto | ||
| 15 | blacklist /proc/devices | ||
| 16 | blacklist /proc/diskstats | ||
| 17 | blacklist /proc/dma | ||
| 18 | #blacklist /proc/driver | ||
| 19 | blacklist /proc/dynamic_debug | ||
| 20 | blacklist /proc/execdomains | ||
| 21 | blacklist /proc/fb | ||
| 22 | #blacklist /proc/filesystems | ||
| 23 | blacklist /proc/fs | ||
| 24 | blacklist /proc/i8k | ||
| 25 | blacklist /proc/interrupts | ||
| 26 | blacklist /proc/iomem | ||
| 27 | blacklist /proc/ioports | ||
| 28 | blacklist /proc/irq | ||
| 29 | blacklist /proc/kallsyms | ||
| 30 | blacklist /proc/kcore | ||
| 31 | blacklist /proc/keys | ||
| 32 | blacklist /proc/key-users | ||
| 33 | blacklist /proc/kmsg | ||
| 34 | blacklist /proc/kpagecgroup | ||
| 35 | blacklist /proc/kpagecount | ||
| 36 | blacklist /proc/kpageflags | ||
| 37 | blacklist /proc/latency_stats | ||
| 38 | #blacklist /proc/loadavg | ||
| 39 | blacklist /proc/locks | ||
| 40 | blacklist /proc/mdstat | ||
| 41 | #blacklist /proc/meminfo | ||
| 42 | blacklist /proc/misc | ||
| 43 | #blacklist /proc/modules | ||
| 44 | #blacklist /proc/mounts | ||
| 45 | blacklist /proc/mtrr | ||
| 46 | #blacklist /proc/net | ||
| 47 | blacklist /proc/partitions | ||
| 48 | blacklist /proc/pressure | ||
| 49 | blacklist /proc/sched_debug | ||
| 50 | blacklist /proc/schedstat | ||
| 51 | blacklist /proc/scsi | ||
| 52 | #blacklist /proc/self | ||
| 53 | blacklist /proc/slabinfo | ||
| 54 | blacklist /proc/softirqs | ||
| 55 | blacklist /proc/spl | ||
| 56 | #blacklist /proc/stat | ||
| 57 | blacklist /proc/swaps | ||
| 58 | #blacklist /proc/sys | ||
| 59 | blacklist /proc/sysrq-trigger | ||
| 60 | blacklist /proc/sysvipc | ||
| 61 | #blacklist /proc/thread-self | ||
| 62 | blacklist /proc/timer_list | ||
| 63 | blacklist /proc/tty | ||
| 64 | #blacklist /proc/uptime | ||
| 65 | #blacklist /proc/version | ||
| 66 | blacklist /proc/version_signature | ||
| 67 | blacklist /proc/vmallocinfo | ||
| 68 | #blacklist /proc/vmstat | ||
| 69 | #blacklist /proc/zoneinfo | ||
| 70 | |||
| 71 | blacklist /proc/sys/abi | ||
| 72 | blacklist /proc/sys/crypto | ||
| 73 | blacklist /proc/sys/debug | ||
| 74 | blacklist /proc/sys/dev | ||
| 75 | blacklist /proc/sys/fs | ||
| 76 | blacklist /proc/sys/net | ||
| 77 | blacklist /proc/sys/user | ||
| 78 | blacklist /proc/sys/vm | ||
| 79 | |||
| 80 | noblacklist /proc/sys/kernel/osrelease | ||
| 81 | noblacklist /proc/sys/kernel/yama | ||
| 82 | blacklist /proc/sys/*/* | ||
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 4941630a2..e78f15e10 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
| @@ -49,11 +49,184 @@ blacklist ${HOME}/.bibletime | |||
| 49 | blacklist ${HOME}/.bitcoin | 49 | blacklist ${HOME}/.bitcoin |
| 50 | blacklist ${HOME}/.blobby | 50 | blacklist ${HOME}/.blobby |
| 51 | blacklist ${HOME}/.bogofilter | 51 | blacklist ${HOME}/.bogofilter |
| 52 | blacklist ${HOME}/.bundle | ||
| 52 | blacklist ${HOME}/.bzf | 53 | blacklist ${HOME}/.bzf |
| 53 | blacklist ${HOME}/.cargo/* | 54 | blacklist ${HOME}/.cache/0ad |
