diff options
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/disable-common.inc | 15 | ||||
-rw-r--r-- | etc/inc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/inc/whitelist-common.inc | 4 |
3 files changed, 15 insertions, 5 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 5f4233363..cf712a07e 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -69,6 +69,9 @@ blacklist ${HOME}/.xsessionrc | |||
69 | blacklist /etc/X11/Xsession.d | 69 | blacklist /etc/X11/Xsession.d |
70 | blacklist /etc/xdg/autostart | 70 | blacklist /etc/xdg/autostart |
71 | read-only ${HOME}/.Xauthority | 71 | read-only ${HOME}/.Xauthority |
72 | read-only ${HOME}/.config/awesome/autorun.sh | ||
73 | read-only ${HOME}/.config/openbox/autostart | ||
74 | read-only ${HOME}/.config/openbox/environment | ||
72 | 75 | ||
73 | # Session manager | 76 | # Session manager |
74 | # see #3358 | 77 | # see #3358 |
@@ -329,6 +332,7 @@ read-only ${HOME}/.ssh/config.d | |||
329 | # Initialization files that allow arbitrary command execution | 332 | # Initialization files that allow arbitrary command execution |
330 | read-only ${HOME}/.caffrc | 333 | read-only ${HOME}/.caffrc |
331 | read-only ${HOME}/.cargo/env | 334 | read-only ${HOME}/.cargo/env |
335 | read-only ${HOME}/.config/mpv | ||
332 | read-only ${HOME}/.config/nano | 336 | read-only ${HOME}/.config/nano |
333 | read-only ${HOME}/.config/nvim | 337 | read-only ${HOME}/.config/nvim |
334 | read-only ${HOME}/.config/pkcs11 | 338 | read-only ${HOME}/.config/pkcs11 |
@@ -337,6 +341,7 @@ read-only ${HOME}/.elinks | |||
337 | read-only ${HOME}/.emacs | 341 | read-only ${HOME}/.emacs |
338 | read-only ${HOME}/.emacs.d | 342 | read-only ${HOME}/.emacs.d |
339 | read-only ${HOME}/.exrc | 343 | read-only ${HOME}/.exrc |
344 | read-only ${HOME}/.gnupg/gpg.conf | ||
340 | read-only ${HOME}/.gvimrc | 345 | read-only ${HOME}/.gvimrc |
341 | read-only ${HOME}/.homesick | 346 | read-only ${HOME}/.homesick |
342 | read-only ${HOME}/.iscreenrc | 347 | read-only ${HOME}/.iscreenrc |
@@ -345,6 +350,7 @@ read-only ${HOME}/.local/share/cool-retro-term | |||
345 | read-only ${HOME}/.local/share/nvim | 350 | read-only ${HOME}/.local/share/nvim |
346 | read-only ${HOME}/.local/state/nvim | 351 | read-only ${HOME}/.local/state/nvim |
347 | read-only ${HOME}/.mailcap | 352 | read-only ${HOME}/.mailcap |
353 | read-only ${HOME}/.mozilla/firefox/profiles.ini | ||
348 | read-only ${HOME}/.msmtprc | 354 | read-only ${HOME}/.msmtprc |
349 | read-only ${HOME}/.mutt/muttrc | 355 | read-only ${HOME}/.mutt/muttrc |
350 | read-only ${HOME}/.muttrc | 356 | read-only ${HOME}/.muttrc |
@@ -366,6 +372,10 @@ read-only ${HOME}/_gvimrc | |||
366 | read-only ${HOME}/_vimrc | 372 | read-only ${HOME}/_vimrc |
367 | read-only ${HOME}/dotfiles | 373 | read-only ${HOME}/dotfiles |
368 | 374 | ||
375 | # System package managers and AUR helpers | ||
376 | blacklist ${HOME}/.config/cower | ||
377 | read-only ${HOME}/.config/cower/config | ||
378 | |||
369 | # Make directories commonly found in $PATH read-only | 379 | # Make directories commonly found in $PATH read-only |
