diff options
Diffstat (limited to 'etc/profile-a-l')
370 files changed, 1564 insertions, 1564 deletions
diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile index 4009853d3..6f493fff1 100644 --- a/etc/profile-a-l/0ad.profile +++ b/etc/profile-a-l/0ad.profile | |||
@@ -6,11 +6,11 @@ include 0ad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/0ad | 9 | nodeny ${HOME}/.cache/0ad |
10 | noblacklist ${HOME}/.config/0ad | 10 | nodeny ${HOME}/.config/0ad |
11 | noblacklist ${HOME}/.local/share/0ad | 11 | nodeny ${HOME}/.local/share/0ad |
12 | 12 | ||
13 | blacklist /usr/libexec | 13 | deny /usr/libexec |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -23,11 +23,11 @@ include disable-xdg.inc | |||
23 | mkdir ${HOME}/.cache/0ad | 23 | mkdir ${HOME}/.cache/0ad |
24 | mkdir ${HOME}/.config/0ad | 24 | mkdir ${HOME}/.config/0ad |
25 | mkdir ${HOME}/.local/share/0ad | 25 | mkdir ${HOME}/.local/share/0ad |
26 | whitelist ${HOME}/.cache/0ad | 26 | allow ${HOME}/.cache/0ad |
27 | whitelist ${HOME}/.config/0ad | 27 | allow ${HOME}/.config/0ad |
28 | whitelist ${HOME}/.local/share/0ad | 28 | allow ${HOME}/.local/share/0ad |
29 | whitelist /usr/share/0ad | 29 | allow /usr/share/0ad |
30 | whitelist /usr/share/games | 30 | allow /usr/share/games |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/2048-qt.profile b/etc/profile-a-l/2048-qt.profile index 1d787cba7..3a7b331a7 100644 --- a/etc/profile-a-l/2048-qt.profile +++ b/etc/profile-a-l/2048-qt.profile | |||
@@ -6,8 +6,8 @@ include 2048-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/2048-qt | 9 | nodeny ${HOME}/.config/2048-qt |
10 | noblacklist ${HOME}/.config/xiaoyong | 10 | nodeny ${HOME}/.config/xiaoyong |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.config/2048-qt | 19 | mkdir ${HOME}/.config/2048-qt |
20 | mkdir ${HOME}/.config/xiaoyong | 20 | mkdir ${HOME}/.config/xiaoyong |
21 | whitelist ${HOME}/.config/2048-qt | 21 | allow ${HOME}/.config/2048-qt |
22 | whitelist ${HOME}/.config/xiaoyong | 22 | allow ${HOME}/.config/xiaoyong |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-a-l/Cryptocat.profile b/etc/profile-a-l/Cryptocat.profile index 1d86b0fbf..def0ec111 100644 --- a/etc/profile-a-l/Cryptocat.profile +++ b/etc/profile-a-l/Cryptocat.profile | |||
@@ -5,7 +5,7 @@ include Cryptocat.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Cryptocat | 8 | nodeny ${HOME}/.config/Cryptocat |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/Discord.profile b/etc/profile-a-l/Discord.profile index 3f274b21c..1d3ae49ca 100644 --- a/etc/profile-a-l/Discord.profile +++ b/etc/profile-a-l/Discord.profile | |||
@@ -5,10 +5,10 @@ include Discord.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/discord | 8 | nodeny ${HOME}/.config/discord |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discord | 10 | mkdir ${HOME}/.config/discord |
11 | whitelist ${HOME}/.config/discord | 11 | allow ${HOME}/.config/discord |
12 | 12 | ||
13 | private-bin Discord | 13 | private-bin Discord |
14 | private-opt Discord | 14 | private-opt Discord |
diff --git a/etc/profile-a-l/DiscordCanary.profile b/etc/profile-a-l/DiscordCanary.profile index d24e73ed8..3c85f187b 100644 --- a/etc/profile-a-l/DiscordCanary.profile +++ b/etc/profile-a-l/DiscordCanary.profile | |||
@@ -5,10 +5,10 @@ include DiscordCanary.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/discordcanary | 8 | nodeny ${HOME}/.config/discordcanary |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discordcanary | 10 | mkdir ${HOME}/.config/discordcanary |
11 | whitelist ${HOME}/.config/discordcanary | 11 | allow ${HOME}/.config/discordcanary |
12 | 12 | ||
13 | private-bin DiscordCanary | 13 | private-bin DiscordCanary |
14 | private-opt DiscordCanary | 14 | private-opt DiscordCanary |
diff --git a/etc/profile-a-l/Fritzing.profile b/etc/profile-a-l/Fritzing.profile index 7dc6b5ff0..8f746581f 100644 --- a/etc/profile-a-l/Fritzing.profile +++ b/etc/profile-a-l/Fritzing.profile | |||
@@ -6,8 +6,8 @@ include Fritzing.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Fritzing | 9 | nodeny ${HOME}/.config/Fritzing |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/JDownloader.profile b/etc/profile-a-l/JDownloader.profile index d10b70796..9a00c3230 100644 --- a/etc/profile-a-l/JDownloader.profile +++ b/etc/profile-a-l/JDownloader.profile | |||
@@ -5,7 +5,7 @@ include JDownloader.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.jd | 8 | nodeny ${HOME}/.jd |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
@@ -19,8 +19,8 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.jd | 21 | mkdir ${HOME}/.jd |
22 | whitelist ${HOME}/.jd | 22 | allow ${HOME}/.jd |
23 | whitelist ${DOWNLOADS} | 23 | allow ${DOWNLOADS} |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile index 75da9a956..2a92c7db4 100644 --- a/etc/profile-a-l/abiword.profile +++ b/etc/profile-a-l/abiword.profile | |||
@@ -6,7 +6,7 @@ include abiword.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/abiword | 9 | nodeny ${HOME}/.config/abiword |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | whitelist /usr/share/abiword-3.0 | 19 | allow /usr/share/abiword-3.0 |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/abrowser.profile b/etc/profile-a-l/abrowser.profile index 2e6e8f1af..70ddcec20 100644 --- a/etc/profile-a-l/abrowser.profile +++ b/etc/profile-a-l/abrowser.profile | |||
@@ -5,13 +5,13 @@ include abrowser.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/mozilla | 8 | nodeny ${HOME}/.cache/mozilla |
9 | noblacklist ${HOME}/.mozilla | 9 | nodeny ${HOME}/.mozilla |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/mozilla/abrowser | 11 | mkdir ${HOME}/.cache/mozilla/abrowser |
12 | mkdir ${HOME}/.mozilla | 12 | mkdir ${HOME}/.mozilla |
13 | whitelist ${HOME}/.cache/mozilla/abrowser | 13 | allow ${HOME}/.cache/mozilla/abrowser |
14 | whitelist ${HOME}/.mozilla | 14 | allow ${HOME}/.mozilla |
15 | 15 | ||
16 | # private-etc must first be enabled in firefox-common.profile | 16 | # private-etc must first be enabled in firefox-common.profile |
17 | #private-etc abrowser | 17 | #private-etc abrowser |
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile index 34f59769e..d32586c5b 100644 --- a/etc/profile-a-l/agetpkg.profile +++ b/etc/profile-a-l/agetpkg.profile | |||
@@ -7,8 +7,8 @@ include agetpkg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | #include allow-python2.inc | 14 | #include allow-python2.inc |
@@ -23,7 +23,7 @@ include disable-programs.inc | |||
23 | include disable-shell.inc | 23 | include disable-shell.inc |
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | whitelist ${DOWNLOADS} | 26 | allow ${DOWNLOADS} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile index 37fdb38b5..7b1d1445f 100644 --- a/etc/profile-a-l/akonadi_control.profile +++ b/etc/profile-a-l/akonadi_control.profile | |||
@@ -4,22 +4,22 @@ include akonadi_control.local | |||
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include globals.local | 5 | include globals.local |
6 | 6 | ||
7 | noblacklist ${HOME}/.cache/akonadi* | 7 | nodeny ${HOME}/.cache/akonadi* |
8 | noblacklist ${HOME}/.config/akonadi* | 8 | nodeny ${HOME}/.config/akonadi* |
9 | noblacklist ${HOME}/.config/baloorc | 9 | nodeny ${HOME}/.config/baloorc |
10 | noblacklist ${HOME}/.config/emaildefaults | 10 | nodeny ${HOME}/.config/emaildefaults |
11 | noblacklist ${HOME}/.config/emailidentities | 11 | nodeny ${HOME}/.config/emailidentities |
12 | noblacklist ${HOME}/.config/kmail2rc | 12 | nodeny ${HOME}/.config/kmail2rc |
13 | noblacklist ${HOME}/.config/mailtransports | 13 | nodeny ${HOME}/.config/mailtransports |
14 | noblacklist ${HOME}/.config/specialmailcollectionsrc | 14 | nodeny ${HOME}/.config/specialmailcollectionsrc |
15 | noblacklist ${HOME}/.local/share/akonadi* | 15 | nodeny ${HOME}/.local/share/akonadi* |
16 | noblacklist ${HOME}/.local/share/apps/korganizer | 16 | nodeny ${HOME}/.local/share/apps/korganizer |
17 | noblacklist ${HOME}/.local/share/contacts | 17 | nodeny ${HOME}/.local/share/contacts |
18 | noblacklist ${HOME}/.local/share/local-mail | 18 | nodeny ${HOME}/.local/share/local-mail |
19 | noblacklist ${HOME}/.local/share/notes | 19 | nodeny ${HOME}/.local/share/notes |
20 | noblacklist /sbin | 20 | nodeny /sbin |
21 | noblacklist /tmp/akonadi-* | 21 | nodeny /tmp/akonadi-* |
22 | noblacklist /usr/sbin | 22 | nodeny /usr/sbin |
23 | 23 | ||
24 | include disable-common.inc | 24 | include disable-common.inc |
25 | include disable-devel.inc | 25 | include disable-devel.inc |
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile index 38fcd2dc1..b2323547c 100644 --- a/etc/profile-a-l/akregator.profile +++ b/etc/profile-a-l/akregator.profile | |||
@@ -6,9 +6,9 @@ include akregator.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/akregatorrc | 9 | nodeny ${HOME}/.config/akregatorrc |
10 | noblacklist ${HOME}/.local/share/akregator | 10 | nodeny ${HOME}/.local/share/akregator |
11 | noblacklist ${HOME}/.local/share/kxmlgui5/akregator | 11 | nodeny ${HOME}/.local/share/kxmlgui5/akregator |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,10 +21,10 @@ include disable-shell.inc | |||
21 | mkfile ${HOME}/.config/akregatorrc | 21 | mkfile ${HOME}/.config/akregatorrc |
22 | mkdir ${HOME}/.local/share/akregator | 22 | mkdir ${HOME}/.local/share/akregator |
23 | mkdir ${HOME}/.local/share/kxmlgui5/akregator | 23 | mkdir ${HOME}/.local/share/kxmlgui5/akregator |
24 | whitelist ${HOME}/.config/akregatorrc | 24 | allow ${HOME}/.config/akregatorrc |
25 | whitelist ${HOME}/.local/share/akregator | 25 | allow ${HOME}/.local/share/akregator |
26 | whitelist ${HOME}/.local/share/kssl | 26 | allow ${HOME}/.local/share/kssl |
27 | whitelist ${HOME}/.local/share/kxmlgui5/akregator | 27 | allow ${HOME}/.local/share/kxmlgui5/akregator |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile index 4c6d68020..ca6c8d887 100644 --- a/etc/profile-a-l/alacarte.profile +++ b/etc/profile-a-l/alacarte.profile | |||
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | # Whitelist your system icon directory,varies by distro | 21 | # Whitelist your system icon directory,varies by distro |
22 | whitelist /usr/share/alacarte | 22 | allow /usr/share/alacarte |
23 | whitelist /usr/share/app-info | 23 | allow /usr/share/app-info |
24 | whitelist /usr/share/desktop-directories | 24 | allow /usr/share/desktop-directories |
25 | whitelist /usr/share/icons | 25 | allow /usr/share/icons |
26 | whitelist /var/lib/app-info/icons | 26 | allow /var/lib/app-info/icons |
27 | whitelist /var/lib/flatpak/exports/share/applications | 27 | allow /var/lib/flatpak/exports/share/applications |
28 | whitelist /var/lib/flatpak/exports/share/icons | 28 | allow /var/lib/flatpak/exports/share/icons |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile index 81ee6bd46..220c3345d 100644 --- a/etc/profile-a-l/alienarena.profile +++ b/etc/profile-a-l/alienarena.profile | |||
@@ -6,7 +6,7 @@ include alienarena.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/cor-games | 9 | nodeny ${HOME}/.local/share/cor-games |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/cor-games | 20 | mkdir ${HOME}/.local/share/cor-games |
21 | whitelist ${HOME}/.local/share/cor-games | 21 | allow ${HOME}/.local/share/cor-games |
22 | whitelist /usr/share/alienarena | 22 | allow /usr/share/alienarena |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile index 0b5cf0df0..6fa3edfa1 100644 --- a/etc/profile-a-l/alpine.profile +++ b/etc/profile-a-l/alpine.profile | |||
@@ -10,28 +10,28 @@ include globals.local | |||
10 | # Workaround for bug https://github.com/netblue30/firejail/issues/2747 | 10 | # Workaround for bug https://github.com/netblue30/firejail/issues/2747 |
11 | # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)' | 11 | # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)' |
12 | 12 | ||
13 | noblacklist /var/mail | 13 | nodeny /var/mail |
14 | noblacklist /var/spool/mail | 14 | nodeny /var/spool/mail |
15 | noblacklist ${DOCUMENTS} | 15 | nodeny ${DOCUMENTS} |
16 | noblacklist ${HOME}/.addressbook | 16 | nodeny ${HOME}/.addressbook |
17 | noblacklist ${HOME}/.alpine-smime | 17 | nodeny ${HOME}/.alpine-smime |
18 | noblacklist ${HOME}/.mailcap | 18 | nodeny ${HOME}/.mailcap |
19 | noblacklist ${HOME}/.mh_profile | 19 | nodeny ${HOME}/.mh_profile |
20 | noblacklist ${HOME}/.mime.types | 20 | nodeny ${HOME}/.mime.types |
21 | noblacklist ${HOME}/.newsrc | 21 | nodeny ${HOME}/.newsrc |
22 | noblacklist ${HOME}/.pine-crash | 22 | nodeny ${HOME}/.pine-crash |
23 | noblacklist ${HOME}/.pine-debug1 | 23 | nodeny ${HOME}/.pine-debug1 |
24 | noblacklist ${HOME}/.pine-debug2 | 24 | nodeny ${HOME}/.pine-debug2 |
25 | noblacklist ${HOME}/.pine-debug3 | 25 | nodeny ${HOME}/.pine-debug3 |
26 | noblacklist ${HOME}/.pine-debug4 | 26 | nodeny ${HOME}/.pine-debug4 |
27 | noblacklist ${HOME}/.pine-interrupted-mail | 27 | nodeny ${HOME}/.pine-interrupted-mail |
28 | noblacklist ${HOME}/.pinerc | 28 | nodeny ${HOME}/.pinerc |
29 | noblacklist ${HOME}/.pinercex | 29 | nodeny ${HOME}/.pinercex |
30 | noblacklist ${HOME}/.signature | 30 | nodeny ${HOME}/.signature |
31 | noblacklist ${HOME}/mail | 31 | nodeny ${HOME}/mail |
32 | 32 | ||
33 | blacklist /tmp/.X11-unix | 33 | deny /tmp/.X11-unix |
34 | blacklist ${RUNUSER}/wayland-* | 34 | deny ${RUNUSER}/wayland-* |
35 | 35 | ||
36 | include disable-common.inc | 36 | include disable-common.inc |
37 | include disable-devel.inc | 37 | include disable-devel.inc |
@@ -60,8 +60,8 @@ include disable-xdg.inc | |||
60 | #whitelist ${HOME}/.pine-debug4 | 60 | #whitelist ${HOME}/.pine-debug4 |
61 | #whitelist ${HOME}/.signature | 61 | #whitelist ${HOME}/.signature |
62 | #whitelist ${HOME}/mail | 62 | #whitelist ${HOME}/mail |
63 | whitelist /var/mail | 63 | allow /var/mail |
64 | whitelist /var/spool/mail | 64 | allow /var/spool/mail |
65 | #include whitelist-common.inc | 65 | #include whitelist-common.inc |
66 | include whitelist-runuser-common.inc | 66 | include whitelist-runuser-common.inc |
67 | include whitelist-usr-share-common.inc | 67 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile index a7caddc4c..03aba36e4 100644 --- a/etc/profile-a-l/amarok.profile +++ b/etc/profile-a-l/amarok.profile | |||
@@ -6,7 +6,7 @@ include amarok.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/amule.profile b/etc/profile-a-l/amule.profile index e3c4164ee..00039a7e9 100644 --- a/etc/profile-a-l/amule.profile +++ b/etc/profile-a-l/amule.profile | |||
@@ -6,7 +6,7 @@ include amule.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.aMule | 9 | nodeny ${HOME}/.aMule |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.aMule | 18 | mkdir ${HOME}/.aMule |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.aMule | 20 | allow ${HOME}/.aMule |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile index 5a21744cf..5bf6ed773 100644 --- a/etc/profile-a-l/android-studio.profile +++ b/etc/profile-a-l/android-studio.profile | |||
@@ -5,13 +5,13 @@ include android-studio.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Google | 8 | nodeny ${HOME}/.config/Google |
9 | noblacklist ${HOME}/.AndroidStudio* | 9 | nodeny ${HOME}/.AndroidStudio* |
10 | noblacklist ${HOME}/.android | 10 | nodeny ${HOME}/.android |
11 | noblacklist ${HOME}/.jack-server | 11 | nodeny ${HOME}/.jack-server |
12 | noblacklist ${HOME}/.jack-settings | 12 | nodeny ${HOME}/.jack-settings |
13 | noblacklist ${HOME}/.local/share/JetBrains | 13 | nodeny ${HOME}/.local/share/JetBrains |
14 | noblacklist ${HOME}/.tooling | 14 | nodeny ${HOME}/.tooling |
15 | 15 | ||
16 | # Allows files commonly used by IDEs | 16 | # Allows files commonly used by IDEs |
17 | include allow-common-devel.inc | 17 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile index ef60e91c2..ec99fe6c2 100644 --- a/etc/profile-a-l/anki.profile +++ b/etc/profile-a-l/anki.profile | |||
@@ -6,8 +6,8 @@ include anki.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${HOME}/.local/share/Anki2 | 10 | nodeny ${HOME}/.local/share/Anki2 |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -23,8 +23,8 @@ include disable-shell.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.local/share/Anki2 | 25 | mkdir ${HOME}/.local/share/Anki2 |
26 | whitelist ${DOCUMENTS} | 26 | allow ${DOCUMENTS} |
27 | whitelist ${HOME}/.local/share/Anki2 | 27 | allow ${HOME}/.local/share/Anki2 |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile index fdaf10259..cb30ed8da 100644 --- a/etc/profile-a-l/anydesk.profile +++ b/etc/profile-a-l/anydesk.profile | |||
@@ -5,7 +5,7 @@ include anydesk.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.anydesk | 8 | nodeny ${HOME}/.anydesk |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.anydesk | 17 | mkdir ${HOME}/.anydesk |
18 | whitelist ${HOME}/.anydesk | 18 | allow ${HOME}/.anydesk |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile index e7b09283e..d647a4657 100644 --- a/etc/profile-a-l/aosp.profile +++ b/etc/profile-a-l/aosp.profile | |||
@@ -5,13 +5,13 @@ include aosp.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.android | 8 | nodeny ${HOME}/.android |
9 | noblacklist ${HOME}/.bash_history | 9 | nodeny ${HOME}/.bash_history |
10 | noblacklist ${HOME}/.jack-server | 10 | nodeny ${HOME}/.jack-server |
11 | noblacklist ${HOME}/.jack-settings | 11 | nodeny ${HOME}/.jack-settings |
12 | noblacklist ${HOME}/.repo_.gitconfig.json | 12 | nodeny ${HOME}/.repo_.gitconfig.json |
13 | noblacklist ${HOME}/.repoconfig | 13 | nodeny ${HOME}/.repoconfig |
14 | noblacklist ${HOME}/.tooling | 14 | nodeny ${HOME}/.tooling |
15 | 15 | ||
16 | # Allows files commonly used by IDEs | 16 | # Allows files commonly used by IDEs |
17 | include allow-common-devel.inc | 17 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile index 01566314f..020ae2812 100644 --- a/etc/profile-a-l/apostrophe.profile +++ b/etc/profile-a-l/apostrophe.profile | |||
@@ -6,9 +6,9 @@ include apostrophe.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.texlive20* | 9 | nodeny ${HOME}/.texlive20* |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -31,12 +31,12 @@ include disable-programs.inc | |||
31 | include disable-shell.inc | 31 | include disable-shell.inc |
32 | include disable-xdg.inc | 32 | include disable-xdg.inc |
33 | 33 | ||
34 | whitelist /usr/libexec/webkit2gtk-4.0 | 34 | allow /usr/libexec/webkit2gtk-4.0 |
35 | whitelist /usr/share/apostrophe | 35 | allow /usr/share/apostrophe |
36 | whitelist /usr/share/texlive | 36 | allow /usr/share/texlive |
37 | whitelist /usr/share/texmf | 37 | allow /usr/share/texmf |
38 | whitelist /usr/share/pandoc-* | 38 | allow /usr/share/pandoc-* |
39 | whitelist /usr/share/perl5 | 39 | allow /usr/share/perl5 |
40 | include whitelist-runuser-common.inc | 40 | include whitelist-runuser-common.inc |
41 | include whitelist-usr-share-common.inc | 41 | include whitelist-usr-share-common.inc |
42 | include whitelist-var-common.inc | 42 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile index accabb6f5..8c71dd574 100644 --- a/etc/profile-a-l/arch-audit.profile +++ b/etc/profile-a-l/arch-audit.profile | |||
@@ -7,7 +7,7 @@ include arch-audit.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist /var/lib/pacman | 10 | nodeny /var/lib/pacman |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist /usr/share/arch-audit | 21 | allow /usr/share/arch-audit |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | 23 | ||
24 | apparmor | 24 | apparmor |
diff --git a/etc/profile-a-l/archaudit-report.profile b/etc/profile-a-l/archaudit-report.profile index 19c37f90e..0915ede33 100644 --- a/etc/profile-a-l/archaudit-report.profile +++ b/etc/profile-a-l/archaudit-report.profile | |||
@@ -6,7 +6,7 @@ include archaudit-report.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /var/lib/pacman | 9 | nodeny /var/lib/pacman |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile index 1fab4606b..5b859ceb1 100644 --- a/etc/profile-a-l/archiver-common.profile +++ b/etc/profile-a-l/archiver-common.profile | |||
@@ -4,7 +4,7 @@ include archiver-common.local | |||
4 | 4 | ||
5 | # common profile for archiver/compression tools | 5 | # common profile for archiver/compression tools |
6 | 6 | ||
7 | blacklist ${RUNUSER} | 7 | deny ${RUNUSER} |
8 | 8 | ||
9 | # Comment/uncomment the relevant include file(s) in your archiver-common.local | 9 | # Comment/uncomment the relevant include file(s) in your archiver-common.local |
10 | # to (un)restrict file access for **all** archivers. Another option is to do this **per archiver** | 10 | # to (un)restrict file access for **all** archivers. Another option is to do this **per archiver** |
diff --git a/etc/profile-a-l/ardour5.profile b/etc/profile-a-l/ardour5.profile index 84b1d6c18..960948afc 100644 --- a/etc/profile-a-l/ardour5.profile +++ b/etc/profile-a-l/ardour5.profile | |||
@@ -5,12 +5,12 @@ include ardour5.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/ardour4 | 8 | nodeny ${HOME}/.config/ardour4 |
9 | noblacklist ${HOME}/.config/ardour5 | 9 | nodeny ${HOME}/.config/ardour5 |
10 | noblacklist ${HOME}/.lv2 | 10 | nodeny ${HOME}/.lv2 |
11 | noblacklist ${HOME}/.vst | 11 | nodeny ${HOME}/.vst |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | noblacklist ${MUSIC} | 13 | nodeny ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/arduino.profile b/etc/profile-a-l/arduino.profile index fd1ca9a09..88f14fbfe 100644 --- a/etc/profile-a-l/arduino.profile +++ b/etc/profile-a-l/arduino.profile | |||
@@ -6,9 +6,9 @@ include arduino.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.arduino15 | 9 | nodeny ${HOME}/.arduino15 |
10 | noblacklist ${HOME}/Arduino | 10 | nodeny ${HOME}/Arduino |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | # Allow java (blacklisted by disable-devel.inc) | 13 | # Allow java (blacklisted by disable-devel.inc) |
14 | include allow-java.inc | 14 | include allow-java.inc |
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile index 22b8ecd65..be56011f0 100644 --- a/etc/profile-a-l/aria2c.profile +++ b/etc/profile-a-l/aria2c.profile | |||
@@ -6,12 +6,12 @@ include aria2c.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.aria2 | 9 | nodeny ${HOME}/.aria2 |
10 | noblacklist ${HOME}/.config/aria2 | 10 | nodeny ${HOME}/.config/aria2 |
11 | noblacklist ${HOME}/.netrc | 11 | nodeny ${HOME}/.netrc |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | deny /tmp/.X11-unix |
14 | blacklist ${RUNUSER}/wayland-* | 14 | deny ${RUNUSER}/wayland-* |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile index a63dd8f5f..031c57080 100644 --- a/etc/profile-a-l/ark.profile +++ b/etc/profile-a-l/ark.profile | |||
@@ -6,8 +6,8 @@ include ark.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/arkrc | 9 | nodeny ${HOME}/.config/arkrc |
10 | noblacklist ${HOME}/.local/share/kxmlgui5/ark | 10 | nodeny ${HOME}/.local/share/kxmlgui5/ark |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-interpreters.inc | |||
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | whitelist /usr/share/ark | 19 | allow /usr/share/ark |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile index 2c8b630ce..9ed8076be 100644 --- a/etc/profile-a-l/arm.profile +++ b/etc/profile-a-l/arm.profile | |||
@@ -6,7 +6,7 @@ include arm.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.arm | 9 | nodeny ${HOME}/.arm |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.arm | 22 | mkdir ${HOME}/.arm |
23 | whitelist ${HOME}/.arm | 23 | allow ${HOME}/.arm |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile index fab72b7d3..7cfac4915 100644 --- a/etc/profile-a-l/artha.profile +++ b/etc/profile-a-l/artha.profile | |||
@@ -6,12 +6,12 @@ include artha.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/artha.conf | 9 | nodeny ${HOME}/.config/artha.conf |
10 | noblacklist ${HOME}/.config/artha.log | 10 | nodeny ${HOME}/.config/artha.log |
11 | noblacklist ${HOME}/.config/enchant | 11 | nodeny ${HOME}/.config/enchant |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | deny /tmp/.X11-unix |
14 | blacklist ${RUNUSER}/wayland-* | 14 | deny ${RUNUSER}/wayland-* |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -28,8 +28,8 @@ include disable-xdg.inc | |||
28 | #whitelist ${HOME}/.config/artha.conf | 28 | #whitelist ${HOME}/.config/artha.conf |
29 | #whitelist ${HOME}/.config/artha.log | 29 | #whitelist ${HOME}/.config/artha.log |
30 | #whitelist ${HOME}/.config/enchant | 30 | #whitelist ${HOME}/.config/enchant |
31 | whitelist /usr/share/artha | 31 | allow /usr/share/artha |
32 | whitelist /usr/share/wordnet | 32 | allow /usr/share/wordnet |
33 | #include whitelist-common.inc | 33 | #include whitelist-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile index 977fe30a4..f2251c210 100644 --- a/etc/profile-a-l/assogiate.profile +++ b/etc/profile-a-l/assogiate.profile | |||
@@ -6,7 +6,7 @@ include assogiate.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist ${PICTURES} | 20 | allow ${PICTURES} |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/asunder.profile b/etc/profile-a-l/asunder.profile index c97fd691a..e65072266 100644 --- a/etc/profile-a-l/asunder.profile +++ b/etc/profile-a-l/asunder.profile | |||
@@ -6,11 +6,11 @@ include asunder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/asunder | 9 | nodeny ${HOME}/.config/asunder |
10 | noblacklist ${HOME}/.asunder_album_genre | 10 | nodeny ${HOME}/.asunder_album_genre |
11 | noblacklist ${HOME}/.asunder_album_title | 11 | nodeny ${HOME}/.asunder_album_title |
12 | noblacklist ${HOME}/.asunder_album_artist | 12 | nodeny ${HOME}/.asunder_album_artist |
13 | noblacklist ${MUSIC} | 13 | nodeny ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/atom.profile b/etc/profile-a-l/atom.profile index 5f237ac59..ea3038537 100644 --- a/etc/profile-a-l/atom.profile +++ b/etc/profile-a-l/atom.profile | |||
@@ -18,8 +18,8 @@ ignore include whitelist-var-common.inc | |||
18 | ignore apparmor | 18 | ignore apparmor |
19 | ignore disable-mnt | 19 | ignore disable-mnt |
20 | 20 | ||
21 | noblacklist ${HOME}/.atom | 21 | nodeny ${HOME}/.atom |
22 | noblacklist ${HOME}/.config/Atom | 22 | nodeny ${HOME}/.config/Atom |
23 | 23 | ||
24 | # Allows files commonly used by IDEs | 24 | # Allows files commonly used by IDEs |
25 | include allow-common-devel.inc | 25 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile index 1c3ed66ff..8ae8617cf 100644 --- a/etc/profile-a-l/atril.profile +++ b/etc/profile-a-l/atril.profile | |||
@@ -6,9 +6,9 @@ include atril.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/atril | 9 | nodeny ${HOME}/.cache/atril |
10 | noblacklist ${HOME}/.config/atril | 10 | nodeny ${HOME}/.config/atril |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | #noblacklist ${HOME}/.local/share | 13 | #noblacklist ${HOME}/.local/share |
14 | # it seems to use only ${HOME}/.local/share/webkitgtk | 14 | # it seems to use only ${HOME}/.local/share/webkitgtk |
diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile index f9f209786..53baf0a2a 100644 --- a/etc/profile-a-l/audacious.profile +++ b/etc/profile-a-l/audacious.profile | |||
@@ -6,9 +6,9 @@ include audacious.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Audaciousrc | 9 | nodeny ${HOME}/.config/Audaciousrc |
10 | noblacklist ${HOME}/.config/audacious | 10 | nodeny ${HOME}/.config/audacious |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile index a2de8436a..c244846e1 100644 --- a/etc/profile-a-l/audacity.profile +++ b/etc/profile-a-l/audacity.profile | |||
@@ -6,9 +6,9 @@ include audacity.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.audacity-data | 9 | nodeny ${HOME}/.audacity-data |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile index 2c7fdc812..534792cc6 100644 --- a/etc/profile-a-l/audio-recorder.profile +++ b/etc/profile-a-l/audio-recorder.profile | |||
@@ -7,7 +7,7 @@ include audio-recorder.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,10 +17,10 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist ${MUSIC} | 20 | allow ${MUSIC} |
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | whitelist /usr/share/audio-recorder | 22 | allow /usr/share/audio-recorder |
23 | whitelist /usr/share/gstreamer-1.0 | 23 | allow /usr/share/gstreamer-1.0 |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile index 2ebe35dd5..0d6eb6a21 100644 --- a/etc/profile-a-l/authenticator-rs.profile +++ b/etc/profile-a-l/authenticator-rs.profile | |||
@@ -6,7 +6,7 @@ include authenticator-rs.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/authenticator-rs | 9 | nodeny ${HOME}/.local/share/authenticator-rs |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/authenticator-rs | 20 | mkdir ${HOME}/.local/share/authenticator-rs |
21 | whitelist ${HOME}/.local/share/authenticator-rs | 21 | allow ${HOME}/.local/share/authenticator-rs |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist /usr/share/uk.co.grumlimited.authenticator-rs | 23 | allow /usr/share/uk.co.grumlimited.authenticator-rs |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile index 42d9cd56a..55d967e3e 100644 --- a/etc/profile-a-l/authenticator.profile +++ b/etc/profile-a-l/authenticator.profile | |||
@@ -6,8 +6,8 @@ include authenticator.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Authenticator | 9 | nodeny ${HOME}/.cache/Authenticator |
10 | noblacklist ${HOME}/.config/Authenticator | 10 | nodeny ${HOME}/.config/Authenticator |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | #include allow-python2.inc | 13 | #include allow-python2.inc |
diff --git a/etc/profile-a-l/autokey-common.profile b/etc/profile-a-l/autokey-common.profile index 891928e5a..a5b3b22f6 100644 --- a/etc/profile-a-l/autokey-common.profile +++ b/etc/profile-a-l/autokey-common.profile | |||
@@ -7,8 +7,8 @@ include autokey-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/autokey | 10 | nodeny ${HOME}/.config/autokey |
11 | noblacklist ${HOME}/.local/share/autokey | 11 | nodeny ${HOME}/.local/share/autokey |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-a-l/avidemux.profile b/etc/profile-a-l/avidemux.profile index 1ecc03da1..0feb05d75 100644 --- a/etc/profile-a-l/avidemux.profile +++ b/etc/profile-a-l/avidemux.profile | |||
@@ -5,9 +5,9 @@ include avidemux.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.avidemux6 | 8 | nodeny ${HOME}/.avidemux6 |
9 | noblacklist ${HOME}/.config/avidemux3_qt5rc | 9 | nodeny ${HOME}/.config/avidemux3_qt5rc |
10 | noblacklist ${VIDEOS} | 10 | nodeny ${VIDEOS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.avidemux6 | 21 | mkdir ${HOME}/.avidemux6 |
22 | mkdir ${HOME}/.config/avidemux3_qt5rc | 22 | mkdir ${HOME}/.config/avidemux3_qt5rc |
23 | whitelist ${HOME}/.avidemux6 | 23 | allow ${HOME}/.avidemux6 |
24 | whitelist ${HOME}/.config/avidemux3_qt5rc | 24 | allow ${HOME}/.config/avidemux3_qt5rc |
25 | whitelist ${VIDEOS} | 25 | allow ${VIDEOS} |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile index a57ad4014..abe9fdb24 100644 --- a/etc/profile-a-l/aweather.profile +++ b/etc/profile-a-l/aweather.profile | |||
@@ -6,7 +6,7 @@ include aweather.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/aweather | 9 | nodeny ${HOME}/.config/aweather |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/aweather | 18 | mkdir ${HOME}/.config/aweather |
19 | whitelist ${HOME}/.config/aweather | 19 | allow ${HOME}/.config/aweather |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile index 5d1bf5071..58f4f5e96 100644 --- a/etc/profile-a-l/awesome.profile +++ b/etc/profile-a-l/awesome.profile | |||
@@ -7,7 +7,7 @@ include awesome.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in awesome will run in this profile | 9 | # all applications started in awesome will run in this profile |
10 | noblacklist ${HOME}/.config/awesome | 10 | nodeny ${HOME}/.config/awesome |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile index 3952921a3..46bb0b44e 100644 --- a/etc/profile-a-l/ballbuster.profile +++ b/etc/profile-a-l/ballbuster.profile | |||
@@ -6,7 +6,7 @@ include ballbuster.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.ballbuster.hs | 9 | nodeny ${HOME}/.ballbuster.hs |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/.ballbuster.hs | 20 | mkfile ${HOME}/.ballbuster.hs |
21 | whitelist ${HOME}/.ballbuster.hs | 21 | allow ${HOME}/.ballbuster.hs |
22 | whitelist /usr/share/ballbuster | 22 | allow /usr/share/ballbuster |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile index fe86d9b80..2b10883f7 100644 --- a/etc/profile-a-l/baloo_file.profile +++ b/etc/profile-a-l/baloo_file.profile | |||
@@ -12,12 +12,12 @@ include globals.local | |||
12 | # read-write ${HOME}/.local/share/baloo | 12 | # read-write ${HOME}/.local/share/baloo |
13 | # ignore read-write | 13 | # ignore read-write |
14 | 14 | ||
15 | noblacklist ${HOME}/.config/baloofilerc | 15 | nodeny ${HOME}/.config/baloofilerc |
16 | noblacklist ${HOME}/.kde/share/config/baloofilerc | 16 | nodeny ${HOME}/.kde/share/config/baloofilerc |
17 | noblacklist ${HOME}/.kde/share/config/baloorc | 17 | nodeny ${HOME}/.kde/share/config/baloorc |
18 | noblacklist ${HOME}/.kde4/share/config/baloofilerc | 18 | nodeny ${HOME}/.kde4/share/config/baloofilerc |
19 | noblacklist ${HOME}/.kde4/share/config/baloorc | 19 | nodeny ${HOME}/.kde4/share/config/baloorc |
20 | noblacklist ${HOME}/.local/share/baloo | 20 | nodeny ${HOME}/.local/share/baloo |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile index 8c69652c5..1e74443aa 100644 --- a/etc/profile-a-l/balsa.profile +++ b/etc/profile-a-l/balsa.profile | |||
@@ -6,13 +6,13 @@ include balsa.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.balsa | 9 | nodeny ${HOME}/.balsa |
10 | noblacklist ${HOME}/.gnupg | 10 | nodeny ${HOME}/.gnupg |
11 | noblacklist ${HOME}/.mozilla | 11 | nodeny ${HOME}/.mozilla |
12 | noblacklist ${HOME}/.signature | 12 | nodeny ${HOME}/.signature |
13 | noblacklist ${HOME}/mail | 13 | nodeny ${HOME}/mail |
14 | noblacklist /var/mail | 14 | nodeny /var/mail |
15 | noblacklist /var/spool/mail | 15 | nodeny /var/spool/mail |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -27,17 +27,17 @@ mkdir ${HOME}/.balsa | |||
27 | mkdir ${HOME}/.gnupg | 27 | mkdir ${HOME}/.gnupg |
28 | mkfile ${HOME}/.signature | 28 | mkfile ${HOME}/.signature |
29 | mkdir ${HOME}/mail | 29 | mkdir ${HOME}/mail |
30 | whitelist ${HOME}/.balsa | 30 | allow ${HOME}/.balsa |
31 | whitelist ${HOME}/.gnupg | 31 | allow ${HOME}/.gnupg |
32 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 32 | allow ${HOME}/.mozilla/firefox/profiles.ini |
33 | whitelist ${HOME}/.signature | 33 | allow ${HOME}/.signature |
34 | whitelist ${HOME}/mail | 34 | allow ${HOME}/mail |
35 | whitelist ${RUNUSER}/gnupg | 35 | allow ${RUNUSER}/gnupg |
36 | whitelist /usr/share/balsa | 36 | allow /usr/share/balsa |
37 | whitelist /usr/share/gnupg | 37 | allow /usr/share/gnupg |
38 | whitelist /usr/share/gnupg2 | 38 | allow /usr/share/gnupg2 |
39 | whitelist /var/mail | 39 | allow /var/mail |
40 | whitelist /var/spool/mail | 40 | allow /var/spool/mail |
41 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-runuser-common.inc | 42 | include whitelist-runuser-common.inc |