| 55 | blacklist ${HOME}/.cache/8pecxstudios | ||
| 56 | blacklist ${HOME}/.cache/Authenticator | ||
| 57 | blacklist ${HOME}/.cache/BraveSoftware | ||
| 58 | blacklist ${HOME}/.cache/Clementine | ||
| 59 | blacklist ${HOME}/.cache/ENCOM/Spectral | ||
| 60 | blacklist ${HOME}/.cache/Enox | ||
| 61 | blacklist ${HOME}/.cache/Enpass | ||
| 62 | blacklist ${HOME}/.cache/Ferdi | ||
| 63 | blacklist ${HOME}/.cache/Flavio Tordini | ||
| 64 | blacklist ${HOME}/.cache/Franz | ||
| 65 | blacklist ${HOME}/.cache/GoldenDict | ||
| 66 | blacklist ${HOME}/.cache/INRIA | ||
| 67 | blacklist ${HOME}/.cache/INRIA/Natron | ||
| 68 | blacklist ${HOME}/.cache/JetBrains/CLion* | ||
| 69 | blacklist ${HOME}/.cache/KDE/neochat | ||
| 70 | blacklist ${HOME}/.cache/Mendeley Ltd. | ||
| 71 | blacklist ${HOME}/.cache/MusicBrainz | ||
| 72 | blacklist ${HOME}/.cache/NewsFlashGTK | ||
| 73 | blacklist ${HOME}/.cache/Otter | ||
| 74 | blacklist ${HOME}/.cache/PawelStolowski | ||
| 75 | blacklist ${HOME}/.cache/Psi | ||
| 76 | blacklist ${HOME}/.cache/QuiteRss | ||
| 77 | blacklist ${HOME}/.cache/Quotient/quaternion | ||
| 78 | blacklist ${HOME}/.cache/Shortwave | ||
| 79 | blacklist ${HOME}/.cache/Tox | ||
| 80 | blacklist ${HOME}/.cache/Zeal | ||
| 81 | blacklist ${HOME}/.cache/agenda | ||
| 82 | blacklist ${HOME}/.cache/akonadi* | ||
| 83 | blacklist ${HOME}/.cache/atril | ||
| 84 | blacklist ${HOME}/.cache/attic | ||
| 85 | blacklist ${HOME}/.cache/babl | ||
| 86 | blacklist ${HOME}/.cache/bnox | ||
| 87 | blacklist ${HOME}/.cache/borg | ||
| 88 | blacklist ${HOME}/.cache/calibre | ||
| 89 | blacklist ${HOME}/.cache/cantata | ||
| 90 | blacklist ${HOME}/.cache/champlain | ||
| 91 | blacklist ${HOME}/.cache/chromium | ||
| 92 | blacklist ${HOME}/.cache/chromium-dev | ||
| 93 | blacklist ${HOME}/.cache/cliqz | ||
| 94 | blacklist ${HOME}/.cache/com.github.johnfactotum.Foliate | ||
| 95 | blacklist ${HOME}/.cache/darktable | ||
| 96 | blacklist ${HOME}/.cache/deja-dup | ||
| 97 | blacklist ${HOME}/.cache/discover | ||
| 98 | blacklist ${HOME}/.cache/dnox | ||
| 99 | blacklist ${HOME}/.cache/dolphin | ||
| 100 | blacklist ${HOME}/.cache/dolphin-emu | ||
| 101 | blacklist ${HOME}/.cache/ephemeral | ||
| 102 | blacklist ${HOME}/.cache/epiphany | ||
| 103 | blacklist ${HOME}/.cache/evolution | ||
| 104 | blacklist ${HOME}/.cache/falkon | ||
| 105 | blacklist ${HOME}/.cache/feedreader | ||
| 106 | blacklist ${HOME}/.cache/firedragon | ||
| 107 | blacklist ${HOME}/.cache/flaska.net/trojita | ||
| 108 | blacklist ${HOME}/.cache/folks | ||
| 109 | blacklist ${HOME}/.cache/font-manager | ||
| 110 | blacklist ${HOME}/.cache/fossamail | ||
| 111 | blacklist ${HOME}/.cache/fractal | ||
| 112 | blacklist ${HOME}/.cache/freecol | ||
| 113 | blacklist ${HOME}/.cache/gajim | ||
| 114 | blacklist ${HOME}/.cache/geary | ||
| 115 | blacklist ${HOME}/.cache/geeqie | ||
| 116 | blacklist ${HOME}/.cache/gegl-0.4 | ||
| 117 | blacklist ${HOME}/.cache/gfeeds | ||
| 118 | blacklist ${HOME}/.cache/gimp | ||