370 | read-only ${HOME}/.bin | 380 | read-only ${HOME}/.bin |
371 | read-only ${HOME}/.cargo/bin | 381 | read-only ${HOME}/.cargo/bin |
@@ -391,6 +401,11 @@ read-only ${HOME}/.config/user-dirs.dirs | |||
391 | read-only ${HOME}/.config/user-dirs.locale | 401 | read-only ${HOME}/.config/user-dirs.locale |
392 | read-only ${HOME}/.local/share/mime | 402 | read-only ${HOME}/.local/share/mime |
393 | 403 | ||
404 | # Configuration files that do not allow arbitrary command execution but that | ||
405 | # are intended to be modified manually (in a text editor and/or by a program | ||
406 | # dedicated to managing them) | ||
407 | read-only ${HOME}/.config/MangoHud | ||
408 | |||
394 | # Write-protection for thumbnailer dir | 409 | # Write-protection for thumbnailer dir |
395 | read-only ${HOME}/.local/share/thumbnailers | 410 | read-only ${HOME}/.local/share/thumbnailers |
396 | 411 | ||
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index c7e2f2ca9..211111aaa 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -402,7 +402,6 @@ blacklist ${HOME}/.config/cmus | |||
402 | blacklist ${HOME}/.config/cointop | 402 | blacklist ${HOME}/.config/cointop |
403 | blacklist ${HOME}/.config/com.github.bleakgrey.tootle | 403 | blacklist ${HOME}/.config/com.github.bleakgrey.tootle |
404 | blacklist ${HOME}/.config/corebird | 404 | blacklist ${HOME}/.config/corebird |
405 | blacklist ${HOME}/.config/cower | ||
406 | blacklist ${HOME}/.config/coyim | 405 | blacklist ${HOME}/.config/coyim |
407 | blacklist ${HOME}/.config/d-feet | 406 | blacklist ${HOME}/.config/d-feet |
408 | blacklist ${HOME}/.config/darktable | 407 | blacklist ${HOME}/.config/darktable |
diff --git a/etc/inc/whitelist-common.inc b/etc/inc/whitelist-common.inc index c9f21b2dc..5d1e75319 100644 --- a/etc/inc/whitelist-common.inc +++ b/etc/inc/whitelist-common.inc | |||
@@ -10,16 +10,12 @@ whitelist ${HOME}/.asoundrc | |||
10 | whitelist ${HOME}/.config/ibus | 10 | whitelist ${HOME}/.config/ibus |
11 | whitelist ${HOME}/.config/mimeapps.list | 11 | whitelist ${HOME}/.config/mimeapps.list |
12 | whitelist ${HOME}/.config/pkcs11 | 12 | whitelist ${HOME}/.config/pkcs11 |
13 | read-only ${HOME}/.config/pkcs11 | ||
14 | whitelist ${HOME}/.config/user-dirs.dirs | 13 | whitelist ${HOME}/.config/user-dirs.dirs |
15 | read-only ${HOME}/.config/user-dirs.dirs | ||
16 | whitelist ${HOME}/.config/user-dirs.locale | 14 | whitelist ${HOME}/.config/user-dirs.locale |
17 | read-only ${HOME}/.config/user-dirs.locale | ||
18 | whitelist ${HOME}/.drirc | 15 | whitelist ${HOME}/.drirc |
19 | whitelist ${HOME}/.icons | 16 | whitelist ${HOME}/.icons |
20 | ?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit | 17 | ?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit |
21 | whitelist ${HOME}/.local/share/applications | 18 | whitelist ${HOME}/.local/share/applications |
22 | read-only ${HOME}/.local/share/applications | ||
23 | whitelist ${HOME}/.local/share/icons | 19 | whitelist ${HOME}/.local/share/icons |
24 | whitelist ${HOME}/.local/share/mime | 20 | whitelist ${HOME}/.local/share/mime |
25 | whitelist ${HOME}/.mime.types | 21 | whitelist ${HOME}/.mime.types |