43 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/barrier.profile b/etc/profile-a-l/barrier.profile index 7b50e9199..fcea9b3ba 100644 --- a/etc/profile-a-l/barrier.profile +++ b/etc/profile-a-l/barrier.profile | |||
@@ -6,9 +6,9 @@ include barrier.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Debauchee/Barrier.conf | 9 | nodeny ${HOME}/.config/Debauchee/Barrier.conf |
10 | noblacklist ${HOME}/.local/share/barrier | 10 | nodeny ${HOME}/.local/share/barrier |
11 | noblacklist ${PATH}/openssl | 11 | nodeny ${PATH}/openssl |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile index 8dc3847a0..547c67fc8 100644 --- a/etc/profile-a-l/basilisk.profile +++ b/etc/profile-a-l/basilisk.profile | |||
@@ -5,13 +5,13 @@ include basilisk.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/moonchild productions/basilisk | 8 | nodeny ${HOME}/.cache/moonchild productions/basilisk |
9 | noblacklist ${HOME}/.moonchild productions/basilisk | 9 | nodeny ${HOME}/.moonchild productions/basilisk |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/moonchild productions/basilisk | 11 | mkdir ${HOME}/.cache/moonchild productions/basilisk |
12 | mkdir ${HOME}/.moonchild productions | 12 | mkdir ${HOME}/.moonchild productions |
13 | whitelist ${HOME}/.cache/moonchild productions/basilisk | 13 | allow ${HOME}/.cache/moonchild productions/basilisk |
14 | whitelist ${HOME}/.moonchild productions | 14 | allow ${HOME}/.moonchild productions |
15 | 15 | ||
16 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) | 16 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) |
17 | seccomp | 17 | seccomp |
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile index 3ecaea7fe..a1d2b1e73 100644 --- a/etc/profile-a-l/bcompare.profile +++ b/etc/profile-a-l/bcompare.profile | |||
@@ -7,10 +7,10 @@ include bcompare.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/bcompare | 10 | nodeny ${HOME}/.config/bcompare |
11 | # In case the user decides to include disable-programs.inc, still allow | 11 | # In case the user decides to include disable-programs.inc, still allow |
12 | # KDE's Gwenview to view images via right click -> Open With -> Associated Application | 12 | # KDE's Gwenview to view images via right click -> Open With -> Associated Application |
13 | noblacklist ${HOME}/.config/gwenviewrc | 13 | nodeny ${HOME}/.config/gwenviewrc |
14 | 14 | ||
15 | # Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc. | 15 | # Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc. |
16 | #include disable-common.inc | 16 | #include disable-common.inc |
diff --git a/etc/profile-a-l/beaker.profile b/etc/profile-a-l/beaker.profile index f3a9568bd..588f460a8 100644 --- a/etc/profile-a-l/beaker.profile +++ b/etc/profile-a-l/beaker.profile | |||
@@ -19,10 +19,10 @@ ignore private-cache | |||
19 | ignore private-dev | 19 | ignore private-dev |
20 | ignore private-tmp | 20 | ignore private-tmp |
21 | 21 | ||
22 | noblacklist ${HOME}/.config/Beaker Browser | 22 | nodeny ${HOME}/.config/Beaker Browser |
23 | 23 | ||
24 | mkdir ${HOME}/.config/Beaker Browser | 24 | mkdir ${HOME}/.config/Beaker Browser |
25 | whitelist ${HOME}/.config/Beaker Browser | 25 | allow ${HOME}/.config/Beaker Browser |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include electron.profile | 28 | include electron.profile |
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile index c7a82afbd..717d7258d 100644 --- a/etc/profile-a-l/bibletime.profile +++ b/etc/profile-a-l/bibletime.profile | |||
@@ -6,11 +6,11 @@ include bibletime.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.bibletime | 9 | nodeny ${HOME}/.bibletime |
10 | noblacklist ${HOME}/.sword | 10 | nodeny ${HOME}/.sword |
11 | noblacklist ${HOME}/.local/share/bibletime | 11 | nodeny ${HOME}/.local/share/bibletime |
12 | 12 | ||
13 | blacklist ${HOME}/.bashrc | 13 | deny ${HOME}/.bashrc |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,12 +22,12 @@ include disable-programs.inc | |||
22 | mkdir ${HOME}/.bibletime | 22 | mkdir ${HOME}/.bibletime |
23 | mkdir ${HOME}/.sword | 23 | mkdir ${HOME}/.sword |
24 | mkdir ${HOME}/.local/share/bibletime | 24 | mkdir ${HOME}/.local/share/bibletime |
25 | whitelist ${HOME}/.bibletime | 25 | allow ${HOME}/.bibletime |
26 | whitelist ${HOME}/.sword | 26 | allow ${HOME}/.sword |
27 | whitelist ${HOME}/.local/share/bibletime | 27 | allow ${HOME}/.local/share/bibletime |
28 | whitelist /usr/share/bibletime | 28 | allow /usr/share/bibletime |
29 | whitelist /usr/share/doc/bibletime | 29 | allow /usr/share/doc/bibletime |
30 | whitelist /usr/share/sword | 30 | allow /usr/share/sword |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile index 854fe5cb9..b02fcc3e0 100644 --- a/etc/profile-a-l/bijiben.profile +++ b/etc/profile-a-l/bijiben.profile | |||
@@ -6,7 +6,7 @@ include bijiben.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/bijiben | 9 | nodeny ${HOME}/.local/share/bijiben |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,12 +18,12 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/bijiben | 20 | mkdir ${HOME}/.local/share/bijiben |
21 | whitelist ${HOME}/.local/share/bijiben | 21 | allow ${HOME}/.local/share/bijiben |
22 | whitelist ${HOME}/.cache/tracker | 22 | allow ${HOME}/.cache/tracker |
23 | whitelist /usr/libexec/webkit2gtk-4.0 | 23 | allow /usr/libexec/webkit2gtk-4.0 |
24 | whitelist /usr/share/bijiben | 24 | allow /usr/share/bijiben |
25 | whitelist /usr/share/tracker | 25 | allow /usr/share/tracker |
26 | whitelist /usr/share/tracker3 | 26 | allow /usr/share/tracker3 |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile index 932db9b73..c4ec0f820 100644 --- a/etc/profile-a-l/bitcoin-qt.profile +++ b/etc/profile-a-l/bitcoin-qt.profile | |||
@@ -6,8 +6,8 @@ include bitcoin-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.bitcoin | 9 | nodeny ${HOME}/.bitcoin |
10 | noblacklist ${HOME}/.config/Bitcoin | 10 | nodeny ${HOME}/.config/Bitcoin |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-shell.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.bitcoin | 20 | mkdir ${HOME}/.bitcoin |
21 | mkdir ${HOME}/.config/Bitcoin | 21 | mkdir ${HOME}/.config/Bitcoin |
22 | whitelist ${HOME}/.bitcoin | 22 | allow ${HOME}/.bitcoin |
23 | whitelist ${HOME}/.config/Bitcoin | 23 | allow ${HOME}/.config/Bitcoin |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/bitlbee.profile b/etc/profile-a-l/bitlbee.profile index dd7651979..0f000b26b 100644 --- a/etc/profile-a-l/bitlbee.profile +++ b/etc/profile-a-l/bitlbee.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist /sbin | 11 | nodeny /sbin |
12 | noblacklist /usr/sbin | 12 | nodeny /usr/sbin |
13 | # noblacklist /var/log | 13 | # noblacklist /var/log |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile index ba2eb2ea7..4b292d72a 100644 --- a/etc/profile-a-l/bitwarden.profile +++ b/etc/profile-a-l/bitwarden.profile | |||
@@ -11,12 +11,12 @@ ignore include whitelist-usr-share-common.inc | |||
11 | 11 | ||
12 | ignore noexec /tmp | 12 | ignore noexec /tmp |
13 | 13 | ||
14 | noblacklist ${HOME}/.config/Bitwarden | 14 | nodeny ${HOME}/.config/Bitwarden |
15 | 15 | ||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/Bitwarden | 18 | mkdir ${HOME}/.config/Bitwarden |
19 | whitelist ${HOME}/.config/Bitwarden | 19 | allow ${HOME}/.config/Bitwarden |
20 | 20 | ||
21 | machine-id | 21 | machine-id |
22 | no3d | 22 | no3d |
diff --git a/etc/profile-a-l/blackbox.profile b/etc/profile-a-l/blackbox.profile index 233f9a96f..616ad6801 100644 --- a/etc/profile-a-l/blackbox.profile +++ b/etc/profile-a-l/blackbox.profile | |||
@@ -7,7 +7,7 @@ include blackbox.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in blackbox will run in this profile | 9 | # all applications started in blackbox will run in this profile |
10 | noblacklist ${HOME}/.blackbox | 10 | nodeny ${HOME}/.blackbox |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/blender.profile b/etc/profile-a-l/blender.profile index 701ae431e..8d0b5616f 100644 --- a/etc/profile-a-l/blender.profile +++ b/etc/profile-a-l/blender.profile | |||
@@ -6,7 +6,7 @@ include blender.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/blender | 9 | nodeny ${HOME}/.config/blender |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | # Allow usage of AMD GPU by OpenCL | 22 | # Allow usage of AMD GPU by OpenCL |
23 | noblacklist /sys/module | 23 | nodeny /sys/module |
24 | whitelist /sys/module/amdgpu | 24 | allow /sys/module/amdgpu |
25 | read-only /sys/module/amdgpu | 25 | read-only /sys/module/amdgpu |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile index 80dc750f7..ca5f96eee 100644 --- a/etc/profile-a-l/bless.profile +++ b/etc/profile-a-l/bless.profile | |||
@@ -6,7 +6,7 @@ include bless.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/bless | 9 | nodeny ${HOME}/.config/bless |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile index 229c20293..ee2a73b54 100644 --- a/etc/profile-a-l/blobby.profile +++ b/etc/profile-a-l/blobby.profile | |||
@@ -4,7 +4,7 @@ include blobby.local | |||
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include globals.local | 5 | include globals.local |
6 | 6 | ||
7 | noblacklist ${HOME}/.blobby | 7 | nodeny ${HOME}/.blobby |
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
10 | include disable-devel.inc | 10 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-shell.inc | |||
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.blobby | 18 | mkdir ${HOME}/.blobby |
19 | whitelist ${HOME}/.blobby | 19 | allow ${HOME}/.blobby |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | whitelist /usr/share/blobby | 21 | allow /usr/share/blobby |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile index 904710cb5..e0be5261e 100644 --- a/etc/profile-a-l/blobwars.profile +++ b/etc/profile-a-l/blobwars.profile | |||
@@ -6,7 +6,7 @@ include blobwars.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.parallelrealities/blobwars | 9 | nodeny ${HOME}/.parallelrealities/blobwars |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.parallelrealities/blobwars | 20 | mkdir ${HOME}/.parallelrealities/blobwars |
21 | whitelist ${HOME}/.parallelrealities/blobwars | 21 | allow ${HOME}/.parallelrealities/blobwars |
22 | whitelist /usr/share/blobwars | 22 | allow /usr/share/blobwars |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/bnox.profile b/etc/profile-a-l/bnox.profile index 6e8f0d7d1..dcfd5d8d2 100644 --- a/etc/profile-a-l/bnox.profile +++ b/etc/profile-a-l/bnox.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/bnox | 13 | nodeny ${HOME}/.cache/bnox |
14 | noblacklist ${HOME}/.config/bnox | 14 | nodeny ${HOME}/.config/bnox |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/bnox | 16 | mkdir ${HOME}/.cache/bnox |
17 | mkdir ${HOME}/.config/bnox | 17 | mkdir ${HOME}/.config/bnox |
18 | whitelist ${HOME}/.cache/bnox | 18 | allow ${HOME}/.cache/bnox |
19 | whitelist ${HOME}/.config/bnox | 19 | allow ${HOME}/.config/bnox |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/brackets.profile b/etc/profile-a-l/brackets.profile index 0cbac049a..a14bb8fef 100644 --- a/etc/profile-a-l/brackets.profile +++ b/etc/profile-a-l/brackets.profile | |||
@@ -5,7 +5,7 @@ include brackets.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Brackets | 8 | nodeny ${HOME}/.config/Brackets |
9 | #noblacklist /opt/brackets | 9 | #noblacklist /opt/brackets |
10 | #noblacklist /opt/google | 10 | #noblacklist /opt/google |
11 | 11 | ||
diff --git a/etc/profile-a-l/brasero.profile b/etc/profile-a-l/brasero.profile index 417a6b3e0..a78882409 100644 --- a/etc/profile-a-l/brasero.profile +++ b/etc/profile-a-l/brasero.profile | |||
@@ -6,7 +6,7 @@ include brasero.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/brasero | 9 | nodeny ${HOME}/.config/brasero |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile index 09548c761..bc2d7a6a1 100644 --- a/etc/profile-a-l/brave.profile +++ b/etc/profile-a-l/brave.profile | |||
@@ -14,24 +14,24 @@ ignore noexec /tmp | |||
14 | # Alternatively you can add 'ignore apparmor' to your brave.local. | 14 | # Alternatively you can add 'ignore apparmor' to your brave.local. |
15 | ignore noexec ${HOME} | 15 | ignore noexec ${HOME} |
16 | 16 | ||
17 | noblacklist ${HOME}/.cache/BraveSoftware | 17 | nodeny ${HOME}/.cache/BraveSoftware |
18 | noblacklist ${HOME}/.config/BraveSoftware | 18 | nodeny ${HOME}/.config/BraveSoftware |
19 | noblacklist ${HOME}/.config/brave | 19 | nodeny ${HOME}/.config/brave |
20 | noblacklist ${HOME}/.config/brave-flags.conf | 20 | nodeny ${HOME}/.config/brave-flags.conf |
21 | # brave uses gpg for built-in password manager | 21 | # brave uses gpg for built-in password manager |
22 | noblacklist ${HOME}/.gnupg | 22 | nodeny ${HOME}/.gnupg |
23 | 23 | ||
24 | mkdir ${HOME}/.cache/BraveSoftware | 24 | mkdir ${HOME}/.cache/BraveSoftware |
25 | mkdir ${HOME}/.config/BraveSoftware | 25 | mkdir ${HOME}/.config/BraveSoftware |
26 | mkdir ${HOME}/.config/brave | 26 | mkdir ${HOME}/.config/brave |
27 | whitelist ${HOME}/.cache/BraveSoftware | 27 | allow ${HOME}/.cache/BraveSoftware |
28 | whitelist ${HOME}/.config/BraveSoftware | 28 | allow ${HOME}/.config/BraveSoftware |
29 | whitelist ${HOME}/.config/brave | 29 | allow ${HOME}/.config/brave |
30 | whitelist ${HOME}/.config/brave-flags.conf | 30 | allow ${HOME}/.config/brave-flags.conf |
31 | whitelist ${HOME}/.gnupg | 31 | allow ${HOME}/.gnupg |
32 | 32 | ||
33 | # Brave sandbox needs read access to /proc/config.gz | 33 | # Brave sandbox needs read access to /proc/config.gz |
34 | noblacklist /proc/config.gz | 34 | nodeny /proc/config.gz |
35 | 35 | ||
36 | # Redirect | 36 | # Redirect |
37 | include chromium-common.profile | 37 | include chromium-common.profile |
diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile index bda96bbb3..62ca041c2 100644 --- a/etc/profile-a-l/bzflag.profile +++ b/etc/profile-a-l/bzflag.profile | |||
@@ -6,7 +6,7 @@ include bzflag.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.bzf | 9 | nodeny ${HOME}/.bzf |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.bzf | 20 | mkdir ${HOME}/.bzf |
21 | whitelist ${HOME}/.bzf | 21 | allow ${HOME}/.bzf |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/calibre.profile b/etc/profile-a-l/calibre.profile index 83571397b..99706620c 100644 --- a/etc/profile-a-l/calibre.profile +++ b/etc/profile-a-l/calibre.profile | |||
@@ -6,9 +6,9 @@ include calibre.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/calibre | 9 | nodeny ${HOME}/.cache/calibre |
10 | noblacklist ${HOME}/.config/calibre | 10 | nodeny ${HOME}/.config/calibre |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile index fcff47662..36ecc06a0 100644 --- a/etc/profile-a-l/calligra.profile +++ b/etc/profile-a-l/calligra.profile | |||
@@ -6,7 +6,7 @@ include calligra.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligra | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligra |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/calligragemini.profile b/etc/profile-a-l/calligragemini.profile index 006c307ab..76123c96a 100644 --- a/etc/profile-a-l/calligragemini.profile +++ b/etc/profile-a-l/calligragemini.profile | |||
@@ -6,7 +6,7 @@ include calligragemini.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/calligragemini | 9 | nodeny ${HOME}/.local/share/calligragemini |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligraplan.profile b/etc/profile-a-l/calligraplan.profile index 81dbd4dcd..5fb1e16da 100644 --- a/etc/profile-a-l/calligraplan.profile +++ b/etc/profile-a-l/calligraplan.profile | |||
@@ -6,7 +6,7 @@ include calligraplan.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligraplan | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligraplan |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligraplanwork.profile b/etc/profile-a-l/calligraplanwork.profile index bba91b66b..c176bfea1 100644 --- a/etc/profile-a-l/calligraplanwork.profile +++ b/etc/profile-a-l/calligraplanwork.profile | |||
@@ -6,7 +6,7 @@ include calligraplanwork.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligraplanwork | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligraplanwork |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligrasheets.profile b/etc/profile-a-l/calligrasheets.profile index 7bc296047..b7ac68945 100644 --- a/etc/profile-a-l/calligrasheets.profile +++ b/etc/profile-a-l/calligrasheets.profile | |||
@@ -6,7 +6,7 @@ include calligrasheets.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligrasheets | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligrasheets |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligrastage.profile b/etc/profile-a-l/calligrastage.profile index 7694abbe4..1258fec56 100644 --- a/etc/profile-a-l/calligrastage.profile +++ b/etc/profile-a-l/calligrastage.profile | |||
@@ -6,7 +6,7 @@ include calligrastage.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligrastage | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligrastage |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligrawords.profile b/etc/profile-a-l/calligrawords.profile index d69d56a95..c2b6c8041 100644 --- a/etc/profile-a-l/calligrawords.profile +++ b/etc/profile-a-l/calligrawords.profile | |||
@@ -6,7 +6,7 @@ include calligrawords.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligrawords | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligrawords |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile index 74c7cc34b..390ae383c 100644 --- a/etc/profile-a-l/cameramonitor.profile +++ b/etc/profile-a-l/cameramonitor.profile | |||
@@ -20,7 +20,7 @@ include disable-programs.inc | |||
20 | include disable-shell.inc | 20 | include disable-shell.inc |
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | whitelist /usr/share/cameramonitor | 23 | allow /usr/share/cameramonitor |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile index 96f88a7c4..77bdc09e0 100644 --- a/etc/profile-a-l/cantata.profile +++ b/etc/profile-a-l/cantata.profile | |||
@@ -6,10 +6,10 @@ include cantata.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/cantata | 9 | nodeny ${HOME}/.cache/cantata |
10 | noblacklist ${HOME}/.config/cantata | 10 | nodeny ${HOME}/.config/cantata |
11 | noblacklist ${HOME}/.local/share/cantata | 11 | nodeny ${HOME}/.local/share/cantata |
12 | noblacklist ${MUSIC} | 12 | nodeny ${MUSIC} |
13 | 13 | ||
14 | # Allow perl (blacklisted by disable-interpreters.inc) | 14 | # Allow perl (blacklisted by disable-interpreters.inc) |
15 | include allow-perl.inc | 15 | include allow-perl.inc |
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile index 7cf04c550..9c53af84f 100644 --- a/etc/profile-a-l/cargo.profile +++ b/etc/profile-a-l/cargo.profile | |||
@@ -10,11 +10,11 @@ include globals.local | |||
10 | ignore noexec ${HOME} | 10 | ignore noexec ${HOME} |
11 | ignore noexec /tmp | 11 | ignore noexec /tmp |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | deny /tmp/.X11-unix |
14 | blacklist ${RUNUSER} | 14 | deny ${RUNUSER} |
15 | 15 | ||
16 | noblacklist ${HOME}/.cargo/credentials | 16 | nodeny ${HOME}/.cargo/credentials |
17 | noblacklist ${HOME}/.cargo/credentials.toml | 17 | nodeny ${HOME}/.cargo/credentials.toml |
18 | 18 | ||
19 | # Allows files commonly used by IDEs | 19 | # Allows files commonly used by IDEs |
20 | include allow-common-devel.inc | 20 | include allow-common-devel.inc |
@@ -34,7 +34,7 @@ include disable-xdg.inc | |||
34 | #whitelist ${HOME}/.cargo | 34 | #whitelist ${HOME}/.cargo |
35 | #whitelist ${HOME}/.rustup | 35 | #whitelist ${HOME}/.rustup |
36 | #include whitelist-common.inc | 36 | #include whitelist-common.inc |
37 | whitelist /usr/share/pkgconfig | 37 | allow /usr/share/pkgconfig |
38 | include whitelist-runuser-common.inc | 38 | include whitelist-runuser-common.inc |
39 | include whitelist-usr-share-common.inc | 39 | include whitelist-usr-share-common.inc |
40 | include whitelist-var-common.inc | 40 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/catfish.profile b/etc/profile-a-l/catfish.profile index 009d3a049..4ea53ea6b 100644 --- a/etc/profile-a-l/catfish.profile +++ b/etc/profile-a-l/catfish.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | # We can't blacklist much since catfish | 9 | # We can't blacklist much since catfish |
10 | # is for finding files/content | 10 | # is for finding files/content |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/catfish | 12 | nodeny ${HOME}/.config/catfish |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
@@ -21,7 +21,7 @@ include disable-interpreters.inc | |||
21 | include disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | # include disable-programs.inc | 22 | # include disable-programs.inc |
23 | 23 | ||
24 | whitelist /var/lib/mlocate | 24 | allow /var/lib/mlocate |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
27 | apparmor | 27 | apparmor |
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile index 6e137010c..d7aee1902 100644 --- a/etc/profile-a-l/cawbird.profile +++ b/etc/profile-a-l/cawbird.profile | |||
@@ -6,7 +6,7 @@ include cawbird.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/cawbird | 9 | nodeny ${HOME}/.config/cawbird |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile index 1c539cc93..d6f4306ba 100644 --- a/etc/profile-a-l/celluloid.profile +++ b/etc/profile-a-l/celluloid.profile | |||
@@ -6,9 +6,9 @@ include celluloid.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/celluloid | 9 | nodeny ${HOME}/.config/celluloid |
10 | noblacklist ${HOME}/.config/gnome-mpv | 10 | nodeny ${HOME}/.config/gnome-mpv |
11 | noblacklist ${HOME}/.config/youtube-dl | 11 | nodeny ${HOME}/.config/youtube-dl |
12 | 12 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -17,7 +17,7 @@ include allow-lua.inc | |||
17 | include allow-python2.inc | 17 | include allow-python2.inc |
18 | include allow-python3.inc | 18 | include allow-python3.inc |
19 | 19 | ||
20 | blacklist /usr/libexec | 20 | deny /usr/libexec |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
@@ -30,9 +30,9 @@ read-only ${DESKTOP} | |||
30 | mkdir ${HOME}/.config/celluloid | 30 | mkdir ${HOME}/.config/celluloid |
31 | mkdir ${HOME}/.config/gnome-mpv | 31 | mkdir ${HOME}/.config/gnome-mpv |
32 | mkdir ${HOME}/.config/youtube-dl | 32 | mkdir ${HOME}/.config/youtube-dl |
33 | whitelist ${HOME}/.config/celluloid | 33 | allow ${HOME}/.config/celluloid |
34 | whitelist ${HOME}/.config/gnome-mpv | 34 | allow ${HOME}/.config/gnome-mpv |
35 | whitelist ${HOME}/.config/youtube-dl | 35 | allow ${HOME}/.config/youtube-dl |
36 | include whitelist-common.inc | 36 | include whitelist-common.inc |
37 | include whitelist-player-common.inc | 37 | include whitelist-player-common.inc |
38 | include whitelist-runuser-common.inc | 38 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile index 24939fc70..0f61084e0 100644 --- a/etc/profile-a-l/checkbashisms.profile +++ b/etc/profile-a-l/checkbashisms.profile | |||
@@ -7,9 +7,9 @@ include checkbashisms.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | # Allow perl (blacklisted by disable-interpreters.inc) | 14 | # Allow perl (blacklisted by disable-interpreters.inc) |
15 | include allow-perl.inc | 15 | include allow-perl.inc |
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile index aca1f5876..bde3e1311 100644 --- a/etc/profile-a-l/cheese.profile +++ b/etc/profile-a-l/cheese.profile | |||
@@ -6,8 +6,8 @@ include cheese.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${VIDEOS} | 9 | nodeny ${VIDEOS} |
10 | noblacklist ${PICTURES} | 10 | nodeny ${PICTURES} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist ${VIDEOS} | 20 | allow ${VIDEOS} |
21 | whitelist ${PICTURES} | 21 | allow ${PICTURES} |
22 | whitelist /usr/share/gnome-video-effects | 22 | allow /usr/share/gnome-video-effects |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/cherrytree.profile b/etc/profile-a-l/cherrytree.profile index 7621b3c8c..d5dedd81d 100644 --- a/etc/profile-a-l/cherrytree.profile +++ b/etc/profile-a-l/cherrytree.profile | |||
@@ -6,8 +6,8 @@ include cherrytree.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/cherrytree | 9 | nodeny ${HOME}/.config/cherrytree |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/chromium-browser-privacy.profile b/etc/profile-a-l/chromium-browser-privacy.profile index 8803a4d9d..64c45772a 100644 --- a/etc/profile-a-l/chromium-browser-privacy.profile +++ b/etc/profile-a-l/chromium-browser-privacy.profile | |||
@@ -3,15 +3,15 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include chromium-browser-privacy.local | 4 | include chromium-browser-privacy.local |
5 | 5 | ||
6 | noblacklist ${HOME}/.cache/ungoogled-chromium | 6 | nodeny ${HOME}/.cache/ungoogled-chromium |
7 | noblacklist ${HOME}/.config/ungoogled-chromium | 7 | nodeny ${HOME}/.config/ungoogled-chromium |
8 | 8 | ||
9 | blacklist /usr/libexec | 9 | deny /usr/libexec |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/ungoogled-chromium | 11 | mkdir ${HOME}/.cache/ungoogled-chromium |
12 | mkdir ${HOME}/.config/ungoogled-chromium | 12 | mkdir ${HOME}/.config/ungoogled-chromium |
13 | whitelist ${HOME}/.cache/ungoogled-chromium | 13 | allow ${HOME}/.cache/ungoogled-chromium |
14 | whitelist ${HOME}/.config/ungoogled-chromium | 14 | allow ${HOME}/.config/ungoogled-chromium |
15 | 15 | ||
16 | # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings | 16 | # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings |
17 | 17 | ||
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile index b0e0254d4..dbeb715d4 100644 --- a/etc/profile-a-l/chromium-common.profile +++ b/etc/profile-a-l/chromium-common.profile | |||
@@ -9,8 +9,8 @@ include chromium-common.local | |||
9 | # noexec ${HOME} breaks DRM binaries. | 9 | # noexec ${HOME} breaks DRM binaries. |
10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
11 | 11 | ||
12 | noblacklist ${HOME}/.pki | 12 | nodeny ${HOME}/.pki |
13 | noblacklist ${HOME}/.local/share/pki | 13 | nodeny ${HOME}/.local/share/pki |
14 | 14 | ||
15 | # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser | 15 | # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser |
16 | # to have access to Gnome extensions (extensions.gnome.org) via browser connector | 16 | # to have access to Gnome extensions (extensions.gnome.org) via browser connector |
@@ -26,9 +26,9 @@ include disable-xdg.inc | |||
26 | 26 | ||
27 | mkdir ${HOME}/.pki | 27 | mkdir ${HOME}/.pki |
28 | mkdir ${HOME}/.local/share/pki | 28 | mkdir ${HOME}/.local/share/pki |
29 | whitelist ${DOWNLOADS} | 29 | allow ${DOWNLOADS} |
30 | whitelist ${HOME}/.pki | 30 | allow ${HOME}/.pki |
31 | whitelist ${HOME}/.local/share/pki | 31 | allow ${HOME}/.local/share/pki |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/chromium.profile b/etc/profile-a-l/chromium.profile index 9ac33aa1c..ea92e90a8 100644 --- a/etc/profile-a-l/chromium.profile +++ b/etc/profile-a-l/chromium.profile | |||
@@ -6,17 +6,17 @@ include chromium.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/chromium | 9 | nodeny ${HOME}/.cache/chromium |
10 | noblacklist ${HOME}/.config/chromium | 10 | nodeny ${HOME}/.config/chromium |
11 | noblacklist ${HOME}/.config/chromium-flags.conf | 11 | nodeny ${HOME}/.config/chromium-flags.conf |
12 | 12 | ||
13 | mkdir ${HOME}/.cache/chromium | 13 | mkdir ${HOME}/.cache/chromium |
14 | mkdir ${HOME}/.config/chromium | 14 | mkdir ${HOME}/.config/chromium |
15 | whitelist ${HOME}/.cache/chromium | 15 | allow ${HOME}/.cache/chromium |
16 | whitelist ${HOME}/.config/chromium | 16 | allow ${HOME}/.config/chromium |
17 | whitelist ${HOME}/.config/chromium-flags.conf | 17 | allow ${HOME}/.config/chromium-flags.conf |
18 | whitelist /usr/share/chromium | 18 | allow /usr/share/chromium |
19 | whitelist /usr/share/mozilla/extensions | 19 | allow /usr/share/mozilla/extensions |
20 | 20 | ||
21 | # private-bin chromium,chromium-browser,chromedriver | 21 | # private-bin chromium,chromium-browser,chromedriver |
22 | 22 | ||
diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile index e1f9523c4..c967e1c96 100644 --- a/etc/profile-a-l/cin.profile +++ b/etc/profile-a-l/cin.profile | |||
@@ -5,7 +5,7 @@ include cin.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.bcast5 | 8 | nodeny ${HOME}/.bcast5 |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/clamav.profile b/etc/profile-a-l/clamav.profile index e403c2c41..0efbcd4f2 100644 --- a/etc/profile-a-l/clamav.profile +++ b/etc/profile-a-l/clamav.profile | |||
@@ -7,7 +7,7 @@ include clamav.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-exec.inc | 12 | include disable-exec.inc |
13 | 13 | ||
diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile index 691657fa0..3e4e1f2a1 100644 --- a/etc/profile-a-l/claws-mail.profile +++ b/etc/profile-a-l/claws-mail.profile | |||
@@ -6,17 +6,17 @@ include claws-mail.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.claws-mail | 9 | nodeny ${HOME}/.claws-mail |
10 | 10 | ||
11 | mkdir ${HOME}/.claws-mail | 11 | mkdir ${HOME}/.claws-mail |
12 | whitelist ${HOME}/.claws-mail | 12 | allow ${HOME}/.claws-mail |
13 | 13 | ||
14 | # Add the below lines to your claws-mail.local if you use python-based plugins. | 14 | # Add the below lines to your claws-mail.local if you use python-based plugins. |
15 | # Allow python (blacklisted by disable-interpreters.inc) | 15 | # Allow python (blacklisted by disable-interpreters.inc) |
16 | #include allow-python2.inc | 16 | #include allow-python2.inc |
17 | #include allow-python3.inc | 17 | #include allow-python3.inc |
18 | 18 | ||
19 | whitelist /usr/share/doc/claws-mail | 19 | allow /usr/share/doc/claws-mail |
20 | 20 | ||
21 | # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2 | 21 | # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2 |
22 | 22 | ||
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile index 9b62a1f73..ee64391d9 100644 --- a/etc/profile-a-l/clawsker.profile +++ b/etc/profile-a-l/clawsker.profile | |||
@@ -6,7 +6,7 @@ include clawsker.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.claws-mail | 9 | nodeny ${HOME}/.claws-mail |
10 | 10 | ||
11 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
12 | include allow-perl.inc | 12 | include allow-perl.inc |
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.claws-mail | 21 | mkdir ${HOME}/.claws-mail |
22 | whitelist ${HOME}/.claws-mail | 22 | allow ${HOME}/.claws-mail |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile index fa33795c1..f9c0006f9 100644 --- a/etc/profile-a-l/clementine.profile +++ b/etc/profile-a-l/clementine.profile | |||
@@ -6,9 +6,9 @@ include clementine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Clementine | 9 | nodeny ${HOME}/.cache/Clementine |
10 | noblacklist ${HOME}/.config/Clementine | 10 | nodeny ${HOME}/.config/Clementine |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile index 22cecff09..42903777a 100644 --- a/etc/profile-a-l/clion.profile +++ b/etc/profile-a-l/clion.profile | |||
@@ -5,13 +5,13 @@ include clion.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.CLion* | 8 | nodeny ${HOME}/.CLion* |
9 | noblacklist ${HOME}/.config/git | 9 | nodeny ${HOME}/.config/git |
10 | noblacklist ${HOME}/.gitconfig | 10 | nodeny ${HOME}/.gitconfig |
11 | noblacklist ${HOME}/.git-credentials | 11 | nodeny ${HOME}/.git-credentials |
12 | noblacklist ${HOME}/.java | 12 | nodeny ${HOME}/.java |
13 | noblacklist ${HOME}/.local/share/JetBrains | 13 | nodeny ${HOME}/.local/share/JetBrains |
14 | noblacklist ${HOME}/.tooling | 14 | nodeny ${HOME}/.tooling |
15 | 15 | ||
16 | # Allow ssh (blacklisted by disable-common.inc) | 16 | # Allow ssh (blacklisted by disable-common.inc) |
17 | include allow-ssh.inc | 17 | include allow-ssh.inc |
diff --git a/etc/profile-a-l/clipgrab.profile b/etc/profile-a-l/clipgrab.profile index c8258da07..89f8d96f0 100644 --- a/etc/profile-a-l/clipgrab.profile +++ b/etc/profile-a-l/clipgrab.profile | |||
@@ -6,9 +6,9 @@ include clipgrab.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Philipp Schmieder | 9 | nodeny ${HOME}/.config/Philipp Schmieder |
10 | noblacklist ${HOME}/.pki | 10 | nodeny ${HOME}/.pki |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile index d421903a3..4a2a5171b 100644 --- a/etc/profile-a-l/clipit.profile +++ b/etc/profile-a-l/clipit.profile | |||
@@ -6,8 +6,8 @@ include clipit.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/clipit | 9 | nodeny ${HOME}/.config/clipit |
10 | noblacklist ${HOME}/.local/share/clipit | 10 | nodeny ${HOME}/.local/share/clipit |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.config/clipit | 20 | mkdir ${HOME}/.config/clipit |
21 | mkdir ${HOME}/.local/share/clipit | 21 | mkdir ${HOME}/.local/share/clipit |
22 | whitelist ${HOME}/.config/clipit | 22 | allow ${HOME}/.config/clipit |
23 | whitelist ${HOME}/.local/share/clipit | 23 | allow ${HOME}/.local/share/clipit |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/cliqz.profile b/etc/profile-a-l/cliqz.profile index d0b8cc0ef..22c6ef882 100644 --- a/etc/profile-a-l/cliqz.profile +++ b/etc/profile-a-l/cliqz.profile | |||
@@ -5,16 +5,16 @@ include cliqz.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/cliqz | 8 | nodeny ${HOME}/.cache/cliqz |
9 | noblacklist ${HOME}/.cliqz | 9 | nodeny ${HOME}/.cliqz |
10 | noblacklist ${HOME}/.config/cliqz | 10 | nodeny ${HOME}/.config/cliqz |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/cliqz | 12 | mkdir ${HOME}/.cache/cliqz |
13 | mkdir ${HOME}/.cliqz | 13 | mkdir ${HOME}/.cliqz |
14 | mkdir ${HOME}/.config/cliqz | 14 | mkdir ${HOME}/.config/cliqz |
15 | whitelist ${HOME}/.cache/cliqz | 15 | allow ${HOME}/.cache/cliqz |
16 | whitelist ${HOME}/.cliqz | 16 | allow ${HOME}/.cliqz |
17 | whitelist ${HOME}/.config/cliqz | 17 | allow ${HOME}/.config/cliqz |
18 | 18 | ||
19 | # private-etc must first be enabled in firefox-common.profile | 19 | # private-etc must first be enabled in firefox-common.profile |
20 | #private-etc cliqz | 20 | #private-etc cliqz |
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile index bcd557787..51e53209f 100644 --- a/etc/profile-a-l/cmus.profile +++ b/etc/profile-a-l/cmus.profile | |||
@@ -6,8 +6,8 @@ include cmus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/cmus | 9 | nodeny ${HOME}/.config/cmus |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/code.profile b/etc/profile-a-l/code.profile index e19b78908..1933c66fa 100644 --- a/etc/profile-a-l/code.profile +++ b/etc/profile-a-l/code.profile | |||
@@ -5,10 +5,10 @@ include code.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Code | 8 | nodeny ${HOME}/.config/Code |
9 | noblacklist ${HOME}/.config/Code - OSS | 9 | nodeny ${HOME}/.config/Code - OSS |
10 | noblacklist ${HOME}/.vscode | 10 | nodeny ${HOME}/.vscode |
11 | noblacklist ${HOME}/.vscode-oss | 11 | nodeny ${HOME}/.vscode-oss |
12 | 12 | ||
13 | # Allows files commonly used by IDEs | 13 | # Allows files commonly used by IDEs |
14 | include allow-common-devel.inc | 14 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile index bd6d8f5b0..efa7f516c 100644 --- a/etc/profile-a-l/colorful.profile +++ b/etc/profile-a-l/colorful.profile | |||