| 119 | blacklist ${HOME}/.cache/gnome-boxes | ||
| 120 | blacklist ${HOME}/.cache/gnome-builder | ||
| 121 | blacklist ${HOME}/.cache/gnome-control-center | ||
| 122 | blacklist ${HOME}/.cache/gnome-recipes | ||
| 123 | blacklist ${HOME}/.cache/gnome-screenshot | ||
| 124 | blacklist ${HOME}/.cache/gnome-software | ||
| 125 | blacklist ${HOME}/.cache/gnome-twitch | ||
| 126 | blacklist ${HOME}/.cache/godot | ||
| 127 | blacklist ${HOME}/.cache/google-chrome | ||
| 128 | blacklist ${HOME}/.cache/google-chrome-beta | ||
| 129 | blacklist ${HOME}/.cache/google-chrome-unstable | ||
| 130 | blacklist ${HOME}/.cache/gradio | ||
| 131 | blacklist ${HOME}/.cache/gummi | ||
| 132 | blacklist ${HOME}/.cache/icedove | ||
| 133 | blacklist ${HOME}/.cache/inkscape | ||
| 134 | blacklist ${HOME}/.cache/inox | ||
| 135 | blacklist ${HOME}/.cache/io.github.lainsce.Notejot | ||
| 136 | blacklist ${HOME}/.cache/iridium | ||
| 137 | blacklist ${HOME}/.cache/kcmshell5 | ||
| 138 | blacklist ${HOME}/.cache/kdenlive | ||
| 139 | blacklist ${HOME}/.cache/keepassxc | ||
| 140 | blacklist ${HOME}/.cache/kfind | ||
| 141 | blacklist ${HOME}/.cache/kinfocenter | ||
| 142 | blacklist ${HOME}/.cache/kmail2 | ||
| 143 | blacklist ${HOME}/.cache/krunner | ||
| 144 | blacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* | ||
| 145 | blacklist ${HOME}/.cache/kscreenlocker_greet | ||
| 146 | blacklist ${HOME}/.cache/ksmserver-logout-greeter | ||
| 147 | blacklist ${HOME}/.cache/ksplashqml | ||
| 148 | blacklist ${HOME}/.cache/kube | ||
| 149 | blacklist ${HOME}/.cache/kwin | ||
| 150 | blacklist ${HOME}/.cache/libgweather | ||
| 151 | blacklist ${HOME}/.cache/librewolf | ||
| 152 | blacklist ${HOME}/.cache/liferea | ||
| 153 | blacklist ${HOME}/.cache/lutris | ||
| 154 | blacklist ${HOME}/.cache/marker | ||
| 155 | blacklist ${HOME}/.cache/matrix-mirage | ||
| 156 | blacklist ${HOME}/.cache/microsoft-edge-beta | ||
| 157 | blacklist ${HOME}/.cache/microsoft-edge-dev | ||
| 158 | blacklist ${HOME}/.cache/midori | ||
| 159 | blacklist ${HOME}/.cache/minetest | ||
| 160 | blacklist ${HOME}/.cache/mirage | ||
| 161 | blacklist ${HOME}/.cache/moonchild productions/basilisk | ||
| 162 | blacklist ${HOME}/.cache/moonchild productions/pale moon | ||
| 163 | blacklist ${HOME}/.cache/mozilla | ||
| 164 | blacklist ${HOME}/.cache/ms-excel-online | ||
| 165 | blacklist ${HOME}/.cache/ms-office-online | ||
| 166 | blacklist ${HOME}/.cache/ms-onenote-online | ||
| 167 | blacklist ${HOME}/.cache/ms-outlook-online | ||
| 168 | blacklist ${HOME}/.cache/ms-powerpoint-online | ||
| 169 | blacklist ${HOME}/.cache/ms-skype-online | ||
| 170 | blacklist ${HOME}/.cache/ms-word-online | ||
| 171 | blacklist ${HOME}/.cache/mutt | ||
| 172 | blacklist ${HOME}/.cache/mypaint | ||
| 173 | blacklist ${HOME}/.cache/netsurf | ||
| 174 | blacklist ${HOME}/.cache/nheko | ||
| 175 | blacklist ${HOME}/.cache/okular | ||
| 176 | blacklist ${HOME}/.cache/opera | ||
| 177 | blacklist ${HOME}/.cache/opera-beta | ||
| 178 | blacklist ${HOME}/.cache/org.gabmus.gfeeds | ||
| 179 | blacklist ${HOME}/.cache/org.gnome.Books | ||
| 180 | blacklist ${HOME}/.cache/org.gnome.Maps | ||
| 181 | blacklist ${HOME}/.cache/pdfmod | ||
| 182 | blacklist ${HOME}/.cache/peek | ||
| 183 | blacklist ${HOME}/.cache/pip | ||
| 184 | blacklist ${HOME}/.cache/pipe-viewer | ||
| 185 | blacklist ${HOME}/.cache/plasmashell | ||
| 186 | blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite* | ||
| 187 | blacklist ${HOME}/.cache/psi | ||
| 188 | blacklist ${HOME}/.cache/qBittorrent | ||
| 189 | blacklist ${HOME}/.cache/quodlibet | ||
| 190 | blacklist ${HOME}/.cache/qupzilla | ||
| 191 | blacklist ${HOME}/.cache/qutebrowser | ||
| 192 | blacklist ${HOME}/.cache/rednotebook | ||
| 193 | blacklist ${HOME}/.cache/rhythmbox | ||
| 194 | blacklist ${HOME}/.cache/shotwell | ||
| 195 | blacklist ${HOME}/.cache/simple-scan | ||
| 196 | blacklist ${HOME}/.cache/slimjet | ||
| 197 | blacklist ${HOME}/.cache/smuxi | ||
| 198 | blacklist ${HOME}/.cache/snox | ||
| 199 | blacklist ${HOME}/.cache/spotify | ||
| 200 | blacklist ${HOME}/.cache/straw-viewer | ||
| 201 | blacklist ${HOME}/.cache/strawberry | ||
| 202 | blacklist ${HOME}/.cache/supertuxkart | ||
| 203 | blacklist ${HOME}/.cache/systemsettings | ||
| 204 | blacklist ${HOME}/.cache/telepathy | ||
| 205 | blacklist ${HOME}/.cache/thunderbird | ||
| 206 | blacklist ${HOME}/.cache/torbrowser | ||
| 207 | blacklist ${HOME}/.cache/transmission | ||
| 208 | blacklist ${HOME}/.cache/ungoogled-chromium | ||
| 209 | blacklist ${HOME}/.cache/vivaldi | ||
| 210 | blacklist ${HOME}/.cache/vivaldi-snapshot | ||
| 211 | blacklist ${HOME}/.cache/vlc | ||
| 212 | blacklist ${HOME}/.cache/vmware | ||
| 213 | blacklist ${HOME}/.cache/warsow-2.1 | ||
| 214 | blacklist ${HOME}/.cache/waterfox | ||
| 215 | blacklist ${HOME}/.cache/wesnoth | ||
| 216 | blacklist ${HOME}/.cache/winetricks | ||
| 217 | blacklist ${HOME}/.cache/xmms2 | ||
| 218 | blacklist ${HOME}/.cache/xournalpp | ||
| 219 | blacklist ${HOME}/.cache/xreader | ||
| 220 | blacklist ${HOME}/.cache/yandex-browser | ||
| 221 | blacklist ${HOME}/.cache/yandex-browser-beta | ||
| 222 | blacklist ${HOME}/.cache/youtube-dl | ||
| 223 | blacklist ${HOME}/.cache/youtube-viewer | ||
| 224 | blacklist ${HOME}/.cache/yt-dlp | ||
| 225 | blacklist ${HOME}/.cache/zim | ||
| 226 | blacklist ${HOME}/.cargo | ||
| 54 | blacklist ${HOME}/.claws-mail | 227 | blacklist ${HOME}/.claws-mail |
| 55 | blacklist ${HOME}/.cliqz | ||
| 56 | blacklist ${HOME}/.clion* | 228 | blacklist ${HOME}/.clion* |
| 229 | blacklist ${HOME}/.cliqz | ||
| 57 | blacklist ${HOME}/.clonk | 230 | blacklist ${HOME}/.clonk |
| 58 | blacklist ${HOME}/.config/0ad | 231 | blacklist ${HOME}/.config/0ad |
| 59 | blacklist ${HOME}/.config/2048-qt | 232 | blacklist ${HOME}/.config/2048-qt |
| @@ -92,8 +265,8 @@ blacklist ${HOME}/.config/Google Play Music Desktop Player | |||
| 92 | blacklist ${HOME}/.config/Gpredict | 265 | blacklist ${HOME}/.config/Gpredict |
| 93 | blacklist ${HOME}/.config/INRIA | 266 | blacklist ${HOME}/.config/INRIA |