@@ -6,7 +6,7 @@ include colorful.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.suve/colorful | 9 | nodeny ${HOME}/.suve/colorful |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.suve/colorful | 20 | mkdir ${HOME}/.suve/colorful |
21 | whitelist ${HOME}/.suve/colorful | 21 | allow ${HOME}/.suve/colorful |
22 | whitelist /usr/share/suve | 22 | allow /usr/share/suve |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile index c8bdfec23..34b662959 100644 --- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile +++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile | |||
@@ -6,7 +6,7 @@ include com.github.bleakgrey.tootle.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/com.github.bleakgrey.tootle | 9 | nodeny ${HOME}/.config/com.github.bleakgrey.tootle |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/com.github.bleakgrey.tootle | 20 | mkdir ${HOME}/.config/com.github.bleakgrey.tootle |
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | whitelist ${HOME}/.config/com.github.bleakgrey.tootle | 22 | allow ${HOME}/.config/com.github.bleakgrey.tootle |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile index b467a0f7a..4e26e4925 100644 --- a/etc/profile-a-l/com.github.dahenson.agenda.profile +++ b/etc/profile-a-l/com.github.dahenson.agenda.profile | |||
@@ -6,9 +6,9 @@ include com.github.dahenson.agenda.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/agenda | 9 | nodeny ${HOME}/.cache/agenda |
10 | noblacklist ${HOME}/.config/agenda | 10 | nodeny ${HOME}/.config/agenda |
11 | noblacklist ${HOME}/.local/share/agenda | 11 | nodeny ${HOME}/.local/share/agenda |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,9 +22,9 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.cache/agenda | 22 | mkdir ${HOME}/.cache/agenda |
23 | mkdir ${HOME}/.config/agenda | 23 | mkdir ${HOME}/.config/agenda |
24 | mkdir ${HOME}/.local/share/agenda | 24 | mkdir ${HOME}/.local/share/agenda |
25 | whitelist ${HOME}/.cache/agenda | 25 | allow ${HOME}/.cache/agenda |
26 | whitelist ${HOME}/.config/agenda | 26 | allow ${HOME}/.config/agenda |
27 | whitelist ${HOME}/.local/share/agenda | 27 | allow ${HOME}/.local/share/agenda |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile index c13f9618b..bbfc1fe41 100644 --- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile +++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile | |||
@@ -6,9 +6,9 @@ include foliate.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate | 10 | nodeny ${HOME}/.cache/com.github.johnfactotum.Foliate |
11 | noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate | 11 | nodeny ${HOME}/.local/share/com.github.johnfactotum.Foliate |
12 | 12 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | 13 | # Allow gjs (blacklisted by disable-interpreters.inc) |
14 | include allow-gjs.inc | 14 | include allow-gjs.inc |
@@ -24,12 +24,12 @@ include disable-xdg.inc | |||
24 | 24 | ||
25 | mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate | 25 | mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate |
26 | mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate | 26 | mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate |
27 | whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate | 27 | allow ${HOME}/.cache/com.github.johnfactotum.Foliate |
28 | whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate | 28 | allow ${HOME}/.local/share/com.github.johnfactotum.Foliate |
29 | whitelist ${DOCUMENTS} | 29 | allow ${DOCUMENTS} |
30 | whitelist ${DOWNLOADS} | 30 | allow ${DOWNLOADS} |
31 | whitelist /usr/share/com.github.johnfactotum.Foliate | 31 | allow /usr/share/com.github.johnfactotum.Foliate |
32 | whitelist /usr/share/hyphen | 32 | allow /usr/share/hyphen |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile index d0402d188..3e9acc6c8 100644 --- a/etc/profile-a-l/com.github.phase1geo.minder.profile +++ b/etc/profile-a-l/com.github.phase1geo.minder.profile | |||
@@ -6,9 +6,9 @@ include com.github.phase1geo.minder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/minder | 9 | nodeny ${HOME}/.local/share/minder |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,10 +20,10 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.local/share/minder | 22 | mkdir ${HOME}/.local/share/minder |
23 | whitelist ${HOME}/.local/share/minder | 23 | allow ${HOME}/.local/share/minder |
24 | whitelist ${DOCUMENTS} | 24 | allow ${DOCUMENTS} |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | whitelist ${PICTURES} | 26 | allow ${PICTURES} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/conkeror.profile b/etc/profile-a-l/conkeror.profile index 38edf0d21..6cc9ec551 100644 --- a/etc/profile-a-l/conkeror.profile +++ b/etc/profile-a-l/conkeror.profile | |||
@@ -5,23 +5,23 @@ include conkeror.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.conkeror.mozdev.org | 8 | nodeny ${HOME}/.conkeror.mozdev.org |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-programs.inc | 11 | include disable-programs.inc |
12 | 12 | ||
13 | mkdir ${HOME}/.conkeror.mozdev.org | 13 | mkdir ${HOME}/.conkeror.mozdev.org |
14 | mkfile ${HOME}/.conkerorrc | 14 | mkfile ${HOME}/.conkerorrc |
15 | whitelist ${HOME}/.conkeror.mozdev.org | 15 | allow ${HOME}/.conkeror.mozdev.org |
16 | whitelist ${HOME}/.conkerorrc | 16 | allow ${HOME}/.conkerorrc |
17 | whitelist ${HOME}/.lastpass | 17 | allow ${HOME}/.lastpass |
18 | whitelist ${HOME}/.pentadactyl | 18 | allow ${HOME}/.pentadactyl |
19 | whitelist ${HOME}/.pentadactylrc | 19 | allow ${HOME}/.pentadactylrc |
20 | whitelist ${HOME}/.vimperator | 20 | allow ${HOME}/.vimperator |
21 | whitelist ${HOME}/.vimperatorrc | 21 | allow ${HOME}/.vimperatorrc |
22 | whitelist ${HOME}/.zotero | 22 | allow ${HOME}/.zotero |
23 | whitelist ${HOME}/dwhelper | 23 | allow ${HOME}/dwhelper |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-a-l/conky.profile b/etc/profile-a-l/conky.profile index eaa18739d..1b3fe6651 100644 --- a/etc/profile-a-l/conky.profile +++ b/etc/profile-a-l/conky.profile | |||
@@ -6,7 +6,7 @@ include conky.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | 10 | ||
11 | # Allow lua (blacklisted by disable-interpreters.inc) | 11 | # Allow lua (blacklisted by disable-interpreters.inc) |
12 | include allow-lua.inc | 12 | include allow-lua.inc |
diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile index 2fb446e2a..266c404ee 100644 --- a/etc/profile-a-l/corebird.profile +++ b/etc/profile-a-l/corebird.profile | |||
@@ -6,7 +6,7 @@ include corebird.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/corebird | 9 | nodeny ${HOME}/.config/corebird |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile index 1635995dc..0a1353e40 100644 --- a/etc/profile-a-l/cower.profile +++ b/etc/profile-a-l/cower.profile | |||
@@ -7,8 +7,8 @@ include cower.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/cower | 10 | nodeny ${HOME}/.config/cower |
11 | noblacklist /var/lib/pacman | 11 | nodeny /var/lib/pacman |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile index 7ece35c2b..5e48c8022 100644 --- a/etc/profile-a-l/coyim.profile +++ b/etc/profile-a-l/coyim.profile | |||
@@ -6,7 +6,7 @@ include coyim.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/coyim | 9 | nodeny ${HOME}/.config/coyim |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/coyim | 20 | mkdir ${HOME}/.config/coyim |
21 | whitelist ${HOME}/.config/coyim | 21 | allow ${HOME}/.config/coyim |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/cpio.profile b/etc/profile-a-l/cpio.profile index bdc4f21a6..dec8c086b 100644 --- a/etc/profile-a-l/cpio.profile +++ b/etc/profile-a-l/cpio.profile | |||
@@ -7,8 +7,8 @@ include cpio.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist /sbin | 10 | nodeny /sbin |
11 | noblacklist /usr/sbin | 11 | nodeny /usr/sbin |
12 | 12 | ||
13 | # Redirect | 13 | # Redirect |
14 | include archiver-common.profile | 14 | include archiver-common.profile |
diff --git a/etc/profile-a-l/crawl.profile b/etc/profile-a-l/crawl.profile index b10216895..81292c01c 100644 --- a/etc/profile-a-l/crawl.profile +++ b/etc/profile-a-l/crawl.profile | |||
@@ -6,7 +6,7 @@ include crawl-tiles.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.crawl | 9 | nodeny ${HOME}/.crawl |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.crawl | 19 | mkdir ${HOME}/.crawl |
20 | whitelist ${HOME}/.crawl | 20 | allow ${HOME}/.crawl |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile index 02b15ecc2..36bd93778 100644 --- a/etc/profile-a-l/crow.profile +++ b/etc/profile-a-l/crow.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | mkdir ${HOME}/.config/crow | 9 | mkdir ${HOME}/.config/crow |
10 | mkdir ${HOME}/.cache/gstreamer-1.0 | 10 | mkdir ${HOME}/.cache/gstreamer-1.0 |
11 | whitelist ${HOME}/.config/crow | 11 | allow ${HOME}/.config/crow |
12 | whitelist ${HOME}/.cache/gstreamer-1.0 | 12 | allow ${HOME}/.cache/gstreamer-1.0 |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile index c9867c5d7..4950b7a4c 100644 --- a/etc/profile-a-l/curl.profile +++ b/etc/profile-a-l/curl.profile | |||
@@ -12,11 +12,11 @@ include globals.local | |||
12 | # Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts. | 12 | # Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts. |
13 | # If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local | 13 | # If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local |
14 | # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact. | 14 | # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact. |
15 | noblacklist ${HOME}/.curl-hsts | 15 | nodeny ${HOME}/.curl-hsts |
16 | noblacklist ${HOME}/.curlrc | 16 | nodeny ${HOME}/.curlrc |
17 | 17 | ||
18 | blacklist /tmp/.X11-unix | 18 | deny /tmp/.X11-unix |
19 | blacklist ${RUNUSER} | 19 | deny ${RUNUSER} |
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-exec.inc | 22 | include disable-exec.inc |
diff --git a/etc/profile-a-l/cyberfox.profile b/etc/profile-a-l/cyberfox.profile index d1fff0004..49f972e4a 100644 --- a/etc/profile-a-l/cyberfox.profile +++ b/etc/profile-a-l/cyberfox.profile | |||
@@ -5,13 +5,13 @@ include cyberfox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.8pecxstudios | 8 | nodeny ${HOME}/.8pecxstudios |
9 | noblacklist ${HOME}/.cache/8pecxstudios | 9 | nodeny ${HOME}/.cache/8pecxstudios |
10 | 10 | ||
11 | mkdir ${HOME}/.8pecxstudios | 11 | mkdir ${HOME}/.8pecxstudios |
12 | mkdir ${HOME}/.cache/8pecxstudios | 12 | mkdir ${HOME}/.cache/8pecxstudios |
13 | whitelist ${HOME}/.8pecxstudios | 13 | allow ${HOME}/.8pecxstudios |
14 | whitelist ${HOME}/.cache/8pecxstudios | 14 | allow ${HOME}/.cache/8pecxstudios |
15 | 15 | ||
16 | # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which | 16 | # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which |
17 | # private-etc must first be enabled in firefox-common.profile | 17 | # private-etc must first be enabled in firefox-common.profile |
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile index ba1e7adad..c7ce1730a 100644 --- a/etc/profile-a-l/d-feet.profile +++ b/etc/profile-a-l/d-feet.profile | |||
@@ -6,7 +6,7 @@ include d-feet.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/d-feet | 9 | nodeny ${HOME}/.config/d-feet |
10 | 10 | ||
11 | # Allow python (disabled by disable-interpreters.inc) | 11 | # Allow python (disabled by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,8 +22,8 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.config/d-feet | 24 | mkdir ${HOME}/.config/d-feet |
25 | whitelist ${HOME}/.config/d-feet | 25 | allow ${HOME}/.config/d-feet |
26 | whitelist /usr/share/d-feet | 26 | allow /usr/share/d-feet |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/darktable.profile b/etc/profile-a-l/darktable.profile index 61fa52928..4d51c255e 100644 --- a/etc/profile-a-l/darktable.profile +++ b/etc/profile-a-l/darktable.profile | |||
@@ -6,9 +6,9 @@ include darktable.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/darktable | 9 | nodeny ${HOME}/.cache/darktable |
10 | noblacklist ${HOME}/.config/darktable | 10 | nodeny ${HOME}/.config/darktable |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile index 67a61bb60..745042d6f 100644 --- a/etc/profile-a-l/dbus-send.profile +++ b/etc/profile-a-l/dbus-send.profile | |||
@@ -7,8 +7,8 @@ include dbus-send.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile index 0c221850a..c1231c6cf 100644 --- a/etc/profile-a-l/dconf-editor.profile +++ b/etc/profile-a-l/dconf-editor.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist ${HOME}/.local/share/glib-2.0 | 18 | allow ${HOME}/.local/share/glib-2.0 |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile index be7514cbf..b9d385adf 100644 --- a/etc/profile-a-l/dconf.profile +++ b/etc/profile-a-l/dconf.profile | |||
@@ -6,7 +6,7 @@ include dconf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist ${HOME}/.local/share/glib-2.0 | 19 | allow ${HOME}/.local/share/glib-2.0 |
20 | # dconf paths are whitelisted by the following | 20 | # dconf paths are whitelisted by the following |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile index 5b95b74be..09fa7a07a 100644 --- a/etc/profile-a-l/ddgtk.profile +++ b/etc/profile-a-l/ddgtk.profile | |||
@@ -18,8 +18,8 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | whitelist /usr/share/ddgtk | 22 | allow /usr/share/ddgtk |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/deadbeef.profile b/etc/profile-a-l/deadbeef.profile index a221ebbd7..25fa944a1 100644 --- a/etc/profile-a-l/deadbeef.profile +++ b/etc/profile-a-l/deadbeef.profile | |||
@@ -6,8 +6,8 @@ include deadbeef.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/deadbeef | 9 | nodeny ${HOME}/.config/deadbeef |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile index ad7aa6ed5..d41a4a023 100644 --- a/etc/profile-a-l/deluge.profile +++ b/etc/profile-a-l/deluge.profile | |||
@@ -6,7 +6,7 @@ include deluge.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/deluge | 9 | nodeny ${HOME}/.config/deluge |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.config/deluge | 22 | mkdir ${HOME}/.config/deluge |
23 | whitelist ${DOWNLOADS} | 23 | allow ${DOWNLOADS} |
24 | whitelist ${HOME}/.config/deluge | 24 | allow ${HOME}/.config/deluge |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/desktopeditors.profile b/etc/profile-a-l/desktopeditors.profile index 212cdab60..aed4355d5 100644 --- a/etc/profile-a-l/desktopeditors.profile +++ b/etc/profile-a-l/desktopeditors.profile | |||
@@ -6,9 +6,9 @@ include desktopeditors.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/onlyoffice | 9 | nodeny ${HOME}/.config/onlyoffice |
10 | noblacklist ${HOME}/.local/share/onlyoffice | 10 | nodeny ${HOME}/.local/share/onlyoffice |
11 | noblacklist ${HOME}/.pki | 11 | nodeny ${HOME}/.pki |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile index 5007f8e74..dc0f290fb 100644 --- a/etc/profile-a-l/devhelp.profile +++ b/etc/profile-a-l/devhelp.profile | |||
@@ -16,9 +16,9 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist /usr/share/devhelp | 19 | allow /usr/share/devhelp |
20 | whitelist /usr/share/doc | 20 | allow /usr/share/doc |
21 | whitelist /usr/share/gtk-doc/html | 21 | allow /usr/share/gtk-doc/html |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile index 6267b5709..631f15f93 100644 --- a/etc/profile-a-l/devilspie.profile +++ b/etc/profile-a-l/devilspie.profile | |||
@@ -6,9 +6,9 @@ include devilspie.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | noblacklist ${HOME}/.devilspie | 11 | nodeny ${HOME}/.devilspie |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.devilspie | 21 | mkdir ${HOME}/.devilspie |
22 | whitelist ${HOME}/.devilspie | 22 | allow ${HOME}/.devilspie |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/devilspie2.profile b/etc/profile-a-l/devilspie2.profile index 9eab3f536..140c9da0f 100644 --- a/etc/profile-a-l/devilspie2.profile +++ b/etc/profile-a-l/devilspie2.profile | |||
@@ -6,17 +6,17 @@ include devilspie2.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | blacklist ${HOME}/.devilspie | 9 | deny ${HOME}/.devilspie |
10 | 10 | ||
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | noblacklist ${HOME}/.config/devilspie2 | 13 | nodeny ${HOME}/.config/devilspie2 |
14 | 14 | ||
15 | # Allow lua (blacklisted by disable-interpreters.inc) | 15 | # Allow lua (blacklisted by disable-interpreters.inc) |
16 | include allow-lua.inc | 16 | include allow-lua.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/devilspie2 | 18 | mkdir ${HOME}/.config/devilspie2 |
19 | whitelist ${HOME}/.config/devilspie2 | 19 | allow ${HOME}/.config/devilspie2 |
20 | 20 | ||
21 | private-bin devilspie2 | 21 | private-bin devilspie2 |
22 | 22 | ||
diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile index 531734b7d..2a808238b 100644 --- a/etc/profile-a-l/dia.profile +++ b/etc/profile-a-l/dia.profile | |||
@@ -6,8 +6,8 @@ include dia.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.dia | 9 | nodeny ${HOME}/.dia |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -25,7 +25,7 @@ include disable-xdg.inc | |||
25 | #whitelist ${HOME}/.dia | 25 | #whitelist ${HOME}/.dia |
26 | #whitelist ${DOCUMENTS} | 26 | #whitelist ${DOCUMENTS} |
27 | #include whitelist-common.inc | 27 | #include whitelist-common.inc |
28 | whitelist /usr/share/dia | 28 | allow /usr/share/dia |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile index 247159a8a..2d683b811 100644 --- a/etc/profile-a-l/dig.profile +++ b/etc/profile-a-l/dig.profile | |||
@@ -7,11 +7,11 @@ include dig.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.digrc | 10 | nodeny ${HOME}/.digrc |
11 | noblacklist ${PATH}/dig | 11 | nodeny ${PATH}/dig |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | deny /tmp/.X11-unix |
14 | blacklist ${RUNUSER} | 14 | deny ${RUNUSER} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | # include disable-devel.inc | 17 | # include disable-devel.inc |
@@ -22,7 +22,7 @@ include disable-programs.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | #mkfile ${HOME}/.digrc - see #903 | 24 | #mkfile ${HOME}/.digrc - see #903 |
25 | whitelist ${HOME}/.digrc | 25 | allow ${HOME}/.digrc |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile index 2ca7bd400..124b50952 100644 --- a/etc/profile-a-l/digikam.profile +++ b/etc/profile-a-l/digikam.profile | |||
@@ -6,12 +6,12 @@ include digikam.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/digikam | 9 | nodeny ${HOME}/.config/digikam |
10 | noblacklist ${HOME}/.config/digikamrc | 10 | nodeny ${HOME}/.config/digikamrc |
11 | noblacklist ${HOME}/.kde/share/apps/digikam | 11 | nodeny ${HOME}/.kde/share/apps/digikam |
12 | noblacklist ${HOME}/.kde4/share/apps/digikam | 12 | nodeny ${HOME}/.kde4/share/apps/digikam |
13 | noblacklist ${HOME}/.local/share/kxmlgui5/digikam | 13 | nodeny ${HOME}/.local/share/kxmlgui5/digikam |
14 | noblacklist ${PICTURES} | 14 | nodeny ${PICTURES} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dillo.profile b/etc/profile-a-l/dillo.profile index 9871a6095..883466f4d 100644 --- a/etc/profile-a-l/dillo.profile +++ b/etc/profile-a-l/dillo.profile | |||
@@ -6,7 +6,7 @@ include dillo.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.dillo | 9 | nodeny ${HOME}/.dillo |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-programs.inc | |||
16 | 16 | ||
17 | mkdir ${HOME}/.dillo | 17 | mkdir ${HOME}/.dillo |
18 | mkdir ${HOME}/.fltk | 18 | mkdir ${HOME}/.fltk |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.dillo | 20 | allow ${HOME}/.dillo |
21 | whitelist ${HOME}/.fltk | 21 | allow ${HOME}/.fltk |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile index c3174b35f..3078bef71 100644 --- a/etc/profile-a-l/dino.profile +++ b/etc/profile-a-l/dino.profile | |||
@@ -6,7 +6,7 @@ include dino.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/dino | 9 | nodeny ${HOME}/.local/share/dino |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.local/share/dino | 19 | mkdir ${HOME}/.local/share/dino |
20 | whitelist ${HOME}/.local/share/dino | 20 | allow ${HOME}/.local/share/dino |
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/discord-canary.profile b/etc/profile-a-l/discord-canary.profile index 43db95b8a..1c53cd211 100644 --- a/etc/profile-a-l/discord-canary.profile +++ b/etc/profile-a-l/discord-canary.profile | |||
@@ -5,10 +5,10 @@ include discord-canary.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/discordcanary | 8 | nodeny ${HOME}/.config/discordcanary |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discordcanary | 10 | mkdir ${HOME}/.config/discordcanary |
11 | whitelist ${HOME}/.config/discordcanary | 11 | allow ${HOME}/.config/discordcanary |
12 | 12 | ||
13 | private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9] | 13 | private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9] |
14 | private-opt discord-canary | 14 | private-opt discord-canary |
diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile index 19e7bd9ab..6bee1901c 100644 --- a/etc/profile-a-l/discord-common.profile +++ b/etc/profile-a-l/discord-common.profile | |||
@@ -20,8 +20,8 @@ ignore dbus-system none | |||
20 | ignore noexec ${HOME} | 20 | ignore noexec ${HOME} |
21 | ignore novideo | 21 | ignore novideo |
22 | 22 | ||
23 | whitelist ${HOME}/.config/BetterDiscord | 23 | allow ${HOME}/.config/BetterDiscord |
24 | whitelist ${HOME}/.local/share/betterdiscordctl | 24 | allow ${HOME}/.local/share/betterdiscordctl |
25 | 25 | ||
26 | private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh | 26 | private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh |
27 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl | 27 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl |
diff --git a/etc/profile-a-l/discord.profile b/etc/profile-a-l/discord.profile index 8ef02a30f..658d3fc83 100644 --- a/etc/profile-a-l/discord.profile +++ b/etc/profile-a-l/discord.profile | |||
@@ -5,10 +5,10 @@ include discord.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/discord | 8 | nodeny ${HOME}/.config/discord |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discord | 10 | mkdir ${HOME}/.config/discord |
11 | whitelist ${HOME}/.config/discord | 11 | allow ${HOME}/.config/discord |
12 | 12 | ||
13 | private-bin discord | 13 | private-bin discord |
14 | private-opt discord | 14 | private-opt discord |
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile index 11f3fd36e..4474b97d2 100644 --- a/etc/profile-a-l/display.profile +++ b/etc/profile-a-l/display.profile | |||
@@ -5,7 +5,7 @@ include display.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${PICTURES} | 8 | nodeny ${PICTURES} |
9 | 9 | ||
10 | # Allow python (blacklisted by disable-interpreters.inc) | 10 | # Allow python (blacklisted by disable-interpreters.inc) |
11 | include allow-python2.inc | 11 | include allow-python2.inc |
diff --git a/etc/profile-a-l/dnox.profile b/etc/profile-a-l/dnox.profile index 51ba6f8b7..8c3d6211b 100644 --- a/etc/profile-a-l/dnox.profile +++ b/etc/profile-a-l/dnox.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/dnox | 13 | nodeny ${HOME}/.cache/dnox |
14 | noblacklist ${HOME}/.config/dnox | 14 | nodeny ${HOME}/.config/dnox |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/dnox | 16 | mkdir ${HOME}/.cache/dnox |
17 | mkdir ${HOME}/.config/dnox | 17 | mkdir ${HOME}/.config/dnox |
18 | whitelist ${HOME}/.cache/dnox | 18 | allow ${HOME}/.cache/dnox |
19 | whitelist ${HOME}/.config/dnox | 19 | allow ${HOME}/.config/dnox |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile index f8fb1a331..dbcef36f8 100644 --- a/etc/profile-a-l/dnscrypt-proxy.profile +++ b/etc/profile-a-l/dnscrypt-proxy.profile | |||
@@ -7,11 +7,11 @@ include dnscrypt-proxy.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | noblacklist /sbin | 13 | nodeny /sbin |
14 | noblacklist /usr/sbin | 14 | nodeny /usr/sbin |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc | |||
21 | include disable-programs.inc | 21 | include disable-programs.inc |
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | whitelist /usr/share/dnscrypt-proxy | 24 | allow /usr/share/dnscrypt-proxy |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile index 01398c2b2..b1acbf392 100644 --- a/etc/profile-a-l/dnsmasq.profile +++ b/etc/profile-a-l/dnsmasq.profile | |||
@@ -7,11 +7,11 @@ include dnsmasq.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist /sbin | 10 | nodeny /sbin |
11 | noblacklist /usr/sbin | 11 | nodeny /usr/sbin |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | deny /tmp/.X11-unix |
14 | blacklist ${RUNUSER}/wayland-* | 14 | deny ${RUNUSER}/wayland-* |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile index 49feec32e..15b312ecb 100644 --- a/etc/profile-a-l/dolphin-emu.profile +++ b/etc/profile-a-l/dolphin-emu.profile | |||
@@ -8,9 +8,9 @@ include globals.local | |||
8 | 8 | ||
9 | # Note: you must whitelist your games folder in your dolphin-emu.local. | 9 | # Note: you must whitelist your games folder in your dolphin-emu.local. |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/dolphin-emu | 11 | nodeny ${HOME}/.cache/dolphin-emu |
12 | noblacklist ${HOME}/.config/dolphin-emu | 12 | nodeny ${HOME}/.config/dolphin-emu |
13 | noblacklist ${HOME}/.local/share/dolphin-emu | 13 | nodeny ${HOME}/.local/share/dolphin-emu |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -24,10 +24,10 @@ include disable-xdg.inc | |||
24 | mkdir ${HOME}/.cache/dolphin-emu | 24 | mkdir ${HOME}/.cache/dolphin-emu |
25 | mkdir ${HOME}/.config/dolphin-emu | 25 | mkdir ${HOME}/.config/dolphin-emu |
26 | mkdir ${HOME}/.local/share/dolphin-emu | 26 | mkdir ${HOME}/.local/share/dolphin-emu |
27 | whitelist ${HOME}/.cache/dolphin-emu | 27 | allow ${HOME}/.cache/dolphin-emu |
28 | whitelist ${HOME}/.config/dolphin-emu | 28 | allow ${HOME}/.config/dolphin-emu |
29 | whitelist ${HOME}/.local/share/dolphin-emu | 29 | allow ${HOME}/.local/share/dolphin-emu |
30 | whitelist /usr/share/dolphin-emu | 30 | allow /usr/share/dolphin-emu |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
33 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/dooble.profile b/etc/profile-a-l/dooble.profile index 37a4113cb..3b0adcc36 100644 --- a/etc/profile-a-l/dooble.profile +++ b/etc/profile-a-l/dooble.profile | |||
@@ -7,7 +7,7 @@ include dooble-qt4.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.dooble | 10 | nodeny ${HOME}/.dooble |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.dooble | 19 | mkdir ${HOME}/.dooble |
20 | whitelist ${DOWNLOADS} | 20 | allow ${DOWNLOADS} |
21 | whitelist ${HOME}/.dooble | 21 | allow ${HOME}/.dooble |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile index 988f66f28..29e506764 100644 --- a/etc/profile-a-l/dosbox.profile +++ b/etc/profile-a-l/dosbox.profile | |||
@@ -6,8 +6,8 @@ include dosbox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.dosbox | 9 | nodeny ${HOME}/.dosbox |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile index 8fa01d504..90ca11774 100644 --- a/etc/profile-a-l/dragon.profile +++ b/etc/profile-a-l/dragon.profile | |||
@@ -6,9 +6,9 @@ include dragon.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/dragonplayerrc | 9 | nodeny ${HOME}/.config/dragonplayerrc |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist /usr/share/dragonplayer | 22 | allow /usr/share/dragonplayer |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile index 82d96e405..84a77ce34 100644 --- a/etc/profile-a-l/drawio.profile +++ b/etc/profile-a-l/drawio.profile | |||
@@ -6,7 +6,7 @@ include drawio.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/draw.io | 9 | nodeny ${HOME}/.config/draw.io |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/draw.io | 20 | mkdir ${HOME}/.config/draw.io |
21 | whitelist ${HOME}/.config/draw.io | 21 | allow ${HOME}/.config/draw.io |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile index 068bd88d8..e177fd60e 100644 --- a/etc/profile-a-l/drill.profile +++ b/etc/profile-a-l/drill.profile | |||
@@ -7,10 +7,10 @@ include drill.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${PATH}/drill | 10 | nodeny ${PATH}/drill |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | deny /tmp/.X11-unix |
13 | blacklist ${RUNUSER} | 13 | deny ${RUNUSER} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | # include disable-devel.inc | 16 | # include disable-devel.inc |
diff --git a/etc/profile-a-l/dropbox.profile b/etc/profile-a-l/dropbox.profile index b3b2aaf40..274cdd478 100644 --- a/etc/profile-a-l/dropbox.profile +++ b/etc/profile-a-l/dropbox.profile | |||
@@ -5,9 +5,9 @@ include dropbox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/autostart | 8 | nodeny ${HOME}/.config/autostart |
9 | noblacklist ${HOME}/.dropbox | 9 | nodeny ${HOME}/.dropbox |
10 | noblacklist ${HOME}/.dropbox-dist | 10 | nodeny ${HOME}/.dropbox-dist |
11 | 11 | ||
12 | # Allow python3 (blacklisted by disable-interpreters.inc) | 12 | # Allow python3 (blacklisted by disable-interpreters.inc) |
13 | include allow-python3.inc | 13 | include allow-python3.inc |
@@ -22,10 +22,10 @@ mkdir ${HOME}/.dropbox | |||
22 | mkdir ${HOME}/.dropbox-dist | 22 | mkdir ${HOME}/.dropbox-dist |
23 | mkdir ${HOME}/Dropbox | 23 | mkdir ${HOME}/Dropbox |
24 | mkfile ${HOME}/.config/autostart/dropbox.desktop | 24 | mkfile ${HOME}/.config/autostart/dropbox.desktop |
25 | whitelist ${HOME}/.config/autostart/dropbox.desktop | 25 | allow ${HOME}/.config/autostart/dropbox.desktop |
26 | whitelist ${HOME}/.dropbox | 26 | allow ${HOME}/.dropbox |
27 | whitelist ${HOME}/.dropbox-dist | 27 | allow ${HOME}/.dropbox-dist |
28 | whitelist ${HOME}/Dropbox | 28 | allow ${HOME}/Dropbox |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | 30 | ||
31 | caps.drop all | 31 | caps.drop all |
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile index 38e4b16f7..da54fec34 100644 --- a/etc/profile-a-l/easystroke.profile +++ b/etc/profile-a-l/easystroke.profile | |||
@@ -6,7 +6,7 @@ include easystroke.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.easystroke | 9 | nodeny ${HOME}/.easystroke |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.easystroke | 19 | mkdir ${HOME}/.easystroke |
20 | whitelist ${HOME}/.easystroke | 20 | allow ${HOME}/.easystroke |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile index 278dd6cbd..10e57371e 100644 --- a/etc/profile-a-l/electron-mail.profile +++ b/etc/profile-a-l/electron-mail.profile | |||
@@ -6,7 +6,7 @@ include electron-mail.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/electron-mail | 9 | nodeny ${HOME}/.config/electron-mail |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/electron-mail | 20 | mkdir ${HOME}/.config/electron-mail |
21 | whitelist ${HOME}/.config/electron-mail | 21 | allow ${HOME}/.config/electron-mail |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | 23 | ||
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile index 493af79d4..e8d8d35c4 100644 --- a/etc/profile-a-l/electron.profile +++ b/etc/profile-a-l/electron.profile | |||
@@ -12,7 +12,7 @@ include disable-passwdmgr.inc | |||
12 | include disable-programs.inc | 12 | include disable-programs.inc |
13 | include disable-xdg.inc | 13 | include disable-xdg.inc |
14 | 14 | ||
15 | whitelist ${DOWNLOADS} | 15 | allow ${DOWNLOADS} |
16 | include whitelist-common.inc | 16 | include whitelist-common.inc |
17 | include whitelist-runuser-common.inc | 17 | include whitelist-runuser-common.inc |
18 | include whitelist-usr-share-common.inc | 18 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile index ad636d71a..f6691017c 100644 --- a/etc/profile-a-l/electrum.profile +++ b/etc/profile-a-l/electrum.profile | |||
@@ -6,7 +6,7 @@ include electrum.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.electrum | 9 | nodeny ${HOME}/.electrum |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,7 +22,7 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.electrum | 24 | mkdir ${HOME}/.electrum |
25 | whitelist ${HOME}/.electrum | 25 | allow ${HOME}/.electrum |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-a-l/element-desktop.profile b/etc/profile-a-l/element-desktop.profile index 48a826f2e..ec28866b8 100644 --- a/etc/profile-a-l/element-desktop.profile +++ b/etc/profile-a-l/element-desktop.profile | |||
@@ -9,11 +9,11 @@ include element-desktop.local | |||
9 | 9 | ||
10 | ignore dbus-user none | 10 | ignore dbus-user none |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/Element | 12 | nodeny ${HOME}/.config/Element |
13 | 13 | ||
14 | mkdir ${HOME}/.config/Element | 14 | mkdir ${HOME}/.config/Element |
15 | whitelist ${HOME}/.config/Element | 15 | allow ${HOME}/.config/Element |
16 | whitelist /opt/Element | 16 | allow /opt/Element |
17 | 17 | ||
18 | private-opt Element | 18 | private-opt Element |
19 | 19 | ||
diff --git a/etc/profile-a-l/elinks.profile b/etc/profile-a-l/elinks.profile index 5a29eb24b..30dca05cb 100644 --- a/etc/profile-a-l/elinks.profile +++ b/etc/profile-a-l/elinks.profile | |||
@@ -7,10 +7,10 @@ include elinks.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.elinks | 10 | nodeny ${HOME}/.elinks |
11 | 11 | ||
12 | mkdir ${HOME}/.elinks | 12 | mkdir ${HOME}/.elinks |
13 | whitelist ${HOME}/.elinks | 13 | allow ${HOME}/.elinks |
14 | 14 | ||
15 | private-bin elinks | 15 | private-bin elinks |
16 | 16 | ||
diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile index 55bf743ef..f0e0e2830 100644 --- a/etc/profile-a-l/emacs.profile +++ b/etc/profile-a-l/emacs.profile | |||
@@ -6,8 +6,8 @@ include emacs.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.emacs | 9 | nodeny ${HOME}/.emacs |
10 | noblacklist ${HOME}/.emacs.d | 10 | nodeny ${HOME}/.emacs.d |
11 | # Add the next line to your emacs.local if you need gpg support. | 11 | # Add the next line to your emacs.local if you need gpg support. |
12 | #noblacklist ${HOME}/.gnupg | 12 | #noblacklist ${HOME}/.gnupg |
13 | 13 | ||
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 6c9a8a6ea..5fc72d340 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile | |||
@@ -7,14 +7,14 @@ include email-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.gnupg | 10 | nodeny ${HOME}/.gnupg |
11 | noblacklist ${HOME}/.mozilla | 11 | nodeny ${HOME}/.mozilla |
12 | noblacklist ${HOME}/.signature | 12 | nodeny ${HOME}/.signature |
13 | # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local | 13 | # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local |
14 | # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications | 14 | # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications |
15 | noblacklist ${HOME}/Mail | 15 | nodeny ${HOME}/Mail |
16 | 16 | ||
17 | noblacklist ${DOCUMENTS} | 17 | nodeny ${DOCUMENTS} |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
@@ -27,17 +27,17 @@ include disable-xdg.inc | |||
27 | mkdir ${HOME}/.gnupg | 27 | mkdir ${HOME}/.gnupg |
28 | mkfile ${HOME}/.config/mimeapps.list | 28 | mkfile ${HOME}/.config/mimeapps.list |
29 | mkfile ${HOME}/.signature | 29 | mkfile ${HOME}/.signature |
30 | whitelist ${HOME}/.config/mimeapps.list | 30 | allow ${HOME}/.config/mimeapps.list |
31 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 31 | allow ${HOME}/.mozilla/firefox/profiles.ini |