| 94 | blacklist ${HOME}/.config/InSilmaril | 267 | blacklist ${HOME}/.config/InSilmaril |
| 95 | blacklist ${HOME}/.config/Jitsi Meet | ||
| 96 | blacklist ${HOME}/.config/JetBrains/CLion* | 268 | blacklist ${HOME}/.config/JetBrains/CLion* |
| 269 | blacklist ${HOME}/.config/Jitsi Meet | ||
| 97 | blacklist ${HOME}/.config/KDE/neochat | 270 | blacklist ${HOME}/.config/KDE/neochat |
| 98 | blacklist ${HOME}/.config/KeePass | 271 | blacklist ${HOME}/.config/KeePass |
| 99 | blacklist ${HOME}/.config/KeePassXCrc | 272 | blacklist ${HOME}/.config/KeePassXCrc |
| @@ -142,6 +315,7 @@ blacklist ${HOME}/.config/SubDownloader | |||
| 142 | blacklist ${HOME}/.config/Thunar | 315 | blacklist ${HOME}/.config/Thunar |
| 143 | blacklist ${HOME}/.config/Twitch | 316 | blacklist ${HOME}/.config/Twitch |
| 144 | blacklist ${HOME}/.config/Unknown Organization | 317 | blacklist ${HOME}/.config/Unknown Organization |
| 318 | blacklist ${HOME}/.config/VSCodium | ||
| 145 | blacklist ${HOME}/.config/VirtualBox | 319 | blacklist ${HOME}/.config/VirtualBox |
| 146 | blacklist ${HOME}/.config/Whalebird | 320 | blacklist ${HOME}/.config/Whalebird |
| 147 | blacklist ${HOME}/.config/Wire | 321 | blacklist ${HOME}/.config/Wire |
| @@ -496,12 +670,14 @@ blacklist ${HOME}/.frogatto | |||
| 496 | blacklist ${HOME}/.frozen-bubble | 670 | blacklist ${HOME}/.frozen-bubble |
| 497 | blacklist ${HOME}/.funnyboat | 671 | blacklist ${HOME}/.funnyboat |
| 498 | blacklist ${HOME}/.gallery-dl.conf | 672 | blacklist ${HOME}/.gallery-dl.conf |
| 673 | blacklist ${HOME}/.geekbench5 | ||
| 499 | blacklist ${HOME}/.gimp* | 674 | blacklist ${HOME}/.gimp* |
| 500 | blacklist ${HOME}/.gist | 675 | blacklist ${HOME}/.gist |
| 501 | blacklist ${HOME}/.gitconfig | 676 | blacklist ${HOME}/.gitconfig |
| 502 | blacklist ${HOME}/.gl-117 | 677 | blacklist ${HOME}/.gl-117 |
| 503 | blacklist ${HOME}/.glaxiumrc | 678 | blacklist ${HOME}/.glaxiumrc |
| 504 | blacklist ${HOME}/.gnome/gnome-schedule | 679 | blacklist ${HOME}/.gnome/gnome-schedule |
| 680 | blacklist ${HOME}/.goldendict | ||
| 505 | blacklist ${HOME}/.googleearth | 681 | blacklist ${HOME}/.googleearth |
| 506 | blacklist ${HOME}/.gradle | 682 | blacklist ${HOME}/.gradle |
| 507 | blacklist ${HOME}/.gramps | 683 | blacklist ${HOME}/.gramps |
| @@ -954,176 +1130,3 @@ blacklist /var/games/slashem | |||
| 954 | blacklist /var/games/vulturesclaw | 1130 | blacklist /var/games/vulturesclaw |
| 955 | blacklist /var/games/vultureseye | 1131 | blacklist /var/games/vultureseye |
| 956 | blacklist /var/lib/games/Maelstrom-Scores | 1132 | blacklist /var/lib/games/Maelstrom-Scores |
| 957 | |||
| 958 | # ${HOME}/.cache directory | ||
| 959 | blacklist ${HOME}/.cache/0ad | ||
| 960 | blacklist ${HOME}/.cache/8pecxstudios | ||
| 961 | blacklist ${HOME}/.cache/Authenticator | ||
| 962 | blacklist ${HOME}/.cache/BraveSoftware | ||
| 963 | blacklist ${HOME}/.cache/Clementine | ||
| 964 | blacklist ${HOME}/.cache/ENCOM/Spectral | ||
| 965 | blacklist ${HOME}/.cache/Enox | ||
| 966 | blacklist ${HOME}/.cache/Enpass | ||
| 967 | blacklist ${HOME}/.cache/Ferdi | ||
| 968 | blacklist ${HOME}/.cache/Flavio Tordini | ||
| 969 | blacklist ${HOME}/.cache/Franz | ||
| 970 | blacklist ${HOME}/.cache/INRIA | ||
| 971 | blacklist ${HOME}/.cache/INRIA/Natron | ||
| 972 | blacklist ${HOME}/.cache/KDE/neochat | ||
| 973 | blacklist ${HOME}/.cache/Mendeley Ltd. | ||
| 974 | blacklist ${HOME}/.cache/MusicBrainz | ||
| 975 | blacklist ${HOME}/.cache/NewsFlashGTK | ||
| 976 | blacklist ${HOME}/.cache/Otter | ||
| 977 | blacklist ${HOME}/.cache/PawelStolowski | ||
| 978 | blacklist ${HOME}/.cache/Psi | ||
| 979 | blacklist ${HOME}/.cache/QuiteRss | ||
| 980 | blacklist ${HOME}/.cache/Quotient/quaternion | ||
| 981 | blacklist ${HOME}/.cache/Shortwave | ||
| 982 | blacklist ${HOME}/.cache/Tox | ||
| 983 | blacklist ${HOME}/.cache/Zeal | ||
| 984 | blacklist ${HOME}/.cache/agenda | ||
| 985 | blacklist ${HOME}/.cache/akonadi* | ||
| 986 | blacklist ${HOME}/.cache/atril | ||
| 987 | blacklist ${HOME}/.cache/attic | ||
| 988 | blacklist ${HOME}/.cache/babl | ||
| 989 | blacklist ${HOME}/.cache/bnox | ||
| 990 | blacklist ${HOME}/.cache/borg | ||
| 991 | blacklist ${HOME}/.cache/calibre | ||
| 992 | blacklist ${HOME}/.cache/cantata | ||
| 993 | blacklist ${HOME}/.cache/champlain | ||
| 994 | blacklist ${HOME}/.cache/chromium | ||
| 995 | blacklist ${HOME}/.cache/chromium-dev | ||
| 996 | blacklist ${HOME}/.cache/cliqz | ||
| 997 | blacklist ${HOME}/.cache/com.github.johnfactotum.Foliate | ||
| 998 | blacklist ${HOME}/.cache/darktable | ||
| 999 | blacklist ${HOME}/.cache/deja-dup | ||
| 1000 | blacklist ${HOME}/.cache/discover | ||
| 1001 | blacklist ${HOME}/.cache/dnox | ||
| 1002 | blacklist ${HOME}/.cache/dolphin | ||
| 1003 | blacklist ${HOME}/.cache/dolphin-emu | ||
| 1004 | blacklist ${HOME}/.cache/ephemeral | ||
| 1005 | blacklist ${HOME}/.cache/epiphany | ||
| 1006 | blacklist ${HOME}/.cache/evolution | ||
| 1007 | blacklist ${HOME}/.cache/falkon | ||
| 1008 | blacklist ${HOME}/.cache/feedreader | ||
| 1009 | blacklist ${HOME}/.cache/firedragon | ||
| 1010 | blacklist ${HOME}/.cache/flaska.net/trojita | ||
| 1011 | blacklist ${HOME}/.cache/folks | ||
| 1012 | blacklist ${HOME}/.cache/font-manager | ||
| 1013 | blacklist ${HOME}/.cache/fossamail | ||
| 1014 | blacklist ${HOME}/.cache/fractal | ||
| 1015 | blacklist ${HOME}/.cache/freecol | ||
| 1016 | blacklist ${HOME}/.cache/gajim | ||
| 1017 | blacklist ${HOME}/.cache/geary | ||
| 1018 | blacklist ${HOME}/.cache/geeqie | ||
| 1019 | blacklist ${HOME}/.cache/gegl-0.4 | ||
| 1020 | blacklist ${HOME}/.cache/gfeeds | ||
| 1021 | blacklist ${HOME}/.cache/gimp | ||
| 1022 | blacklist ${HOME}/.cache/gnome-boxes | ||
| 1023 | blacklist ${HOME}/.cache/gnome-builder | ||
| 1024 | blacklist ${HOME}/.cache/gnome-control-center | ||
| 1025 | blacklist ${HOME}/.cache/gnome-recipes | ||
| 1026 | blacklist ${HOME}/.cache/gnome-screenshot | ||
| 1027 | blacklist ${HOME}/.cache/gnome-software | ||