32 | whitelist ${HOME}/.gnupg | 32 | allow ${HOME}/.gnupg |
33 | whitelist ${HOME}/.signature | 33 | allow ${HOME}/.signature |
34 | whitelist ${DOCUMENTS} | 34 | allow ${DOCUMENTS} |
35 | whitelist ${DOWNLOADS} | 35 | allow ${DOWNLOADS} |
36 | # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local | 36 | # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local |
37 | whitelist ${HOME}/Mail | 37 | allow ${HOME}/Mail |
38 | whitelist ${RUNUSER}/gnupg | 38 | allow ${RUNUSER}/gnupg |
39 | whitelist /usr/share/gnupg | 39 | allow /usr/share/gnupg |
40 | whitelist /usr/share/gnupg2 | 40 | allow /usr/share/gnupg2 |
41 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-runuser-common.inc | 42 | include whitelist-runuser-common.inc |
43 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile index ac17b1726..36015b702 100644 --- a/etc/profile-a-l/enchant.profile +++ b/etc/profile-a-l/enchant.profile | |||
@@ -6,9 +6,9 @@ include enchant.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/enchant | 11 | nodeny ${HOME}/.config/enchant |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.config/enchant | 21 | mkdir ${HOME}/.config/enchant |
22 | whitelist ${HOME}/.config/enchant | 22 | allow ${HOME}/.config/enchant |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/enox.profile b/etc/profile-a-l/enox.profile index d982433e2..9a1d89bba 100644 --- a/etc/profile-a-l/enox.profile +++ b/etc/profile-a-l/enox.profile | |||
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/Enox | 13 | nodeny ${HOME}/.cache/Enox |
14 | noblacklist ${HOME}/.config/Enox | 14 | nodeny ${HOME}/.config/Enox |
15 | 15 | ||
16 | #mkdir ${HOME}/.cache/dnox | 16 | #mkdir ${HOME}/.cache/dnox |
17 | #mkdir ${HOME}/.config/dnox | 17 | #mkdir ${HOME}/.config/dnox |
18 | mkdir ${HOME}/.cache/Enox | 18 | mkdir ${HOME}/.cache/Enox |
19 | mkdir ${HOME}/.config/Enox | 19 | mkdir ${HOME}/.config/Enox |
20 | whitelist ${HOME}/.cache/Enox | 20 | allow ${HOME}/.cache/Enox |
21 | whitelist ${HOME}/.config/Enox | 21 | allow ${HOME}/.config/Enox |
22 | 22 | ||
23 | # Redirect | 23 | # Redirect |
24 | include chromium-common.profile | 24 | include chromium-common.profile |
diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile index c4123b4c2..5d8f8a0b9 100644 --- a/etc/profile-a-l/enpass.profile +++ b/etc/profile-a-l/enpass.profile | |||
@@ -6,11 +6,11 @@ include enpass.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Enpass | 9 | nodeny ${HOME}/.cache/Enpass |
10 | noblacklist ${HOME}/.config/sinew.in | 10 | nodeny ${HOME}/.config/sinew.in |
11 | noblacklist ${HOME}/.config/Sinew Software Systems | 11 | nodeny ${HOME}/.config/Sinew Software Systems |
12 | noblacklist ${HOME}/.local/share/Enpass | 12 | nodeny ${HOME}/.local/share/Enpass |
13 | noblacklist ${DOCUMENTS} | 13 | nodeny ${DOCUMENTS} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -24,11 +24,11 @@ mkdir ${HOME}/.cache/Enpass | |||
24 | mkfile ${HOME}/.config/sinew.in | 24 | mkfile ${HOME}/.config/sinew.in |
25 | mkdir ${HOME}/.config/Sinew Software Systems | 25 | mkdir ${HOME}/.config/Sinew Software Systems |
26 | mkdir ${HOME}/.local/share/Enpass | 26 | mkdir ${HOME}/.local/share/Enpass |
27 | whitelist ${HOME}/.cache/Enpass | 27 | allow ${HOME}/.cache/Enpass |
28 | whitelist ${HOME}/.config/sinew.in | 28 | allow ${HOME}/.config/sinew.in |
29 | whitelist ${HOME}/.config/Sinew Software Systems | 29 | allow ${HOME}/.config/Sinew Software Systems |
30 | whitelist ${HOME}/.local/share/Enpass | 30 | allow ${HOME}/.local/share/Enpass |
31 | whitelist ${DOCUMENTS} | 31 | allow ${DOCUMENTS} |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile index fe7913e77..ff7040e5c 100644 --- a/etc/profile-a-l/eo-common.profile +++ b/etc/profile-a-l/eo-common.profile | |||
@@ -7,11 +7,11 @@ include eo-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.local/share/Trash | 10 | nodeny ${HOME}/.local/share/Trash |
11 | noblacklist ${HOME}/.Steam | 11 | nodeny ${HOME}/.Steam |
12 | noblacklist ${HOME}/.steam | 12 | nodeny ${HOME}/.steam |
13 | 13 | ||
14 | blacklist /usr/libexec | 14 | deny /usr/libexec |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/eog.profile b/etc/profile-a-l/eog.profile index 5892374bd..e8592c7df 100644 --- a/etc/profile-a-l/eog.profile +++ b/etc/profile-a-l/eog.profile | |||
@@ -6,9 +6,9 @@ include eog.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/eog | 9 | nodeny ${HOME}/.config/eog |
10 | 10 | ||
11 | whitelist /usr/share/eog | 11 | allow /usr/share/eog |
12 | 12 | ||
13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. | 13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. |
14 | # Add the next lines to your eog.local if you need that functionality. | 14 | # Add the next lines to your eog.local if you need that functionality. |
diff --git a/etc/profile-a-l/eom.profile b/etc/profile-a-l/eom.profile index 7143a8e03..323f5ade2 100644 --- a/etc/profile-a-l/eom.profile +++ b/etc/profile-a-l/eom.profile | |||
@@ -6,9 +6,9 @@ include eom.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mate/eom | 9 | nodeny ${HOME}/.config/mate/eom |
10 | 10 | ||
11 | whitelist /usr/share/eom | 11 | allow /usr/share/eom |
12 | 12 | ||
13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. | 13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. |
14 | # Add the next lines to your eom.local if you need that functionality. | 14 | # Add the next lines to your eom.local if you need that functionality. |
diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile index 131d68951..3657742b9 100644 --- a/etc/profile-a-l/ephemeral.profile +++ b/etc/profile-a-l/ephemeral.profile | |||
@@ -9,8 +9,8 @@ include globals.local | |||
9 | # enforce private-cache | 9 | # enforce private-cache |
10 | #noblacklist ${HOME}/.cache/ephemeral | 10 | #noblacklist ${HOME}/.cache/ephemeral |
11 | 11 | ||
12 | noblacklist ${HOME}/.pki | 12 | nodeny ${HOME}/.pki |
13 | noblacklist ${HOME}/.local/share/pki | 13 | nodeny ${HOME}/.local/share/pki |
14 | 14 | ||
15 | # noexec ${HOME} breaks DRM binaries. | 15 | # noexec ${HOME} breaks DRM binaries. |
16 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 16 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
@@ -27,9 +27,9 @@ mkdir ${HOME}/.pki | |||
27 | mkdir ${HOME}/.local/share/pki | 27 | mkdir ${HOME}/.local/share/pki |
28 | # enforce private-cache | 28 | # enforce private-cache |
29 | #whitelist ${HOME}/.cache/ephemeral | 29 | #whitelist ${HOME}/.cache/ephemeral |
30 | whitelist ${HOME}/.pki | 30 | allow ${HOME}/.pki |
31 | whitelist ${HOME}/.local/share/pki | 31 | allow ${HOME}/.local/share/pki |
32 | whitelist ${DOWNLOADS} | 32 | allow ${DOWNLOADS} |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/epiphany.profile b/etc/profile-a-l/epiphany.profile index 225811226..daedb2193 100644 --- a/etc/profile-a-l/epiphany.profile +++ b/etc/profile-a-l/epiphany.profile | |||
@@ -9,9 +9,9 @@ include globals.local | |||
9 | # Note: Epiphany use bwrap since 3.34 and can not be firejailed any more. | 9 | # Note: Epiphany use bwrap since 3.34 and can not be firejailed any more. |
10 | # See https://github.com/netblue30/firejail/issues/2995 | 10 | # See https://github.com/netblue30/firejail/issues/2995 |
11 | 11 | ||
12 | noblacklist ${HOME}/.cache/epiphany | 12 | nodeny ${HOME}/.cache/epiphany |
13 | noblacklist ${HOME}/.config/epiphany | 13 | nodeny ${HOME}/.config/epiphany |
14 | noblacklist ${HOME}/.local/share/epiphany | 14 | nodeny ${HOME}/.local/share/epiphany |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -21,10 +21,10 @@ include disable-programs.inc | |||
21 | mkdir ${HOME}/.cache/epiphany | 21 | mkdir ${HOME}/.cache/epiphany |
22 | mkdir ${HOME}/.config/epiphany | 22 | mkdir ${HOME}/.config/epiphany |
23 | mkdir ${HOME}/.local/share/epiphany | 23 | mkdir ${HOME}/.local/share/epiphany |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | whitelist ${HOME}/.cache/epiphany | 25 | allow ${HOME}/.cache/epiphany |
26 | whitelist ${HOME}/.config/epiphany | 26 | allow ${HOME}/.config/epiphany |
27 | whitelist ${HOME}/.local/share/epiphany | 27 | allow ${HOME}/.local/share/epiphany |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | 29 | ||
30 | caps.drop all | 30 | caps.drop all |
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile index 964d3b7ca..ac957870c 100644 --- a/etc/profile-a-l/equalx.profile +++ b/etc/profile-a-l/equalx.profile | |||
@@ -6,8 +6,8 @@ include equalx.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/equalx | 9 | nodeny ${HOME}/.config/equalx |
10 | noblacklist ${HOME}/.equalx | 10 | nodeny ${HOME}/.equalx |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,13 +20,13 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.config/equalx | 21 | mkdir ${HOME}/.config/equalx |
22 | mkdir ${HOME}/.equalx | 22 | mkdir ${HOME}/.equalx |
23 | whitelist ${HOME}/.config/equalx | 23 | allow ${HOME}/.config/equalx |
24 | whitelist ${HOME}/.equalx | 24 | allow ${HOME}/.equalx |
25 | whitelist /usr/share/poppler | 25 | allow /usr/share/poppler |
26 | whitelist /usr/share/ghostscript | 26 | allow /usr/share/ghostscript |
27 | whitelist /usr/share/texlive | 27 | allow /usr/share/texlive |
28 | whitelist /usr/share/equalx | 28 | allow /usr/share/equalx |
29 | whitelist /var/lib/texmf | 29 | allow /var/lib/texmf |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile index fdff1e4b5..a2f46b757 100644 --- a/etc/profile-a-l/etr.profile +++ b/etc/profile-a-l/etr.profile | |||
@@ -6,9 +6,9 @@ include etr.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.etr | 9 | nodeny ${HOME}/.etr |
10 | 10 | ||
11 | blacklist /usr/libexec | 11 | deny /usr/libexec |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,10 +20,10 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.etr | 22 | mkdir ${HOME}/.etr |
23 | whitelist ${HOME}/.etr | 23 | allow ${HOME}/.etr |
24 | whitelist /usr/share/etr | 24 | allow /usr/share/etr |
25 | # Debian version | 25 | # Debian version |
26 | whitelist /usr/share/games/etr | 26 | allow /usr/share/games/etr |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile index a9e39b15c..ce2617ad6 100644 --- a/etc/profile-a-l/evince.profile +++ b/etc/profile-a-l/evince.profile | |||
@@ -10,10 +10,10 @@ include globals.local | |||
10 | # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below). | 10 | # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below). |
11 | #noblacklist ${HOME}/.local/share/gvfs-metadata | 11 | #noblacklist ${HOME}/.local/share/gvfs-metadata |
12 | 12 | ||
13 | noblacklist ${HOME}/.config/evince | 13 | nodeny ${HOME}/.config/evince |
14 | noblacklist ${DOCUMENTS} | 14 | nodeny ${DOCUMENTS} |
15 | 15 | ||
16 | blacklist /usr/libexec | 16 | deny /usr/libexec |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -24,10 +24,10 @@ include disable-programs.inc | |||
24 | include disable-shell.inc | 24 | include disable-shell.inc |
25 | include disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | whitelist /usr/share/doc | 27 | allow /usr/share/doc |
28 | whitelist /usr/share/evince | 28 | allow /usr/share/evince |
29 | whitelist /usr/share/poppler | 29 | allow /usr/share/poppler |
30 | whitelist /usr/share/tracker | 30 | allow /usr/share/tracker |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile index 7222493ac..142498a28 100644 --- a/etc/profile-a-l/evolution.profile +++ b/etc/profile-a-l/evolution.profile | |||
@@ -6,15 +6,15 @@ include evolution.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /var/mail | 9 | nodeny /var/mail |
10 | noblacklist /var/spool/mail | 10 | nodeny /var/spool/mail |
11 | noblacklist ${HOME}/.bogofilter | 11 | nodeny ${HOME}/.bogofilter |
12 | noblacklist ${HOME}/.cache/evolution | 12 | nodeny ${HOME}/.cache/evolution |
13 | noblacklist ${HOME}/.config/evolution | 13 | nodeny ${HOME}/.config/evolution |
14 | noblacklist ${HOME}/.gnupg | 14 | nodeny ${HOME}/.gnupg |
15 | noblacklist ${HOME}/.local/share/evolution | 15 | nodeny ${HOME}/.local/share/evolution |
16 | noblacklist ${HOME}/.pki | 16 | nodeny ${HOME}/.pki |
17 | noblacklist ${HOME}/.local/share/pki | 17 | nodeny ${HOME}/.local/share/pki |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile index 7b09a2c64..216814989 100644 --- a/etc/profile-a-l/exiftool.profile +++ b/etc/profile-a-l/exiftool.profile | |||
@@ -6,7 +6,7 @@ include exiftool.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
12 | include allow-perl.inc | 12 | include allow-perl.inc |
@@ -18,7 +18,7 @@ include disable-interpreters.inc | |||
18 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | whitelist /usr/share/perl-image-exiftool | 21 | allow /usr/share/perl-image-exiftool |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile index b2061db79..9bb42945b 100644 --- a/etc/profile-a-l/falkon.profile +++ b/etc/profile-a-l/falkon.profile | |||
@@ -6,8 +6,8 @@ include falkon.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/falkon | 9 | nodeny ${HOME}/.cache/falkon |
10 | noblacklist ${HOME}/.config/falkon | 10 | nodeny ${HOME}/.config/falkon |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,10 +19,10 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.cache/falkon | 20 | mkdir ${HOME}/.cache/falkon |
21 | mkdir ${HOME}/.config/falkon | 21 | mkdir ${HOME}/.config/falkon |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist ${HOME}/.cache/falkon | 23 | allow ${HOME}/.cache/falkon |
24 | whitelist ${HOME}/.config/falkon | 24 | allow ${HOME}/.config/falkon |
25 | whitelist /usr/share/falkon | 25 | allow /usr/share/falkon |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile index 8e81000fd..d141c6ed5 100644 --- a/etc/profile-a-l/fbreader.profile +++ b/etc/profile-a-l/fbreader.profile | |||
@@ -6,8 +6,8 @@ include fbreader.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.FBReader | 9 | nodeny ${HOME}/.FBReader |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile index 31cb1776c..17a365053 100644 --- a/etc/profile-a-l/fdns.profile +++ b/etc/profile-a-l/fdns.profile | |||
@@ -5,11 +5,11 @@ include fdns.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist /sbin | 8 | nodeny /sbin |
9 | noblacklist /usr/sbin | 9 | nodeny /usr/sbin |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | deny /tmp/.X11-unix |
12 | blacklist ${RUNUSER}/wayland-* | 12 | deny ${RUNUSER}/wayland-* |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile index 664ec2da6..359be083e 100644 --- a/etc/profile-a-l/feedreader.profile +++ b/etc/profile-a-l/feedreader.profile | |||
@@ -6,8 +6,8 @@ include feedreader.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/feedreader | 9 | nodeny ${HOME}/.cache/feedreader |
10 | noblacklist ${HOME}/.local/share/feedreader | 10 | nodeny ${HOME}/.local/share/feedreader |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.cache/feedreader | 21 | mkdir ${HOME}/.cache/feedreader |
22 | mkdir ${HOME}/.local/share/feedreader | 22 | mkdir ${HOME}/.local/share/feedreader |
23 | whitelist ${HOME}/.cache/feedreader | 23 | allow ${HOME}/.cache/feedreader |
24 | whitelist ${HOME}/.local/share/feedreader | 24 | allow ${HOME}/.local/share/feedreader |
25 | whitelist /usr/share/feedreader | 25 | allow /usr/share/feedreader |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/ferdi.profile b/etc/profile-a-l/ferdi.profile index a2372ec8a..f60055f37 100644 --- a/etc/profile-a-l/ferdi.profile +++ b/etc/profile-a-l/ferdi.profile | |||
@@ -7,10 +7,10 @@ include globals.local | |||
7 | 7 | ||
8 | ignore noexec /tmp | 8 | ignore noexec /tmp |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/Ferdi | 10 | nodeny ${HOME}/.cache/Ferdi |
11 | noblacklist ${HOME}/.config/Ferdi | 11 | nodeny ${HOME}/.config/Ferdi |
12 | noblacklist ${HOME}/.pki | 12 | nodeny ${HOME}/.pki |
13 | noblacklist ${HOME}/.local/share/pki | 13 | nodeny ${HOME}/.local/share/pki |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Ferdi | |||
22 | mkdir ${HOME}/.config/Ferdi | 22 | mkdir ${HOME}/.config/Ferdi |
23 | mkdir ${HOME}/.pki | 23 | mkdir ${HOME}/.pki |
24 | mkdir ${HOME}/.local/share/pki | 24 | mkdir ${HOME}/.local/share/pki |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | whitelist ${HOME}/.cache/Ferdi | 26 | allow ${HOME}/.cache/Ferdi |
27 | whitelist ${HOME}/.config/Ferdi | 27 | allow ${HOME}/.config/Ferdi |
28 | whitelist ${HOME}/.pki | 28 | allow ${HOME}/.pki |
29 | whitelist ${HOME}/.local/share/pki | 29 | allow ${HOME}/.local/share/pki |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | 31 | ||
32 | caps.drop all | 32 | caps.drop all |
diff --git a/etc/profile-a-l/fetchmail.profile b/etc/profile-a-l/fetchmail.profile index 7358ed5c7..1e06ec29a 100644 --- a/etc/profile-a-l/fetchmail.profile +++ b/etc/profile-a-l/fetchmail.profile | |||
@@ -6,8 +6,8 @@ include fetchmail.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.fetchmailrc | 9 | nodeny ${HOME}/.fetchmailrc |
10 | noblacklist ${HOME}/.netrc | 10 | nodeny ${HOME}/.netrc |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile index 13ef1beb9..1a64183ab 100644 --- a/etc/profile-a-l/ffmpeg.profile +++ b/etc/profile-a-l/ffmpeg.profile | |||
@@ -7,8 +7,8 @@ include ffmpeg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist /usr/share/devedeng | 22 | allow /usr/share/devedeng |
23 | whitelist /usr/share/ffmpeg | 23 | allow /usr/share/ffmpeg |
24 | whitelist /usr/share/qtchooser | 24 | allow /usr/share/qtchooser |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile index 4e651ed61..9f140850f 100644 --- a/etc/profile-a-l/file-roller.profile +++ b/etc/profile-a-l/file-roller.profile | |||
@@ -13,8 +13,8 @@ include disable-interpreters.inc | |||
13 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | whitelist /usr/libexec/file-roller | 16 | allow /usr/libexec/file-roller |
17 | whitelist /usr/share/file-roller | 17 | allow /usr/share/file-roller |
18 | include whitelist-runuser-common.inc | 18 | include whitelist-runuser-common.inc |
19 | include whitelist-usr-share-common.inc | 19 | include whitelist-usr-share-common.inc |
20 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/file.profile b/etc/profile-a-l/file.profile index 5c7583605..426d1e72d 100644 --- a/etc/profile-a-l/file.profile +++ b/etc/profile-a-l/file.profile | |||
@@ -7,7 +7,7 @@ include file.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile index dc5def54f..d9e0e9da0 100644 --- a/etc/profile-a-l/filezilla.profile +++ b/etc/profile-a-l/filezilla.profile | |||
@@ -6,8 +6,8 @@ include filezilla.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/filezilla | 9 | nodeny ${HOME}/.config/filezilla |
10 | noblacklist ${HOME}/.filezilla | 10 | nodeny ${HOME}/.filezilla |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/firedragon.profile b/etc/profile-a-l/firedragon.profile index 77487161e..e22424794 100644 --- a/etc/profile-a-l/firedragon.profile +++ b/etc/profile-a-l/firedragon.profile | |||
@@ -6,13 +6,13 @@ include firedragon.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/firedragon | 9 | nodeny ${HOME}/.cache/firedragon |
10 | noblacklist ${HOME}/.firedragon | 10 | nodeny ${HOME}/.firedragon |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/firedragon | 12 | mkdir ${HOME}/.cache/firedragon |
13 | mkdir ${HOME}/.firedragon | 13 | mkdir ${HOME}/.firedragon |
14 | whitelist ${HOME}/.cache/firedragon | 14 | allow ${HOME}/.cache/firedragon |
15 | whitelist ${HOME}/.firedragon | 15 | allow ${HOME}/.firedragon |
16 | 16 | ||
17 | # Add the next lines to your firedragon.local if you want to use the migration wizard. | 17 | # Add the next lines to your firedragon.local if you want to use the migration wizard. |
18 | #noblacklist ${HOME}/.mozilla | 18 | #noblacklist ${HOME}/.mozilla |
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile index d282f9a60..7e2e8760d 100644 --- a/etc/profile-a-l/firefox-common-addons.profile +++ b/etc/profile-a-l/firefox-common-addons.profile | |||
@@ -5,74 +5,74 @@ include firefox-common-addons.local | |||
5 | ignore include whitelist-runuser-common.inc | 5 | ignore include whitelist-runuser-common.inc |
6 | ignore private-cache | 6 | ignore private-cache |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/youtube-dl | 8 | nodeny ${HOME}/.cache/youtube-dl |
9 | noblacklist ${HOME}/.config/kgetrc | 9 | nodeny ${HOME}/.config/kgetrc |
10 | noblacklist ${HOME}/.config/mpv | 10 | nodeny ${HOME}/.config/mpv |
11 | noblacklist ${HOME}/.config/okularpartrc | 11 | nodeny ${HOME}/.config/okularpartrc |
12 | noblacklist ${HOME}/.config/okularrc | 12 | nodeny ${HOME}/.config/okularrc |
13 | noblacklist ${HOME}/.config/qpdfview | 13 | nodeny ${HOME}/.config/qpdfview |
14 | noblacklist ${HOME}/.config/youtube-dl | 14 | nodeny ${HOME}/.config/youtube-dl |
15 | noblacklist ${HOME}/.kde/share/apps/kget | 15 | nodeny ${HOME}/.kde/share/apps/kget |
16 | noblacklist ${HOME}/.kde/share/apps/okular | 16 | nodeny ${HOME}/.kde/share/apps/okular |
17 | noblacklist ${HOME}/.kde/share/config/kgetrc | 17 | nodeny ${HOME}/.kde/share/config/kgetrc |
18 | noblacklist ${HOME}/.kde/share/config/okularpartrc | 18 | nodeny ${HOME}/.kde/share/config/okularpartrc |
19 | noblacklist ${HOME}/.kde/share/config/okularrc | 19 | nodeny ${HOME}/.kde/share/config/okularrc |
20 | noblacklist ${HOME}/.kde4/share/apps/kget | 20 | nodeny ${HOME}/.kde4/share/apps/kget |
21 | noblacklist ${HOME}/.kde4/share/apps/okular | 21 | nodeny ${HOME}/.kde4/share/apps/okular |
22 | noblacklist ${HOME}/.kde4/share/config/kgetrc | 22 | nodeny ${HOME}/.kde4/share/config/kgetrc |
23 | noblacklist ${HOME}/.kde4/share/config/okularpartrc | 23 | nodeny ${HOME}/.kde4/share/config/okularpartrc |
24 | noblacklist ${HOME}/.kde4/share/config/okularrc | 24 | nodeny ${HOME}/.kde4/share/config/okularrc |
25 | noblacklist ${HOME}/.local/share/kget | 25 | nodeny ${HOME}/.local/share/kget |
26 | noblacklist ${HOME}/.local/share/kxmlgui5/okular | 26 | nodeny ${HOME}/.local/share/kxmlgui5/okular |
27 | noblacklist ${HOME}/.local/share/okular | 27 | nodeny ${HOME}/.local/share/okular |
28 | noblacklist ${HOME}/.local/share/qpdfview | 28 | nodeny ${HOME}/.local/share/qpdfview |
29 | noblacklist ${HOME}/.netrc | 29 | nodeny ${HOME}/.netrc |
30 | 30 | ||
31 | whitelist ${HOME}/.cache/gnome-mplayer/plugin | 31 | allow ${HOME}/.cache/gnome-mplayer/plugin |
32 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs | 32 | allow ${HOME}/.cache/youtube-dl/youtube-sigfuncs |
33 | whitelist ${HOME}/.config/gnome-mplayer | 33 | allow ${HOME}/.config/gnome-mplayer |
34 | whitelist ${HOME}/.config/kgetrc | 34 | allow ${HOME}/.config/kgetrc |
35 | whitelist ${HOME}/.config/mpv | 35 | allow ${HOME}/.config/mpv |
36 | whitelist ${HOME}/.config/okularpartrc | 36 | allow ${HOME}/.config/okularpartrc |
37 | whitelist ${HOME}/.config/okularrc | 37 | allow ${HOME}/.config/okularrc |
38 | whitelist ${HOME}/.config/pipelight-silverlight5.1 | 38 | allow ${HOME}/.config/pipelight-silverlight5.1 |
39 | whitelist ${HOME}/.config/pipelight-widevine | 39 | allow ${HOME}/.config/pipelight-widevine |
40 | whitelist ${HOME}/.config/qpdfview | 40 | allow ${HOME}/.config/qpdfview |
41 | whitelist ${HOME}/.config/youtube-dl | 41 | allow ${HOME}/.config/youtube-dl |
42 | whitelist ${HOME}/.kde/share/apps/kget | 42 | allow ${HOME}/.kde/share/apps/kget |
43 | whitelist ${HOME}/.kde/share/apps/okular | 43 | allow ${HOME}/.kde/share/apps/okular |
44 | whitelist ${HOME}/.kde/share/config/kgetrc | 44 | allow ${HOME}/.kde/share/config/kgetrc |
45 | whitelist ${HOME}/.kde/share/config/okularpartrc | 45 | allow ${HOME}/.kde/share/config/okularpartrc |
46 | whitelist ${HOME}/.kde/share/config/okularrc | 46 | allow ${HOME}/.kde/share/config/okularrc |
47 | whitelist ${HOME}/.kde4/share/apps/kget | 47 | allow ${HOME}/.kde4/share/apps/kget |
48 | whitelist ${HOME}/.kde4/share/apps/okular | 48 | allow ${HOME}/.kde4/share/apps/okular |
49 | whitelist ${HOME}/.kde4/share/config/kgetrc | 49 | allow ${HOME}/.kde4/share/config/kgetrc |
50 | whitelist ${HOME}/.kde4/share/config/okularpartrc | 50 | allow ${HOME}/.kde4/share/config/okularpartrc |
51 | whitelist ${HOME}/.kde4/share/config/okularrc | 51 | allow ${HOME}/.kde4/share/config/okularrc |
52 | whitelist ${HOME}/.keysnail.js | 52 | allow ${HOME}/.keysnail.js |
53 | whitelist ${HOME}/.lastpass | 53 | allow ${HOME}/.lastpass |
54 | whitelist ${HOME}/.local/share/kget | 54 | allow ${HOME}/.local/share/kget |
55 | whitelist ${HOME}/.local/share/kxmlgui5/okular | 55 | allow ${HOME}/.local/share/kxmlgui5/okular |
56 | whitelist ${HOME}/.local/share/okular | 56 | allow ${HOME}/.local/share/okular |
57 | whitelist ${HOME}/.local/share/qpdfview | 57 | allow ${HOME}/.local/share/qpdfview |
58 | whitelist ${HOME}/.local/share/tridactyl | 58 | allow ${HOME}/.local/share/tridactyl |
59 | whitelist ${HOME}/.netrc | 59 | allow ${HOME}/.netrc |
60 | whitelist ${HOME}/.pentadactyl | 60 | allow ${HOME}/.pentadactyl |
61 | whitelist ${HOME}/.pentadactylrc | 61 | allow ${HOME}/.pentadactylrc |
62 | whitelist ${HOME}/.tridactylrc | 62 | allow ${HOME}/.tridactylrc |
63 | whitelist ${HOME}/.vimperator | 63 | allow ${HOME}/.vimperator |
64 | whitelist ${HOME}/.vimperatorrc | 64 | allow ${HOME}/.vimperatorrc |
65 | whitelist ${HOME}/.wine-pipelight | 65 | allow ${HOME}/.wine-pipelight |
66 | whitelist ${HOME}/.wine-pipelight64 | 66 | allow ${HOME}/.wine-pipelight64 |
67 | whitelist ${HOME}/.zotero | 67 | allow ${HOME}/.zotero |
68 | whitelist ${HOME}/dwhelper | 68 | allow ${HOME}/dwhelper |
69 | whitelist /usr/share/lua | 69 | allow /usr/share/lua |
70 | whitelist /usr/share/lua* | 70 | allow /usr/share/lua* |
71 | whitelist /usr/share/vulkan | 71 | allow /usr/share/vulkan |
72 | 72 | ||
73 | # GNOME Shell integration (chrome-gnome-shell) needs dbus and python | 73 | # GNOME Shell integration (chrome-gnome-shell) needs dbus and python |
74 | noblacklist ${HOME}/.local/share/gnome-shell | 74 | nodeny ${HOME}/.local/share/gnome-shell |
75 | whitelist ${HOME}/.local/share/gnome-shell | 75 | allow ${HOME}/.local/share/gnome-shell |
76 | dbus-user.talk ca.desrt.dconf | 76 | dbus-user.talk ca.desrt.dconf |
77 | dbus-user.talk org.gnome.ChromeGnomeShell | 77 | dbus-user.talk org.gnome.ChromeGnomeShell |
78 | dbus-user.talk org.gnome.Shell | 78 | dbus-user.talk org.gnome.Shell |
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index 8b74ed979..cb0fae5dc 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile | |||
@@ -12,8 +12,8 @@ include firefox-common.local | |||
12 | # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins. | 12 | # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins. |
13 | #include firefox-common-addons.profile | 13 | #include firefox-common-addons.profile |
14 | 14 | ||
15 | noblacklist ${HOME}/.pki | 15 | nodeny ${HOME}/.pki |
16 | noblacklist ${HOME}/.local/share/pki | 16 | nodeny ${HOME}/.local/share/pki |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -23,9 +23,9 @@ include disable-programs.inc | |||
23 | 23 | ||
24 | mkdir ${HOME}/.pki | 24 | mkdir ${HOME}/.pki |
25 | mkdir ${HOME}/.local/share/pki | 25 | mkdir ${HOME}/.local/share/pki |
26 | whitelist ${DOWNLOADS} | 26 | allow ${DOWNLOADS} |
27 | whitelist ${HOME}/.pki | 27 | allow ${HOME}/.pki |
28 | whitelist ${HOME}/.local/share/pki | 28 | allow ${HOME}/.local/share/pki |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/firefox-esr.profile b/etc/profile-a-l/firefox-esr.profile index 5e69fdb51..4fd315fdf 100644 --- a/etc/profile-a-l/firefox-esr.profile +++ b/etc/profile-a-l/firefox-esr.profile | |||
@@ -6,7 +6,7 @@ include firefox-esr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | whitelist /usr/share/firefox-esr | 9 | allow /usr/share/firefox-esr |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include firefox.profile | 12 | include firefox.profile |
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile index 3ad67734d..8acfe7c2a 100644 --- a/etc/profile-a-l/firefox.profile +++ b/etc/profile-a-l/firefox.profile | |||
@@ -14,27 +14,27 @@ include globals.local | |||
14 | # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox | 14 | # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox |
15 | # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968 | 15 | # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968 |
16 | 16 | ||
17 | noblacklist ${HOME}/.cache/mozilla | 17 | nodeny ${HOME}/.cache/mozilla |
18 | noblacklist ${HOME}/.mozilla | 18 | nodeny ${HOME}/.mozilla |
19 | 19 | ||
20 | blacklist /usr/libexec | 20 | deny /usr/libexec |
21 | 21 | ||
22 | mkdir ${HOME}/.cache/mozilla/firefox | 22 | mkdir ${HOME}/.cache/mozilla/firefox |
23 | mkdir ${HOME}/.mozilla | 23 | mkdir ${HOME}/.mozilla |
24 | whitelist ${HOME}/.cache/mozilla/firefox | 24 | allow ${HOME}/.cache/mozilla/firefox |
25 | whitelist ${HOME}/.mozilla | 25 | allow ${HOME}/.mozilla |
26 | 26 | ||
27 | # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support. | 27 | # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support. |
28 | # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them. | 28 | # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them. |
29 | #whitelist ${RUNUSER}/kpxc_server | 29 | #whitelist ${RUNUSER}/kpxc_server |
30 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | 30 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer |
31 | 31 | ||
32 | whitelist /usr/share/doc | 32 | allow /usr/share/doc |
33 | whitelist /usr/share/firefox | 33 | allow /usr/share/firefox |
34 | whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini | 34 | allow /usr/share/gnome-shell/search-providers/firefox-search-provider.ini |
35 | whitelist /usr/share/gtk-doc/html | 35 | allow /usr/share/gtk-doc/html |
36 | whitelist /usr/share/mozilla | 36 | allow /usr/share/mozilla |
37 | whitelist /usr/share/webext | 37 | allow /usr/share/webext |
38 | include whitelist-usr-share-common.inc | 38 | include whitelist-usr-share-common.inc |
39 | 39 | ||
40 | # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin. | 40 | # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin. |
diff --git a/etc/profile-a-l/five-or-more.profile b/etc/profile-a-l/five-or-more.profile index 2c86d3ac7..bd1becaf0 100644 --- a/etc/profile-a-l/five-or-more.profile +++ b/etc/profile-a-l/five-or-more.profile | |||
@@ -6,12 +6,12 @@ include five-or-more.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/five-or-more | 9 | nodeny ${HOME}/.local/share/five-or-more |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/five-or-more | 11 | mkdir ${HOME}/.local/share/five-or-more |
12 | whitelist ${HOME}/.local/share/five-or-more | 12 | allow ${HOME}/.local/share/five-or-more |
13 | 13 | ||
14 | whitelist /usr/share/five-or-more | 14 | allow /usr/share/five-or-more |
15 | 15 | ||
16 | private-bin five-or-more | 16 | private-bin five-or-more |
17 | 17 | ||
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile index 55af96c84..f16a65536 100644 --- a/etc/profile-a-l/flameshot.profile +++ b/etc/profile-a-l/flameshot.profile | |||
@@ -7,9 +7,9 @@ include flameshot.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${PICTURES} | 10 | nodeny ${PICTURES} |
11 | noblacklist ${HOME}/.config/Dharkael | 11 | nodeny ${HOME}/.config/Dharkael |
12 | noblacklist ${HOME}/.config/flameshot | 12 | nodeny ${HOME}/.config/flameshot |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -25,7 +25,7 @@ include disable-xdg.inc | |||
25 | #whitelist ${PICTURES} | 25 | #whitelist ${PICTURES} |
26 | #whitelist ${HOME}/.config/Dharkael | 26 | #whitelist ${HOME}/.config/Dharkael |
27 | #whitelist ${HOME}/.config/flameshot | 27 | #whitelist ${HOME}/.config/flameshot |
28 | whitelist /usr/share/flameshot | 28 | allow /usr/share/flameshot |
29 | #include whitelist-common.inc | 29 | #include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/flashpeak-slimjet.profile b/etc/profile-a-l/flashpeak-slimjet.profile index 310fb378f..af114e129 100644 --- a/etc/profile-a-l/flashpeak-slimjet.profile +++ b/etc/profile-a-l/flashpeak-slimjet.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/slimjet | 13 | nodeny ${HOME}/.cache/slimjet |
14 | noblacklist ${HOME}/.config/slimjet | 14 | nodeny ${HOME}/.config/slimjet |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/slimjet | 16 | mkdir ${HOME}/.cache/slimjet |
17 | mkdir ${HOME}/.config/slimjet | 17 | mkdir ${HOME}/.config/slimjet |
18 | whitelist ${HOME}/.cache/slimjet | 18 | allow ${HOME}/.cache/slimjet |
19 | whitelist ${HOME}/.config/slimjet | 19 | allow ${HOME}/.config/slimjet |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/flowblade.profile b/etc/profile-a-l/flowblade.profile index a4421e3ce..505763fb9 100644 --- a/etc/profile-a-l/flowblade.profile +++ b/etc/profile-a-l/flowblade.profile | |||
@@ -6,8 +6,8 @@ include flowblade.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/flowblade | 9 | nodeny ${HOME}/.config/flowblade |
10 | noblacklist ${HOME}/.flowblade | 10 | nodeny ${HOME}/.flowblade |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/fluxbox.profile b/etc/profile-a-l/fluxbox.profile index 1210f365c..a22c0e103 100644 --- a/etc/profile-a-l/fluxbox.profile +++ b/etc/profile-a-l/fluxbox.profile | |||
@@ -7,7 +7,7 @@ include fluxbox.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in fluxbox will run in this profile | 9 | # all applications started in fluxbox will run in this profile |
10 | noblacklist ${HOME}/.fluxbox | 10 | nodeny ${HOME}/.fluxbox |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile index cd0129436..ff9167c1a 100644 --- a/etc/profile-a-l/font-manager.profile +++ b/etc/profile-a-l/font-manager.profile | |||
@@ -6,8 +6,8 @@ include font-manager.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/font-manager | 9 | nodeny ${HOME}/.cache/font-manager |
10 | noblacklist ${HOME}/.config/font-manager | 10 | nodeny ${HOME}/.config/font-manager |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -24,9 +24,9 @@ include disable-xdg.inc | |||
24 | 24 | ||
25 | mkdir ${HOME}/.cache/font-manager | 25 | mkdir ${HOME}/.cache/font-manager |
26 | mkdir ${HOME}/.config/font-manager | 26 | mkdir ${HOME}/.config/font-manager |
27 | whitelist ${HOME}/.cache/font-manager | 27 | allow ${HOME}/.cache/font-manager |
28 | whitelist ${HOME}/.config/font-manager | 28 | allow ${HOME}/.config/font-manager |
29 | whitelist /usr/share/font-manager | 29 | allow /usr/share/font-manager |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
32 | include whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/fontforge.profile b/etc/profile-a-l/fontforge.profile index bd1495877..64c7655e2 100644 --- a/etc/profile-a-l/fontforge.profile +++ b/etc/profile-a-l/fontforge.profile | |||
@@ -6,8 +6,8 @@ include fontforge.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.FontForge | 9 | nodeny ${HOME}/.FontForge |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/fossamail.profile b/etc/profile-a-l/fossamail.profile index 2d700d336..5e5a12794 100644 --- a/etc/profile-a-l/fossamail.profile +++ b/etc/profile-a-l/fossamail.profile | |||
@@ -6,16 +6,16 @@ include fossamail.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/fossamail | 9 | nodeny ${HOME}/.cache/fossamail |
10 | noblacklist ${HOME}/.fossamail | 10 | nodeny ${HOME}/.fossamail |
11 | noblacklist ${HOME}/.gnupg | 11 | nodeny ${HOME}/.gnupg |
12 | 12 | ||
13 | mkdir ${HOME}/.cache/fossamail | 13 | mkdir ${HOME}/.cache/fossamail |
14 | mkdir ${HOME}/.fossamail | 14 | mkdir ${HOME}/.fossamail |
15 | mkdir ${HOME}/.gnupg | 15 | mkdir ${HOME}/.gnupg |
16 | whitelist ${HOME}/.cache/fossamail | 16 | allow ${HOME}/.cache/fossamail |
17 | whitelist ${HOME}/.fossamail | 17 | allow ${HOME}/.fossamail |
18 | whitelist ${HOME}/.gnupg | 18 | allow ${HOME}/.gnupg |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | # allow browsers | 21 | # allow browsers |
diff --git a/etc/profile-a-l/four-in-a-row.profile b/etc/profile-a-l/four-in-a-row.profile index eb0c43ca5..97fd4a626 100644 --- a/etc/profile-a-l/four-in-a-row.profile +++ b/etc/profile-a-l/four-in-a-row.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | whitelist /usr/share/four-in-a-row | 12 | allow /usr/share/four-in-a-row |
13 | 13 | ||
14 | private-bin four-in-a-row | 14 | private-bin four-in-a-row |
15 | 15 | ||
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile index 1b1d031b4..8edc9b02d 100644 --- a/etc/profile-a-l/fractal.profile +++ b/etc/profile-a-l/fractal.profile | |||
@@ -6,7 +6,7 @@ include fractal.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/fractal | 9 | nodeny ${HOME}/.cache/fractal |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,8 +22,8 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.cache/fractal | 24 | mkdir ${HOME}/.cache/fractal |
25 | whitelist ${HOME}/.cache/fractal | 25 | allow ${HOME}/.cache/fractal |
26 | whitelist ${DOWNLOADS} | 26 | allow ${DOWNLOADS} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/franz.profile b/etc/profile-a-l/franz.profile index 9b780a572..1a8ec8f99 100644 --- a/etc/profile-a-l/franz.profile +++ b/etc/profile-a-l/franz.profile | |||
@@ -7,10 +7,10 @@ include globals.local | |||
7 | 7 | ||
8 | ignore noexec /tmp | 8 | ignore noexec /tmp |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/Franz | 10 | nodeny ${HOME}/.cache/Franz |
11 | noblacklist ${HOME}/.config/Franz | 11 | nodeny ${HOME}/.config/Franz |
12 | noblacklist ${HOME}/.pki | 12 | nodeny ${HOME}/.pki |
13 | noblacklist ${HOME}/.local/share/pki | 13 | nodeny ${HOME}/.local/share/pki |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Franz | |||
22 | mkdir ${HOME}/.config/Franz | 22 | mkdir ${HOME}/.config/Franz |
23 | mkdir ${HOME}/.pki | 23 | mkdir ${HOME}/.pki |
24 | mkdir ${HOME}/.local/share/pki | 24 | mkdir ${HOME}/.local/share/pki |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | whitelist ${HOME}/.cache/Franz | 26 | allow ${HOME}/.cache/Franz |
27 | whitelist ${HOME}/.config/Franz | 27 | allow ${HOME}/.config/Franz |
28 | whitelist ${HOME}/.pki | 28 | allow ${HOME}/.pki |
29 | whitelist ${HOME}/.local/share/pki | 29 | allow ${HOME}/.local/share/pki |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | 31 | ||
32 | caps.drop all | 32 | caps.drop all |
diff --git a/etc/profile-a-l/freecad.profile b/etc/profile-a-l/freecad.profile index 8043d0530..a45ad4c7a 100644 --- a/etc/profile-a-l/freecad.profile +++ b/etc/profile-a-l/freecad.profile | |||
@@ -6,8 +6,8 @@ include freecad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/FreeCAD | 9 | nodeny ${HOME}/.config/FreeCAD |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/freeciv.profile b/etc/profile-a-l/freeciv.profile index 23c19682c..20abd4056 100644 --- a/etc/profile-a-l/freeciv.profile +++ b/etc/profile-a-l/freeciv.profile | |||
@@ -6,7 +6,7 @@ include freeciv.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.freeciv | 9 | nodeny ${HOME}/.freeciv |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.freeciv | 19 | mkdir ${HOME}/.freeciv |
20 | whitelist ${HOME}/.freeciv | 20 | allow ${HOME}/.freeciv |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-a-l/freecol.profile b/etc/profile-a-l/freecol.profile index 93fa7da03..79ccf4101 100644 --- a/etc/profile-a-l/freecol.profile +++ b/etc/profile-a-l/freecol.profile | |||
@@ -6,10 +6,10 @@ include freecol.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.freecol | 9 | nodeny ${HOME}/.freecol |
10 | noblacklist ${HOME}/.cache/freecol | 10 | nodeny ${HOME}/.cache/freecol |
11 | noblacklist ${HOME}/.config/freecol | 11 | nodeny ${HOME}/.config/freecol |
12 | noblacklist ${HOME}/.local/share/freecol | 12 | nodeny ${HOME}/.local/share/freecol |
13 | 13 | ||
14 | # Allow java (blacklisted by disable-devel.inc) | 14 | # Allow java (blacklisted by disable-devel.inc) |
15 | include allow-java.inc | 15 | include allow-java.inc |
@@ -26,11 +26,11 @@ mkdir ${HOME}/.java | |||
26 | mkdir ${HOME}/.cache/freecol | 26 | mkdir ${HOME}/.cache/freecol |
27 | mkdir ${HOME}/.config/freecol | 27 | mkdir ${HOME}/.config/freecol |
28 | mkdir ${HOME}/.local/share/freecol | 28 | mkdir ${HOME}/.local/share/freecol |
29 | whitelist ${HOME}/.freecol | 29 | allow ${HOME}/.freecol |
30 | whitelist ${HOME}/.java | 30 | allow ${HOME}/.java |
31 | whitelist ${HOME}/.cache/freecol | 31 | allow ${HOME}/.cache/freecol |
32 | whitelist ${HOME}/.config/freecol | 32 | allow ${HOME}/.config/freecol |
33 | whitelist ${HOME}/.local/share/freecol | 33 | allow ${HOME}/.local/share/freecol |
34 | include whitelist-common.inc | 34 | include whitelist-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
36 | 36 | ||
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile index 699177039..ba52dd208 100644 --- a/etc/profile-a-l/freemind.profile +++ b/etc/profile-a-l/freemind.profile | |||
@@ -6,8 +6,8 @@ include freemind.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${HOME}/.freemind | 10 | nodeny ${HOME}/.freemind |
11 | 11 | ||
12 | # Allow java (blacklisted by disable-devel.inc) | 12 | # Allow java (blacklisted by disable-devel.inc) |
13 | include allow-java.inc | 13 | include allow-java.inc |
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile index e6aff533d..4c321322c 100644 --- a/etc/profile-a-l/freetube.profile +++ b/etc/profile-a-l/freetube.profile | |||
@@ -6,12 +6,12 @@ include freetube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/FreeTube | 9 | nodeny ${HOME}/.config/FreeTube |
10 | 10 | ||
11 | include disable-shell.inc | 11 | include disable-shell.inc |
12 | 12 | ||
13 | mkdir ${HOME}/.config/FreeTube | 13 | mkdir ${HOME}/.config/FreeTube |
14 | whitelist ${HOME}/.config/FreeTube | 14 | allow ${HOME}/.config/FreeTube |
15 | 15 | ||
16 | private-bin freetube | 16 | private-bin freetube |
17 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg | 17 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg |
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile index b4ad81046..3a6dfcfd6 100644 --- a/etc/profile-a-l/frogatto.profile +++ b/etc/profile-a-l/frogatto.profile | |||
@@ -6,7 +6,7 @@ include frogatto.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.frogatto | 9 | nodeny ${HOME}/.frogatto |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.frogatto | 19 | mkdir ${HOME}/.frogatto |
20 | whitelist ${HOME}/.frogatto | 20 | allow ${HOME}/.frogatto |
21 | whitelist /usr/libexec/frogatto | 21 | allow /usr/libexec/frogatto |
22 | whitelist /usr/share/frogatto | 22 | allow /usr/share/frogatto |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile index 76352e41e..12eca8eb0 100644 --- a/etc/profile-a-l/frozen-bubble.profile +++ b/etc/profile-a-l/frozen-bubble.profile | |||
@@ -6,7 +6,7 @@ include frozen-bubble.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.frozen-bubble | 9 | nodeny ${HOME}/.frozen-bubble |
10 | 10 | ||
11 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
12 | include allow-perl.inc | 12 | include allow-perl.inc |
@@ -20,7 +20,7 @@ include disable-programs.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.frozen-bubble | 22 | mkdir ${HOME}/.frozen-bubble |
23 | whitelist ${HOME}/.frozen-bubble | 23 | allow ${HOME}/.frozen-bubble |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile index 8852925b1..07030df4b 100644 --- a/etc/profile-a-l/funnyboat.profile +++ b/etc/profile-a-l/funnyboat.profile | |||
@@ -5,7 +5,7 @@ include funnyboat.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.funnyboat | 8 | nodeny ${HOME}/.funnyboat |
9 | 9 | ||
10 | ignore noexec /dev/shm | 10 | ignore noexec /dev/shm |
11 | include allow-python2.inc | 11 | include allow-python2.inc |
@@ -21,12 +21,12 @@ include disable-programs.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.funnyboat | 23 | mkdir ${HOME}/.funnyboat |
24 | whitelist ${HOME}/.funnyboat | 24 | allow ${HOME}/.funnyboat |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | whitelist /usr/share/funnyboat | 27 | allow /usr/share/funnyboat |
28 | # Debian: | 28 | # Debian: |
29 | whitelist /usr/share/games/funnyboat | 29 | allow /usr/share/games/funnyboat |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile index ed3f0357d..4cd2cb1e6 100644 --- a/etc/profile-a-l/gajim.profile +++ b/etc/profile-a-l/gajim.profile | |||
@@ -6,10 +6,10 @@ include gajim.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gnupg | 9 | nodeny ${HOME}/.gnupg |
10 | noblacklist ${HOME}/.cache/gajim | 10 | nodeny ${HOME}/.cache/gajim |
11 | noblacklist ${HOME}/.config/gajim | 11 | nodeny ${HOME}/.config/gajim |
12 | noblacklist ${HOME}/.local/share/gajim | 12 | nodeny ${HOME}/.local/share/gajim |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | #include allow-python2.inc | 15 | #include allow-python2.inc |
@@ -28,14 +28,14 @@ mkdir ${HOME}/.gnupg | |||
28 | mkdir ${HOME}/.cache/gajim | 28 | mkdir ${HOME}/.cache/gajim |
29 | mkdir ${HOME}/.config/gajim | 29 | mkdir ${HOME}/.config/gajim |
30 | mkdir ${HOME}/.local/share/gajim | 30 | mkdir ${HOME}/.local/share/gajim |
31 | whitelist ${HOME}/.gnupg | 31 | allow ${HOME}/.gnupg |
32 | whitelist ${HOME}/.cache/gajim | 32 | allow ${HOME}/.cache/gajim |
33 | whitelist ${HOME}/.config/gajim | 33 | allow ${HOME}/.config/gajim |
34 | whitelist ${HOME}/.local/share/gajim | 34 | allow ${HOME}/.local/share/gajim |
35 | whitelist ${DOWNLOADS} | 35 | allow ${DOWNLOADS} |
36 | whitelist ${RUNUSER}/gnupg | 36 | allow ${RUNUSER}/gnupg |
37 | whitelist /usr/share/gnupg | 37 | allow /usr/share/gnupg |
38 | whitelist /usr/share/gnupg2 | 38 | allow /usr/share/gnupg2 |
39 | include whitelist-common.inc | 39 | include whitelist-common.inc |
40 | include whitelist-runuser-common.inc | 40 | include whitelist-runuser-common.inc |
41 | include whitelist-usr-share-common.inc | 41 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile index 550b3808b..0b1b595a6 100644 --- a/etc/profile-a-l/galculator.profile +++ b/etc/profile-a-l/galculator.profile | |||
@@ -6,7 +6,7 @@ include galculator.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/galculator | 9 | nodeny ${HOME}/.config/galculator |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/galculator | 20 | mkdir ${HOME}/.config/galculator |
21 | whitelist ${HOME}/.config/galculator | 21 | allow ${HOME}/.config/galculator |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile index 3a8c055f2..00b830234 100644 --- a/etc/profile-a-l/gapplication.profile +++ b/etc/profile-a-l/gapplication.profile | |||
@@ -6,8 +6,8 @@ include gapplication.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | blacklist /usr/libexec | 10 | deny /usr/libexec |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile index 388f4c0df..896a100fc 100644 --- a/etc/profile-a-l/gcloud.profile +++ b/etc/profile-a-l/gcloud.profile | |||
@@ -8,9 +8,9 @@ include globals.local | |||
8 | # noexec ${HOME} will break user-local installs of gcloud tooling | 8 | # noexec ${HOME} will break user-local installs of gcloud tooling |
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.boto | 11 | nodeny ${HOME}/.boto |
12 | noblacklist ${HOME}/.config/gcloud | 12 | nodeny ${HOME}/.config/gcloud |
13 | noblacklist /var/run/docker.sock | 13 | nodeny /var/run/docker.sock |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gconf-editor.profile b/etc/profile-a-l/gconf-editor.profile index cb39174e5..8f72f0b34 100644 --- a/etc/profile-a-l/gconf-editor.profile +++ b/etc/profile-a-l/gconf-editor.profile | |||
@@ -7,9 +7,9 @@ include gconf-editor.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | 11 | ||
12 | whitelist /usr/share/gconf-editor | 12 | allow /usr/share/gconf-editor |
13 | 13 | ||
14 | ignore x11 none | 14 | ignore x11 none |
15 | 15 | ||
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile index fec1a555a..8c7013574 100644 --- a/etc/profile-a-l/gconf.profile +++ b/etc/profile-a-l/gconf.profile | |||
@@ -6,9 +6,9 @@ include gconf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/gconf | 11 | nodeny ${HOME}/.config/gconf |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -23,9 +23,9 @@ include disable-programs.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.config/gconf | 25 | mkdir ${HOME}/.config/gconf |
26 | whitelist ${HOME}/.config/gconf | 26 | allow ${HOME}/.config/gconf |
27 | whitelist /usr/share/GConf | 27 | allow /usr/share/GConf |
28 | whitelist /usr/share/gconf | 28 | allow /usr/share/gconf |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/geany.profile b/etc/profile-a-l/geany.profile index 6fdb9b37a..706a85c75 100644 --- a/etc/profile-a-l/geany.profile +++ b/etc/profile-a-l/geany.profile | |||
@@ -6,7 +6,7 @@ include geany.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/geany | 9 | nodeny ${HOME}/.config/geany |
10 | 10 | ||
11 | # Allows files commonly used by IDEs | 11 | # Allows files commonly used by IDEs |
12 | include allow-common-devel.inc | 12 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index 74e135a7c..512fc1e59 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile | |||
@@ -6,14 +6,14 @@ include geary.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/evolution | 9 | nodeny ${HOME}/.cache/evolution |
10 | noblacklist ${HOME}/.cache/folks | 10 | nodeny ${HOME}/.cache/folks |
11 | noblacklist ${HOME}/.cache/geary | 11 | nodeny ${HOME}/.cache/geary |
12 | noblacklist ${HOME}/.config/evolution | 12 | nodeny ${HOME}/.config/evolution |
13 | noblacklist ${HOME}/.config/geary | 13 | nodeny ${HOME}/.config/geary |
14 | noblacklist ${HOME}/.local/share/evolution | 14 | nodeny ${HOME}/.local/share/evolution |
15 | noblacklist ${HOME}/.local/share/geary | 15 | nodeny ${HOME}/.local/share/geary |
16 | noblacklist ${HOME}/.mozilla | 16 | nodeny ${HOME}/.mozilla |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -31,16 +31,16 @@ mkdir ${HOME}/.config/evolution | |||
31 | mkdir ${HOME}/.config/geary | 31 | mkdir ${HOME}/.config/geary |
32 | mkdir ${HOME}/.local/share/evolution | 32 | mkdir ${HOME}/.local/share/evolution |
33 | mkdir ${HOME}/.local/share/geary | 33 | mkdir ${HOME}/.local/share/geary |
34 | whitelist ${DOWNLOADS} | 34 | allow ${DOWNLOADS} |
35 | whitelist ${HOME}/.cache/evolution | 35 | allow ${HOME}/.cache/evolution |
36 | whitelist ${HOME}/.cache/folks | 36 | allow ${HOME}/.cache/folks |
37 | whitelist ${HOME}/.cache/geary | 37 | allow ${HOME}/.cache/geary |
38 | whitelist ${HOME}/.config/evolution | 38 | allow ${HOME}/.config/evolution |
39 | whitelist ${HOME}/.config/geary | 39 | allow ${HOME}/.config/geary |
40 | whitelist ${HOME}/.local/share/evolution | 40 | allow ${HOME}/.local/share/evolution |
41 | whitelist ${HOME}/.local/share/geary | 41 | allow ${HOME}/.local/share/geary |
42 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 42 | allow ${HOME}/.mozilla/firefox/profiles.ini |
43 | whitelist /usr/share/geary | 43 | allow /usr/share/geary |
44 | include whitelist-common.inc | 44 | include whitelist-common.inc |
45 | include whitelist-runuser-common.inc | 45 | include whitelist-runuser-common.inc |
46 | include whitelist-usr-share-common.inc | 46 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gedit.profile b/etc/profile-a-l/gedit.profile index 108b7041d..f11540374 100644 --- a/etc/profile-a-l/gedit.profile +++ b/etc/profile-a-l/gedit.profile | |||
@@ -6,8 +6,8 @@ include gedit.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/enchant | 9 | nodeny ${HOME}/.config/enchant |
10 | noblacklist ${HOME}/.config/gedit | 10 | nodeny ${HOME}/.config/gedit |
11 | 11 | ||
12 | # Allows files commonly used by IDEs | 12 | # Allows files commonly used by IDEs |
13 | include allow-common-devel.inc | 13 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/geeqie.profile b/etc/profile-a-l/geeqie.profile index dd33b3fb5..8ec3bbaf9 100644 --- a/etc/profile-a-l/geeqie.profile +++ b/etc/profile-a-l/geeqie.profile | |||
@@ -6,9 +6,9 @@ include geeqie.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/geeqie | 9 | nodeny ${HOME}/.cache/geeqie |
10 | noblacklist ${HOME}/.config/geeqie | 10 | nodeny ${HOME}/.config/geeqie |
11 | noblacklist ${HOME}/.local/share/geeqie | 11 | nodeny ${HOME}/.local/share/geeqie |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile index f894a42ca..1661da639 100644 --- a/etc/profile-a-l/gfeeds.profile +++ b/etc/profile-a-l/gfeeds.profile | |||
@@ -6,10 +6,10 @@ include gfeeds.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/gfeeds | 9 | nodeny ${HOME}/.cache/gfeeds |
10 | noblacklist ${HOME}/.cache/org.gabmus.gfeeds | 10 | nodeny ${HOME}/.cache/org.gabmus.gfeeds |
11 | noblacklist ${HOME}/.config/org.gabmus.gfeeds.json | 11 | nodeny ${HOME}/.config/org.gabmus.gfeeds.json |
12 | noblacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 12 | nodeny ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python3.inc | 15 | include allow-python3.inc |
@@ -27,12 +27,12 @@ mkdir ${HOME}/.cache/gfeeds | |||
27 | mkdir ${HOME}/.cache/org.gabmus.gfeeds | 27 | mkdir ${HOME}/.cache/org.gabmus.gfeeds |
28 | mkfile ${HOME}/.config/org.gabmus.gfeeds.json | 28 | mkfile ${HOME}/.config/org.gabmus.gfeeds.json |
29 | mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 29 | mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
30 | whitelist ${HOME}/.cache/gfeeds | 30 | allow ${HOME}/.cache/gfeeds |
31 | whitelist ${HOME}/.cache/org.gabmus.gfeeds | 31 | allow ${HOME}/.cache/org.gabmus.gfeeds |
32 | whitelist ${HOME}/.config/org.gabmus.gfeeds.json | 32 | allow ${HOME}/.config/org.gabmus.gfeeds.json |
33 | whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 33 | allow ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
34 | whitelist /usr/libexec/webkit2gtk-4.0 | 34 | allow /usr/libexec/webkit2gtk-4.0 |
35 | whitelist /usr/share/gfeeds | 35 | allow /usr/share/gfeeds |
36 | include whitelist-common.inc | 36 | include whitelist-common.inc |
37 | include whitelist-runuser-common.inc | 37 | include whitelist-runuser-common.inc |
38 | include whitelist-usr-share-common.inc | 38 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile index d9c5a0d9a..06929dbe3 100644 --- a/etc/profile-a-l/gget.profile +++ b/etc/profile-a-l/gget.profile | |||
@@ -7,8 +7,8 @@ include gget.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | deny ${RUNUSER} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile index 276ab76df..0577fe24f 100644 --- a/etc/profile-a-l/ghostwriter.profile +++ b/etc/profile-a-l/ghostwriter.profile | |||
@@ -6,10 +6,10 @@ include ghostwriter.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ghostwriter | 9 | nodeny ${HOME}/.config/ghostwriter |
10 | noblacklist ${HOME}/.local/share/ghostwriter | 10 | nodeny ${HOME}/.local/share/ghostwriter |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | noblacklist ${PICTURES} | 12 | nodeny ${PICTURES} |
13 | 13 | ||
14 | include allow-lua.inc | 14 | include allow-lua.inc |
15 | 15 | ||
@@ -22,10 +22,10 @@ include disable-programs.inc | |||
22 | include disable-shell.inc | 22 | include disable-shell.inc |
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | whitelist /usr/share/ghostwriter | 25 | allow /usr/share/ghostwriter |
26 | whitelist /usr/share/mozilla-dicts | 26 | allow /usr/share/mozilla-dicts |
27 | whitelist /usr/share/texlive | 27 | allow /usr/share/texlive |
28 | whitelist /usr/share/pandoc* | 28 | allow /usr/share/pandoc* |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index dfc1304d1..de9db8d0f 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile | |||
@@ -18,13 +18,13 @@ include globals.local | |||
18 | # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local. | 18 | # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local. |
19 | ignore noexec ${HOME} | 19 | ignore noexec ${HOME} |
20 | 20 | ||
21 | noblacklist ${HOME}/.cache/babl | 21 | nodeny ${HOME}/.cache/babl |
22 | noblacklist ${HOME}/.cache/gegl-0.4 | 22 | nodeny ${HOME}/.cache/gegl-0.4 |
23 | noblacklist ${HOME}/.cache/gimp | 23 | nodeny ${HOME}/.cache/gimp |
24 | noblacklist ${HOME}/.config/GIMP | 24 | nodeny ${HOME}/.config/GIMP |
25 | noblacklist ${HOME}/.gimp* | 25 | nodeny ${HOME}/.gimp* |
26 | noblacklist ${DOCUMENTS} | 26 | nodeny ${DOCUMENTS} |
27 | noblacklist ${PICTURES} | 27 | nodeny ${PICTURES} |
28 | 28 | ||
29 | include disable-common.inc | 29 | include disable-common.inc |
30 | include disable-exec.inc | 30 | include disable-exec.inc |
@@ -33,10 +33,10 @@ include disable-passwdmgr.inc | |||
33 | include disable-programs.inc | 33 | include disable-programs.inc |
34 | include disable-xdg.inc | 34 | include disable-xdg.inc |
35 | 35 | ||
36 | whitelist /usr/share/gegl-0.4 | 36 | allow /usr/share/gegl-0.4 |
37 | whitelist /usr/share/gimp | 37 | allow /usr/share/gimp |
38 | whitelist /usr/share/mypaint-data | 38 | allow /usr/share/mypaint-data |
39 | whitelist /usr/share/lensfun | 39 | allow /usr/share/lensfun |
40 | include whitelist-usr-share-common.inc | 40 | include whitelist-usr-share-common.inc |
41 | include whitelist-var-common.inc | 41 | include whitelist-var-common.inc |
42 | 42 | ||
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile index 661c3a375..e601d3ab0 100644 --- a/etc/profile-a-l/gist.profile +++ b/etc/profile-a-l/gist.profile | |||
@@ -7,10 +7,10 @@ include gist.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | noblacklist ${HOME}/.gist | 13 | nodeny ${HOME}/.gist |
14 | 14 | ||
15 | # Allow ruby (blacklisted by disable-interpreters.inc) | 15 | # Allow ruby (blacklisted by disable-interpreters.inc) |
16 | include allow-ruby.inc | 16 | include allow-ruby.inc |
@@ -24,8 +24,8 @@ include disable-programs.inc | |||
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | mkdir ${HOME}/.gist | 26 | mkdir ${HOME}/.gist |
27 | whitelist ${HOME}/.gist | 27 | allow ${HOME}/.gist |
28 | whitelist ${DOWNLOADS} | 28 | allow ${DOWNLOADS} |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index 5e4249376..74b7506cf 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile | |||
@@ -8,12 +8,12 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.gitconfig | 11 | nodeny ${HOME}/.gitconfig |
12 | noblacklist ${HOME}/.git-credentials | 12 | nodeny ${HOME}/.git-credentials |
13 | noblacklist ${HOME}/.gnupg | 13 | nodeny ${HOME}/.gnupg |
14 | noblacklist ${HOME}/.subversion | 14 | nodeny ${HOME}/.subversion |
15 | noblacklist ${HOME}/.config/git | 15 | nodeny ${HOME}/.config/git |
16 | noblacklist ${HOME}/.config/git-cola | 16 | nodeny ${HOME}/.config/git-cola |
17 | # Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings. | 17 | # Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings. |
18 | #noblacklist ${HOME}/ | 18 | #noblacklist ${HOME}/ |
19 | 19 | ||
@@ -32,17 +32,17 @@ include disable-passwdmgr.inc | |||
32 | include disable-programs.inc | 32 | include disable-programs.inc |
33 | include disable-xdg.inc | 33 | include disable-xdg.inc |
34 | 34 | ||
35 | whitelist ${RUNUSER}/gnupg | 35 | allow ${RUNUSER}/gnupg |
36 | whitelist ${RUNUSER}/keyring | 36 | allow ${RUNUSER}/keyring |
37 | # Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer. | 37 | # Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer. |
38 | whitelist /usr/share/git | 38 | allow /usr/share/git |
39 | whitelist /usr/share/git-cola | 39 | allow /usr/share/git-cola |
40 | whitelist /usr/share/git-core | 40 | allow /usr/share/git-core |
41 | whitelist /usr/share/git-gui | 41 | allow /usr/share/git-gui |
42 | whitelist /usr/share/gitk | 42 | allow /usr/share/gitk |
43 | whitelist /usr/share/gitweb | 43 | allow /usr/share/gitweb |
44 | whitelist /usr/share/gnupg | 44 | allow /usr/share/gnupg |
45 | whitelist /usr/share/gnupg2 | 45 | allow /usr/share/gnupg2 |
46 | include whitelist-runuser-common.inc | 46 | include whitelist-runuser-common.inc |
47 | include whitelist-usr-share-common.inc | 47 | include whitelist-usr-share-common.inc |
48 | include whitelist-var-common.inc | 48 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile index bfa0081c6..680e91085 100644 --- a/etc/profile-a-l/git.profile +++ b/etc/profile-a-l/git.profile | |||
@@ -7,33 +7,33 @@ include git.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/git | 10 | nodeny ${HOME}/.config/git |
11 | noblacklist ${HOME}/.config/nano | 11 | nodeny ${HOME}/.config/nano |
12 | noblacklist ${HOME}/.emacs | 12 | nodeny ${HOME}/.emacs |
13 | noblacklist ${HOME}/.emacs.d | 13 | nodeny ${HOME}/.emacs.d |
14 | noblacklist ${HOME}/.gitconfig | 14 | nodeny ${HOME}/.gitconfig |
15 | noblacklist ${HOME}/.git-credentials | 15 | nodeny ${HOME}/.git-credentials |
16 | noblacklist ${HOME}/.gnupg | 16 | nodeny ${HOME}/.gnupg |
17 | noblacklist ${HOME}/.nanorc | 17 | nodeny ${HOME}/.nanorc |
18 | noblacklist ${HOME}/.vim | 18 | nodeny ${HOME}/.vim |
19 | noblacklist ${HOME}/.viminfo | 19 | nodeny ${HOME}/.viminfo |
20 | 20 | ||
21 | # Allow ssh (blacklisted by disable-common.inc) | 21 | # Allow ssh (blacklisted by disable-common.inc) |
22 | include allow-ssh.inc | 22 | include allow-ssh.inc |
23 | 23 | ||
24 | blacklist /tmp/.X11-unix | 24 | deny /tmp/.X11-unix |
25 | blacklist ${RUNUSER}/wayland-* | 25 | deny ${RUNUSER}/wayland-* |
26 | 26 | ||
27 | include disable-common.inc | 27 | include disable-common.inc |
28 | include disable-exec.inc | 28 | include disable-exec.inc |
29 | include disable-passwdmgr.inc | 29 | include disable-passwdmgr.inc |
30 | include disable-programs.inc | 30 | include disable-programs.inc |
31 | 31 | ||
32 | whitelist /usr/share/git | 32 | allow /usr/share/git |
33 | whitelist /usr/share/git-core | 33 | allow /usr/share/git-core |
34 | whitelist /usr/share/gitgui | 34 | allow /usr/share/gitgui |
35 | whitelist /usr/share/gitweb | 35 | allow /usr/share/gitweb |
36 | whitelist /usr/share/nano | 36 | allow /usr/share/nano |
37 | include whitelist-usr-share-common.inc | 37 | include whitelist-usr-share-common.inc |
38 | include whitelist-var-common.inc | 38 | include whitelist-var-common.inc |
39 | 39 | ||
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile index 05d7dffa9..d313b5022 100644 --- a/etc/profile-a-l/gitg.profile +++ b/etc/profile-a-l/gitg.profile | |||
@@ -6,10 +6,10 @@ include gitg.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/git | 9 | nodeny ${HOME}/.config/git |
10 | noblacklist ${HOME}/.gitconfig | 10 | nodeny ${HOME}/.gitconfig |
11 | noblacklist ${HOME}/.git-credentials | 11 | nodeny ${HOME}/.git-credentials |
12 | noblacklist ${HOME}/.local/share/gitg | 12 | nodeny ${HOME}/.local/share/gitg |
13 | 13 | ||
14 | # Allow ssh (blacklisted by disable-common.inc) | 14 | # Allow ssh (blacklisted by disable-common.inc) |
15 | include allow-ssh.inc | 15 | include allow-ssh.inc |
@@ -29,7 +29,7 @@ include disable-programs.inc | |||
29 | #whitelist ${HOME}/.ssh | 29 | #whitelist ${HOME}/.ssh |
30 | #include whitelist-common.inc | 30 | #include whitelist-common.inc |
31 | 31 | ||
32 | whitelist /usr/share/gitg | 32 | allow /usr/share/gitg |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/github-desktop.profile b/etc/profile-a-l/github-desktop.profile index 325c54ced..81b534a74 100644 --- a/etc/profile-a-l/github-desktop.profile +++ b/etc/profile-a-l/github-desktop.profile | |||
@@ -22,10 +22,10 @@ ignore apparmor | |||
22 | ignore dbus-user none | 22 | ignore dbus-user none |
23 | ignore dbus-system none | 23 | ignore dbus-system none |
24 | 24 | ||
25 | noblacklist ${HOME}/.config/GitHub Desktop | 25 | nodeny ${HOME}/.config/GitHub Desktop |
26 | noblacklist ${HOME}/.config/git | 26 | nodeny ${HOME}/.config/git |
27 | noblacklist ${HOME}/.gitconfig | 27 | nodeny ${HOME}/.gitconfig |
28 | noblacklist ${HOME}/.git-credentials | 28 | nodeny ${HOME}/.git-credentials |
29 | 29 | ||
30 | # no3d | 30 | # no3d |
31 | nosound | 31 | nosound |
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile index 460e2b990..2d1694ef7 100644 --- a/etc/profile-a-l/gitter.profile +++ b/etc/profile-a-l/gitter.profile | |||
@@ -5,8 +5,8 @@ include gitter.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/autostart | 8 | nodeny ${HOME}/.config/autostart |
9 | noblacklist ${HOME}/.config/Gitter | 9 | nodeny ${HOME}/.config/Gitter |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/Gitter | 18 | mkdir ${HOME}/.config/Gitter |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.config/autostart | 20 | allow ${HOME}/.config/autostart |
21 | whitelist ${HOME}/.config/Gitter | 21 | allow ${HOME}/.config/Gitter |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-a-l/gjs.profile b/etc/profile-a-l/gjs.profile index ed68b3c2d..e00bb1dbf 100644 --- a/etc/profile-a-l/gjs.profile +++ b/etc/profile-a-l/gjs.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/libgweather | 11 | nodeny ${HOME}/.cache/libgweather |
12 | noblacklist ${HOME}/.cache/org.gnome.Books | 12 | nodeny ${HOME}/.cache/org.gnome.Books |
13 | noblacklist ${HOME}/.config/libreoffice | 13 | nodeny ${HOME}/.config/libreoffice |
14 | noblacklist ${HOME}/.local/share/gnome-photos | 14 | nodeny ${HOME}/.local/share/gnome-photos |
15 | 15 | ||
16 | # Allow gjs (blacklisted by disable-interpreters.inc) | 16 | # Allow gjs (blacklisted by disable-interpreters.inc) |
17 | include allow-gjs.inc | 17 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile index c8cefc67e..a3236c2be 100644 --- a/etc/profile-a-l/gl-117.profile +++ b/etc/profile-a-l/gl-117.profile | |||
@@ -6,7 +6,7 @@ include gl-117.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gl-117 | 9 | nodeny ${HOME}/.gl-117 |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.gl-117 | 20 | mkdir ${HOME}/.gl-117 |
21 | whitelist ${HOME}/.gl-117 | 21 | allow ${HOME}/.gl-117 |
22 | whitelist /usr/share/gl-117 | 22 | allow /usr/share/gl-117 |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile index ee7af0546..ec894a5f3 100644 --- a/etc/profile-a-l/glaxium.profile +++ b/etc/profile-a-l/glaxium.profile | |||
@@ -6,7 +6,7 @@ include glaxium.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.glaxiumrc | 9 | nodeny ${HOME}/.glaxiumrc |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/.glaxiumrc | 20 | mkfile ${HOME}/.glaxiumrc |
21 | whitelist ${HOME}/.glaxiumrc | 21 | allow ${HOME}/.glaxiumrc |
22 | whitelist /usr/share/glaxium | 22 | allow /usr/share/glaxium |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/globaltime.profile b/etc/profile-a-l/globaltime.profile index 14b3ef811..e091b811f 100644 --- a/etc/profile-a-l/globaltime.profile +++ b/etc/profile-a-l/globaltime.profile | |||
@@ -5,7 +5,7 @@ include globaltime.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/globaltime | 8 | nodeny ${HOME}/.config/globaltime |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile index b3aad8b2c..79397d28f 100644 --- a/etc/profile-a-l/gmpc.profile +++ b/etc/profile-a-l/gmpc.profile | |||
@@ -6,8 +6,8 @@ include gmpc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gmpc | 9 | nodeny ${HOME}/.config/gmpc |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-programs.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/gmpc | 20 | mkdir ${HOME}/.config/gmpc |
21 | whitelist ${HOME}/.config/gmpc | 21 | allow ${HOME}/.config/gmpc |
22 | whitelist ${MUSIC} | 22 | allow ${MUSIC} |
23 | whitelist /usr/share/gmpc | 23 | allow /usr/share/gmpc |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-2048.profile b/etc/profile-a-l/gnome-2048.profile index 777c81dbe..c723f6e46 100644 --- a/etc/profile-a-l/gnome-2048.profile +++ b/etc/profile-a-l/gnome-2048.profile | |||
@@ -6,10 +6,10 @@ include gnome-2048.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-2048 | 9 | nodeny ${HOME}/.local/share/gnome-2048 |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-2048 | 11 | mkdir ${HOME}/.local/share/gnome-2048 |
12 | whitelist ${HOME}/.local/share/gnome-2048 | 12 | allow ${HOME}/.local/share/gnome-2048 |
13 | 13 | ||
14 | private-bin gnome-2048 | 14 | private-bin gnome-2048 |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-books.profile b/etc/profile-a-l/gnome-books.profile index 34a7f557c..2ed5fa76b 100644 --- a/etc/profile-a-l/gnome-books.profile +++ b/etc/profile-a-l/gnome-books.profile | |||
@@ -7,8 +7,8 @@ include globals.local | |||
7 | 7 | ||
8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/org.gnome.Books | 10 | nodeny ${HOME}/.cache/org.gnome.Books |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | 13 | # Allow gjs (blacklisted by disable-interpreters.inc) |
14 | include allow-gjs.inc | 14 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnome-builder.profile b/etc/profile-a-l/gnome-builder.profile index 37ca5aeff..7dd1c6e22 100644 --- a/etc/profile-a-l/gnome-builder.profile +++ b/etc/profile-a-l/gnome-builder.profile | |||
@@ -6,11 +6,11 @@ include gnome-builder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.bash_history | 9 | nodeny ${HOME}/.bash_history |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/gnome-builder | 11 | nodeny ${HOME}/.cache/gnome-builder |
12 | noblacklist ${HOME}/.config/gnome-builder | 12 | nodeny ${HOME}/.config/gnome-builder |
13 | noblacklist ${HOME}/.local/share/gnome-builder | 13 | nodeny ${HOME}/.local/share/gnome-builder |
14 | 14 | ||
15 | # Allows files commonly used by IDEs | 15 | # Allows files commonly used by IDEs |
16 | include allow-common-devel.inc | 16 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile index 03acd66aa..d91fbaa4b 100644 --- a/etc/profile-a-l/gnome-calendar.profile +++ b/etc/profile-a-l/gnome-calendar.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/libgweather | 18 | allow /usr/share/libgweather |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile index 741fe9bf7..806d7e571 100644 --- a/etc/profile-a-l/gnome-characters.profile +++ b/etc/profile-a-l/gnome-characters.profile | |||
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist /usr/share/org.gnome.Characters | 21 | allow /usr/share/org.gnome.Characters |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile index bd39f625c..095210565 100644 --- a/etc/profile-a-l/gnome-chess.profile +++ b/etc/profile-a-l/gnome-chess.profile | |||
@@ -6,8 +6,8 @@ include gnome-chess.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnome-chess | 9 | nodeny ${HOME}/.config/gnome-chess |
10 | noblacklist ${HOME}/.local/share/gnome-chess | 10 | nodeny ${HOME}/.local/share/gnome-chess |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | #whitelist ${HOME}/.local/share/gnome-chess | 22 | #whitelist ${HOME}/.local/share/gnome-chess |
23 | #include whitelist-common.inc | 23 | #include whitelist-common.inc |
24 | 24 | ||
25 | whitelist /usr/share/gnuchess | 25 | allow /usr/share/gnuchess |
26 | whitelist /usr/share/gnome-chess | 26 | allow /usr/share/gnome-chess |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile index 1e7c70b84..7e2d458fd 100644 --- a/etc/profile-a-l/gnome-clocks.profile +++ b/etc/profile-a-l/gnome-clocks.profile | |||