| 1028 | blacklist ${HOME}/.cache/gnome-twitch | ||
| 1029 | blacklist ${HOME}/.cache/godot | ||
| 1030 | blacklist ${HOME}/.cache/google-chrome | ||
| 1031 | blacklist ${HOME}/.cache/google-chrome-beta | ||
| 1032 | blacklist ${HOME}/.cache/google-chrome-unstable | ||
| 1033 | blacklist ${HOME}/.cache/gradio | ||
| 1034 | blacklist ${HOME}/.cache/gummi | ||
| 1035 | blacklist ${HOME}/.cache/icedove | ||
| 1036 | blacklist ${HOME}/.cache/inkscape | ||
| 1037 | blacklist ${HOME}/.cache/inox | ||
| 1038 | blacklist ${HOME}/.cache/io.github.lainsce.Notejot | ||
| 1039 | blacklist ${HOME}/.cache/iridium | ||
| 1040 | blacklist ${HOME}/.cache/JetBrains/CLion* | ||
| 1041 | blacklist ${HOME}/.cache/kcmshell5 | ||
| 1042 | blacklist ${HOME}/.cache/kdenlive | ||
| 1043 | blacklist ${HOME}/.cache/keepassxc | ||
| 1044 | blacklist ${HOME}/.cache/kfind | ||
| 1045 | blacklist ${HOME}/.cache/kinfocenter | ||
| 1046 | blacklist ${HOME}/.cache/kmail2 | ||
| 1047 | blacklist ${HOME}/.cache/krunner | ||
| 1048 | blacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* | ||
| 1049 | blacklist ${HOME}/.cache/kscreenlocker_greet | ||
| 1050 | blacklist ${HOME}/.cache/ksmserver-logout-greeter | ||
| 1051 | blacklist ${HOME}/.cache/ksplashqml | ||
| 1052 | blacklist ${HOME}/.cache/kube | ||
| 1053 | blacklist ${HOME}/.cache/kwin | ||
| 1054 | blacklist ${HOME}/.cache/libgweather | ||
| 1055 | blacklist ${HOME}/.cache/librewolf | ||
| 1056 | blacklist ${HOME}/.cache/liferea | ||
| 1057 | blacklist ${HOME}/.cache/lutris | ||
| 1058 | blacklist ${HOME}/.cache/marker | ||
| 1059 | blacklist ${HOME}/.cache/matrix-mirage | ||
| 1060 | blacklist ${HOME}/.cache/microsoft-edge-beta | ||
| 1061 | blacklist ${HOME}/.cache/microsoft-edge-dev | ||
| 1062 | blacklist ${HOME}/.cache/midori | ||
| 1063 | blacklist ${HOME}/.cache/minetest | ||
| 1064 | blacklist ${HOME}/.cache/mirage | ||
| 1065 | blacklist ${HOME}/.cache/moonchild productions/basilisk | ||
| 1066 | blacklist ${HOME}/.cache/moonchild productions/pale moon | ||
| 1067 | blacklist ${HOME}/.cache/mozilla | ||
| 1068 | blacklist ${HOME}/.cache/ms-excel-online | ||
| 1069 | blacklist ${HOME}/.cache/ms-office-online | ||
| 1070 | blacklist ${HOME}/.cache/ms-onenote-online | ||
| 1071 | blacklist ${HOME}/.cache/ms-outlook-online | ||
| 1072 | blacklist ${HOME}/.cache/ms-powerpoint-online | ||
| 1073 | blacklist ${HOME}/.cache/ms-skype-online | ||
| 1074 | blacklist ${HOME}/.cache/ms-word-online | ||
| 1075 | blacklist ${HOME}/.cache/mutt | ||
| 1076 | blacklist ${HOME}/.cache/mypaint | ||
| 1077 | blacklist ${HOME}/.cache/netsurf | ||
| 1078 | blacklist ${HOME}/.cache/nheko | ||
| 1079 | blacklist ${HOME}/.cache/okular | ||
| 1080 | blacklist ${HOME}/.cache/opera | ||
| 1081 | blacklist ${HOME}/.cache/opera-beta | ||
| 1082 | blacklist ${HOME}/.cache/org.gabmus.gfeeds | ||
| 1083 | blacklist ${HOME}/.cache/org.gnome.Books | ||
| 1084 | blacklist ${HOME}/.cache/org.gnome.Maps | ||
| 1085 | blacklist ${HOME}/.cache/pdfmod | ||
| 1086 | blacklist ${HOME}/.cache/peek | ||
| 1087 | blacklist ${HOME}/.cache/pip | ||
| 1088 | blacklist ${HOME}/.cache/pipe-viewer | ||
| 1089 | blacklist ${HOME}/.cache/plasmashell | ||
| 1090 | blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite* | ||
| 1091 | blacklist ${HOME}/.cache/psi | ||
| 1092 | blacklist ${HOME}/.cache/qBittorrent | ||
| 1093 | blacklist ${HOME}/.cache/quodlibet | ||
| 1094 | blacklist ${HOME}/.cache/qupzilla | ||
| 1095 | blacklist ${HOME}/.cache/qutebrowser | ||
| 1096 | blacklist ${HOME}/.cache/rednotebook | ||
| 1097 | blacklist ${HOME}/.cache/rhythmbox | ||
| 1098 | blacklist ${HOME}/.cache/shotwell | ||
| 1099 | blacklist ${HOME}/.cache/simple-scan | ||
| 1100 | blacklist ${HOME}/.cache/slimjet | ||
| 1101 | blacklist ${HOME}/.cache/smuxi | ||
| 1102 | blacklist ${HOME}/.cache/snox | ||
| 1103 | blacklist ${HOME}/.cache/spotify | ||
| 1104 | blacklist ${HOME}/.cache/straw-viewer | ||
| 1105 | blacklist ${HOME}/.cache/strawberry | ||
| 1106 | blacklist ${HOME}/.cache/supertuxkart | ||
| 1107 | blacklist ${HOME}/.cache/systemsettings | ||
| 1108 | blacklist ${HOME}/.cache/telepathy | ||
| 1109 | blacklist ${HOME}/.cache/thunderbird | ||
| 1110 | blacklist ${HOME}/.cache/torbrowser | ||
| 1111 | blacklist ${HOME}/.cache/transmission | ||
| 1112 | blacklist ${HOME}/.cache/ungoogled-chromium | ||
| 1113 | blacklist ${HOME}/.cache/vivaldi | ||
| 1114 | blacklist ${HOME}/.cache/vivaldi-snapshot | ||
| 1115 | blacklist ${HOME}/.cache/vlc | ||
| 1116 | blacklist ${HOME}/.cache/vmware | ||
| 1117 | blacklist ${HOME}/.cache/warsow-2.1 | ||
| 1118 | blacklist ${HOME}/.cache/waterfox | ||
| 1119 | blacklist ${HOME}/.cache/wesnoth | ||
| 1120 | blacklist ${HOME}/.cache/winetricks | ||
| 1121 | blacklist ${HOME}/.cache/xmms2 | ||
| 1122 | blacklist ${HOME}/.cache/xournalpp | ||
| 1123 | blacklist ${HOME}/.cache/xreader | ||
| 1124 | blacklist ${HOME}/.cache/yandex-browser | ||
| 1125 | blacklist ${HOME}/.cache/yandex-browser-beta | ||
| 1126 | blacklist ${HOME}/.cache/youtube-dl | ||
| 1127 | blacklist ${HOME}/.cache/youtube-viewer | ||
| 1128 | blacklist ${HOME}/.cache/yt-dlp | ||
| 1129 | blacklist ${HOME}/.cache/zim | ||
diff --git a/etc/inc/whitelist-run-common.inc b/etc/inc/whitelist-run-common.inc index 224d21064..d74655a08 100644 --- a/etc/inc/whitelist-run-common.inc +++ b/etc/inc/whitelist-run-common.inc | |||
| @@ -7,5 +7,9 @@ whitelist /run/cups/cups.sock | |||
| 7 | whitelist /run/dbus/system_bus_socket | 7 | whitelist /run/dbus/system_bus_socket |
| 8 | whitelist /run/media | 8 | whitelist /run/media |
| 9 | whitelist /run/resolvconf/resolv.conf | 9 | whitelist /run/resolvconf/resolv.conf |
| 10 | whitelist /run/shm | ||
| 11 | whitelist /run/systemd/journal/dev-log | ||
| 12 | whitelist /run/systemd/journal/socket | ||
| 10 | whitelist /run/systemd/resolve/resolv.conf | 13 | whitelist /run/systemd/resolve/resolv.conf |
| 11 | whitelist /run/systemd/resolve/stub-resolv.conf | 14 | whitelist /run/systemd/resolve/stub-resolv.conf |
| 15 | whitelist /run/udev/data | ||