@@ -15,8 +15,8 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/gnome-clocks | 18 | allow /usr/share/gnome-clocks |
19 | whitelist /usr/share/libgweather | 19 | allow /usr/share/libgweather |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-contacts.profile b/etc/profile-a-l/gnome-contacts.profile index dcc6163b6..7902fa169 100644 --- a/etc/profile-a-l/gnome-contacts.profile +++ b/etc/profile-a-l/gnome-contacts.profile | |||
@@ -6,7 +6,7 @@ include gnome-contacts.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-documents.profile b/etc/profile-a-l/gnome-documents.profile index 29ad67af8..0f601149f 100644 --- a/etc/profile-a-l/gnome-documents.profile +++ b/etc/profile-a-l/gnome-documents.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/libreoffice | 11 | nodeny ${HOME}/.config/libreoffice |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | # Allow gjs (blacklisted by disable-interpreters.inc) | 14 | # Allow gjs (blacklisted by disable-interpreters.inc) |
15 | include allow-gjs.inc | 15 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile index 2db956faf..50c3e2c6f 100644 --- a/etc/profile-a-l/gnome-hexgl.profile +++ b/etc/profile-a-l/gnome-hexgl.profile | |||
@@ -16,7 +16,7 @@ include disable-shell.inc | |||
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/mesa_shader_cache | 18 | mkdir ${HOME}/.cache/mesa_shader_cache |
19 | whitelist /usr/share/gnome-hexgl | 19 | allow /usr/share/gnome-hexgl |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-keyring.profile b/etc/profile-a-l/gnome-keyring.profile index 25b4c47de..62a5a34ea 100644 --- a/etc/profile-a-l/gnome-keyring.profile +++ b/etc/profile-a-l/gnome-keyring.profile | |||
@@ -7,7 +7,7 @@ include gnome-keyring.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.gnupg | 10 | nodeny ${HOME}/.gnupg |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,12 +18,12 @@ include disable-programs.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.gnupg | 20 | mkdir ${HOME}/.gnupg |
21 | whitelist ${HOME}/.gnupg | 21 | allow ${HOME}/.gnupg |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist ${RUNUSER}/gnupg | 23 | allow ${RUNUSER}/gnupg |
24 | whitelist ${RUNUSER}/keyring | 24 | allow ${RUNUSER}/keyring |
25 | whitelist /usr/share/gnupg | 25 | allow /usr/share/gnupg |
26 | whitelist /usr/share/gnupg2 | 26 | allow /usr/share/gnupg2 |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-klotski.profile b/etc/profile-a-l/gnome-klotski.profile index c67a5c0da..ed074f944 100644 --- a/etc/profile-a-l/gnome-klotski.profile +++ b/etc/profile-a-l/gnome-klotski.profile | |||
@@ -6,10 +6,10 @@ include gnome-klotski.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-klotski | 9 | nodeny ${HOME}/.local/share/gnome-klotski |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-klotski | 11 | mkdir ${HOME}/.local/share/gnome-klotski |
12 | whitelist ${HOME}/.local/share/gnome-klotski | 12 | allow ${HOME}/.local/share/gnome-klotski |
13 | 13 | ||
14 | private-bin gnome-klotski | 14 | private-bin gnome-klotski |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile index 1a7eafeca..4a03a7ff5 100644 --- a/etc/profile-a-l/gnome-latex.profile +++ b/etc/profile-a-l/gnome-latex.profile | |||
@@ -6,8 +6,8 @@ include gnome-latex.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnome-latex | 9 | nodeny ${HOME}/.config/gnome-latex |
10 | noblacklist ${HOME}/.local/share/gnome-latex | 10 | nodeny ${HOME}/.local/share/gnome-latex |
11 | 11 | ||
12 | # Allow perl (blacklisted by disable-interpreters.inc) | 12 | # Allow perl (blacklisted by disable-interpreters.inc) |
13 | include allow-perl.inc | 13 | include allow-perl.inc |
@@ -19,8 +19,8 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | whitelist /usr/share/gnome-latex | 22 | allow /usr/share/gnome-latex |
23 | whitelist /usr/share/texlive | 23 | allow /usr/share/texlive |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | # May cause issues. | 26 | # May cause issues. |
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile index 9d2ea7b7b..fcc02dc76 100644 --- a/etc/profile-a-l/gnome-logs.profile +++ b/etc/profile-a-l/gnome-logs.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /var/log/journal | 18 | allow /var/log/journal |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-mahjongg.profile b/etc/profile-a-l/gnome-mahjongg.profile index 42409dce8..e21f03efe 100644 --- a/etc/profile-a-l/gnome-mahjongg.profile +++ b/etc/profile-a-l/gnome-mahjongg.profile | |||
@@ -6,7 +6,7 @@ include gnome-mahjongg.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | whitelist /usr/share/gnome-mahjongg | 9 | allow /usr/share/gnome-mahjongg |
10 | 10 | ||
11 | private-bin gnome-mahjongg | 11 | private-bin gnome-mahjongg |
12 | 12 | ||
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile index 23aab343f..cf4eceee3 100644 --- a/etc/profile-a-l/gnome-maps.profile +++ b/etc/profile-a-l/gnome-maps.profile | |||
@@ -11,14 +11,14 @@ include globals.local | |||
11 | 11 | ||
12 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 12 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
13 | 13 | ||
14 | noblacklist ${HOME}/.cache/champlain | 14 | nodeny ${HOME}/.cache/champlain |
15 | noblacklist ${HOME}/.cache/org.gnome.Maps | 15 | nodeny ${HOME}/.cache/org.gnome.Maps |
16 | noblacklist ${HOME}/.local/share/maps-places.json | 16 | nodeny ${HOME}/.local/share/maps-places.json |
17 | 17 | ||
18 | # Allow gjs (blacklisted by disable-interpreters.inc) | 18 | # Allow gjs (blacklisted by disable-interpreters.inc) |
19 | include allow-gjs.inc | 19 | include allow-gjs.inc |
20 | 20 | ||
21 | blacklist /usr/libexec | 21 | deny /usr/libexec |
22 | 22 | ||
23 | include disable-common.inc | 23 | include disable-common.inc |
24 | include disable-devel.inc | 24 | include disable-devel.inc |
@@ -31,12 +31,12 @@ include disable-xdg.inc | |||
31 | 31 | ||
32 | mkdir ${HOME}/.cache/champlain | 32 | mkdir ${HOME}/.cache/champlain |
33 | mkfile ${HOME}/.local/share/maps-places.json | 33 | mkfile ${HOME}/.local/share/maps-places.json |
34 | whitelist ${HOME}/.cache/champlain | 34 | allow ${HOME}/.cache/champlain |
35 | whitelist ${HOME}/.local/share/maps-places.json | 35 | allow ${HOME}/.local/share/maps-places.json |
36 | whitelist ${DOWNLOADS} | 36 | allow ${DOWNLOADS} |
37 | whitelist ${PICTURES} | 37 | allow ${PICTURES} |
38 | whitelist /usr/share/gnome-maps | 38 | allow /usr/share/gnome-maps |
39 | whitelist /usr/share/libgweather | 39 | allow /usr/share/libgweather |
40 | include whitelist-common.inc | 40 | include whitelist-common.inc |
41 | include whitelist-runuser-common.inc | 41 | include whitelist-runuser-common.inc |
42 | include whitelist-usr-share-common.inc | 42 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-mines.profile b/etc/profile-a-l/gnome-mines.profile index 4fe8986c2..1b2949bc5 100644 --- a/etc/profile-a-l/gnome-mines.profile +++ b/etc/profile-a-l/gnome-mines.profile | |||
@@ -6,11 +6,11 @@ include gnome-mines.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-mines | 9 | nodeny ${HOME}/.local/share/gnome-mines |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-mines | 11 | mkdir ${HOME}/.local/share/gnome-mines |
12 | whitelist ${HOME}/.local/share/gnome-mines | 12 | allow ${HOME}/.local/share/gnome-mines |
13 | whitelist /usr/share/gnome-mines | 13 | allow /usr/share/gnome-mines |
14 | 14 | ||
15 | private-bin gnome-mines | 15 | private-bin gnome-mines |
16 | 16 | ||
diff --git a/etc/profile-a-l/gnome-mplayer.profile b/etc/profile-a-l/gnome-mplayer.profile index 43fe71f5e..c1cbc796a 100644 --- a/etc/profile-a-l/gnome-mplayer.profile +++ b/etc/profile-a-l/gnome-mplayer.profile | |||
@@ -6,9 +6,9 @@ include gnome-mplayer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnome-mplayer | 9 | nodeny ${HOME}/.config/gnome-mplayer |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile index 2fcbe9910..8fd0826c4 100644 --- a/etc/profile-a-l/gnome-music.profile +++ b/etc/profile-a-l/gnome-music.profile | |||
@@ -6,8 +6,8 @@ include gnome-music.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-music | 9 | nodeny ${HOME}/.local/share/gnome-music |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/gnome-nettool.profile b/etc/profile-a-l/gnome-nettool.profile index 814751db3..a929582f8 100644 --- a/etc/profile-a-l/gnome-nettool.profile +++ b/etc/profile-a-l/gnome-nettool.profile | |||
@@ -14,7 +14,7 @@ include disable-passwdmgr.inc | |||
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | include disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | whitelist /usr/share/gnome-nettool | 17 | allow /usr/share/gnome-nettool |
18 | #include whitelist-common.inc -- see #903 | 18 | #include whitelist-common.inc -- see #903 |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-nibbles.profile b/etc/profile-a-l/gnome-nibbles.profile index b22810d34..d4c037a41 100644 --- a/etc/profile-a-l/gnome-nibbles.profile +++ b/etc/profile-a-l/gnome-nibbles.profile | |||
@@ -9,11 +9,11 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | noblacklist ${HOME}/.local/share/gnome-nibbles | 12 | nodeny ${HOME}/.local/share/gnome-nibbles |
13 | 13 | ||
14 | mkdir ${HOME}/.local/share/gnome-nibbles | 14 | mkdir ${HOME}/.local/share/gnome-nibbles |
15 | whitelist ${HOME}/.local/share/gnome-nibbles | 15 | allow ${HOME}/.local/share/gnome-nibbles |
16 | whitelist /usr/share/gnome-nibbles | 16 | allow /usr/share/gnome-nibbles |
17 | 17 | ||
18 | private-bin gnome-nibbles | 18 | private-bin gnome-nibbles |
19 | 19 | ||
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile index fee5f88b9..d2cf828cc 100644 --- a/etc/profile-a-l/gnome-passwordsafe.profile +++ b/etc/profile-a-l/gnome-passwordsafe.profile | |||
@@ -6,14 +6,14 @@ include gnome-passwordsafe.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${HOME}/*.kdb | 10 | nodeny ${HOME}/*.kdb |
11 | noblacklist ${HOME}/*.kdbx | 11 | nodeny ${HOME}/*.kdbx |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python3.inc | 14 | include allow-python3.inc |
15 | 15 | ||
16 | blacklist /usr/libexec | 16 | deny /usr/libexec |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -24,8 +24,8 @@ include disable-programs.inc | |||
24 | include disable-shell.inc | 24 | include disable-shell.inc |
25 | include disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | whitelist /usr/share/cracklib | 27 | allow /usr/share/cracklib |
28 | whitelist /usr/share/passwordsafe | 28 | allow /usr/share/passwordsafe |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-photos.profile b/etc/profile-a-l/gnome-photos.profile index 58bf3f349..3702da2c7 100644 --- a/etc/profile-a-l/gnome-photos.profile +++ b/etc/profile-a-l/gnome-photos.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | noblacklist ${HOME}/.local/share/gnome-photos | 11 | nodeny ${HOME}/.local/share/gnome-photos |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile index 41903b136..e9ae2bcb0 100644 --- a/etc/profile-a-l/gnome-pie.profile +++ b/etc/profile-a-l/gnome-pie.profile | |||
@@ -6,7 +6,7 @@ include gnome-pie.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnome-pie | 9 | nodeny ${HOME}/.config/gnome-pie |
10 | 10 | ||
11 | #include disable-common.inc | 11 | #include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile index c2ba7556d..bec23910c 100644 --- a/etc/profile-a-l/gnome-pomodoro.profile +++ b/etc/profile-a-l/gnome-pomodoro.profile | |||
@@ -6,7 +6,7 @@ include gnome-pomodoro.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-pomodoro | 9 | nodeny ${HOME}/.local/share/gnome-pomodoro |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.local/share/gnome-pomodoro | 19 | mkdir ${HOME}/.local/share/gnome-pomodoro |
20 | whitelist ${HOME}/.local/share/gnome-pomodoro | 20 | allow ${HOME}/.local/share/gnome-pomodoro |
21 | whitelist /usr/share/gnome-pomodoro | 21 | allow /usr/share/gnome-pomodoro |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile index 48c98ebe0..5ef33fdd8 100644 --- a/etc/profile-a-l/gnome-recipes.profile +++ b/etc/profile-a-l/gnome-recipes.profile | |||
@@ -7,8 +7,8 @@ include gnome-recipes.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/gnome-recipes | 10 | nodeny ${HOME}/.cache/gnome-recipes |
11 | noblacklist ${HOME}/.local/share/gnome-recipes | 11 | nodeny ${HOME}/.local/share/gnome-recipes |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-shell.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.cache/gnome-recipes | 21 | mkdir ${HOME}/.cache/gnome-recipes |
22 | mkdir ${HOME}/.local/share/gnome-recipes | 22 | mkdir ${HOME}/.local/share/gnome-recipes |
23 | whitelist ${HOME}/.cache/gnome-recipes | 23 | allow ${HOME}/.cache/gnome-recipes |
24 | whitelist ${HOME}/.local/share/gnome-recipes | 24 | allow ${HOME}/.local/share/gnome-recipes |
25 | whitelist /usr/share/gnome-recipes | 25 | allow /usr/share/gnome-recipes |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-ring.profile b/etc/profile-a-l/gnome-ring.profile index 78ceb9c4f..b34d264f4 100644 --- a/etc/profile-a-l/gnome-ring.profile +++ b/etc/profile-a-l/gnome-ring.profile | |||
@@ -5,7 +5,7 @@ include gnome-ring.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.local/share/gnome-ring | 8 | nodeny ${HOME}/.local/share/gnome-ring |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-robots.profile b/etc/profile-a-l/gnome-robots.profile index 8835f2b93..836d4e2b2 100644 --- a/etc/profile-a-l/gnome-robots.profile +++ b/etc/profile-a-l/gnome-robots.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | whitelist /usr/share/gnome-robots | 12 | allow /usr/share/gnome-robots |
13 | 13 | ||
14 | private-bin gnome-robots | 14 | private-bin gnome-robots |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-schedule.profile b/etc/profile-a-l/gnome-schedule.profile index 69c90b33d..146f8bc4e 100644 --- a/etc/profile-a-l/gnome-schedule.profile +++ b/etc/profile-a-l/gnome-schedule.profile | |||
@@ -6,17 +6,17 @@ include gnome-schedule.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gnome/gnome-schedule | 9 | nodeny ${HOME}/.gnome/gnome-schedule |
10 | 10 | ||
11 | # Needs at and crontab to read/write user cron | 11 | # Needs at and crontab to read/write user cron |
12 | noblacklist ${PATH}/at | 12 | nodeny ${PATH}/at |
13 | noblacklist ${PATH}/crontab | 13 | nodeny ${PATH}/crontab |
14 | 14 | ||
15 | # Needs access to these files/dirs | 15 | # Needs access to these files/dirs |
16 | noblacklist /etc/cron.allow | 16 | nodeny /etc/cron.allow |
17 | noblacklist /etc/cron.deny | 17 | nodeny /etc/cron.deny |
18 | noblacklist /etc/shadow | 18 | nodeny /etc/shadow |
19 | noblacklist /var/spool/cron | 19 | nodeny /var/spool/cron |
20 | 20 | ||
21 | # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc) | 21 | # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc) |
22 | # add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality | 22 | # add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality |
@@ -34,10 +34,10 @@ include disable-programs.inc | |||
34 | include disable-xdg.inc | 34 | include disable-xdg.inc |
35 | 35 | ||
36 | mkfile ${HOME}/.gnome/gnome-schedule | 36 | mkfile ${HOME}/.gnome/gnome-schedule |
37 | whitelist ${HOME}/.gnome/gnome-schedule | 37 | allow ${HOME}/.gnome/gnome-schedule |
38 | whitelist /usr/share/gnome-schedule | 38 | allow /usr/share/gnome-schedule |
39 | whitelist /var/spool/atd | 39 | allow /var/spool/atd |
40 | whitelist /var/spool/cron | 40 | allow /var/spool/cron |
41 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-runuser-common.inc | 42 | include whitelist-runuser-common.inc |
43 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile index b683b6f6c..175549e99 100644 --- a/etc/profile-a-l/gnome-screenshot.profile +++ b/etc/profile-a-l/gnome-screenshot.profile | |||
@@ -6,8 +6,8 @@ include gnome-screenshot.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | noblacklist ${HOME}/.cache/gnome-screenshot | 10 | nodeny ${HOME}/.cache/gnome-screenshot |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile index 34f5fdeff..c2fb14fa4 100644 --- a/etc/profile-a-l/gnome-sound-recorder.profile +++ b/etc/profile-a-l/gnome-sound-recorder.profile | |||
@@ -6,8 +6,8 @@ include gnome-sound-recorder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | noblacklist ${HOME}/.local/share/Trash | 10 | nodeny ${HOME}/.local/share/Trash |
11 | 11 | ||
12 | # Allow gjs (blacklisted by disable-interpreters.inc) | 12 | # Allow gjs (blacklisted by disable-interpreters.inc) |
13 | include allow-gjs.inc | 13 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnome-sudoku.profile b/etc/profile-a-l/gnome-sudoku.profile index 12fd48a86..3b7835e52 100644 --- a/etc/profile-a-l/gnome-sudoku.profile +++ b/etc/profile-a-l/gnome-sudoku.profile | |||
@@ -6,10 +6,10 @@ include gnome-sudoku.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-sudoku | 9 | nodeny ${HOME}/.local/share/gnome-sudoku |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-sudoku | 11 | mkdir ${HOME}/.local/share/gnome-sudoku |
12 | whitelist ${HOME}/.local/share/gnome-sudoku | 12 | allow ${HOME}/.local/share/gnome-sudoku |
13 | 13 | ||
14 | private-bin gnome-sudoku | 14 | private-bin gnome-sudoku |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile index 8a818695d..6978f7cab 100644 --- a/etc/profile-a-l/gnome-system-log.profile +++ b/etc/profile-a-l/gnome-system-log.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /var/log | 18 | allow /var/log |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-taquin.profile b/etc/profile-a-l/gnome-taquin.profile index 2341334f7..ac87cf70f 100644 --- a/etc/profile-a-l/gnome-taquin.profile +++ b/etc/profile-a-l/gnome-taquin.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | whitelist /usr/share/gnome-taquin | 12 | allow /usr/share/gnome-taquin |
13 | 13 | ||
14 | private-bin gnome-taquin | 14 | private-bin gnome-taquin |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile index 3b147cd48..092fd58a3 100644 --- a/etc/profile-a-l/gnome-todo.profile +++ b/etc/profile-a-l/gnome-todo.profile | |||
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist /usr/share/gnome-todo | 21 | allow /usr/share/gnome-todo |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/gnome-twitch.profile b/etc/profile-a-l/gnome-twitch.profile index b8ec195d3..d76872ea6 100644 --- a/etc/profile-a-l/gnome-twitch.profile +++ b/etc/profile-a-l/gnome-twitch.profile | |||
@@ -6,8 +6,8 @@ include gnome-twitch.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/gnome-twitch | 9 | nodeny ${HOME}/.cache/gnome-twitch |
10 | noblacklist ${HOME}/.local/share/gnome-twitch | 10 | nodeny ${HOME}/.local/share/gnome-twitch |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.cache/gnome-twitch | 19 | mkdir ${HOME}/.cache/gnome-twitch |
20 | mkdir ${HOME}/.local/share/gnome-twitch | 20 | mkdir ${HOME}/.local/share/gnome-twitch |
21 | whitelist ${HOME}/.cache/gnome-twitch | 21 | allow ${HOME}/.cache/gnome-twitch |
22 | whitelist ${HOME}/.local/share/gnome-twitch | 22 | allow ${HOME}/.local/share/gnome-twitch |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-a-l/gnome-weather.profile b/etc/profile-a-l/gnome-weather.profile index 2e08fa41d..6f557ff8d 100644 --- a/etc/profile-a-l/gnome-weather.profile +++ b/etc/profile-a-l/gnome-weather.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/libgweather | 11 | nodeny ${HOME}/.cache/libgweather |
12 | 12 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | 13 | # Allow gjs (blacklisted by disable-interpreters.inc) |
14 | include allow-gjs.inc | 14 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile index c3014a288..261efefac 100644 --- a/etc/profile-a-l/gnote.profile +++ b/etc/profile-a-l/gnote.profile | |||
@@ -6,8 +6,8 @@ include gnote.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnote | 9 | nodeny ${HOME}/.config/gnote |
10 | noblacklist ${HOME}/.local/share/gnote | 10 | nodeny ${HOME}/.local/share/gnote |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.config/gnote | 21 | mkdir ${HOME}/.config/gnote |
22 | mkdir ${HOME}/.local/share/gnote | 22 | mkdir ${HOME}/.local/share/gnote |
23 | whitelist ${HOME}/.config/gnote | 23 | allow ${HOME}/.config/gnote |
24 | whitelist ${HOME}/.local/share/gnote | 24 | allow ${HOME}/.local/share/gnote |
25 | whitelist /usr/share/gnote | 25 | allow /usr/share/gnote |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile index 22851ce9f..e6fbca26f 100644 --- a/etc/profile-a-l/gnubik.profile +++ b/etc/profile-a-l/gnubik.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/gnubik | 18 | allow /usr/share/gnubik |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile index 09ca17caa..f35a53ca4 100644 --- a/etc/profile-a-l/godot.profile +++ b/etc/profile-a-l/godot.profile | |||
@@ -6,9 +6,9 @@ include godot.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/godot | 9 | nodeny ${HOME}/.cache/godot |
10 | noblacklist ${HOME}/.config/godot | 10 | nodeny ${HOME}/.config/godot |
11 | noblacklist ${HOME}/.local/share/godot | 11 | nodeny ${HOME}/.local/share/godot |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/goobox.profile b/etc/profile-a-l/goobox.profile index 8399d77c4..95dd41c2a 100644 --- a/etc/profile-a-l/goobox.profile +++ b/etc/profile-a-l/goobox.profile | |||
@@ -6,7 +6,7 @@ include goobox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/google-chrome-beta.profile b/etc/profile-a-l/google-chrome-beta.profile index ebe5e870b..07f0e587d 100644 --- a/etc/profile-a-l/google-chrome-beta.profile +++ b/etc/profile-a-l/google-chrome-beta.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/google-chrome-beta | 13 | nodeny ${HOME}/.cache/google-chrome-beta |
14 | noblacklist ${HOME}/.config/google-chrome-beta | 14 | nodeny ${HOME}/.config/google-chrome-beta |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/chrome-beta-flags.conf | 16 | nodeny ${HOME}/.config/chrome-beta-flags.conf |
17 | noblacklist ${HOME}/.config/chrome-beta-flags.config | 17 | nodeny ${HOME}/.config/chrome-beta-flags.config |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/google-chrome-beta | 19 | mkdir ${HOME}/.cache/google-chrome-beta |
20 | mkdir ${HOME}/.config/google-chrome-beta | 20 | mkdir ${HOME}/.config/google-chrome-beta |
21 | whitelist ${HOME}/.cache/google-chrome-beta | 21 | allow ${HOME}/.cache/google-chrome-beta |
22 | whitelist ${HOME}/.config/google-chrome-beta | 22 | allow ${HOME}/.config/google-chrome-beta |
23 | 23 | ||
24 | whitelist ${HOME}/.config/chrome-beta-flags.conf | 24 | allow ${HOME}/.config/chrome-beta-flags.conf |
25 | whitelist ${HOME}/.config/chrome-beta-flags.config | 25 | allow ${HOME}/.config/chrome-beta-flags.config |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-a-l/google-chrome-unstable.profile b/etc/profile-a-l/google-chrome-unstable.profile index 4d303f71b..229904411 100644 --- a/etc/profile-a-l/google-chrome-unstable.profile +++ b/etc/profile-a-l/google-chrome-unstable.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/google-chrome-unstable | 13 | nodeny ${HOME}/.cache/google-chrome-unstable |
14 | noblacklist ${HOME}/.config/google-chrome-unstable | 14 | nodeny ${HOME}/.config/google-chrome-unstable |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/chrome-unstable-flags.conf | 16 | nodeny ${HOME}/.config/chrome-unstable-flags.conf |
17 | noblacklist ${HOME}/.config/chrome-unstable-flags.config | 17 | nodeny ${HOME}/.config/chrome-unstable-flags.config |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/google-chrome-unstable | 19 | mkdir ${HOME}/.cache/google-chrome-unstable |
20 | mkdir ${HOME}/.config/google-chrome-unstable | 20 | mkdir ${HOME}/.config/google-chrome-unstable |
21 | whitelist ${HOME}/.cache/google-chrome-unstable | 21 | allow ${HOME}/.cache/google-chrome-unstable |
22 | whitelist ${HOME}/.config/google-chrome-unstable | 22 | allow ${HOME}/.config/google-chrome-unstable |
23 | 23 | ||
24 | whitelist ${HOME}/.config/chrome-unstable-flags.conf | 24 | allow ${HOME}/.config/chrome-unstable-flags.conf |
25 | whitelist ${HOME}/.config/chrome-unstable-flags.config | 25 | allow ${HOME}/.config/chrome-unstable-flags.config |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-a-l/google-chrome.profile b/etc/profile-a-l/google-chrome.profile index ed2595f72..f61642f17 100644 --- a/etc/profile-a-l/google-chrome.profile +++ b/etc/profile-a-l/google-chrome.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/google-chrome | 13 | nodeny ${HOME}/.cache/google-chrome |
14 | noblacklist ${HOME}/.config/google-chrome | 14 | nodeny ${HOME}/.config/google-chrome |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/chrome-flags.conf | 16 | nodeny ${HOME}/.config/chrome-flags.conf |
17 | noblacklist ${HOME}/.config/chrome-flags.config | 17 | nodeny ${HOME}/.config/chrome-flags.config |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/google-chrome | 19 | mkdir ${HOME}/.cache/google-chrome |
20 | mkdir ${HOME}/.config/google-chrome | 20 | mkdir ${HOME}/.config/google-chrome |
21 | whitelist ${HOME}/.cache/google-chrome | 21 | allow ${HOME}/.cache/google-chrome |
22 | whitelist ${HOME}/.config/google-chrome | 22 | allow ${HOME}/.config/google-chrome |
23 | 23 | ||
24 | whitelist ${HOME}/.config/chrome-flags.conf | 24 | allow ${HOME}/.config/chrome-flags.conf |
25 | whitelist ${HOME}/.config/chrome-flags.config | 25 | allow ${HOME}/.config/chrome-flags.config |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-a-l/google-earth.profile b/etc/profile-a-l/google-earth.profile index 65ac04771..6039f7cbd 100644 --- a/etc/profile-a-l/google-earth.profile +++ b/etc/profile-a-l/google-earth.profile | |||
@@ -5,8 +5,8 @@ include google-earth.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Google | 8 | nodeny ${HOME}/.config/Google |
9 | noblacklist ${HOME}/.googleearth | 9 | nodeny ${HOME}/.googleearth |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | 17 | ||
18 | mkdir ${HOME}/.config/Google | 18 | mkdir ${HOME}/.config/Google |
19 | mkdir ${HOME}/.googleearth | 19 | mkdir ${HOME}/.googleearth |
20 | whitelist ${HOME}/.config/Google | 20 | allow ${HOME}/.config/Google |
21 | whitelist ${HOME}/.googleearth | 21 | allow ${HOME}/.googleearth |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-a-l/google-play-music-desktop-player.profile b/etc/profile-a-l/google-play-music-desktop-player.profile index a7aabe105..fdb65b93c 100644 --- a/etc/profile-a-l/google-play-music-desktop-player.profile +++ b/etc/profile-a-l/google-play-music-desktop-player.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | # noexec /tmp breaks mpris support | 8 | # noexec /tmp breaks mpris support |
9 | ignore noexec /tmp | 9 | ignore noexec /tmp |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/Google Play Music Desktop Player | 11 | nodeny ${HOME}/.config/Google Play Music Desktop Player |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,7 +20,7 @@ include disable-programs.inc | |||
20 | mkdir ${HOME}/.config/Google Play Music Desktop Player | 20 | mkdir ${HOME}/.config/Google Play Music Desktop Player |
21 | # whitelist ${HOME}/.config/pulse | 21 | # whitelist ${HOME}/.config/pulse |
22 | # whitelist ${HOME}/.pulse | 22 | # whitelist ${HOME}/.pulse |
23 | whitelist ${HOME}/.config/Google Play Music Desktop Player | 23 | allow ${HOME}/.config/Google Play Music Desktop Player |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile index 2d0bce52b..952c9c1d4 100644 --- a/etc/profile-a-l/googler-common.profile +++ b/etc/profile-a-l/googler-common.profile | |||
@@ -7,10 +7,10 @@ include googler-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | deny ${RUNUSER} |
12 | 12 | ||
13 | noblacklist ${HOME}/.w3m | 13 | nodeny ${HOME}/.w3m |
14 | 14 | ||
15 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 15 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
16 | include allow-bin-sh.inc | 16 | include allow-bin-sh.inc |
@@ -26,7 +26,7 @@ include disable-programs.inc | |||
26 | include disable-shell.inc | 26 | include disable-shell.inc |
27 | include disable-xdg.inc | 27 | include disable-xdg.inc |
28 | 28 | ||
29 | whitelist ${HOME}/.w3m | 29 | allow ${HOME}/.w3m |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
diff --git a/etc/profile-a-l/gpa.profile b/etc/profile-a-l/gpa.profile index 37b4f0b1c..9b8da361b 100644 --- a/etc/profile-a-l/gpa.profile +++ b/etc/profile-a-l/gpa.profile | |||
@@ -6,7 +6,7 @@ include gpa.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gnupg | 9 | nodeny ${HOME}/.gnupg |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile index 7f0b614b1..5fa66bb55 100644 --- a/etc/profile-a-l/gpg-agent.profile +++ b/etc/profile-a-l/gpg-agent.profile | |||
@@ -7,10 +7,10 @@ include gpg-agent.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.gnupg | 10 | nodeny ${HOME}/.gnupg |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | deny /tmp/.X11-unix |
13 | blacklist ${RUNUSER}/wayland-* | 13 | deny ${RUNUSER}/wayland-* |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -20,11 +20,11 @@ include disable-programs.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.gnupg | 22 | mkdir ${HOME}/.gnupg |
23 | whitelist ${HOME}/.gnupg | 23 | allow ${HOME}/.gnupg |
24 | whitelist ${RUNUSER}/gnupg | 24 | allow ${RUNUSER}/gnupg |
25 | whitelist ${RUNUSER}/keyring | 25 | allow ${RUNUSER}/keyring |
26 | whitelist /usr/share/gnupg | 26 | allow /usr/share/gnupg |
27 | whitelist /usr/share/gnupg2 | 27 | allow /usr/share/gnupg2 |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile index 4a4d6527c..2ad896abe 100644 --- a/etc/profile-a-l/gpg.profile +++ b/etc/profile-a-l/gpg.profile | |||
@@ -7,10 +7,10 @@ include gpg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.gnupg | 10 | nodeny ${HOME}/.gnupg |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | deny /tmp/.X11-unix |
13 | blacklist ${RUNUSER}/wayland-* | 13 | deny ${RUNUSER}/wayland-* |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -18,11 +18,11 @@ include disable-interpreters.inc | |||
18 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | whitelist ${RUNUSER}/gnupg | 21 | allow ${RUNUSER}/gnupg |
22 | whitelist ${RUNUSER}/keyring | 22 | allow ${RUNUSER}/keyring |
23 | whitelist /usr/share/gnupg | 23 | allow /usr/share/gnupg |
24 | whitelist /usr/share/gnupg2 | 24 | allow /usr/share/gnupg2 |
25 | whitelist /usr/share/pacman/keyrings | 25 | allow /usr/share/pacman/keyrings |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile index fa53c26c8..0552dc3d7 100644 --- a/etc/profile-a-l/gpicview.profile +++ b/etc/profile-a-l/gpicview.profile | |||
@@ -6,7 +6,7 @@ include gpicview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gpicview | 9 | nodeny ${HOME}/.config/gpicview |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | whitelist /usr/share/gpicview | 19 | allow /usr/share/gpicview |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile index 253d644f1..c9e62a73f 100644 --- a/etc/profile-a-l/gpredict.profile +++ b/etc/profile-a-l/gpredict.profile | |||
@@ -6,7 +6,7 @@ include gpredict.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Gpredict | 9 | nodeny ${HOME}/.config/Gpredict |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.config/Gpredict | 19 | mkdir ${HOME}/.config/Gpredict |
20 | whitelist ${HOME}/.config/Gpredict | 20 | allow ${HOME}/.config/Gpredict |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile index 2b4c536d2..2aebe2338 100644 --- a/etc/profile-a-l/gradio.profile +++ b/etc/profile-a-l/gradio.profile | |||
@@ -5,8 +5,8 @@ include gradio.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/gradio | 8 | nodeny ${HOME}/.cache/gradio |
9 | noblacklist ${HOME}/.local/share/gradio | 9 | nodeny ${HOME}/.local/share/gradio |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-xdg.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.cache/gradio | 19 | mkdir ${HOME}/.cache/gradio |
20 | mkdir ${HOME}/.local/share/gradio | 20 | mkdir ${HOME}/.local/share/gradio |
21 | whitelist ${HOME}/.cache/gradio | 21 | allow ${HOME}/.cache/gradio |
22 | whitelist ${HOME}/.local/share/gradio | 22 | allow ${HOME}/.local/share/gradio |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile index c7e0c2977..53f0baccb 100644 --- a/etc/profile-a-l/gramps.profile +++ b/etc/profile-a-l/gramps.profile | |||
@@ -6,7 +6,7 @@ include gramps.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gramps | 9 | nodeny ${HOME}/.gramps |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | #include allow-python2.inc | 12 | #include allow-python2.inc |
@@ -21,7 +21,7 @@ include disable-programs.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.gramps | 23 | mkdir ${HOME}/.gramps |
24 | whitelist ${HOME}/.gramps | 24 | allow ${HOME}/.gramps |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile index 890ba2560..ecc871c2e 100644 --- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile +++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/gravity-beams-and-evaporating-stars | 18 | allow /usr/share/gravity-beams-and-evaporating-stars |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile index 5927e8c4d..9a4f7b4fb 100644 --- a/etc/profile-a-l/gthumb.profile +++ b/etc/profile-a-l/gthumb.profile | |||
@@ -6,9 +6,9 @@ include gthumb.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gthumb | 9 | nodeny ${HOME}/.config/gthumb |
10 | noblacklist ${HOME}/.Steam | 10 | nodeny ${HOME}/.Steam |
11 | noblacklist ${HOME}/.steam | 11 | nodeny ${HOME}/.steam |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile index c8addae75..d6bb9902a 100644 --- a/etc/profile-a-l/gtk-update-icon-cache.profile +++ b/etc/profile-a-l/gtk-update-icon-cache.profile | |||
@@ -7,7 +7,7 @@ include gtk-update-icon-cache.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gtk2-youtube-viewer.profile b/etc/profile-a-l/gtk2-youtube-viewer.profile index 787c7bd90..8241de43a 100644 --- a/etc/profile-a-l/gtk2-youtube-viewer.profile +++ b/etc/profile-a-l/gtk2-youtube-viewer.profile | |||
@@ -8,8 +8,8 @@ include gtk2-youtube-viewer.local | |||
8 | 8 | ||
9 | ignore quiet | 9 | ignore quiet |
10 | 10 | ||
11 | noblacklist /tmp/.X11-unix | 11 | nodeny /tmp/.X11-unix |
12 | noblacklist ${RUNUSER} | 12 | nodeny ${RUNUSER} |
13 | 13 | ||
14 | include whitelist-runuser-common.inc | 14 | include whitelist-runuser-common.inc |
15 | 15 | ||
diff --git a/etc/profile-a-l/gtk3-youtube-viewer.profile b/etc/profile-a-l/gtk3-youtube-viewer.profile index 988882622..6ea4ebbdc 100644 --- a/etc/profile-a-l/gtk3-youtube-viewer.profile +++ b/etc/profile-a-l/gtk3-youtube-viewer.profile | |||
@@ -8,8 +8,8 @@ include gtk3-youtube-viewer.local | |||
8 | 8 | ||
9 | ignore quiet | 9 | ignore quiet |
10 | 10 | ||
11 | noblacklist /tmp/.X11-unix | 11 | nodeny /tmp/.X11-unix |
12 | noblacklist ${RUNUSER} | 12 | nodeny ${RUNUSER} |
13 | 13 | ||
14 | include whitelist-runuser-common.inc | 14 | include whitelist-runuser-common.inc |
15 | 15 | ||
diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile index 3d2b71e9d..731bcad1d 100644 --- a/etc/profile-a-l/guayadeque.profile +++ b/etc/profile-a-l/guayadeque.profile | |||
@@ -5,8 +5,8 @@ include guayadeque.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.guayadeque | 8 | nodeny ${HOME}/.guayadeque |
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gummi.profile b/etc/profile-a-l/gummi.profile index 2223c37a1..5cdc2cc18 100644 --- a/etc/profile-a-l/gummi.profile +++ b/etc/profile-a-l/gummi.profile | |||
@@ -5,8 +5,8 @@ include gummi.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/gummi | 8 | nodeny ${HOME}/.cache/gummi |
9 | noblacklist ${HOME}/.config/gummi | 9 | nodeny ${HOME}/.config/gummi |
10 | 10 | ||
11 | # Allow lua (blacklisted by disable-interpreters.inc) | 11 | # Allow lua (blacklisted by disable-interpreters.inc) |
12 | include allow-lua.inc | 12 | include allow-lua.inc |
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile index 9221ca31c..3404f5177 100644 --- a/etc/profile-a-l/guvcview.profile +++ b/etc/profile-a-l/guvcview.profile | |||
@@ -6,10 +6,10 @@ include guvcview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/guvcview2 | 9 | nodeny ${HOME}/.config/guvcview2 |
10 | 10 | ||
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | noblacklist ${VIDEOS} | 12 | nodeny ${VIDEOS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -21,9 +21,9 @@ include disable-shell.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.config/guvcview2 | 23 | mkdir ${HOME}/.config/guvcview2 |
24 | whitelist ${HOME}/.config/guvcview2 | 24 | allow ${HOME}/.config/guvcview2 |
25 | whitelist ${PICTURES} | 25 | allow ${PICTURES} |
26 | whitelist ${VIDEOS} | 26 | allow ${VIDEOS} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile index d33e2a673..132b5a2e2 100644 --- a/etc/profile-a-l/gwenview.profile +++ b/etc/profile-a-l/gwenview.profile | |||
@@ -6,17 +6,17 @@ include gwenview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/GIMP | 9 | nodeny ${HOME}/.config/GIMP |
10 | noblacklist ${HOME}/.config/gwenviewrc | 10 | nodeny ${HOME}/.config/gwenviewrc |
11 | noblacklist ${HOME}/.config/org.kde.gwenviewrc | 11 | nodeny ${HOME}/.config/org.kde.gwenviewrc |
12 | noblacklist ${HOME}/.gimp* | 12 | nodeny ${HOME}/.gimp* |
13 | noblacklist ${HOME}/.kde/share/apps/gwenview | 13 | nodeny ${HOME}/.kde/share/apps/gwenview |
14 | noblacklist ${HOME}/.kde/share/config/gwenviewrc | 14 | nodeny ${HOME}/.kde/share/config/gwenviewrc |
15 | noblacklist ${HOME}/.kde4/share/apps/gwenview | 15 | nodeny ${HOME}/.kde4/share/apps/gwenview |
16 | noblacklist ${HOME}/.kde4/share/config/gwenviewrc | 16 | nodeny ${HOME}/.kde4/share/config/gwenviewrc |
17 | noblacklist ${HOME}/.local/share/gwenview | 17 | nodeny ${HOME}/.local/share/gwenview |
18 | noblacklist ${HOME}/.local/share/kxmlgui5/gwenview | 18 | nodeny ${HOME}/.local/share/kxmlgui5/gwenview |
19 | noblacklist ${HOME}/.local/share/org.kde.gwenview | 19 | nodeny ${HOME}/.local/share/org.kde.gwenview |
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-devel.inc | 22 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gzip.profile b/etc/profile-a-l/gzip.profile index b261c16f4..46c98bdc2 100644 --- a/etc/profile-a-l/gzip.profile +++ b/etc/profile-a-l/gzip.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | 9 | ||
10 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop | 10 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop |
11 | # all capabilities this is automatically read-only. | 11 | # all capabilities this is automatically read-only. |
12 | noblacklist /var/lib/pacman | 12 | nodeny /var/lib/pacman |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include archiver-common.profile | 15 | include archiver-common.profile |
diff --git a/etc/profile-a-l/handbrake.profile b/etc/profile-a-l/handbrake.profile index 847e1ec1e..c102ac4cb 100644 --- a/etc/profile-a-l/handbrake.profile +++ b/etc/profile-a-l/handbrake.profile | |||
@@ -6,9 +6,9 @@ include handbrake.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ghb | 9 | nodeny ${HOME}/.config/ghb |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile index aab4b0c21..d98a1b554 100644 --- a/etc/profile-a-l/hashcat.profile +++ b/etc/profile-a-l/hashcat.profile | |||
@@ -7,11 +7,11 @@ include hashcat.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | noblacklist ${HOME}/.hashcat | 12 | nodeny ${HOME}/.hashcat |
13 | noblacklist /usr/include | 13 | nodeny /usr/include |
14 | noblacklist ${DOCUMENTS} | 14 | nodeny ${DOCUMENTS} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile index 44584f26b..1c2a44e06 100644 --- a/etc/profile-a-l/hasher-common.profile +++ b/etc/profile-a-l/hasher-common.profile | |||
@@ -4,7 +4,7 @@ include hasher-common.local | |||
4 | 4 | ||
5 | # common profile for hasher/checksum tools | 5 | # common profile for hasher/checksum tools |
6 | 6 | ||
7 | blacklist ${RUNUSER} | 7 | deny ${RUNUSER} |
8 | 8 | ||
9 | # Comment/uncomment the relevant include file(s) in your hasher-common.local | 9 | # Comment/uncomment the relevant include file(s) in your hasher-common.local |
10 | # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher** | 10 | # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher** |
diff --git a/etc/profile-a-l/hedgewars.profile b/etc/profile-a-l/hedgewars.profile index c0675d8ec..90833af91 100644 --- a/etc/profile-a-l/hedgewars.profile +++ b/etc/profile-a-l/hedgewars.profile | |||
@@ -6,7 +6,7 @@ include hedgewars.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.hedgewars | 9 | nodeny ${HOME}/.hedgewars |
10 | 10 | ||
11 | include allow-lua.inc | 11 | include allow-lua.inc |
12 | 12 | ||
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.hedgewars | 19 | mkdir ${HOME}/.hedgewars |
20 | whitelist ${HOME}/.hedgewars | 20 | allow ${HOME}/.hedgewars |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile index b887de147..993efb591 100644 --- a/etc/profile-a-l/hexchat.profile +++ b/etc/profile-a-l/hexchat.profile | |||
@@ -6,7 +6,7 @@ include hexchat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/hexchat | 9 | nodeny ${HOME}/.config/hexchat |
10 | 10 | ||
11 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 11 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
12 | include allow-bin-sh.inc | 12 | include allow-bin-sh.inc |
@@ -28,7 +28,7 @@ include disable-shell.inc | |||
28 | include disable-xdg.inc | 28 | include disable-xdg.inc |
29 | 29 | ||
30 | mkdir ${HOME}/.config/hexchat | 30 | mkdir ${HOME}/.config/hexchat |
31 | whitelist ${HOME}/.config/hexchat | 31 | allow ${HOME}/.config/hexchat |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile index 643736ac7..53db642dc 100644 --- a/etc/profile-a-l/highlight.profile +++ b/etc/profile-a-l/highlight.profile | |||
@@ -6,7 +6,7 @@ include highlight.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER} | 9 | deny ${RUNUSER} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile index 199b1a5e5..ef259cc00 100644 --- a/etc/profile-a-l/homebank.profile +++ b/etc/profile-a-l/homebank.profile | |||
@@ -6,7 +6,7 @@ include homebank.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/homebank | 9 | nodeny ${HOME}/.config/homebank |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/homebank | 20 | mkdir ${HOME}/.config/homebank |
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | whitelist ${HOME}/.config/homebank | 22 | allow ${HOME}/.config/homebank |
23 | whitelist /usr/share/homebank | 23 | allow /usr/share/homebank |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile index 00d9f7a76..63e1be259 100644 --- a/etc/profile-a-l/host.profile +++ b/etc/profile-a-l/host.profile | |||
@@ -7,8 +7,8 @@ include host.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | noblacklist ${PATH}/host | 11 | nodeny ${PATH}/host |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile index 267712c87..db5cd29cc 100644 --- a/etc/profile-a-l/hugin.profile +++ b/etc/profile-a-l/hugin.profile | |||
@@ -6,9 +6,9 @@ include hugin.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.hugin | 9 | nodeny ${HOME}/.hugin |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile index e66ffd7e1..1fb33ceb8 100644 --- a/etc/profile-a-l/hyperrogue.profile +++ b/etc/profile-a-l/hyperrogue.profile | |||
@@ -6,7 +6,7 @@ include hyperrogue.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/hyperrogue.ini | 9 | nodeny ${HOME}/hyperrogue.ini |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/hyperrogue.ini | 20 | mkfile ${HOME}/hyperrogue.ini |
21 | whitelist ${HOME}/hyperrogue.ini | 21 | allow ${HOME}/hyperrogue.ini |
22 | whitelist /usr/share/hyperrogue | 22 | allow /usr/share/hyperrogue |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile index 47c984175..c8a2e8a04 100644 --- a/etc/profile-a-l/i2prouter.profile +++ b/etc/profile-a-l/i2prouter.profile | |||
@@ -14,12 +14,12 @@ include globals.local | |||
14 | # Only needed when i2prouter binary resides in home directory (official I2P java installer does so). | 14 | # Only needed when i2prouter binary resides in home directory (official I2P java installer does so). |
15 | ignore noexec ${HOME} | 15 | ignore noexec ${HOME} |
16 | 16 | ||
17 | noblacklist ${HOME}/.config/i2p | 17 | nodeny ${HOME}/.config/i2p |
18 | noblacklist ${HOME}/.i2p | 18 | nodeny ${HOME}/.i2p |
19 | noblacklist ${HOME}/.local/share/i2p | 19 | nodeny ${HOME}/.local/share/i2p |
20 | noblacklist ${HOME}/i2p | 20 | nodeny ${HOME}/i2p |
21 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). | 21 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). |
22 | noblacklist /usr/sbin | 22 | nodeny /usr/sbin |
23 | 23 | ||
24 | # Allow java (blacklisted by disable-devel.inc) | 24 | # Allow java (blacklisted by disable-devel.inc) |
25 | include allow-java.inc | 25 | include allow-java.inc |
@@ -36,12 +36,12 @@ mkdir ${HOME}/.config/i2p | |||
36 | mkdir ${HOME}/.i2p | 36 | mkdir ${HOME}/.i2p |
37 | mkdir ${HOME}/.local/share/i2p | 37 | mkdir ${HOME}/.local/share/i2p |
38 | mkdir ${HOME}/i2p | 38 | mkdir ${HOME}/i2p |
39 | whitelist ${HOME}/.config/i2p | 39 | allow ${HOME}/.config/i2p |
40 | whitelist ${HOME}/.i2p | 40 | allow ${HOME}/.i2p |
41 | whitelist ${HOME}/.local/share/i2p | 41 | allow ${HOME}/.local/share/i2p |
42 | whitelist ${HOME}/i2p | 42 | allow ${HOME}/i2p |
43 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). | 43 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). |
44 | whitelist /usr/sbin/wrapper* | 44 | allow /usr/sbin/wrapper* |
45 | 45 | ||
46 | include whitelist-common.inc | 46 | include whitelist-common.inc |
47 | 47 | ||
diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile index e96b1843c..95ddad221 100644 --- a/etc/profile-a-l/i3.profile +++ b/etc/profile-a-l/i3.profile | |||
@@ -7,7 +7,7 @@ include i3.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in i3 will run in this profile | 9 | # all applications started in i3 will run in this profile |
10 | noblacklist ${HOME}/.config/i3 | 10 | nodeny ${HOME}/.config/i3 |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/icecat.profile b/etc/profile-a-l/icecat.profile index 660343a29..0de2f658b 100644 --- a/etc/profile-a-l/icecat.profile +++ b/etc/profile-a-l/icecat.profile | |||
@@ -5,13 +5,13 @@ include icecat.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/mozilla | 8 | nodeny ${HOME}/.cache/mozilla |
9 | noblacklist ${HOME}/.mozilla | 9 | nodeny ${HOME}/.mozilla |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/mozilla/icecat | 11 | mkdir ${HOME}/.cache/mozilla/icecat |
12 | mkdir ${HOME}/.mozilla | 12 | mkdir ${HOME}/.mozilla |
13 | whitelist ${HOME}/.cache/mozilla/icecat | 13 | allow ${HOME}/.cache/mozilla/icecat |
14 | whitelist ${HOME}/.mozilla | 14 | allow ${HOME}/.mozilla |
15 | 15 | ||
16 | # private-etc must first be enabled in firefox-common.profile | 16 | # private-etc must first be enabled in firefox-common.profile |
17 | #private-etc icecat | 17 | #private-etc icecat |
diff --git a/etc/profile-a-l/icedove.profile b/etc/profile-a-l/icedove.profile index 19690cd5a..0c22d87d0 100644 --- a/etc/profile-a-l/icedove.profile +++ b/etc/profile-a-l/icedove.profile | |||
@@ -9,16 +9,16 @@ include icedove.local | |||
9 | # Users have icedove set to open a browser by clicking a link in an email | 9 | # Users have icedove set to open a browser by clicking a link in an email |
10 | # We are not allowed to blacklist browser-specific directories | 10 | # We are not allowed to blacklist browser-specific directories |
11 | 11 | ||
12 | noblacklist ${HOME}/.cache/icedove | 12 | nodeny ${HOME}/.cache/icedove |
13 | noblacklist ${HOME}/.gnupg | 13 | nodeny ${HOME}/.gnupg |
14 | noblacklist ${HOME}/.icedove | 14 | nodeny ${HOME}/.icedove |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/icedove | 16 | mkdir ${HOME}/.cache/icedove |
17 | mkdir ${HOME}/.gnupg | 17 | mkdir ${HOME}/.gnupg |
18 | mkdir ${HOME}/.icedove | 18 | mkdir ${HOME}/.icedove |
19 | whitelist ${HOME}/.cache/icedove | 19 | allow ${HOME}/.cache/icedove |
20 | whitelist ${HOME}/.gnupg | 20 | allow ${HOME}/.gnupg |
21 | whitelist ${HOME}/.icedove | 21 | allow ${HOME}/.icedove |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | ignore private-tmp | 24 | ignore private-tmp |
diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile index 680b8e777..180b62ec2 100644 --- a/etc/profile-a-l/idea.sh.profile +++ b/etc/profile-a-l/idea.sh.profile | |||
@@ -5,12 +5,12 @@ include idea.sh.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.IdeaIC* | 8 | nodeny ${HOME}/.IdeaIC* |
9 | noblacklist ${HOME}/.android | 9 | nodeny ${HOME}/.android |
10 | noblacklist ${HOME}/.jack-server | 10 | nodeny ${HOME}/.jack-server |
11 | noblacklist ${HOME}/.jack-settings | 11 | nodeny ${HOME}/.jack-settings |
12 | noblacklist ${HOME}/.local/share/JetBrains | 12 | nodeny ${HOME}/.local/share/JetBrains |
13 | noblacklist ${HOME}/.tooling | 13 | nodeny ${HOME}/.tooling |
14 | 14 | ||
15 | # Allows files commonly used by IDEs | 15 | # Allows files commonly used by IDEs |
16 | include allow-common-devel.inc | 16 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/imagej.profile b/etc/profile-a-l/imagej.profile index 12ce7976b..5d28e7aca 100644 --- a/etc/profile-a-l/imagej.profile +++ b/etc/profile-a-l/imagej.profile | |||
@@ -6,7 +6,7 @@ include imagej.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.imagej | 9 | nodeny ${HOME}/.imagej |
10 | 10 | ||
11 | # Allow java (blacklisted by disable-devel.inc) | 11 | # Allow java (blacklisted by disable-devel.inc) |
12 | include allow-java.inc | 12 | include allow-java.inc |
diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile index c26958d06..70d56a7dc 100644 --- a/etc/profile-a-l/img2txt.profile +++ b/etc/profile-a-l/img2txt.profile | |||
@@ -5,10 +5,10 @@ include img2txt.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | blacklist ${RUNUSER}/wayland-* | 8 | deny ${RUNUSER}/wayland-* |
9 | 9 | ||
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist /usr/share/imlib2 | 21 | allow /usr/share/imlib2 |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/impressive.profile b/etc/profile-a-l/impressive.profile index c152be01c..4914cd9d0 100644 --- a/etc/profile-a-l/impressive.profile +++ b/etc/profile-a-l/impressive.profile | |||
@@ -6,9 +6,9 @@ include impressive.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist /sbin | 10 | nodeny /sbin |
11 | noblacklist /usr/sbin | 11 | nodeny /usr/sbin |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | #include allow-python2.inc | 14 | #include allow-python2.inc |
@@ -23,8 +23,8 @@ include disable-programs.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.cache/mesa_shader_cache | 25 | mkdir ${HOME}/.cache/mesa_shader_cache |
26 | whitelist /usr/share/opengl-games-utils | 26 | allow /usr/share/opengl-games-utils |
27 | whitelist /usr/share/zenity | 27 | allow /usr/share/zenity |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile index 35dd86b32..1a949b300 100644 --- a/etc/profile-a-l/inkscape.profile +++ b/etc/profile-a-l/inkscape.profile | |||
@@ -6,14 +6,14 @@ include inkscape.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/inkscape | 9 | nodeny ${HOME}/.cache/inkscape |
10 | noblacklist ${HOME}/.config/inkscape | 10 | nodeny ${HOME}/.config/inkscape |
11 | noblacklist ${HOME}/.inkscape | 11 | nodeny ${HOME}/.inkscape |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | noblacklist ${PICTURES} | 13 | nodeny ${PICTURES} |
14 | # Allow exporting .xcf files | 14 | # Allow exporting .xcf files |
15 | noblacklist ${HOME}/.config/GIMP | 15 | nodeny ${HOME}/.config/GIMP |
16 | noblacklist ${HOME}/.gimp* | 16 | nodeny ${HOME}/.gimp* |
17 | 17 | ||
18 | 18 | ||
19 | # Allow python (blacklisted by disable-interpreters.inc) | 19 | # Allow python (blacklisted by disable-interpreters.inc) |
@@ -28,7 +28,7 @@ include disable-passwdmgr.inc | |||
28 | include disable-programs.inc | 28 | include disable-programs.inc |
29 | include disable-xdg.inc | 29 | include disable-xdg.inc |
30 | 30 | ||
31 | whitelist /usr/share/inkscape | 31 | allow /usr/share/inkscape |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-a-l/inox.profile b/etc/profile-a-l/inox.profile index a5cac12f2..1591ed7ea 100644 --- a/etc/profile-a-l/inox.profile +++ b/etc/profile-a-l/inox.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/inox | 13 | nodeny ${HOME}/.cache/inox |
14 | noblacklist ${HOME}/.config/inox | 14 | nodeny ${HOME}/.config/inox |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/inox | 16 | mkdir ${HOME}/.cache/inox |
17 | mkdir ${HOME}/.config/inox | 17 | mkdir ${HOME}/.config/inox |
18 | whitelist ${HOME}/.cache/inox | 18 | allow ${HOME}/.cache/inox |
19 | whitelist ${HOME}/.config/inox | 19 | allow ${HOME}/.config/inox |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/iridium.profile b/etc/profile-a-l/iridium.profile index 3037d00e9..f361fd663 100644 --- a/etc/profile-a-l/iridium.profile +++ b/etc/profile-a-l/iridium.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/iridium | 13 | nodeny ${HOME}/.cache/iridium |
14 | noblacklist ${HOME}/.config/iridium | 14 | nodeny ${HOME}/.config/iridium |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/iridium | 16 | mkdir ${HOME}/.cache/iridium |
17 | mkdir ${HOME}/.config/iridium | 17 | mkdir ${HOME}/.config/iridium |
18 | whitelist ${HOME}/.cache/iridium | 18 | allow ${HOME}/.cache/iridium |
19 | whitelist ${HOME}/.config/iridium | 19 | allow ${HOME}/.config/iridium |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/itch.profile b/etc/profile-a-l/itch.profile index e02dcbdb1..fa0bcf986 100644 --- a/etc/profile-a-l/itch.profile +++ b/etc/profile-a-l/itch.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | # itch.io has native firejail/sandboxing support bundled in | 8 | # itch.io has native firejail/sandboxing support bundled in |
9 | # See https://itch.io/docs/itch/using/sandbox/linux.html | 9 | # See https://itch.io/docs/itch/using/sandbox/linux.html |
10 | 10 | ||
11 | noblacklist ${HOME}/.itch | 11 | nodeny ${HOME}/.itch |
12 | noblacklist ${HOME}/.config/itch | 12 | nodeny ${HOME}/.config/itch |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-programs.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.itch | 20 | mkdir ${HOME}/.itch |
21 | mkdir ${HOME}/.config/itch | 21 | mkdir ${HOME}/.config/itch |
22 | whitelist ${HOME}/.itch | 22 | allow ${HOME}/.itch |
23 | whitelist ${HOME}/.config/itch | 23 | allow ${HOME}/.config/itch |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile index 3e9abf369..e4be574df 100644 --- a/etc/profile-a-l/jami-gnome.profile +++ b/etc/profile-a-l/jami-gnome.profile | |||
@@ -6,8 +6,8 @@ include jami-gnome.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/jami | 9 | nodeny ${HOME}/.config/jami |
10 | noblacklist ${HOME}/.local/share/jami | 10 | nodeny ${HOME}/.local/share/jami |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.config/jami | 19 | mkdir ${HOME}/.config/jami |
20 | mkdir ${HOME}/.local/share/jami | 20 | mkdir ${HOME}/.local/share/jami |
21 | whitelist ${HOME}/.config/jami | 21 | allow ${HOME}/.config/jami |
22 | whitelist ${HOME}/.local/share/jami | 22 | allow ${HOME}/.local/share/jami |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-a-l/jd-gui.profile b/etc/profile-a-l/jd-gui.profile index 7d29f1068..bfea84c69 100644 --- a/etc/profile-a-l/jd-gui.profile +++ b/etc/profile-a-l/jd-gui.profile | |||
@@ -5,7 +5,7 @@ include jd-gui.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/jd-gui.cfg | 8 | nodeny ${HOME}/.config/jd-gui.cfg |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile index 85b1f2120..c41027618 100644 --- a/etc/profile-a-l/jerry.profile +++ b/etc/profile-a-l/jerry.profile | |||
@@ -6,7 +6,7 @@ include jerry.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/dkl | 9 | nodeny ${HOME}/.config/dkl |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/jitsi-meet-desktop.profile b/etc/profile-a-l/jitsi-meet-desktop.profile index edb7ed840..9ca30c36d 100644 --- a/etc/profile-a-l/jitsi-meet-desktop.profile +++ b/etc/profile-a-l/jitsi-meet-desktop.profile | |||
@@ -13,12 +13,12 @@ ignore shell none | |||
13 | 13 | ||
14 | ignore noexec /tmp | 14 | ignore noexec /tmp |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/Jitsi Meet | 16 | nodeny ${HOME}/.config/Jitsi Meet |
17 | 17 | ||
18 | nowhitelist ${DOWNLOADS} | 18 | noallow ${DOWNLOADS} |
19 | 19 | ||
20 | mkdir ${HOME}/.config/Jitsi Meet | 20 | mkdir ${HOME}/.config/Jitsi Meet |
21 | whitelist ${HOME}/.config/Jitsi Meet | 21 | allow ${HOME}/.config/Jitsi Meet |
22 | 22 | ||
23 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh | 23 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh |
24 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg | 24 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg |
diff --git a/etc/profile-a-l/jitsi.profile b/etc/profile-a-l/jitsi.profile index 223c360b8..f53e6ca32 100644 --- a/etc/profile-a-l/jitsi.profile +++ b/etc/profile-a-l/jitsi.profile | |||
@@ -5,7 +5,7 @@ include jitsi.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.jitsi | 8 | nodeny ${HOME}/.jitsi |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile index 9954b8aea..c0a78ecc0 100644 --- a/etc/profile-a-l/jumpnbump.profile +++ b/etc/profile-a-l/jumpnbump.profile | |||
@@ -6,7 +6,7 @@ include jumpnbump.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.jumpnbump | 9 | nodeny ${HOME}/.jumpnbump |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.jumpnbump | 19 | mkdir ${HOME}/.jumpnbump |
20 | whitelist ${HOME}/.jumpnbump | 20 | allow ${HOME}/.jumpnbump |
21 | whitelist /usr/share/jumpnbump | 21 | allow /usr/share/jumpnbump |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile index 5ae90dff6..73ce8670f 100644 --- a/etc/profile-a-l/k3b.profile +++ b/etc/profile-a-l/k3b.profile | |||
@@ -6,11 +6,11 @@ include k3b.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/k3brc | 9 | nodeny ${HOME}/.config/k3brc |
10 | noblacklist ${HOME}/.kde/share/config/k3brc | 10 | nodeny ${HOME}/.kde/share/config/k3brc |
11 | noblacklist ${HOME}/.kde4/share/config/k3brc | 11 | nodeny ${HOME}/.kde4/share/config/k3brc |
12 | noblacklist ${HOME}/.local/share/kxmlgui5/k3b | 12 | nodeny ${HOME}/.local/share/kxmlgui5/k3b |
13 | noblacklist ${MUSIC} | 13 | nodeny ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile index d55fd22cb..e6a00e350 100644 --- a/etc/profile-a-l/kaffeine.profile +++ b/etc/profile-a-l/kaffeine.profile | |||
@@ -6,14 +6,14 @@ include kaffeine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kaffeinerc | 9 | nodeny ${HOME}/.config/kaffeinerc |
10 | noblacklist ${HOME}/.kde/share/apps/kaffeine | 10 | nodeny ${HOME}/.kde/share/apps/kaffeine |
11 | noblacklist ${HOME}/.kde/share/config/kaffeinerc | 11 | nodeny ${HOME}/.kde/share/config/kaffeinerc |
12 | noblacklist ${HOME}/.kde4/share/apps/kaffeine | 12 | nodeny ${HOME}/.kde4/share/apps/kaffeine |
13 | noblacklist ${HOME}/.kde4/share/config/kaffeinerc | 13 | nodeny ${HOME}/.kde4/share/config/kaffeinerc |
14 | noblacklist ${HOME}/.local/share/kaffeine | 14 | nodeny ${HOME}/.local/share/kaffeine |
15 | noblacklist ${MUSIC} | 15 | nodeny ${MUSIC} |
16 | noblacklist ${VIDEOS} | 16 | nodeny ${VIDEOS} |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile index 503dac4b6..98b04353e 100644 --- a/etc/profile-a-l/kalgebra.profile +++ b/etc/profile-a-l/kalgebra.profile | |||
@@ -6,8 +6,8 @@ include kalgebra.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kalgebrarc | 9 | nodeny ${HOME}/.config/kalgebrarc |
10 | noblacklist ${HOME}/.local/share/kalgebra | 10 | nodeny ${HOME}/.local/share/kalgebra |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist /usr/share/kalgebramobile | 20 | allow /usr/share/kalgebramobile |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-a-l/karbon.profile b/etc/profile-a-l/karbon.profile index 231299a2f..db5394550 100644 --- a/etc/profile-a-l/karbon.profile +++ b/etc/profile-a-l/karbon.profile | |||
@@ -6,7 +6,7 @@ include karbon.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/karbon | 9 | nodeny ${HOME}/.local/share/kxmlgui5/karbon |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include krita.profile | 12 | include krita.profile |
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile index 27b87e7c3..d2b180492 100644 --- a/etc/profile-a-l/kate.profile +++ b/etc/profile-a-l/kate.profile | |||
@@ -8,20 +8,20 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/katemetainfos | 11 | nodeny ${HOME}/.config/katemetainfos |
12 | noblacklist ${HOME}/.config/katepartrc | 12 | nodeny ${HOME}/.config/katepartrc |
13 | noblacklist ${HOME}/.config/katerc | 13 | nodeny ${HOME}/.config/katerc |
14 | noblacklist ${HOME}/.config/kateschemarc | 14 | nodeny ${HOME}/.config/kateschemarc |
15 | noblacklist ${HOME}/.config/katesyntaxhighlightingrc | 15 | nodeny ${HOME}/.config/katesyntaxhighlightingrc |
16 | noblacklist ${HOME}/.config/katevirc | 16 | nodeny ${HOME}/.config/katevirc |
17 | noblacklist ${HOME}/.local/share/kate | 17 | nodeny ${HOME}/.local/share/kate |
18 | noblacklist ${HOME}/.local/share/kxmlgui5/kate | 18 | nodeny ${HOME}/.local/share/kxmlgui5/kate |
19 | noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree | 19 | nodeny ${HOME}/.local/share/kxmlgui5/katefiletree |
20 | noblacklist ${HOME}/.local/share/kxmlgui5/katekonsole | 20 | nodeny ${HOME}/.local/share/kxmlgui5/katekonsole |
21 | noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin | 21 | nodeny ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin |
22 | noblacklist ${HOME}/.local/share/kxmlgui5/katepart | 22 | nodeny ${HOME}/.local/share/kxmlgui5/katepart |
23 | noblacklist ${HOME}/.local/share/kxmlgui5/kateproject | 23 | nodeny ${HOME}/.local/share/kxmlgui5/kateproject |
24 | noblacklist ${HOME}/.local/share/kxmlgui5/katesearch | 24 | nodeny ${HOME}/.local/share/kxmlgui5/katesearch |
25 | 25 | ||
26 | include disable-common.inc | 26 | include disable-common.inc |
27 | # include disable-devel.inc | 27 | # include disable-devel.inc |
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile index 9795cf168..a4e2e64f4 100644 --- a/etc/profile-a-l/kazam.profile +++ b/etc/profile-a-l/kazam.profile | |||
@@ -8,9 +8,9 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | noblacklist ${VIDEOS} | 12 | nodeny ${VIDEOS} |
13 | noblacklist ${HOME}/.config/kazam | 13 | nodeny ${HOME}/.config/kazam |
14 | 14 | ||
15 | # Allow python (blacklisted by disable-interpreters.inc) | 15 | # Allow python (blacklisted by disable-interpreters.inc) |
16 | include allow-python2.inc | 16 | include allow-python2.inc |
@@ -25,7 +25,7 @@ include disable-passwdmgr.inc | |||
25 | include disable-shell.inc | 25 | include disable-shell.inc |
26 | include disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | whitelist /usr/share/kazam | 28 | allow /usr/share/kazam |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile index e36ee5ed2..fcb168d4d 100644 --- a/etc/profile-a-l/kcalc.profile +++ b/etc/profile-a-l/kcalc.profile | |||
@@ -6,7 +6,7 @@ include kcalc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/kcalc | 9 | nodeny ${HOME}/.local/share/kxmlgui5/kcalc |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -21,13 +21,13 @@ mkdir ${HOME}/.local/share/kxmlgui5/kcalc | |||
21 | mkfile ${HOME}/.config/kcalcrc | 21 | mkfile ${HOME}/.config/kcalcrc |
22 | mkfile ${HOME}/.kde/share/config/kcalcrc | 22 | mkfile ${HOME}/.kde/share/config/kcalcrc |
23 | mkfile ${HOME}/.kde4/share/config/kcalcrc | 23 | mkfile ${HOME}/.kde4/share/config/kcalcrc |
24 | whitelist ${HOME}/.config/kcalcrc | 24 | allow ${HOME}/.config/kcalcrc |
25 | whitelist ${HOME}/.kde/share/config/kcalcrc | 25 | allow ${HOME}/.kde/share/config/kcalcrc |
26 | whitelist ${HOME}/.kde4/share/config/kcalcrc | 26 | allow ${HOME}/.kde4/share/config/kcalcrc |
27 | whitelist ${HOME}/.local/share/kxmlgui5/kcalc | 27 | allow ${HOME}/.local/share/kxmlgui5/kcalc |
28 | whitelist /usr/share/config.kcfg/kcalc.kcfg | 28 | allow /usr/share/config.kcfg/kcalc.kcfg |
29 | whitelist /usr/share/kcalc | 29 | allow /usr/share/kcalc |
30 | whitelist /usr/share/kconf_update/kcalcrc.upd | 30 | allow /usr/share/kconf_update/kcalcrc.upd |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
33 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile index d2a08a269..4acafbf2a 100644 --- a/etc/profile-a-l/kdenlive.profile +++ b/etc/profile-a-l/kdenlive.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/kdenlive | 11 | nodeny ${HOME}/.cache/kdenlive |
12 | noblacklist ${HOME}/.config/kdenliverc | 12 | nodeny ${HOME}/.config/kdenliverc |
13 | noblacklist ${HOME}/.local/share/kdenlive | 13 | nodeny ${HOME}/.local/share/kdenlive |
14 | noblacklist ${HOME}/.local/share/kxmlgui5/kdenlive | 14 | nodeny ${HOME}/.local/share/kxmlgui5/kdenlive |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile index 7c1cb2294..0c37f7968 100644 --- a/etc/profile-a-l/kdiff3.profile +++ b/etc/profile-a-l/kdiff3.profile | |||
@@ -6,14 +6,14 @@ include kdiff3.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kdiff3fileitemactionrc | 9 | nodeny ${HOME}/.config/kdiff3fileitemactionrc |
10 | noblacklist ${HOME}/.config/kdiff3rc | 10 | nodeny ${HOME}/.config/kdiff3rc |
11 | 11 | ||
12 | # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc. | 12 | # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc. |
13 | # By default we deny access only to .ssh and .gnupg. | 13 | # By default we deny access only to .ssh and .gnupg. |
14 | #include disable-common.inc | 14 | #include disable-common.inc |
15 | blacklist ${HOME}/.ssh | 15 | deny ${HOME}/.ssh |
16 | blacklist ${HOME}/.gnupg | 16 | deny ${HOME}/.gnupg |
17 | 17 | ||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile index ae8971ab4..9c06962bc 100644 --- a/etc/profile-a-l/keepass.profile +++ b/etc/profile-a-l/keepass.profile | |||
@@ -6,14 +6,14 @@ include keepass.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/*.kdb | 9 | nodeny ${HOME}/*.kdb |
10 | noblacklist ${HOME}/*.kdbx | 10 | nodeny ${HOME}/*.kdbx |
11 | noblacklist ${HOME}/.config/KeePass | 11 | nodeny ${HOME}/.config/KeePass |
12 | noblacklist ${HOME}/.config/keepass | 12 | nodeny ${HOME}/.config/keepass |
13 | noblacklist ${HOME}/.keepass | 13 | nodeny ${HOME}/.keepass |
14 | noblacklist ${HOME}/.local/share/KeePass | 14 | nodeny ${HOME}/.local/share/KeePass |
15 | noblacklist ${HOME}/.local/share/keepass | 15 | nodeny ${HOME}/.local/share/keepass |
16 | noblacklist ${DOCUMENTS} | 16 | nodeny ${DOCUMENTS} |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile index ac364986d..2772fa8bf 100644 --- a/etc/profile-a-l/keepassx.profile +++ b/etc/profile-a-l/keepassx.profile | |||
@@ -6,11 +6,11 @@ include keepassx.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/*.kdb | 9 | nodeny ${HOME}/*.kdb |
10 | noblacklist ${HOME}/*.kdbx | 10 | nodeny ${HOME}/*.kdbx |
11 | noblacklist ${HOME}/.config/keepassx | 11 | nodeny ${HOME}/.config/keepassx |
12 | noblacklist ${HOME}/.keepassx | 12 | nodeny ${HOME}/.keepassx |
13 | noblacklist ${DOCUMENTS} | 13 | nodeny ${DOCUMENTS} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile index f71dcf82b..9c530b20d 100644 --- a/etc/profile-a-l/keepassxc.profile +++ b/etc/profile-a-l/keepassxc.profile | |||
@@ -6,23 +6,23 @@ include keepassxc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/*.kdb | 9 | nodeny ${HOME}/*.kdb |
10 | noblacklist ${HOME}/*.kdbx | 10 | nodeny ${HOME}/*.kdbx |
11 | noblacklist ${HOME}/.cache/keepassxc | 11 | nodeny ${HOME}/.cache/keepassxc |
12 | noblacklist ${HOME}/.config/keepassxc | 12 | nodeny ${HOME}/.config/keepassxc |
13 | noblacklist ${HOME}/.config/KeePassXCrc | 13 | nodeny ${HOME}/.config/KeePassXCrc |
14 | noblacklist ${HOME}/.keepassxc | 14 | nodeny ${HOME}/.keepassxc |
15 | noblacklist ${DOCUMENTS} | 15 | nodeny ${DOCUMENTS} |
16 | 16 | ||
17 | # Allow browser profiles, required for browser integration. | 17 | # Allow browser profiles, required for browser integration. |
18 | noblacklist ${HOME}/.config/BraveSoftware | 18 | nodeny ${HOME}/.config/BraveSoftware |
19 | noblacklist ${HOME}/.config/chromium | 19 | nodeny ${HOME}/.config/chromium |
20 | noblacklist ${HOME}/.config/google-chrome | 20 | nodeny ${HOME}/.config/google-chrome |
21 | noblacklist ${HOME}/.config/vivaldi | 21 | nodeny ${HOME}/.config/vivaldi |
22 | noblacklist ${HOME}/.local/share/torbrowser | 22 | nodeny ${HOME}/.local/share/torbrowser |
23 | noblacklist ${HOME}/.mozilla | 23 | nodeny ${HOME}/.mozilla |
24 | 24 | ||
25 | blacklist /usr/libexec | 25 | deny /usr/libexec |
26 | 26 | ||
27 | include disable-common.inc | 27 | include disable-common.inc |
28 | include disable-devel.inc | 28 | include disable-devel.inc |
@@ -57,7 +57,7 @@ include disable-xdg.inc | |||
57 | #whitelist ${HOME}/.config/KeePassXCrc | 57 | #whitelist ${HOME}/.config/KeePassXCrc |
58 | #include whitelist-common.inc | 58 | #include whitelist-common.inc |
59 | 59 | ||
60 | whitelist /usr/share/keepassxc | 60 | allow /usr/share/keepassxc |
61 | include whitelist-usr-share-common.inc | 61 | include whitelist-usr-share-common.inc |
62 | include whitelist-var-common.inc | 62 | include whitelist-var-common.inc |
63 | 63 | ||
diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile index 2c684504b..30c041cbc 100644 --- a/etc/profile-a-l/kget.profile +++ b/etc/profile-a-l/kget.profile | |||
@@ -6,13 +6,13 @@ include kget.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kgetrc | 9 | nodeny ${HOME}/.config/kgetrc |
10 | noblacklist ${HOME}/.kde/share/apps/kget | 10 | nodeny ${HOME}/.kde/share/apps/kget |
11 | noblacklist ${HOME}/.kde/share/config/kgetrc | 11 | nodeny ${HOME}/.kde/share/config/kgetrc |
12 | noblacklist ${HOME}/.kde4/share/apps/kget | 12 | nodeny ${HOME}/.kde4/share/apps/kget |
13 | noblacklist ${HOME}/.kde4/share/config/kgetrc | 13 | nodeny ${HOME}/.kde4/share/config/kgetrc |
14 | noblacklist ${HOME}/.local/share/kget | 14 | nodeny ${HOME}/.local/share/kget |
15 | noblacklist ${HOME}/.local/share/kxmlgui5/kget | 15 | nodeny ${HOME}/.local/share/kxmlgui5/kget |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kid3-qt.profile b/etc/profile-a-l/kid3-qt.profile index 9bcede077..84d135fc3 100644 --- a/etc/profile-a-l/kid3-qt.profile +++ b/etc/profile-a-l/kid3-qt.profile | |||
@@ -2,7 +2,7 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | include kid3-qt.local | 3 | include kid3-qt.local |
4 | 4 | ||
5 | noblacklist ${HOME}/.config/Kid3 | 5 | nodeny ${HOME}/.config/Kid3 |
6 | 6 | ||
7 | # Redirect | 7 | # Redirect |
8 | include kid3.profile | 8 | include kid3.profile |
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile index e18292e99..0ef2a7845 100644 --- a/etc/profile-a-l/kid3.profile +++ b/etc/profile-a-l/kid3.profile | |||
@@ -6,9 +6,9 @@ include kid3.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | noblacklist ${HOME}/.config/kid3rc | 10 | nodeny ${HOME}/.config/kid3rc |
11 | noblacklist ${HOME}/.local/share/kxmlgui5/kid3 | 11 | nodeny ${HOME}/.local/share/kxmlgui5/kid3 |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kino.profile b/etc/profile-a-l/kino.profile index 74014ffe6..833c1d22a 100644 --- a/etc/profile-a-l/kino.profile +++ b/etc/profile-a-l/kino.profile | |||
@@ -6,8 +6,8 @@ include kino.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.kino-history | 9 | nodeny ${HOME}/.kino-history |
10 | noblacklist ${HOME}/.kinorc | 10 | nodeny ${HOME}/.kinorc |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile index 40ee0bbc7..b188ba0e3 100644 --- a/etc/profile-a-l/kiwix-desktop.profile +++ b/etc/profile-a-l/kiwix-desktop.profile | |||
@@ -6,8 +6,8 @@ include kiwix-desktop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kiwix | 9 | nodeny ${HOME}/.local/share/kiwix |
10 | noblacklist ${HOME}/.local/share/kiwix-desktop | 10 | nodeny ${HOME}/.local/share/kiwix-desktop |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/kiwix | 20 | mkdir ${HOME}/.local/share/kiwix |
21 | mkdir ${HOME}/.local/share/kiwix-desktop | 21 | mkdir ${HOME}/.local/share/kiwix-desktop |
22 | whitelist ${HOME}/.local/share/kiwix | 22 | allow ${HOME}/.local/share/kiwix |
23 | whitelist ${HOME}/.local/share/kiwix-desktop | 23 | allow ${HOME}/.local/share/kiwix-desktop |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/klatexformula.profile b/etc/profile-a-l/klatexformula.profile index c6a9023f1..e087e4973 100644 --- a/etc/profile-a-l/klatexformula.profile +++ b/etc/profile-a-l/klatexformula.profile | |||
@@ -6,8 +6,8 @@ include klatexformula.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.kde/share/apps/klatexformula | 9 | nodeny ${HOME}/.kde/share/apps/klatexformula |
10 | noblacklist ${HOME}/.klatexformula | 10 | nodeny ${HOME}/.klatexformula |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile index f5cd3a48c..ec3912419 100644 --- a/etc/profile-a-l/klavaro.profile +++ b/etc/profile-a-l/klavaro.profile | |||
@@ -6,8 +6,8 @@ include klavaro.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/klavaro | 9 | nodeny ${HOME}/.config/klavaro |
10 | noblacklist ${HOME}/.local/share/klavaro | 10 | nodeny ${HOME}/.local/share/klavaro |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/klavaro | 20 | mkdir ${HOME}/.local/share/klavaro |
21 | mkdir ${HOME}/.config/klavaro | 21 | mkdir ${HOME}/.config/klavaro |
22 | whitelist ${HOME}/.local/share/klavaro | 22 | allow ${HOME}/.local/share/klavaro |
23 | whitelist ${HOME}/.config/klavaro | 23 | allow ${HOME}/.config/klavaro |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile index 95ae98e53..3c582c08c 100644 --- a/etc/profile-a-l/kmail.profile +++ b/etc/profile-a-l/kmail.profile | |||
@@ -9,27 +9,27 @@ include globals.local | |||
9 | # kmail has problems launching akonadi in debian and ubuntu. | 9 | # kmail has problems launching akonadi in debian and ubuntu. |
10 | # one solution is to have akonadi already running when kmail is started | 10 | # one solution is to have akonadi already running when kmail is started |
11 | 11 | ||
12 | noblacklist ${HOME}/.cache/akonadi* | 12 | nodeny ${HOME}/.cache/akonadi* |
13 | noblacklist ${HOME}/.cache/kmail2 | 13 | nodeny ${HOME}/.cache/kmail2 |
14 | noblacklist ${HOME}/.config/akonadi* | 14 | nodeny ${HOME}/.config/akonadi* |
15 | noblacklist ${HOME}/.config/baloorc | 15 | nodeny ${HOME}/.config/baloorc |
16 | noblacklist ${HOME}/.config/emaildefaults | 16 | nodeny ${HOME}/.config/emaildefaults |
17 | noblacklist ${HOME}/.config/emailidentities | 17 | nodeny ${HOME}/.config/emailidentities |
18 | noblacklist ${HOME}/.config/kmail2rc | 18 | nodeny ${HOME}/.config/kmail2rc |
19 | noblacklist ${HOME}/.config/kmailsearchindexingrc | 19 | nodeny ${HOME}/.config/kmailsearchindexingrc |
20 | noblacklist ${HOME}/.config/mailtransports | 20 | nodeny ${HOME}/.config/mailtransports |
21 | noblacklist ${HOME}/.config/specialmailcollectionsrc | 21 | nodeny ${HOME}/.config/specialmailcollectionsrc |
22 | noblacklist ${HOME}/.gnupg | 22 | nodeny ${HOME}/.gnupg |
23 | noblacklist ${HOME}/.local/share/akonadi* | 23 | nodeny ${HOME}/.local/share/akonadi* |
24 | noblacklist ${HOME}/.local/share/apps/korganizer | 24 | nodeny ${HOME}/.local/share/apps/korganizer |
25 | noblacklist ${HOME}/.local/share/contacts | 25 | nodeny ${HOME}/.local/share/contacts |
26 | noblacklist ${HOME}/.local/share/emailidentities | 26 | nodeny ${HOME}/.local/share/emailidentities |
27 | noblacklist ${HOME}/.local/share/kmail2 | 27 | nodeny ${HOME}/.local/share/kmail2 |
28 | noblacklist ${HOME}/.local/share/kxmlgui5/kmail | 28 | nodeny ${HOME}/.local/share/kxmlgui5/kmail |
29 | noblacklist ${HOME}/.local/share/kxmlgui5/kmail2 | 29 | nodeny ${HOME}/.local/share/kxmlgui5/kmail2 |
30 | noblacklist ${HOME}/.local/share/local-mail | 30 | nodeny ${HOME}/.local/share/local-mail |
31 | noblacklist ${HOME}/.local/share/notes | 31 | nodeny ${HOME}/.local/share/notes |
32 | noblacklist /tmp/akonadi-* | 32 | nodeny /tmp/akonadi-* |
33 | 33 | ||
34 | include disable-common.inc | 34 | include disable-common.inc |
35 | include disable-devel.inc | 35 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kmplayer.profile b/etc/profile-a-l/kmplayer.profile index e88b53499..d2ce14ab6 100644 --- a/etc/profile-a-l/kmplayer.profile +++ b/etc/profile-a-l/kmplayer.profile | |||
@@ -6,11 +6,11 @@ include kmplayer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kmplayerrc | 9 | nodeny ${HOME}/.config/kmplayerrc |
10 | noblacklist ${HOME}/.kde/share/config/kmplayerrc | 10 | nodeny ${HOME}/.kde/share/config/kmplayerrc |
11 | noblacklist ${HOME}/.local/share/kmplayer | 11 | nodeny ${HOME}/.local/share/kmplayer |
12 | noblacklist ${MUSIC} | 12 | nodeny ${MUSIC} |
13 | noblacklist ${VIDEOS} | 13 | nodeny ${VIDEOS} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/knotes.profile b/etc/profile-a-l/knotes.profile index f155d0ad6..5a9ac34da 100644 --- a/etc/profile-a-l/knotes.profile +++ b/etc/profile-a-l/knotes.profile | |||
@@ -10,9 +10,9 @@ include knotes.local | |||
10 | # knotes has problems launching akonadi in debian and ubuntu. | 10 | # knotes has problems launching akonadi in debian and ubuntu. |
11 | # one solution is to have akonadi already running when knotes is started | 11 | # one solution is to have akonadi already running when knotes is started |
12 | 12 | ||
13 | noblacklist ${HOME}/.config/knotesrc | 13 | nodeny ${HOME}/.config/knotesrc |
14 | noblacklist ${HOME}/.local/share/knotes | 14 | nodeny ${HOME}/.local/share/knotes |
15 | noblacklist ${HOME}/.local/share/kxmlgui5/knotes | 15 | nodeny ${HOME}/.local/share/kxmlgui5/knotes |
16 | 16 | ||
17 | # Redirect | 17 | # Redirect |
18 | include kmail.profile | 18 | include kmail.profile |
diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile index b7091f1fc..2725c87be 100644 --- a/etc/profile-a-l/kodi.profile +++ b/etc/profile-a-l/kodi.profile | |||
@@ -13,10 +13,10 @@ ignore noexec ${HOME} | |||
13 | #ignore noroot | 13 | #ignore noroot |
14 | #ignore private-dev | 14 | #ignore private-dev |
15 | 15 | ||
16 | noblacklist ${HOME}/.kodi | 16 | nodeny ${HOME}/.kodi |
17 | noblacklist ${MUSIC} | 17 | nodeny ${MUSIC} |
18 | noblacklist ${PICTURES} | 18 | nodeny ${PICTURES} |
19 | noblacklist ${VIDEOS} | 19 | nodeny ${VIDEOS} |
20 | 20 | ||
21 | # Allow python (blacklisted by disable-interpreters.inc) | 21 | # Allow python (blacklisted by disable-interpreters.inc) |
22 | include allow-python2.inc | 22 | include allow-python2.inc |
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile index 5b5ed6e24..d8ce33838 100644 --- a/etc/profile-a-l/konversation.profile +++ b/etc/profile-a-l/konversation.profile | |||
@@ -6,11 +6,11 @@ include konversation.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/konversationrc | 9 | nodeny ${HOME}/.config/konversationrc |
10 | noblacklist ${HOME}/.config/konversation.notifyrc | 10 | nodeny ${HOME}/.config/konversation.notifyrc |
11 | noblacklist ${HOME}/.kde/share/config/konversationrc | 11 | nodeny ${HOME}/.kde/share/config/konversationrc |
12 | noblacklist ${HOME}/.kde4/share/config/konversationrc | 12 | nodeny ${HOME}/.kde4/share/config/konversationrc |
13 | noblacklist ${HOME}/.local/share/kxmlgui5/konversation | 13 | nodeny ${HOME}/.local/share/kxmlgui5/konversation |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile index 88f47d1bf..749591f32 100644 --- a/etc/profile-a-l/kopete.profile +++ b/etc/profile-a-l/kopete.profile | |||
@@ -6,11 +6,11 @@ include kopete.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.kde/share/apps/kopete | 9 | nodeny ${HOME}/.kde/share/apps/kopete |
10 | noblacklist ${HOME}/.kde/share/config/kopeterc | 10 | nodeny ${HOME}/.kde/share/config/kopeterc |
11 | noblacklist ${HOME}/.kde4/share/apps/kopete | 11 | nodeny ${HOME}/.kde4/share/apps/kopete |
12 | noblacklist ${HOME}/.kde4/share/config/kopeterc | 12 | nodeny ${HOME}/.kde4/share/config/kopeterc |
13 | noblacklist ${HOME}/.local/share/kxmlgui5/kopete | 13 | nodeny ${HOME}/.local/share/kxmlgui5/kopete |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | whitelist /var/lib/winpopup | 22 | allow /var/lib/winpopup |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-a-l/krita.profile b/etc/profile-a-l/krita.profile index 8604e63d0..950341def 100644 --- a/etc/profile-a-l/krita.profile +++ b/etc/profile-a-l/krita.profile | |||
@@ -9,10 +9,10 @@ include globals.local | |||
9 | # noexec ${HOME} may break krita, see issue #1953 | 9 | # noexec ${HOME} may break krita, see issue #1953 |
10 | ignore noexec ${HOME} | 10 | ignore noexec ${HOME} |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/kritarc | 12 | nodeny ${HOME}/.config/kritarc |
13 | noblacklist ${HOME}/.local/share/krita | 13 | nodeny ${HOME}/.local/share/krita |
14 | noblacklist ${DOCUMENTS} | 14 | nodeny ${DOCUMENTS} |
15 | noblacklist ${PICTURES} | 15 | nodeny ${PICTURES} |
16 | 16 | ||
17 | # Allow python (blacklisted by disable-interpreters.inc) | 17 | # Allow python (blacklisted by disable-interpreters.inc) |
18 | include allow-python2.inc | 18 | include allow-python2.inc |
diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile index 9cb5eff87..7b325d273 100644 --- a/etc/profile-a-l/krunner.profile +++ b/etc/profile-a-l/krunner.profile | |||
@@ -13,9 +13,9 @@ include globals.local | |||
13 | # noblacklist ${HOME}/.cache/krunner | 13 | # noblacklist ${HOME}/.cache/krunner |
14 | # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* | 14 | # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* |
15 | # noblacklist ${HOME}/.config/chromium | 15 | # noblacklist ${HOME}/.config/chromium |
16 | noblacklist ${HOME}/.config/krunnerrc | 16 | nodeny ${HOME}/.config/krunnerrc |
17 | noblacklist ${HOME}/.kde/share/config/krunnerrc | 17 | nodeny ${HOME}/.kde/share/config/krunnerrc |
18 | noblacklist ${HOME}/.kde4/share/config/krunnerrc | 18 | nodeny ${HOME}/.kde4/share/config/krunnerrc |
19 | # noblacklist ${HOME}/.local/share/baloo | 19 | # noblacklist ${HOME}/.local/share/baloo |
20 | # noblacklist ${HOME}/.mozilla | 20 | # noblacklist ${HOME}/.mozilla |
21 | 21 | ||
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile index 5a85194e0..ac9fee585 100644 --- a/etc/profile-a-l/ktorrent.profile +++ b/etc/profile-a-l/ktorrent.profile | |||
@@ -6,13 +6,13 @@ include ktorrent.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ktorrentrc | 9 | nodeny ${HOME}/.config/ktorrentrc |
10 | noblacklist ${HOME}/.kde/share/apps/ktorrent | 10 | nodeny ${HOME}/.kde/share/apps/ktorrent |
11 | noblacklist ${HOME}/.kde/share/config/ktorrentrc | 11 | nodeny ${HOME}/.kde/share/config/ktorrentrc |
12 | noblacklist ${HOME}/.kde4/share/apps/ktorrent | 12 | nodeny ${HOME}/.kde4/share/apps/ktorrent |
13 | noblacklist ${HOME}/.kde4/share/config/ktorrentrc | 13 | nodeny ${HOME}/.kde4/share/config/ktorrentrc |
14 | noblacklist ${HOME}/.local/share/ktorrent | 14 | nodeny ${HOME}/.local/share/ktorrent |
15 | noblacklist ${HOME}/.local/share/kxmlgui5/ktorrent | 15 | nodeny ${HOME}/.local/share/kxmlgui5/ktorrent |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -29,14 +29,14 @@ mkdir ${HOME}/.local/share/kxmlgui5/ktorrent | |||
29 | mkfile ${HOME}/.config/ktorrentrc | 29 | mkfile ${HOME}/.config/ktorrentrc |
30 | mkfile ${HOME}/.kde/share/config/ktorrentrc | 30 | mkfile ${HOME}/.kde/share/config/ktorrentrc |
31 | mkfile ${HOME}/.kde4/share/config/ktorrentrc | 31 | mkfile ${HOME}/.kde4/share/config/ktorrentrc |
32 | whitelist ${DOWNLOADS} | 32 | allow ${DOWNLOADS} |
33 | whitelist ${HOME}/.config/ktorrentrc | 33 | allow ${HOME}/.config/ktorrentrc |
34 | whitelist ${HOME}/.kde/share/apps/ktorrent | 34 | allow ${HOME}/.kde/share/apps/ktorrent |
35 | whitelist ${HOME}/.kde/share/config/ktorrentrc | 35 | allow ${HOME}/.kde/share/config/ktorrentrc |
36 | whitelist ${HOME}/.kde4/share/apps/ktorrent | 36 | allow ${HOME}/.kde4/share/apps/ktorrent |
37 | whitelist ${HOME}/.kde4/share/config/ktorrentrc | 37 | allow ${HOME}/.kde4/share/config/ktorrentrc |
38 | whitelist ${HOME}/.local/share/ktorrent | 38 | allow ${HOME}/.local/share/ktorrent |
39 | whitelist ${HOME}/.local/share/kxmlgui5/ktorrent | 39 | allow ${HOME}/.local/share/kxmlgui5/ktorrent |
40 | include whitelist-common.inc | 40 | include whitelist-common.inc |
41 | include whitelist-var-common.inc | 41 | include whitelist-var-common.inc |
42 | 42 | ||
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile index 4cf72b74c..71f8e4977 100644 --- a/etc/profile-a-l/ktouch.profile +++ b/etc/profile-a-l/ktouch.profile | |||
@@ -6,8 +6,8 @@ include ktouch.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ktouch2rc | 9 | nodeny ${HOME}/.config/ktouch2rc |
10 | noblacklist ${HOME}/.local/share/ktouch | 10 | nodeny ${HOME}/.local/share/ktouch |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,8 +20,8 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkfile ${HOME}/.config/ktouch2rc | 21 | mkfile ${HOME}/.config/ktouch2rc |
22 | mkdir ${HOME}/.local/share/ktouch | 22 | mkdir ${HOME}/.local/share/ktouch |
23 | whitelist ${HOME}/.config/ktouch2rc | 23 | allow ${HOME}/.config/ktouch2rc |
24 | whitelist ${HOME}/.local/share/ktouch | 24 | allow ${HOME}/.local/share/ktouch |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile index 4e9a12e5f..74ffd1162 100644 --- a/etc/profile-a-l/kube.profile +++ b/etc/profile-a-l/kube.profile | |||
@@ -6,13 +6,13 @@ include kube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gnupg | 9 | nodeny ${HOME}/.gnupg |
10 | noblacklist ${HOME}/.mozilla | 10 | nodeny ${HOME}/.mozilla |
11 | noblacklist ${HOME}/.cache/kube | 11 | nodeny ${HOME}/.cache/kube |
12 | noblacklist ${HOME}/.config/kube | 12 | nodeny ${HOME}/.config/kube |
13 | noblacklist ${HOME}/.config/sink | 13 | nodeny ${HOME}/.config/sink |
14 | noblacklist ${HOME}/.local/share/kube | 14 | nodeny ${HOME}/.local/share/kube |
15 | noblacklist ${HOME}/.local/share/sink | 15 | nodeny ${HOME}/.local/share/sink |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -29,17 +29,17 @@ mkdir ${HOME}/.config/kube | |||
29 | mkdir ${HOME}/.config/sink | 29 | mkdir ${HOME}/.config/sink |
30 | mkdir ${HOME}/.local/share/kube | 30 | mkdir ${HOME}/.local/share/kube |
31 | mkdir ${HOME}/.local/share/sink | 31 | mkdir ${HOME}/.local/share/sink |
32 | whitelist ${HOME}/.gnupg | 32 | allow ${HOME}/.gnupg |
33 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 33 | allow ${HOME}/.mozilla/firefox/profiles.ini |
34 | whitelist ${HOME}/.cache/kube | 34 | allow ${HOME}/.cache/kube |
35 | whitelist ${HOME}/.config/kube | 35 | allow ${HOME}/.config/kube |
36 | whitelist ${HOME}/.config/sink | 36 | allow ${HOME}/.config/sink |
37 | whitelist ${HOME}/.local/share/kube | 37 | allow ${HOME}/.local/share/kube |
38 | whitelist ${HOME}/.local/share/sink | 38 | allow ${HOME}/.local/share/sink |
39 | whitelist ${RUNUSER}/gnupg | 39 | allow ${RUNUSER}/gnupg |
40 | whitelist /usr/share/kube | 40 | allow /usr/share/kube |
41 | whitelist /usr/share/gnupg | 41 | allow /usr/share/gnupg |
42 | whitelist /usr/share/gnupg2 | 42 | allow /usr/share/gnupg2 |
43 | include whitelist-common.inc | 43 | include whitelist-common.inc |
44 | include whitelist-runuser-common.inc | 44 | include whitelist-runuser-common.inc |
45 | include whitelist-usr-share-common.inc | 45 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile index 15e7ceb17..580f93736 100644 --- a/etc/profile-a-l/kwin_x11.profile +++ b/etc/profile-a-l/kwin_x11.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | # fix automatical kwin_x11 sandboxing: | 8 | # fix automatical kwin_x11 sandboxing: |
9 | # echo KDEWM=kwin_x11 >> ~/.pam_environment | 9 | # echo KDEWM=kwin_x11 >> ~/.pam_environment |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/kwin | 11 | nodeny ${HOME}/.cache/kwin |
12 | noblacklist ${HOME}/.config/kwinrc | 12 | nodeny ${HOME}/.config/kwinrc |
13 | noblacklist ${HOME}/.config/kwinrulesrc | 13 | nodeny ${HOME}/.config/kwinrulesrc |
14 | noblacklist ${HOME}/.local/share/kwin | 14 | nodeny ${HOME}/.local/share/kwin |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile index 804ffafeb..08b0e0224 100644 --- a/etc/profile-a-l/kwrite.profile +++ b/etc/profile-a-l/kwrite.profile | |||
@@ -6,15 +6,15 @@ include kwrite.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/katepartrc | 9 | nodeny ${HOME}/.config/katepartrc |
10 | noblacklist ${HOME}/.config/katerc | 10 | nodeny ${HOME}/.config/katerc |
11 | noblacklist ${HOME}/.config/kateschemarc | 11 | nodeny ${HOME}/.config/kateschemarc |
12 | noblacklist ${HOME}/.config/katesyntaxhighlightingrc | 12 | nodeny ${HOME}/.config/katesyntaxhighlightingrc |
13 | noblacklist ${HOME}/.config/katevirc | 13 | nodeny ${HOME}/.config/katevirc |
14 | noblacklist ${HOME}/.config/kwriterc | 14 | nodeny ${HOME}/.config/kwriterc |
15 | noblacklist ${HOME}/.local/share/kwrite | 15 | nodeny ${HOME}/.local/share/kwrite |
16 | noblacklist ${HOME}/.local/share/kxmlgui5/kwrite | 16 | nodeny ${HOME}/.local/share/kxmlgui5/kwrite |
17 | noblacklist ${DOCUMENTS} | 17 | nodeny ${DOCUMENTS} |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/profile-a-l/latex-common.profile b/etc/profile-a-l/latex-common.profile index ac1b8785d..91693bfc1 100644 --- a/etc/profile-a-l/latex-common.profile +++ b/etc/profile-a-l/latex-common.profile | |||
@@ -13,7 +13,7 @@ include disable-interpreters.inc | |||
13 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | whitelist /var/lib | 16 | allow /var/lib |
17 | include whitelist-runuser-common.inc | 17 | include whitelist-runuser-common.inc |
18 | include whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile index 4bbb0a86d..e154708eb 100644 --- a/etc/profile-a-l/leafpad.profile +++ b/etc/profile-a-l/leafpad.profile | |||
@@ -6,7 +6,7 @@ include leafpad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/leafpad | 9 | nodeny ${HOME}/.config/leafpad |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile index 8eb5ad0c2..abee392de 100644 --- a/etc/profile-a-l/less.profile +++ b/etc/profile-a-l/less.profile | |||
@@ -7,9 +7,9 @@ include less.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | noblacklist ${HOME}/.lesshst | 12 | nodeny ${HOME}/.lesshst |
13 | 13 | ||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile index c57eae73d..8ec41eee3 100644 --- a/etc/profile-a-l/librecad.profile +++ b/etc/profile-a-l/librecad.profile | |||
@@ -4,8 +4,8 @@ include librecad.local | |||
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include globals.local | 5 | include globals.local |
6 | 6 | ||
7 | noblacklist ${HOME}/.config/LibreCAD | 7 | nodeny ${HOME}/.config/LibreCAD |
8 | noblacklist ${HOME}/.local/share/LibreCAD | 8 | nodeny ${HOME}/.local/share/LibreCAD |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist /usr/share/librecad | 19 | allow /usr/share/librecad |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile index b1a24888c..ae01d39b8 100644 --- a/etc/profile-a-l/libreoffice.profile +++ b/etc/profile-a-l/libreoffice.profile | |||
@@ -6,15 +6,15 @@ include libreoffice.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /usr/local/sbin | 9 | nodeny /usr/local/sbin |
10 | noblacklist ${HOME}/.config/libreoffice | 10 | nodeny ${HOME}/.config/libreoffice |
11 | 11 | ||
12 | # libreoffice uses java for some functionality. | 12 | # libreoffice uses java for some functionality. |
13 | # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality. | 13 | # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality. |
14 | # Allow java (blacklisted by disable-devel.inc) | 14 | # Allow java (blacklisted by disable-devel.inc) |
15 | include allow-java.inc | 15 | include allow-java.inc |
16 | 16 | ||
17 | blacklist /usr/libexec | 17 | deny /usr/libexec |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index da047357a..5c614ab8e 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile | |||
@@ -6,13 +6,13 @@ include librewolf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/librewolf | 9 | nodeny ${HOME}/.cache/librewolf |
10 | noblacklist ${HOME}/.librewolf | 10 | nodeny ${HOME}/.librewolf |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/librewolf | 12 | mkdir ${HOME}/.cache/librewolf |
13 | mkdir ${HOME}/.librewolf | 13 | mkdir ${HOME}/.librewolf |
14 | whitelist ${HOME}/.cache/librewolf | 14 | allow ${HOME}/.cache/librewolf |
15 | whitelist ${HOME}/.librewolf | 15 | allow ${HOME}/.librewolf |
16 | 16 | ||
17 | # Add the next lines to your librewolf.local if you want to use the migration wizard. | 17 | # Add the next lines to your librewolf.local if you want to use the migration wizard. |
18 | #noblacklist ${HOME}/.mozilla | 18 | #noblacklist ${HOME}/.mozilla |
@@ -23,10 +23,10 @@ whitelist ${HOME}/.librewolf | |||
23 | #whitelist ${RUNUSER}/kpxc_server | 23 | #whitelist ${RUNUSER}/kpxc_server |
24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | 24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer |
25 | 25 | ||
26 | whitelist /usr/share/doc | 26 | allow /usr/share/doc |
27 | whitelist /usr/share/gtk-doc/html | 27 | allow /usr/share/gtk-doc/html |
28 | whitelist /usr/share/mozilla | 28 | allow /usr/share/mozilla |
29 | whitelist /usr/share/webext | 29 | allow /usr/share/webext |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | 31 | ||
32 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). | 32 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). |
diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile index 7afca1d5f..595ecc257 100644 --- a/etc/profile-a-l/liferea.profile +++ b/etc/profile-a-l/liferea.profile | |||
@@ -6,9 +6,9 @@ include liferea.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/liferea | 9 | nodeny ${HOME}/.cache/liferea |
10 | noblacklist ${HOME}/.config/liferea | 10 | nodeny ${HOME}/.config/liferea |
11 | noblacklist ${HOME}/.local/share/liferea | 11 | nodeny ${HOME}/.local/share/liferea |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -24,10 +24,10 @@ include disable-programs.inc | |||
24 | mkdir ${HOME}/.cache/liferea | 24 | mkdir ${HOME}/.cache/liferea |
25 | mkdir ${HOME}/.config/liferea | 25 | mkdir ${HOME}/.config/liferea |
26 | mkdir ${HOME}/.local/share/liferea | 26 | mkdir ${HOME}/.local/share/liferea |
27 | whitelist ${HOME}/.cache/liferea | 27 | allow ${HOME}/.cache/liferea |
28 | whitelist ${HOME}/.config/liferea | 28 | allow ${HOME}/.config/liferea |
29 | whitelist ${HOME}/.local/share/liferea | 29 | allow ${HOME}/.local/share/liferea |
30 | whitelist /usr/share/liferea | 30 | allow /usr/share/liferea |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/lightsoff.profile b/etc/profile-a-l/lightsoff.profile index c065c44a9..58d5bcd6d 100644 --- a/etc/profile-a-l/lightsoff.profile +++ b/etc/profile-a-l/lightsoff.profile | |||
@@ -6,7 +6,7 @@ include lightsoff.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | whitelist /usr/share/lightsoff | 9 | allow /usr/share/lightsoff |
10 | 10 | ||
11 | private-bin lightsoff | 11 | private-bin lightsoff |
12 | 12 | ||
diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile index 4254b7f33..e14c50d77 100644 --- a/etc/profile-a-l/lincity-ng.profile +++ b/etc/profile-a-l/lincity-ng.profile | |||
@@ -6,7 +6,7 @@ include lincity-ng.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.lincity-ng | 9 | nodeny ${HOME}/.lincity-ng |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.lincity-ng | 20 | mkdir ${HOME}/.lincity-ng |
21 | whitelist ${HOME}/.lincity-ng | 21 | allow ${HOME}/.lincity-ng |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile index cd885b1d4..51e3d5b94 100644 --- a/etc/profile-a-l/links-common.profile +++ b/etc/profile-a-l/links-common.profile | |||
@@ -4,8 +4,8 @@ include links-common.local | |||
4 | 4 | ||
5 | # common profile for links browsers | 5 | # common profile for links browsers |
6 | 6 | ||
7 | blacklist /tmp/.X11-unix | 7 | deny /tmp/.X11-unix |
8 | blacklist ${RUNUSER}/wayland-* | 8 | deny ${RUNUSER}/wayland-* |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist ${DOWNLOADS} | 20 | allow ${DOWNLOADS} |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/links.profile b/etc/profile-a-l/links.profile index 8ce39cc7f..ae57601ca 100644 --- a/etc/profile-a-l/links.profile +++ b/etc/profile-a-l/links.profile | |||
@@ -7,10 +7,10 @@ include links.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.links | 10 | nodeny ${HOME}/.links |
11 | 11 | ||
12 | mkdir ${HOME}/.links | 12 | mkdir ${HOME}/.links |
13 | whitelist ${HOME}/.links | 13 | allow ${HOME}/.links |
14 | 14 | ||
15 | private-bin links | 15 | private-bin links |
16 | 16 | ||
diff --git a/etc/profile-a-l/links2.profile b/etc/profile-a-l/links2.profile index 5f91dfcd2..eb349c73a 100644 --- a/etc/profile-a-l/links2.profile +++ b/etc/profile-a-l/links2.profile | |||
@@ -7,10 +7,10 @@ include links2.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.links2 | 10 | nodeny ${HOME}/.links2 |
11 | 11 | ||
12 | mkdir ${HOME}/.links2 | 12 | mkdir ${HOME}/.links2 |
13 | whitelist ${HOME}/.links2 | 13 | allow ${HOME}/.links2 |
14 | 14 | ||
15 | private-bin links2 | 15 | private-bin links2 |
16 | 16 | ||
diff --git a/etc/profile-a-l/linphone.profile b/etc/profile-a-l/linphone.profile index 7ebdbef4c..dd1dac05b 100644 --- a/etc/profile-a-l/linphone.profile +++ b/etc/profile-a-l/linphone.profile | |||
@@ -6,10 +6,10 @@ include linphone.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/linphone | 9 | nodeny ${HOME}/.config/linphone |
10 | noblacklist ${HOME}/.linphone-history.db | 10 | nodeny ${HOME}/.linphone-history.db |
11 | noblacklist ${HOME}/.linphonerc | 11 | nodeny ${HOME}/.linphonerc |
12 | noblacklist ${HOME}/.local/share/linphone | 12 | nodeny ${HOME}/.local/share/linphone |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -23,11 +23,11 @@ include disable-programs.inc | |||
23 | # ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile. | 23 | # ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile. |
24 | mkdir ${HOME}/.config/linphone | 24 | mkdir ${HOME}/.config/linphone |
25 | mkdir ${HOME}/.local/share/linphone | 25 | mkdir ${HOME}/.local/share/linphone |
26 | whitelist ${HOME}/.config/linphone | 26 | allow ${HOME}/.config/linphone |
27 | whitelist ${HOME}/.linphone-history.db | 27 | allow ${HOME}/.linphone-history.db |
28 | whitelist ${HOME}/.linphonerc | 28 | allow ${HOME}/.linphonerc |
29 | whitelist ${HOME}/.local/share/linphone | 29 | allow ${HOME}/.local/share/linphone |
30 | whitelist ${DOWNLOADS} | 30 | allow ${DOWNLOADS} |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | 32 | ||
33 | caps.drop all | 33 | caps.drop all |
diff --git a/etc/profile-a-l/lmms.profile b/etc/profile-a-l/lmms.profile index 48b0e14dc..b22110fdc 100644 --- a/etc/profile-a-l/lmms.profile +++ b/etc/profile-a-l/lmms.profile | |||
@@ -6,9 +6,9 @@ include lmms.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.lmmsrc.xml | 9 | nodeny ${HOME}/.lmmsrc.xml |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile index f2676fec5..0a7ce86e8 100644 --- a/etc/profile-a-l/lollypop.profile +++ b/etc/profile-a-l/lollypop.profile | |||
@@ -6,8 +6,8 @@ include lollypop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/lollypop | 9 | nodeny ${HOME}/.local/share/lollypop |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile index 174c65a65..30802b3b7 100644 --- a/etc/profile-a-l/lugaru.profile +++ b/etc/profile-a-l/lugaru.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | # note: crashes after entering | 9 | # note: crashes after entering |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/lugaru | 11 | nodeny ${HOME}/.config/lugaru |
12 | noblacklist ${HOME}/.local/share/lugaru | 12 | nodeny ${HOME}/.local/share/lugaru |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | mkdir ${HOME}/.config/lugaru | 23 | mkdir ${HOME}/.config/lugaru |
24 | mkdir ${HOME}/.local/share/lugaru | 24 | mkdir ${HOME}/.local/share/lugaru |
25 | whitelist ${HOME}/.config/lugaru | 25 | allow ${HOME}/.config/lugaru |
26 | whitelist ${HOME}/.local/share/lugaru | 26 | allow ${HOME}/.local/share/lugaru |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
diff --git a/etc/profile-a-l/luminance-hdr.profile b/etc/profile-a-l/luminance-hdr.profile index 31067034e..73400dbd6 100644 --- a/etc/profile-a-l/luminance-hdr.profile +++ b/etc/profile-a-l/luminance-hdr.profile | |||
@@ -6,8 +6,8 @@ include luminance-hdr.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Luminance | 9 | nodeny ${HOME}/.config/Luminance |
10 | noblacklist ${PICTURES} | 10 | nodeny ${PICTURES} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile index 80a3aba86..9d5169b80 100644 --- a/etc/profile-a-l/lutris.profile +++ b/etc/profile-a-l/lutris.profile | |||
@@ -6,18 +6,18 @@ include lutris.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PATH}/llvm* | 9 | nodeny ${PATH}/llvm* |
10 | noblacklist ${HOME}/Games | 10 | nodeny ${HOME}/Games |
11 | noblacklist ${HOME}/.cache/lutris | 11 | nodeny ${HOME}/.cache/lutris |
12 | noblacklist ${HOME}/.cache/winetricks | 12 | nodeny ${HOME}/.cache/winetricks |
13 | noblacklist ${HOME}/.config/lutris | 13 | nodeny ${HOME}/.config/lutris |
14 | noblacklist ${HOME}/.local/share/lutris | 14 | nodeny ${HOME}/.local/share/lutris |
15 | # noblacklist ${HOME}/.wine | 15 | # noblacklist ${HOME}/.wine |
16 | noblacklist /tmp/.wine-* | 16 | nodeny /tmp/.wine-* |
17 | # Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise | 17 | # Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise |
18 | # Lutris won't even start. | 18 | # Lutris won't even start. |
19 | noblacklist /sbin | 19 | nodeny /sbin |
20 | noblacklist /usr/sbin | 20 | nodeny /usr/sbin |
21 | 21 | ||
22 | ignore noexec ${HOME} | 22 | ignore noexec ${HOME} |
23 | 23 | ||
@@ -39,15 +39,15 @@ mkdir ${HOME}/.cache/winetricks | |||
39 | mkdir ${HOME}/.config/lutris | 39 | mkdir ${HOME}/.config/lutris |
40 | mkdir ${HOME}/.local/share/lutris | 40 | mkdir ${HOME}/.local/share/lutris |
41 | # mkdir ${HOME}/.wine | 41 | # mkdir ${HOME}/.wine |
42 | whitelist ${DOWNLOADS} | 42 | allow ${DOWNLOADS} |
43 | whitelist ${HOME}/Games | 43 | allow ${HOME}/Games |
44 | whitelist ${HOME}/.cache/lutris | 44 | allow ${HOME}/.cache/lutris |
45 | whitelist ${HOME}/.cache/winetricks | 45 | allow ${HOME}/.cache/winetricks |
46 | whitelist ${HOME}/.config/lutris | 46 | allow ${HOME}/.config/lutris |
47 | whitelist ${HOME}/.local/share/lutris | 47 | allow ${HOME}/.local/share/lutris |
48 | # whitelist ${HOME}/.wine | 48 | # whitelist ${HOME}/.wine |
49 | whitelist /usr/share/lutris | 49 | allow /usr/share/lutris |
50 | whitelist /usr/share/wine | 50 | allow /usr/share/wine |
51 | include whitelist-common.inc | 51 | include whitelist-common.inc |
52 | include whitelist-usr-share-common.inc | 52 | include whitelist-usr-share-common.inc |
53 | include whitelist-runuser-common.inc | 53 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/lximage-qt.profile b/etc/profile-a-l/lximage-qt.profile index b2a56012e..43147211b 100644 --- a/etc/profile-a-l/lximage-qt.profile +++ b/etc/profile-a-l/lximage-qt.profile | |||
@@ -6,7 +6,7 @@ include lximage-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/lximage-qt | 9 | nodeny ${HOME}/.config/lximage-qt |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lxmusic.profile b/etc/profile-a-l/lxmusic.profile index cc4b95551..c849f2ad2 100644 --- a/etc/profile-a-l/lxmusic.profile +++ b/etc/profile-a-l/lxmusic.profile | |||
@@ -6,9 +6,9 @@ include lxmusic.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/xmms2 | 9 | nodeny ${HOME}/.cache/xmms2 |
10 | noblacklist ${HOME}/.config/xmms2 | 10 | nodeny ${HOME}/.config/xmms2 |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile index a919e924b..15c8f1faa 100644 --- a/etc/profile-a-l/lynx.profile +++ b/etc/profile-a-l/lynx.profile | |||
@@ -7,8 +7,8 @@ include lynx.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile index fa69463d1..358dbf2f2 100644 --- a/etc/profile-a-l/lyx.profile +++ b/etc/profile-a-l/lyx.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | ignore private-tmp | 9 | ignore private-tmp |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/LyX | 11 | nodeny ${HOME}/.config/LyX |
12 | noblacklist ${HOME}/.lyx | 12 | nodeny ${HOME}/.lyx |
13 | 13 | ||
14 | # Allow lua (blacklisted by disable-interpreters.inc) | 14 | # Allow lua (blacklisted by disable-interpreters.inc) |
15 | include allow-lua.inc | 15 | include allow-lua.inc |
@@ -21,11 +21,11 @@ include allow-perl.inc | |||
21 | include allow-python2.inc | 21 | include allow-python2.inc |
22 | include allow-python3.inc | 22 | include allow-python3.inc |
23 | 23 | ||
24 | whitelist /usr/share/lyx | 24 | allow /usr/share/lyx |
25 | whitelist /usr/share/texinfo | 25 | allow /usr/share/texinfo |
26 | whitelist /usr/share/texlive | 26 | allow /usr/share/texlive |
27 | whitelist /usr/share/texmf-dist | 27 | allow /usr/share/texmf-dist |
28 | whitelist /usr/share/tlpkg | 28 | allow /usr/share/tlpkg |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
30 | 30 | ||
31 | apparmor | 31 | apparmor |
diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile index 4637419bf..3a4edcf69 100644 --- a/etc/profile-a-l/sway.profile +++ b/etc/profile-a-l/sway.profile | |||
@@ -7,9 +7,9 @@ include sway.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in sway will run in this profile | 9 | # all applications started in sway will run in this profile |
10 | noblacklist ${HOME}/.config/sway | 10 | nodeny ${HOME}/.config/sway |
11 | # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway | 11 | # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway |
12 | noblacklist ${HOME}/.config/i3 | 12 | nodeny ${HOME}/.config/i3 |
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |