diff options
Diffstat (limited to 'etc')
806 files changed, 5410 insertions, 5104 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index 43db49422..2e355586b 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
@@ -123,9 +123,6 @@ | |||
123 | # Enable or disable user namespace support, default enabled. | 123 | # Enable or disable user namespace support, default enabled. |
124 | # userns yes | 124 | # userns yes |
125 | 125 | ||
126 | # Enable or disable whitelisting support, default enabled. | ||
127 | # whitelist yes | ||
128 | |||
129 | # Disable whitelist top level directories, in addition to those | 126 | # Disable whitelist top level directories, in addition to those |
130 | # that are disabled out of the box. None by default; this is an example. | 127 | # that are disabled out of the box. None by default; this is an example. |
131 | # whitelist-disable-topdir /etc,/usr/etc | 128 | # whitelist-disable-topdir /etc,/usr/etc |
diff --git a/etc/inc/allow-bin-sh.inc b/etc/inc/allow-bin-sh.inc index d6c295414..59cd40878 100644 --- a/etc/inc/allow-bin-sh.inc +++ b/etc/inc/allow-bin-sh.inc | |||
@@ -2,6 +2,6 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-bin-sh.local | 3 | include allow-bin-sh.local |
4 | 4 | ||
5 | noblacklist ${PATH}/bash | 5 | nodeny ${PATH}/bash |
6 | noblacklist ${PATH}/dash | 6 | nodeny ${PATH}/dash |
7 | noblacklist ${PATH}/sh | 7 | nodeny ${PATH}/sh |
diff --git a/etc/inc/allow-common-devel.inc b/etc/inc/allow-common-devel.inc index 011bbe226..71b1483cd 100644 --- a/etc/inc/allow-common-devel.inc +++ b/etc/inc/allow-common-devel.inc | |||
@@ -3,29 +3,29 @@ | |||
3 | include allow-common-devel.local | 3 | include allow-common-devel.local |
4 | 4 | ||
5 | # Git | 5 | # Git |
6 | noblacklist ${HOME}/.config/git | 6 | nodeny ${HOME}/.config/git |
7 | noblacklist ${HOME}/.gitconfig | 7 | nodeny ${HOME}/.gitconfig |
8 | noblacklist ${HOME}/.git-credentials | 8 | nodeny ${HOME}/.git-credentials |
9 | 9 | ||
10 | # Java | 10 | # Java |
11 | noblacklist ${HOME}/.gradle | 11 | nodeny ${HOME}/.gradle |
12 | noblacklist ${HOME}/.java | 12 | nodeny ${HOME}/.java |
13 | 13 | ||
14 | # Node.js | 14 | # Node.js |
15 | noblacklist ${HOME}/.node-gyp | 15 | nodeny ${HOME}/.node-gyp |
16 | noblacklist ${HOME}/.npm | 16 | nodeny ${HOME}/.npm |
17 | noblacklist ${HOME}/.npmrc | 17 | nodeny ${HOME}/.npmrc |
18 | noblacklist ${HOME}/.nvm | 18 | nodeny ${HOME}/.nvm |
19 | noblacklist ${HOME}/.yarn | 19 | nodeny ${HOME}/.yarn |
20 | noblacklist ${HOME}/.yarn-config | 20 | nodeny ${HOME}/.yarn-config |
21 | noblacklist ${HOME}/.yarncache | 21 | nodeny ${HOME}/.yarncache |
22 | noblacklist ${HOME}/.yarnrc | 22 | nodeny ${HOME}/.yarnrc |
23 | 23 | ||
24 | # Python | 24 | # Python |
25 | noblacklist ${HOME}/.pylint.d | 25 | nodeny ${HOME}/.pylint.d |
26 | noblacklist ${HOME}/.python-history | 26 | nodeny ${HOME}/.python-history |
27 | noblacklist ${HOME}/.python_history | 27 | nodeny ${HOME}/.python_history |
28 | noblacklist ${HOME}/.pythonhist | 28 | nodeny ${HOME}/.pythonhist |
29 | 29 | ||
30 | # Rust | 30 | # Rust |
31 | noblacklist ${HOME}/.cargo/* | 31 | nodeny ${HOME}/.cargo/* |
diff --git a/etc/inc/allow-gjs.inc b/etc/inc/allow-gjs.inc index c1366e093..2e2490079 100644 --- a/etc/inc/allow-gjs.inc +++ b/etc/inc/allow-gjs.inc | |||
@@ -2,11 +2,11 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-gjs.local | 3 | include allow-gjs.local |
4 | 4 | ||
5 | noblacklist ${PATH}/gjs | 5 | nodeny ${PATH}/gjs |
6 | noblacklist ${PATH}/gjs-console | 6 | nodeny ${PATH}/gjs-console |
7 | noblacklist /usr/lib/gjs | 7 | nodeny /usr/lib/gjs |
8 | noblacklist /usr/lib/libgjs* | 8 | nodeny /usr/lib/libgjs* |
9 | noblacklist /usr/lib/libmozjs-* | 9 | nodeny /usr/lib/libmozjs-* |
10 | noblacklist /usr/lib64/gjs | 10 | nodeny /usr/lib64/gjs |
11 | noblacklist /usr/lib64/libgjs* | 11 | nodeny /usr/lib64/libgjs* |
12 | noblacklist /usr/lib64/libmozjs-* | 12 | nodeny /usr/lib64/libmozjs-* |
diff --git a/etc/inc/allow-java.inc b/etc/inc/allow-java.inc index 24d18fb77..af44f3664 100644 --- a/etc/inc/allow-java.inc +++ b/etc/inc/allow-java.inc | |||
@@ -2,8 +2,8 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-java.local | 3 | include allow-java.local |
4 | 4 | ||
5 | noblacklist ${HOME}/.java | 5 | nodeny ${HOME}/.java |
6 | noblacklist ${PATH}/java | 6 | nodeny ${PATH}/java |
7 | noblacklist /etc/java | 7 | nodeny /etc/java |
8 | noblacklist /usr/lib/java | 8 | nodeny /usr/lib/java |
9 | noblacklist /usr/share/java | 9 | nodeny /usr/share/java |
diff --git a/etc/inc/allow-lua.inc b/etc/inc/allow-lua.inc index 9c47e7a3b..3d0a1997b 100644 --- a/etc/inc/allow-lua.inc +++ b/etc/inc/allow-lua.inc | |||
@@ -2,11 +2,11 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-lua.local | 3 | include allow-lua.local |
4 | 4 | ||
5 | noblacklist ${PATH}/lua* | 5 | nodeny ${PATH}/lua* |
6 | noblacklist /usr/include | 6 | nodeny /usr/include |
7 | noblacklist /usr/lib/liblua* | 7 | nodeny /usr/lib/liblua* |
8 | noblacklist /usr/lib/lua | 8 | nodeny /usr/lib/lua |
9 | noblacklist /usr/lib64/liblua* | 9 | nodeny /usr/lib64/liblua* |
10 | noblacklist /usr/lib64/lua | 10 | nodeny /usr/lib64/lua |
11 | noblacklist /usr/share/lua | 11 | nodeny /usr/share/lua |
12 | noblacklist /usr/share/lua* | 12 | nodeny /usr/share/lua* |
diff --git a/etc/inc/allow-nodejs.inc b/etc/inc/allow-nodejs.inc index 351c94ab8..e915b3866 100644 --- a/etc/inc/allow-nodejs.inc +++ b/etc/inc/allow-nodejs.inc | |||
@@ -2,8 +2,8 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-nodejs.local | 3 | include allow-nodejs.local |
4 | 4 | ||
5 | noblacklist ${PATH}/node | 5 | nodeny ${PATH}/node |
6 | noblacklist /usr/include/node | 6 | nodeny /usr/include/node |
7 | 7 | ||
8 | # Allow python for node-gyp (blacklisted by disable-interpreters.inc) | 8 | # Allow python for node-gyp (blacklisted by disable-interpreters.inc) |
9 | include allow-python2.inc | 9 | include allow-python2.inc |
diff --git a/etc/inc/allow-opengl-game.inc b/etc/inc/allow-opengl-game.inc index b5ff1bd50..00e35e983 100644 --- a/etc/inc/allow-opengl-game.inc +++ b/etc/inc/allow-opengl-game.inc | |||
@@ -1,3 +1,7 @@ | |||
1 | noblacklist ${PATH}/bash | 1 | # This file is overwritten during software install. |
2 | whitelist /usr/share/opengl-games-utils/opengl-game-functions.sh | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-opengl-game.local | ||
4 | |||
5 | nodeny ${PATH}/bash | ||
6 | allow /usr/share/opengl-games-utils/opengl-game-functions.sh | ||
3 | private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity | 7 | private-bin basename,bash,cut,glxinfo,grep,head,sed,zenity |
diff --git a/etc/inc/allow-perl.inc b/etc/inc/allow-perl.inc index 5a1952c94..134d27239 100644 --- a/etc/inc/allow-perl.inc +++ b/etc/inc/allow-perl.inc | |||
@@ -2,11 +2,11 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-perl.local | 3 | include allow-perl.local |
4 | 4 | ||
5 | noblacklist ${PATH}/core_perl | 5 | nodeny ${PATH}/core_perl |
6 | noblacklist ${PATH}/cpan* | 6 | nodeny ${PATH}/cpan* |
7 | noblacklist ${PATH}/perl | 7 | nodeny ${PATH}/perl |
8 | noblacklist ${PATH}/site_perl | 8 | nodeny ${PATH}/site_perl |
9 | noblacklist ${PATH}/vendor_perl | 9 | nodeny ${PATH}/vendor_perl |
10 | noblacklist /usr/lib/perl* | 10 | nodeny /usr/lib/perl* |
11 | noblacklist /usr/lib64/perl* | 11 | nodeny /usr/lib64/perl* |
12 | noblacklist /usr/share/perl* | 12 | nodeny /usr/share/perl* |
diff --git a/etc/inc/allow-php.inc b/etc/inc/allow-php.inc index a0950dc26..520c2019e 100644 --- a/etc/inc/allow-php.inc +++ b/etc/inc/allow-php.inc | |||
@@ -2,6 +2,6 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-php.local | 3 | include allow-php.local |
4 | 4 | ||
5 | noblacklist ${PATH}/php* | 5 | nodeny ${PATH}/php* |
6 | noblacklist /usr/lib/php* | 6 | nodeny /usr/lib/php* |
7 | noblacklist /usr/share/php* | 7 | nodeny /usr/share/php* |
diff --git a/etc/inc/allow-python2.inc b/etc/inc/allow-python2.inc index b0525e2e1..f1830043a 100644 --- a/etc/inc/allow-python2.inc +++ b/etc/inc/allow-python2.inc | |||
@@ -2,8 +2,8 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-python2.local | 3 | include allow-python2.local |
4 | 4 | ||
5 | noblacklist ${PATH}/python2* | 5 | nodeny ${PATH}/python2* |
6 | noblacklist /usr/include/python2* | 6 | nodeny /usr/include/python2* |
7 | noblacklist /usr/lib/python2* | 7 | nodeny /usr/lib/python2* |
8 | noblacklist /usr/local/lib/python2* | 8 | nodeny /usr/local/lib/python2* |
9 | noblacklist /usr/share/python2* | 9 | nodeny /usr/share/python2* |
diff --git a/etc/inc/allow-python3.inc b/etc/inc/allow-python3.inc index d968886b0..e4b6ed1a9 100644 --- a/etc/inc/allow-python3.inc +++ b/etc/inc/allow-python3.inc | |||
@@ -2,9 +2,9 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-python3.local | 3 | include allow-python3.local |
4 | 4 | ||
5 | noblacklist ${PATH}/python3* | 5 | nodeny ${PATH}/python3* |
6 | noblacklist /usr/include/python3* | 6 | nodeny /usr/include/python3* |
7 | noblacklist /usr/lib/python3* | 7 | nodeny /usr/lib/python3* |
8 | noblacklist /usr/lib64/python3* | 8 | nodeny /usr/lib64/python3* |
9 | noblacklist /usr/local/lib/python3* | 9 | nodeny /usr/local/lib/python3* |
10 | noblacklist /usr/share/python3* | 10 | nodeny /usr/share/python3* |
diff --git a/etc/inc/allow-ruby.inc b/etc/inc/allow-ruby.inc index a8c701219..d949bbc84 100644 --- a/etc/inc/allow-ruby.inc +++ b/etc/inc/allow-ruby.inc | |||
@@ -2,5 +2,5 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-ruby.local | 3 | include allow-ruby.local |
4 | 4 | ||
5 | noblacklist ${PATH}/ruby | 5 | nodeny ${PATH}/ruby |
6 | noblacklist /usr/lib/ruby | 6 | nodeny /usr/lib/ruby |
diff --git a/etc/inc/allow-ssh.inc b/etc/inc/allow-ssh.inc index 67c78a483..44957bf32 100644 --- a/etc/inc/allow-ssh.inc +++ b/etc/inc/allow-ssh.inc | |||
@@ -2,7 +2,7 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-ssh.local | 3 | include allow-ssh.local |
4 | 4 | ||
5 | noblacklist ${HOME}/.ssh | 5 | nodeny ${HOME}/.ssh |
6 | noblacklist /etc/ssh | 6 | nodeny /etc/ssh |
7 | noblacklist /etc/ssh/ssh_config | 7 | nodeny /etc/ssh/ssh_config |
8 | noblacklist /tmp/ssh-* | 8 | nodeny /tmp/ssh-* |
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 2dc53d311..1283a3a3d 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -5,63 +5,63 @@ include disable-common.local | |||
5 | # The following block breaks trash functionality in file managers | 5 | # The following block breaks trash functionality in file managers |
6 | #read-only ${HOME}/.local | 6 | #read-only ${HOME}/.local |
7 | #read-write ${HOME}/.local/share | 7 | #read-write ${HOME}/.local/share |
8 | blacklist ${HOME}/.local/share/Trash | 8 | deny ${HOME}/.local/share/Trash |
9 | 9 | ||
10 | # History files in $HOME and clipboard managers | 10 | # History files in $HOME and clipboard managers |
11 | blacklist-nolog ${HOME}/.*_history | 11 | deny-nolog ${HOME}/.*_history |
12 | blacklist-nolog ${HOME}/.adobe | 12 | deny-nolog ${HOME}/.adobe |
13 | blacklist-nolog ${HOME}/.cache/greenclip* | 13 | deny-nolog ${HOME}/.cache/greenclip* |
14 | blacklist-nolog ${HOME}/.histfile | 14 | deny-nolog ${HOME}/.histfile |
15 | blacklist-nolog ${HOME}/.history | 15 | deny-nolog ${HOME}/.history |
16 | blacklist-nolog ${HOME}/.kde/share/apps/klipper | 16 | deny-nolog ${HOME}/.kde/share/apps/klipper |
17 | blacklist-nolog ${HOME}/.kde4/share/apps/klipper | 17 | deny-nolog ${HOME}/.kde4/share/apps/klipper |
18 | blacklist-nolog ${HOME}/.local/share/fish/fish_history | 18 | deny-nolog ${HOME}/.local/share/fish/fish_history |
19 | blacklist-nolog ${HOME}/.local/share/klipper | 19 | deny-nolog ${HOME}/.local/share/klipper |
20 | blacklist-nolog ${HOME}/.macromedia | 20 | deny-nolog ${HOME}/.macromedia |
21 | blacklist-nolog ${HOME}/.mupdf.history | 21 | deny-nolog ${HOME}/.mupdf.history |
22 | blacklist-nolog ${HOME}/.python-history | 22 | deny-nolog ${HOME}/.python-history |
23 | blacklist-nolog ${HOME}/.python_history | 23 | deny-nolog ${HOME}/.python_history |
24 | blacklist-nolog ${HOME}/.pythonhist | 24 | deny-nolog ${HOME}/.pythonhist |
25 | blacklist-nolog ${HOME}/.lesshst | 25 | deny-nolog ${HOME}/.lesshst |
26 | blacklist-nolog ${HOME}/.viminfo | 26 | deny-nolog ${HOME}/.viminfo |
27 | blacklist-nolog /tmp/clipmenu* | 27 | deny-nolog /tmp/clipmenu* |
28 | 28 | ||
29 | # X11 session autostart | 29 | # X11 session autostart |
30 | # blacklist ${HOME}/.xpra - this will kill --x11=xpra cmdline option for all programs | 30 | # blacklist ${HOME}/.xpra - this will kill --x11=xpra cmdline option for all programs |
31 | blacklist ${HOME}/.Xsession | 31 | deny ${HOME}/.Xsession |
32 | blacklist ${HOME}/.blackbox | 32 | deny ${HOME}/.blackbox |
33 | blacklist ${HOME}/.config/autostart | 33 | deny ${HOME}/.config/autostart |
34 | blacklist ${HOME}/.config/autostart-scripts | 34 | deny ${HOME}/.config/autostart-scripts |
35 | blacklist ${HOME}/.config/awesome | 35 | deny ${HOME}/.config/awesome |
36 | blacklist ${HOME}/.config/i3 | 36 | deny ${HOME}/.config/i3 |
37 | blacklist ${HOME}/.config/sway | 37 | deny ${HOME}/.config/sway |
38 | blacklist ${HOME}/.config/lxsession/LXDE/autostart | 38 | deny ${HOME}/.config/lxsession/LXDE/autostart |
39 | blacklist ${HOME}/.config/openbox | 39 | deny ${HOME}/.config/openbox |
40 | blacklist ${HOME}/.config/plasma-workspace | 40 | deny ${HOME}/.config/plasma-workspace |
41 | blacklist ${HOME}/.config/startupconfig | 41 | deny ${HOME}/.config/startupconfig |
42 | blacklist ${HOME}/.config/startupconfigkeys | 42 | deny ${HOME}/.config/startupconfigkeys |
43 | blacklist ${HOME}/.fluxbox | 43 | deny ${HOME}/.fluxbox |
44 | blacklist ${HOME}/.gnomerc | 44 | deny ${HOME}/.gnomerc |
45 | blacklist ${HOME}/.kde/Autostart | 45 | deny ${HOME}/.kde/Autostart |
46 | blacklist ${HOME}/.kde/env | 46 | deny ${HOME}/.kde/env |
47 | blacklist ${HOME}/.kde/share/autostart | 47 | deny ${HOME}/.kde/share/autostart |
48 | blacklist ${HOME}/.kde/share/config/startupconfig | 48 | deny ${HOME}/.kde/share/config/startupconfig |
49 | blacklist ${HOME}/.kde/share/config/startupconfigkeys | 49 | deny ${HOME}/.kde/share/config/startupconfigkeys |
50 | blacklist ${HOME}/.kde/shutdown | 50 | deny ${HOME}/.kde/shutdown |
51 | blacklist ${HOME}/.kde4/env | 51 | deny ${HOME}/.kde4/env |
52 | blacklist ${HOME}/.kde4/Autostart | 52 | deny ${HOME}/.kde4/Autostart |
53 | blacklist ${HOME}/.kde4/share/autostart | 53 | deny ${HOME}/.kde4/share/autostart |
54 | blacklist ${HOME}/.kde4/shutdown | 54 | deny ${HOME}/.kde4/shutdown |
55 | blacklist ${HOME}/.kde4/share/config/startupconfig | 55 | deny ${HOME}/.kde4/share/config/startupconfig |
56 | blacklist ${HOME}/.kde4/share/config/startupconfigkeys | 56 | deny ${HOME}/.kde4/share/config/startupconfigkeys |
57 | blacklist ${HOME}/.local/share/autostart | 57 | deny ${HOME}/.local/share/autostart |
58 | blacklist ${HOME}/.xinitrc | 58 | deny ${HOME}/.xinitrc |
59 | blacklist ${HOME}/.xprofile | 59 | deny ${HOME}/.xprofile |
60 | blacklist ${HOME}/.xserverrc | 60 | deny ${HOME}/.xserverrc |
61 | blacklist ${HOME}/.xsession | 61 | deny ${HOME}/.xsession |
62 | blacklist ${HOME}/.xsessionrc | 62 | deny ${HOME}/.xsessionrc |
63 | blacklist /etc/X11/Xsession.d | 63 | deny /etc/X11/Xsession.d |
64 | blacklist /etc/xdg/autostart | 64 | deny /etc/xdg/autostart |
65 | read-only ${HOME}/.Xauthority | 65 | read-only ${HOME}/.Xauthority |
66 | 66 | ||
67 | # Session manager | 67 | # Session manager |
@@ -70,46 +70,46 @@ read-only ${HOME}/.Xauthority | |||
70 | #?HAS_X11: blacklist /tmp/.ICE-unix | 70 | #?HAS_X11: blacklist /tmp/.ICE-unix |
71 | 71 | ||
72 | # KDE config | 72 | # KDE config |
73 | blacklist ${HOME}/.cache/konsole | 73 | deny ${HOME}/.cache/konsole |
74 | blacklist ${HOME}/.config/khotkeysrc | 74 | deny ${HOME}/.config/khotkeysrc |
75 | blacklist ${HOME}/.config/krunnerrc | 75 | deny ${HOME}/.config/krunnerrc |
76 | blacklist ${HOME}/.config/kscreenlockerrc | 76 | deny ${HOME}/.config/kscreenlockerrc |
77 | blacklist ${HOME}/.config/ksslcertificatemanager | 77 | deny ${HOME}/.config/ksslcertificatemanager |
78 | blacklist ${HOME}/.config/kwalletrc | 78 | deny ${HOME}/.config/kwalletrc |
79 | blacklist ${HOME}/.config/kwinrc | 79 | deny ${HOME}/.config/kwinrc |
80 | blacklist ${HOME}/.config/kwinrulesrc | 80 | deny ${HOME}/.config/kwinrulesrc |
81 | blacklist ${HOME}/.config/plasma-locale-settings.sh | 81 | deny ${HOME}/.config/plasma-locale-settings.sh |
82 | blacklist ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc | 82 | deny ${HOME}/.config/plasma-org.kde.plasma.desktop-appletsrc |
83 | blacklist ${HOME}/.config/plasmashellrc | 83 | deny ${HOME}/.config/plasmashellrc |
84 | blacklist ${HOME}/.config/plasmavaultrc | 84 | deny ${HOME}/.config/plasmavaultrc |
85 | blacklist ${HOME}/.kde/share/apps/kwin | 85 | deny ${HOME}/.kde/share/apps/kwin |
86 | blacklist ${HOME}/.kde/share/apps/plasma | 86 | deny ${HOME}/.kde/share/apps/plasma |
87 | blacklist ${HOME}/.kde/share/apps/solid | 87 | deny ${HOME}/.kde/share/apps/solid |
88 | blacklist ${HOME}/.kde/share/config/khotkeysrc | 88 | deny ${HOME}/.kde/share/config/khotkeysrc |
89 | blacklist ${HOME}/.kde/share/config/krunnerrc | 89 | deny ${HOME}/.kde/share/config/krunnerrc |
90 | blacklist ${HOME}/.kde/share/config/kscreensaverrc | 90 | deny ${HOME}/.kde/share/config/kscreensaverrc |
91 | blacklist ${HOME}/.kde/share/config/ksslcertificatemanager | 91 | deny ${HOME}/.kde/share/config/ksslcertificatemanager |
92 | blacklist ${HOME}/.kde/share/config/kwalletrc | 92 | deny ${HOME}/.kde/share/config/kwalletrc |
93 | blacklist ${HOME}/.kde/share/config/kwinrc | 93 | deny ${HOME}/.kde/share/config/kwinrc |
94 | blacklist ${HOME}/.kde/share/config/kwinrulesrc | 94 | deny ${HOME}/.kde/share/config/kwinrulesrc |
95 | blacklist ${HOME}/.kde/share/config/plasma-desktop-appletsrc | 95 | deny ${HOME}/.kde/share/config/plasma-desktop-appletsrc |
96 | blacklist ${HOME}/.kde4/share/apps/kwin | 96 | deny ${HOME}/.kde4/share/apps/kwin |
97 | blacklist ${HOME}/.kde4/share/apps/plasma | 97 | deny ${HOME}/.kde4/share/apps/plasma |
98 | blacklist ${HOME}/.kde4/share/apps/solid | 98 | deny ${HOME}/.kde4/share/apps/solid |
99 | blacklist ${HOME}/.kde4/share/config/khotkeysrc | 99 | deny ${HOME}/.kde4/share/config/khotkeysrc |
100 | blacklist ${HOME}/.kde4/share/config/krunnerrc | 100 | deny ${HOME}/.kde4/share/config/krunnerrc |
101 | blacklist ${HOME}/.kde4/share/config/kscreensaverrc | 101 | deny ${HOME}/.kde4/share/config/kscreensaverrc |
102 | blacklist ${HOME}/.kde4/share/config/ksslcertificatemanager | 102 | deny ${HOME}/.kde4/share/config/ksslcertificatemanager |
103 | blacklist ${HOME}/.kde4/share/config/kwalletrc | 103 | deny ${HOME}/.kde4/share/config/kwalletrc |
104 | blacklist ${HOME}/.kde4/share/config/kwinrc | 104 | deny ${HOME}/.kde4/share/config/kwinrc |
105 | blacklist ${HOME}/.kde4/share/config/kwinrulesrc | 105 | deny ${HOME}/.kde4/share/config/kwinrulesrc |
106 | blacklist ${HOME}/.kde4/share/config/plasma-desktop-appletsrc | 106 | deny ${HOME}/.kde4/share/config/plasma-desktop-appletsrc |
107 | blacklist ${HOME}/.local/share/kglobalaccel | 107 | deny ${HOME}/.local/share/kglobalaccel |
108 | blacklist ${HOME}/.local/share/kwin | 108 | deny ${HOME}/.local/share/kwin |
109 | blacklist ${HOME}/.local/share/plasma | 109 | deny ${HOME}/.local/share/plasma |
110 | blacklist ${HOME}/.local/share/plasmashell | 110 | deny ${HOME}/.local/share/plasmashell |
111 | blacklist ${HOME}/.local/share/solid | 111 | deny ${HOME}/.local/share/solid |
112 | blacklist /tmp/konsole-*.history | 112 | deny /tmp/konsole-*.history |
113 | read-only ${HOME}/.cache/ksycoca5_* | 113 | read-only ${HOME}/.cache/ksycoca5_* |
114 | read-only ${HOME}/.config/*notifyrc | 114 | read-only ${HOME}/.config/*notifyrc |
115 | read-only ${HOME}/.config/kdeglobals | 115 | read-only ${HOME}/.config/kdeglobals |
@@ -138,124 +138,139 @@ read-only ${HOME}/.local/share/kservices5 | |||
138 | read-only ${HOME}/.local/share/kssl | 138 | read-only ${HOME}/.local/share/kssl |
139 | 139 | ||
140 | # KDE sockets | 140 | # KDE sockets |
141 | blacklist ${RUNUSER}/*.slave-socket | 141 | deny ${RUNUSER}/*.slave-socket |
142 | blacklist ${RUNUSER}/kdeinit5__* | 142 | deny ${RUNUSER}/kdeinit5__* |
143 | blacklist ${RUNUSER}/kdesud_* | 143 | deny ${RUNUSER}/kdesud_* |
144 | # see #3358 | 144 | # see #3358 |
145 | #?HAS_NODBUS: blacklist ${RUNUSER}/ksocket-* | 145 | #?HAS_NODBUS: blacklist ${RUNUSER}/ksocket-* |
146 | #?HAS_NODBUS: blacklist /tmp/ksocket-* | 146 | #?HAS_NODBUS: blacklist /tmp/ksocket-* |
147 | 147 | ||
148 | # gnome | 148 | # gnome |
149 | # contains extensions, last used times of applications, and notifications | 149 | # contains extensions, last used times of applications, and notifications |
150 | blacklist ${HOME}/.local/share/gnome-shell | 150 | deny ${HOME}/.local/share/gnome-shell |
151 | # contains recently used files and serials of static/removable storage | 151 | # contains recently used files and serials of static/removable storage |
152 | blacklist ${HOME}/.local/share/gvfs-metadata | 152 | deny ${HOME}/.local/share/gvfs-metadata |
153 | # no direct modification of dconf database | 153 | # no direct modification of dconf database |
154 | read-only ${HOME}/.config/dconf | 154 | read-only ${HOME}/.config/dconf |
155 | blacklist ${RUNUSER}/gnome-session-leader-fifo | 155 | deny ${RUNUSER}/gnome-session-leader-fifo |
156 | blacklist ${RUNUSER}/gnome-shell | 156 | deny ${RUNUSER}/gnome-shell |
157 | blacklist ${RUNUSER}/gsconnect | 157 | deny ${RUNUSER}/gsconnect |
158 | 158 | ||
159 | # systemd | 159 | # systemd |
160 | blacklist ${HOME}/.config/systemd | 160 | deny ${HOME}/.config/systemd |
161 | blacklist ${HOME}/.local/share/systemd | 161 | deny ${HOME}/.local/share/systemd |
162 | blacklist /var/lib/systemd | 162 | deny /var/lib/systemd |
163 | blacklist ${PATH}/systemd-run | 163 | deny ${PATH}/systemd-run |
164 | blacklist ${RUNUSER}/systemd | 164 | deny ${RUNUSER}/systemd |
165 | deny ${PATH}/systemctl | ||
166 | deny /etc/systemd/system | ||
167 | deny /etc/systemd/network | ||
165 | # creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf | 168 | # creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf |
166 | #blacklist /var/run/systemd | 169 | #blacklist /var/run/systemd |
167 | 170 | ||
168 | # openrc | 171 | # openrc |
169 | blacklist /etc/runlevels/ | 172 | deny /etc/runlevels/ |
170 | blacklist /etc/init.d/ | 173 | deny /etc/init.d/ |
171 | blacklist /etc/rc.conf | 174 | deny /etc/rc.conf |
172 | 175 | ||
173 | # VirtualBox | 176 | # VirtualBox |
174 | blacklist ${HOME}/.VirtualBox | 177 | deny ${HOME}/.VirtualBox |
175 | blacklist ${HOME}/.config/VirtualBox | 178 | deny ${HOME}/.config/VirtualBox |
176 | blacklist ${HOME}/VirtualBox VMs | 179 | deny ${HOME}/VirtualBox VMs |
177 | 180 | ||
178 | # GNOME Boxes | 181 | # GNOME Boxes |
179 | blacklist ${HOME}/.config/gnome-boxes | 182 | deny ${HOME}/.config/gnome-boxes |
180 | blacklist ${HOME}/.local/share/gnome-boxes | 183 | deny ${HOME}/.local/share/gnome-boxes |
181 | 184 | ||
182 | # libvirt | 185 | # libvirt |
183 | blacklist ${HOME}/.cache/libvirt | 186 | deny ${HOME}/.cache/libvirt |
184 | blacklist ${HOME}/.config/libvirt | 187 | deny ${HOME}/.config/libvirt |
185 | blacklist ${RUNUSER}/libvirt | 188 | deny ${RUNUSER}/libvirt |
186 | blacklist /var/cache/libvirt | 189 | deny /var/cache/libvirt |
187 | blacklist /var/lib/libvirt | 190 | deny /var/lib/libvirt |
188 | blacklist /var/log/libvirt | 191 | deny /var/log/libvirt |
189 | 192 | ||
190 | # OCI-Containers / Podman | 193 | # OCI-Containers / Podman |
191 | blacklist ${RUNUSER}/containers | 194 | deny ${RUNUSER}/containers |
192 | blacklist ${RUNUSER}/crun | 195 | deny ${RUNUSER}/crun |
193 | blacklist ${RUNUSER}/libpod | 196 | deny ${RUNUSER}/libpod |
194 | blacklist ${RUNUSER}/runc | 197 | deny ${RUNUSER}/runc |
195 | blacklist ${RUNUSER}/toolbox | 198 | deny ${RUNUSER}/toolbox |
196 | 199 | ||
197 | # VeraCrypt | 200 | # VeraCrypt |
198 | blacklist ${HOME}/.VeraCrypt | 201 | deny ${HOME}/.VeraCrypt |
199 | blacklist ${PATH}/veracrypt | 202 | deny ${PATH}/veracrypt |
200 | blacklist ${PATH}/veracrypt-uninstall.sh | 203 | deny ${PATH}/veracrypt-uninstall.sh |
201 | blacklist /usr/share/applications/veracrypt.* | 204 | deny /usr/share/applications/veracrypt.* |
202 | blacklist /usr/share/pixmaps/veracrypt.* | 205 | deny /usr/share/pixmaps/veracrypt.* |
203 | blacklist /usr/share/veracrypt | 206 | deny /usr/share/veracrypt |
204 | 207 | ||
205 | # TrueCrypt | 208 | # TrueCrypt |
206 | blacklist ${HOME}/.TrueCrypt | 209 | deny ${HOME}/.TrueCrypt |
207 | blacklist ${PATH}/truecrypt | 210 | deny ${PATH}/truecrypt |
208 | blacklist ${PATH}/truecrypt-uninstall.sh | 211 | deny ${PATH}/truecrypt-uninstall.sh |
209 | blacklist /usr/share/applications/truecrypt.* | 212 | deny /usr/share/applications/truecrypt.* |
210 | blacklist /usr/share/pixmaps/truecrypt.* | 213 | deny /usr/share/pixmaps/truecrypt.* |
211 | blacklist /usr/share/truecrypt | 214 | deny /usr/share/truecrypt |
212 | 215 | ||
213 | # zuluCrypt | 216 | # zuluCrypt |
214 | blacklist ${HOME}/.zuluCrypt | 217 | deny ${HOME}/.zuluCrypt |
215 | blacklist ${HOME}/.zuluCrypt-socket | 218 | deny ${HOME}/.zuluCrypt-socket |
216 | blacklist ${PATH}/zuluCrypt-cli | 219 | deny ${PATH}/zuluCrypt-cli |
217 | blacklist ${PATH}/zuluMount-cli | 220 | deny ${PATH}/zuluMount-cli |
218 | 221 | ||
219 | # var | 222 | # var |
220 | blacklist /var/cache/apt | 223 | deny /var/cache/apt |
221 | blacklist /var/cache/pacman | 224 | deny /var/cache/pacman |
222 | blacklist /var/lib/apt | 225 | deny /var/lib/apt |
223 | blacklist /var/lib/clamav | 226 | deny /var/lib/clamav |
224 | blacklist /var/lib/dkms | 227 | deny /var/lib/dkms |
225 | blacklist /var/lib/mysql/mysql.sock | 228 | deny /var/lib/mysql/mysql.sock |
226 | blacklist /var/lib/mysqld/mysql.sock | 229 | deny /var/lib/mysqld/mysql.sock |
227 | blacklist /var/lib/pacman | 230 | deny /var/lib/pacman |
228 | blacklist /var/lib/upower | 231 | deny /var/lib/upower |
229 | # blacklist /var/log - a virtual /var/log directory (mostly empty) is build up by default for | 232 | # blacklist /var/log - a virtual /var/log directory (mostly empty) is build up by default for |
230 | # every sandbox, unless --writable-var-log switch is activated | 233 | # every sandbox, unless --writable-var-log switch is activated |
231 | blacklist /var/mail | 234 | deny /var/mail |
232 | blacklist /var/opt | 235 | deny /var/opt |
233 | blacklist /var/run/acpid.socket | 236 | deny /var/run/acpid.socket |
234 | blacklist /var/run/docker.sock | 237 | deny /var/run/docker.sock |
235 | blacklist /var/run/minissdpd.sock | 238 | deny /var/run/minissdpd.sock |
236 | blacklist /var/run/mysql/mysqld.sock | 239 | deny /var/run/mysql/mysqld.sock |
237 | blacklist /var/run/mysqld/mysqld.sock | 240 | deny /var/run/mysqld/mysqld.sock |
238 | blacklist /var/run/rpcbind.sock | 241 | deny /var/run/rpcbind.sock |
239 | blacklist /var/run/screens | 242 | deny /var/run/screens |
240 | blacklist /var/spool/anacron | 243 | deny /var/spool/anacron |
241 | blacklist /var/spool/cron | 244 | deny /var/spool/cron |
242 | blacklist /var/spool/mail | 245 | deny /var/spool/mail |
243 | 246 | ||
244 | # etc | 247 | # etc |
245 | blacklist /etc/anacrontab | 248 | deny /etc/anacrontab |
246 | blacklist /etc/cron* | 249 | deny /etc/cron* |
247 | blacklist /etc/profile.d | 250 | deny /etc/profile.d |
248 | blacklist /etc/rc.local | 251 | deny /etc/rc.local |
249 | # rc1.d, rc2.d, ... | 252 | # rc1.d, rc2.d, ... |
250 | blacklist /etc/rc?.d | 253 | deny /etc/rc?.d |
251 | blacklist /etc/kernel* | 254 | deny /etc/kernel* |
252 | blacklist /etc/grub* | 255 | deny /etc/grub* |
253 | blacklist /etc/dkms | 256 | deny /etc/dkms |
254 | blacklist /etc/apparmor* | 257 | deny /etc/apparmor* |
255 | blacklist /etc/selinux | 258 | deny /etc/selinux |
256 | blacklist /etc/modules* | 259 | deny /etc/modules* |
257 | blacklist /etc/logrotate* | 260 | deny /etc/logrotate* |
258 | blacklist /etc/adduser.conf | 261 | deny /etc/adduser.conf |
262 | |||
263 | # hide config for various intrusion detection systems | ||
264 | deny /etc/rkhunter.conf | ||
265 | deny /var/lib/rkhunter | ||
266 | deny /etc/chkrootkit.conf | ||
267 | deny /etc/lynis | ||
268 | deny /etc/aide | ||
269 | deny /etc/logcheck | ||
270 | deny /etc/tripwire | ||
271 | deny /etc/snort | ||
272 | deny /etc/fail2ban.conf | ||
273 | deny /etc/suricata | ||
259 | 274 | ||
260 | # Startup files | 275 | # Startup files |
261 | read-only ${HOME}/.antigen | 276 | read-only ${HOME}/.antigen |
@@ -292,13 +307,13 @@ read-only ${HOME}/.zshrc | |||
292 | read-only ${HOME}/.zshrc.local | 307 | read-only ${HOME}/.zshrc.local |
293 | 308 | ||
294 | # Remote access | 309 | # Remote access |
295 | blacklist ${HOME}/.rhosts | 310 | deny ${HOME}/.rhosts |
296 | blacklist ${HOME}/.shosts | 311 | deny ${HOME}/.shosts |
297 | blacklist ${HOME}/.ssh/authorized_keys | 312 | deny ${HOME}/.ssh/authorized_keys |
298 | blacklist ${HOME}/.ssh/authorized_keys2 | 313 | deny ${HOME}/.ssh/authorized_keys2 |
299 | blacklist ${HOME}/.ssh/environment | 314 | deny ${HOME}/.ssh/environment |
300 | blacklist ${HOME}/.ssh/rc | 315 | deny ${HOME}/.ssh/rc |
301 | blacklist /etc/hosts.equiv | 316 | deny /etc/hosts.equiv |
302 | read-only ${HOME}/.ssh/config | 317 | read-only ${HOME}/.ssh/config |
303 | read-only ${HOME}/.ssh/config.d | 318 | read-only ${HOME}/.ssh/config.d |
304 | 319 | ||
@@ -359,200 +374,200 @@ read-only ${HOME}/.local/share/mime | |||
359 | read-only ${HOME}/.local/share/thumbnailers | 374 | read-only ${HOME}/.local/share/thumbnailers |
360 | 375 | ||
361 | # prevent access to ssh-agent | 376 | # prevent access to ssh-agent |
362 | blacklist /tmp/ssh-* | 377 | deny /tmp/ssh-* |
363 | 378 | ||
364 | # top secret | 379 | # top secret |
365 | blacklist ${HOME}/*.kdb | 380 | deny ${HOME}/*.kdb |
366 | blacklist ${HOME}/*.kdbx | 381 | deny ${HOME}/*.kdbx |
367 | blacklist ${HOME}/*.key | 382 | deny ${HOME}/*.key |
368 | blacklist ${HOME}/.Private | 383 | deny ${HOME}/.Private |
369 | blacklist ${HOME}/.caff | 384 | deny ${HOME}/.caff |
370 | blacklist ${HOME}/.cargo/credentials | 385 | deny ${HOME}/.cargo/credentials |
371 | blacklist ${HOME}/.cargo/credentials.toml | 386 | deny ${HOME}/.cargo/credentials.toml |
372 | blacklist ${HOME}/.cert | 387 | deny ${HOME}/.cert |
373 | blacklist ${HOME}/.config/keybase | 388 | deny ${HOME}/.config/keybase |
374 | blacklist ${HOME}/.davfs2/secrets | 389 | deny ${HOME}/.davfs2/secrets |
375 | blacklist ${HOME}/.ecryptfs | 390 | deny ${HOME}/.ecryptfs |
376 | blacklist ${HOME}/.fetchmailrc | 391 | deny ${HOME}/.fetchmailrc |
377 | blacklist ${HOME}/.fscrypt | 392 | deny ${HOME}/.fscrypt |
378 | blacklist ${HOME}/.git-credential-cache | 393 | deny ${HOME}/.git-credential-cache |
379 | blacklist ${HOME}/.git-credentials | 394 | deny ${HOME}/.git-credentials |
380 | blacklist ${HOME}/.gnome2/keyrings | 395 | deny ${HOME}/.gnome2/keyrings |
381 | blacklist ${HOME}/.gnupg | 396 | deny ${HOME}/.gnupg |
382 | blacklist ${HOME}/.config/hub | 397 | deny ${HOME}/.config/hub |
383 | blacklist ${HOME}/.kde/share/apps/kwallet | 398 | deny ${HOME}/.kde/share/apps/kwallet |
384 | blacklist ${HOME}/.kde4/share/apps/kwallet | 399 | deny ${HOME}/.kde4/share/apps/kwallet |
385 | blacklist ${HOME}/.local/share/keyrings | 400 | deny ${HOME}/.local/share/keyrings |
386 | blacklist ${HOME}/.local/share/kwalletd | 401 | deny ${HOME}/.local/share/kwalletd |
387 | blacklist ${HOME}/.local/share/plasma-vault | 402 | deny ${HOME}/.local/share/plasma-vault |
388 | blacklist ${HOME}/.msmtprc | 403 | deny ${HOME}/.msmtprc |
389 | blacklist ${HOME}/.mutt | 404 | deny ${HOME}/.mutt |
390 | blacklist ${HOME}/.muttrc | 405 | deny ${HOME}/.muttrc |
391 | blacklist ${HOME}/.netrc | 406 | deny ${HOME}/.netrc |
392 | blacklist ${HOME}/.nyx | 407 | deny ${HOME}/.nyx |
393 | blacklist ${HOME}/.pki | 408 | deny ${HOME}/.pki |
394 | blacklist ${HOME}/.local/share/pki | 409 | deny ${HOME}/.local/share/pki |
395 | blacklist ${HOME}/.smbcredentials | 410 | deny ${HOME}/.smbcredentials |
396 | blacklist ${HOME}/.ssh | 411 | deny ${HOME}/.ssh |
397 | blacklist ${HOME}/.vaults | 412 | deny ${HOME}/.vaults |
398 | blacklist /.fscrypt | 413 | deny /.fscrypt |
399 | blacklist /etc/davfs2/secrets | 414 | deny /etc/davfs2/secrets |
400 | blacklist /etc/group+ | 415 | deny /etc/group+ |
401 | blacklist /etc/group- | 416 | deny /etc/group- |
402 | blacklist /etc/gshadow | 417 | deny /etc/gshadow |
403 | blacklist /etc/gshadow+ | 418 | deny /etc/gshadow+ |
404 | blacklist /etc/gshadow- | 419 | deny /etc/gshadow- |
405 | blacklist /etc/passwd+ | 420 | deny /etc/passwd+ |
406 | blacklist /etc/passwd- | 421 | deny /etc/passwd- |
407 | blacklist /etc/shadow | 422 | deny /etc/shadow |
408 | blacklist /etc/shadow+ | 423 | deny /etc/shadow+ |
409 | blacklist /etc/shadow- | 424 | deny /etc/shadow- |
410 | blacklist /etc/ssh | 425 | deny /etc/ssh |
411 | blacklist /etc/ssh/* | 426 | deny /etc/ssh/* |
412 | blacklist /home/.ecryptfs | 427 | deny /home/.ecryptfs |
413 | blacklist /home/.fscrypt | 428 | deny /home/.fscrypt |
414 | blacklist /var/backup | 429 | deny /var/backup |
415 | 430 | ||
416 | # cloud provider configuration | 431 | # cloud provider configuration |
417 | blacklist ${HOME}/.aws | 432 | deny ${HOME}/.aws |
418 | blacklist ${HOME}/.boto | 433 | deny ${HOME}/.boto |
419 | blacklist ${HOME}/.config/gcloud | 434 | deny ${HOME}/.config/gcloud |
420 | blacklist ${HOME}/.kube | 435 | deny ${HOME}/.kube |
421 | blacklist ${HOME}/.passwd-s3fs | 436 | deny ${HOME}/.passwd-s3fs |
422 | blacklist ${HOME}/.s3cmd | 437 | deny ${HOME}/.s3cmd |
423 | blacklist /etc/boto.cfg | 438 | deny /etc/boto.cfg |
424 | 439 | ||
425 | # system directories | 440 | # system directories |
426 | blacklist /sbin | 441 | deny /sbin |
427 | blacklist /usr/local/sbin | 442 | deny /usr/local/sbin |
428 | blacklist /usr/sbin | 443 | deny /usr/sbin |
429 | 444 | ||
430 | # system management | 445 | # system management |
431 | blacklist ${PATH}/at | 446 | deny ${PATH}/at |
432 | blacklist ${PATH}/busybox | 447 | deny ${PATH}/busybox |
433 | blacklist ${PATH}/chage | 448 | deny ${PATH}/chage |
434 | blacklist ${PATH}/chfn | 449 | deny ${PATH}/chfn |
435 | blacklist ${PATH}/chsh | 450 | deny ${PATH}/chsh |
436 | blacklist ${PATH}/crontab | 451 | deny ${PATH}/crontab |
437 | blacklist ${PATH}/evtest | 452 | deny ${PATH}/evtest |
438 | blacklist ${PATH}/expiry | 453 | deny ${PATH}/expiry |
439 | blacklist ${PATH}/fusermount | 454 | deny ${PATH}/fusermount |
440 | blacklist ${PATH}/gksu | 455 | deny ${PATH}/gksu |
441 | blacklist ${PATH}/gksudo | 456 | deny ${PATH}/gksudo |
442 | blacklist ${PATH}/gpasswd | 457 | deny ${PATH}/gpasswd |
443 | blacklist ${PATH}/kdesudo | 458 | deny ${PATH}/kdesudo |
444 | blacklist ${PATH}/ksu | 459 | deny ${PATH}/ksu |
445 | blacklist ${PATH}/mount | 460 | deny ${PATH}/mount |
446 | blacklist ${PATH}/mount.ecryptfs_private | 461 | deny ${PATH}/mount.ecryptfs_private |
447 | blacklist ${PATH}/nc | 462 | deny ${PATH}/nc |
448 | blacklist ${PATH}/ncat | 463 | deny ${PATH}/ncat |
449 | blacklist ${PATH}/nmap | 464 | deny ${PATH}/nmap |
450 | blacklist ${PATH}/newgidmap | 465 | deny ${PATH}/newgidmap |
451 | blacklist ${PATH}/newgrp | 466 | deny ${PATH}/newgrp |
452 | blacklist ${PATH}/newuidmap | 467 | deny ${PATH}/newuidmap |
453 | blacklist ${PATH}/ntfs-3g | 468 | deny ${PATH}/ntfs-3g |
454 | blacklist ${PATH}/pkexec | 469 | deny ${PATH}/pkexec |
455 | blacklist ${PATH}/procmail | 470 | deny ${PATH}/procmail |
456 | blacklist ${PATH}/sg | 471 | deny ${PATH}/sg |
457 | blacklist ${PATH}/strace | 472 | deny ${PATH}/strace |
458 | blacklist ${PATH}/su | 473 | deny ${PATH}/su |
459 | blacklist ${PATH}/sudo | 474 | deny ${PATH}/sudo |
460 | blacklist ${PATH}/tcpdump | 475 | deny ${PATH}/tcpdump |
461 | blacklist ${PATH}/umount | 476 | deny ${PATH}/umount |
462 | blacklist ${PATH}/unix_chkpwd | 477 | deny ${PATH}/unix_chkpwd |
463 | blacklist ${PATH}/xev | 478 | deny ${PATH}/xev |
464 | blacklist ${PATH}/xinput | 479 | deny ${PATH}/xinput |
465 | 480 | ||
466 | # other SUID binaries | 481 | # other SUID binaries |
467 | blacklist /usr/lib/virtualbox | 482 | deny /usr/lib/virtualbox |
468 | blacklist /usr/lib64/virtualbox | 483 | deny /usr/lib64/virtualbox |
469 | 484 | ||
470 | # prevent lxterminal connecting to an existing lxterminal session | 485 | # prevent lxterminal connecting to an existing lxterminal session |
471 | blacklist /tmp/.lxterminal-socket* | 486 | deny /tmp/.lxterminal-socket* |
472 | # prevent tmux connecting to an existing session | 487 | # prevent tmux connecting to an existing session |
473 | blacklist /tmp/tmux-* | 488 | deny /tmp/tmux-* |
474 | 489 | ||
475 | # disable terminals running as server resulting in sandbox escape | 490 | # disable terminals running as server resulting in sandbox escape |
476 | blacklist ${PATH}/lxterminal | 491 | deny ${PATH}/lxterminal |
477 | blacklist ${PATH}/gnome-terminal | 492 | deny ${PATH}/gnome-terminal |
478 | blacklist ${PATH}/gnome-terminal.wrapper | 493 | deny ${PATH}/gnome-terminal.wrapper |
479 | blacklist ${PATH}/lilyterm | 494 | deny ${PATH}/lilyterm |
480 | blacklist ${PATH}/mate-terminal | 495 | deny ${PATH}/mate-terminal |
481 | blacklist ${PATH}/mate-terminal.wrapper | 496 | deny ${PATH}/mate-terminal.wrapper |
482 | blacklist ${PATH}/pantheon-terminal | 497 | deny ${PATH}/pantheon-terminal |
483 | blacklist ${PATH}/roxterm | 498 | deny ${PATH}/roxterm |
484 | blacklist ${PATH}/roxterm-config | 499 | deny ${PATH}/roxterm-config |
485 | blacklist ${PATH}/terminix | 500 | deny ${PATH}/terminix |
486 | blacklist ${PATH}/tilix | 501 | deny ${PATH}/tilix |
487 | blacklist ${PATH}/urxvtc | 502 | deny ${PATH}/urxvtc |
488 | blacklist ${PATH}/urxvtcd | 503 | deny ${PATH}/urxvtcd |
489 | blacklist ${PATH}/xfce4-terminal | 504 | deny ${PATH}/xfce4-terminal |
490 | blacklist ${PATH}/xfce4-terminal.wrapper | 505 | deny ${PATH}/xfce4-terminal.wrapper |
491 | # blacklist ${PATH}/konsole | 506 | # blacklist ${PATH}/konsole |
492 | # konsole doesn't seem to have this problem - last tested on Ubuntu 16.04 | 507 | # konsole doesn't seem to have this problem - last tested on Ubuntu 16.04 |
493 | 508 | ||
494 | # kernel files | 509 | # kernel files |
495 | blacklist /initrd* | 510 | deny /initrd* |
496 | blacklist /vmlinuz* | 511 | deny /vmlinuz* |
497 | 512 | ||
498 | # snapshot files | 513 | # snapshot files |
499 | blacklist /.snapshots | 514 | deny /.snapshots |
500 | 515 | ||
501 | # flatpak | 516 | # flatpak |
502 | blacklist ${HOME}/.cache/flatpak | 517 | deny ${HOME}/.cache/flatpak |
503 | blacklist ${HOME}/.config/flatpak | 518 | deny ${HOME}/.config/flatpak |
504 | noblacklist ${HOME}/.local/share/flatpak/exports | 519 | nodeny ${HOME}/.local/share/flatpak/exports |
505 | read-only ${HOME}/.local/share/flatpak/exports | 520 | read-only ${HOME}/.local/share/flatpak/exports |
506 | blacklist ${HOME}/.local/share/flatpak/* | 521 | deny ${HOME}/.local/share/flatpak/* |
507 | blacklist ${HOME}/.var | 522 | deny ${HOME}/.var |
508 | blacklist ${RUNUSER}/app | 523 | deny ${RUNUSER}/app |
509 | blacklist ${RUNUSER}/doc | 524 | deny ${RUNUSER}/doc |
510 | blacklist ${RUNUSER}/.dbus-proxy | 525 | deny ${RUNUSER}/.dbus-proxy |
511 | blacklist ${RUNUSER}/.flatpak | 526 | deny ${RUNUSER}/.flatpak |
512 | blacklist ${RUNUSER}/.flatpak-cache | 527 | deny ${RUNUSER}/.flatpak-cache |
513 | blacklist ${RUNUSER}/.flatpak-helper | 528 | deny ${RUNUSER}/.flatpak-helper |
514 | blacklist /usr/share/flatpak | 529 | deny /usr/share/flatpak |
515 | noblacklist /var/lib/flatpak/exports | 530 | nodeny /var/lib/flatpak/exports |
516 | blacklist /var/lib/flatpak/* | 531 | deny /var/lib/flatpak/* |
517 | # most of the time bwrap is SUID binary | 532 | # most of the time bwrap is SUID binary |
518 | blacklist ${PATH}/bwrap | 533 | deny ${PATH}/bwrap |
519 | 534 | ||
520 | # snap | 535 | # snap |
521 | blacklist ${RUNUSER}/snapd-session-agent.socket | 536 | deny ${RUNUSER}/snapd-session-agent.socket |
522 | 537 | ||
523 | # mail directories used by mutt | 538 | # mail directories used by mutt |
524 | blacklist ${HOME}/.Mail | 539 | deny ${HOME}/.Mail |
525 | blacklist ${HOME}/.mail | 540 | deny ${HOME}/.mail |
526 | blacklist ${HOME}/.signature | 541 | deny ${HOME}/.signature |
527 | blacklist ${HOME}/Mail | 542 | deny ${HOME}/Mail |
528 | blacklist ${HOME}/mail | 543 | deny ${HOME}/mail |
529 | blacklist ${HOME}/postponed | 544 | deny ${HOME}/postponed |
530 | blacklist ${HOME}/sent | 545 | deny ${HOME}/sent |
531 | 546 | ||
532 | # kernel configuration | 547 | # kernel configuration |
533 | blacklist /proc/config.gz | 548 | deny /proc/config.gz |
534 | 549 | ||
535 | # prevent DNS malware attempting to communicate with the server | 550 | # prevent DNS malware attempting to communicate with the server |
536 | # using regular DNS tools | 551 | # using regular DNS tools |
537 | blacklist ${PATH}/dig | 552 | deny ${PATH}/dig |
538 | blacklist ${PATH}/dlint | 553 | deny ${PATH}/dlint |
539 | blacklist ${PATH}/dns2tcp | 554 | deny ${PATH}/dns2tcp |
540 | blacklist ${PATH}/dnssec-* | 555 | deny ${PATH}/dnssec-* |
541 | blacklist ${PATH}/dnswalk | 556 | deny ${PATH}/dnswalk |
542 | blacklist ${PATH}/drill | 557 | deny ${PATH}/drill |
543 | blacklist ${PATH}/host | 558 | deny ${PATH}/host |
544 | blacklist ${PATH}/iodine | 559 | deny ${PATH}/iodine |
545 | blacklist ${PATH}/kdig | 560 | deny ${PATH}/kdig |
546 | blacklist ${PATH}/khost | 561 | deny ${PATH}/khost |
547 | blacklist ${PATH}/knsupdate | 562 | deny ${PATH}/knsupdate |
548 | blacklist ${PATH}/ldns-* | 563 | deny ${PATH}/ldns-* |
549 | blacklist ${PATH}/ldnsd | 564 | deny ${PATH}/ldnsd |
550 | blacklist ${PATH}/nslookup | 565 | deny ${PATH}/nslookup |
551 | blacklist ${PATH}/resolvectl | 566 | deny ${PATH}/resolvectl |
552 | blacklist ${PATH}/unbound-host | 567 | deny ${PATH}/unbound-host |
553 | 568 | ||
554 | # rest of ${RUNUSER} | 569 | # rest of ${RUNUSER} |
555 | blacklist ${RUNUSER}/*.lock | 570 | deny ${RUNUSER}/*.lock |
556 | blacklist ${RUNUSER}/inaccessible | 571 | deny ${RUNUSER}/inaccessible |
557 | blacklist ${RUNUSER}/pk-debconf-socket | 572 | deny ${RUNUSER}/pk-debconf-socket |
558 | blacklist ${RUNUSER}/update-notifier.pid | 573 | deny ${RUNUSER}/update-notifier.pid |
diff --git a/etc/inc/disable-devel.inc b/etc/inc/disable-devel.inc index e74b1b40b..a893eb3f3 100644 --- a/etc/inc/disable-devel.inc +++ b/etc/inc/disable-devel.inc | |||
@@ -5,65 +5,65 @@ include disable-devel.local | |||
5 | # development tools | 5 | # development tools |
6 | 6 | ||
7 | # clang/llvm | 7 | # clang/llvm |
8 | blacklist ${PATH}/clang* | 8 | deny ${PATH}/clang* |
9 | blacklist ${PATH}/lldb* | 9 | deny ${PATH}/lldb* |
10 | blacklist ${PATH}/llvm* | 10 | deny ${PATH}/llvm* |
11 | # see issue #2106 - it disables hardware acceleration in Firefox on Radeon GPU | 11 | # see issue #2106 - it disables hardware acceleration in Firefox on Radeon GPU |
12 | # blacklist /usr/lib/llvm* | 12 | # blacklist /usr/lib/llvm* |
13 | 13 | ||
14 | # GCC | 14 | # GCC |
15 | blacklist ${PATH}/as | 15 | deny ${PATH}/as |
16 | blacklist ${PATH}/cc | 16 | deny ${PATH}/cc |
17 | blacklist ${PATH}/c++* | 17 | deny ${PATH}/c++* |
18 | blacklist ${PATH}/c8* | 18 | deny ${PATH}/c8* |
19 | blacklist ${PATH}/c9* | 19 | deny ${PATH}/c9* |
20 | blacklist ${PATH}/cpp* | 20 | deny ${PATH}/cpp* |
21 | blacklist ${PATH}/g++* | 21 | deny ${PATH}/g++* |
22 | blacklist ${PATH}/gcc* | 22 | deny ${PATH}/gcc* |
23 | blacklist ${PATH}/gdb | 23 | deny ${PATH}/gdb |
24 | blacklist ${PATH}/ld | 24 | deny ${PATH}/ld |
25 | blacklist ${PATH}/*-gcc* | 25 | deny ${PATH}/*-gcc* |
26 | blacklist ${PATH}/*-g++* | 26 | deny ${PATH}/*-g++* |
27 | blacklist ${PATH}/*-gcc* | 27 | deny ${PATH}/*-gcc* |
28 | blacklist ${PATH}/*-g++* | 28 | deny ${PATH}/*-g++* |
29 | # seems to create problems on Gentoo | 29 | # seems to create problems on Gentoo |
30 | #blacklist /usr/lib/gcc | 30 | #blacklist /usr/lib/gcc |
31 | 31 | ||
32 | #Go | 32 | #Go |
33 | blacklist ${PATH}/gccgo | 33 | deny ${PATH}/gccgo |
34 | blacklist ${PATH}/go | 34 | deny ${PATH}/go |
35 | blacklist ${PATH}/gofmt | 35 | deny ${PATH}/gofmt |
36 | 36 | ||
37 | # Java | 37 | # Java |
38 | blacklist ${PATH}/java | 38 | deny ${PATH}/java |
39 | blacklist ${PATH}/javac | 39 | deny ${PATH}/javac |
40 | blacklist /etc/java | 40 | deny /etc/java |
41 | blacklist /usr/lib/java | 41 | deny /usr/lib/java |
42 | blacklist /usr/share/java | 42 | deny /usr/share/java |
43 | 43 | ||
44 | #OpenSSL | 44 | #OpenSSL |
45 | blacklist ${PATH}/openssl | 45 | deny ${PATH}/openssl |
46 | blacklist ${PATH}/openssl-1.0 | 46 | deny ${PATH}/openssl-1.0 |
47 | 47 | ||
48 | #Rust | 48 | #Rust |
49 | blacklist ${PATH}/rust-gdb | 49 | deny ${PATH}/rust-gdb |
50 | blacklist ${PATH}/rust-lldb | 50 | deny ${PATH}/rust-lldb |
51 | blacklist ${PATH}/rustc | 51 | deny ${PATH}/rustc |
52 | blacklist ${HOME}/.rustup | 52 | deny ${HOME}/.rustup |
53 | 53 | ||
54 | # tcc - Tiny C Compiler | 54 | # tcc - Tiny C Compiler |
55 | blacklist ${PATH}/tcc | 55 | deny ${PATH}/tcc |
56 | blacklist ${PATH}/x86_64-tcc | 56 | deny ${PATH}/x86_64-tcc |
57 | blacklist /usr/lib/tcc | 57 | deny /usr/lib/tcc |
58 | 58 | ||
59 | # Valgrind | 59 | # Valgrind |
60 | blacklist ${PATH}/valgrind* | 60 | deny ${PATH}/valgrind* |
61 | blacklist /usr/lib/valgrind | 61 | deny /usr/lib/valgrind |
62 | 62 | ||
63 | 63 | ||
64 | # Source-Code | 64 | # Source-Code |
65 | 65 | ||
66 | blacklist /usr/src | 66 | deny /usr/src |
67 | blacklist /usr/local/src | 67 | deny /usr/local/src |
68 | blacklist /usr/include | 68 | deny /usr/include |
69 | blacklist /usr/local/include | 69 | deny /usr/local/include |
diff --git a/etc/inc/disable-interpreters.inc b/etc/inc/disable-interpreters.inc index 5d8a236fb..c77d9a490 100644 --- a/etc/inc/disable-interpreters.inc +++ b/etc/inc/disable-interpreters.inc | |||
@@ -3,66 +3,66 @@ | |||
3 | include disable-interpreters.local | 3 | include disable-interpreters.local |
4 | 4 | ||
5 | # gjs | 5 | # gjs |
6 | blacklist ${PATH}/gjs | 6 | deny ${PATH}/gjs |
7 | blacklist ${PATH}/gjs-console | 7 | deny ${PATH}/gjs-console |
8 | blacklist /usr/lib/gjs | 8 | deny /usr/lib/gjs |
9 | blacklist /usr/lib/libgjs* | 9 | deny /usr/lib/libgjs* |
10 | blacklist /usr/lib64/gjs | 10 | deny /usr/lib64/gjs |
11 | blacklist /usr/lib64/libgjs* | 11 | deny /usr/lib64/libgjs* |
12 | 12 | ||
13 | # Lua | 13 | # Lua |
14 | blacklist ${PATH}/lua* | 14 | deny ${PATH}/lua* |
15 | blacklist /usr/include/lua* | 15 | deny /usr/include/lua* |
16 | blacklist /usr/lib/liblua* | 16 | deny /usr/lib/liblua* |
17 | blacklist /usr/lib/lua | 17 | deny /usr/lib/lua |
18 | blacklist /usr/lib64/liblua* | 18 | deny /usr/lib64/liblua* |
19 | blacklist /usr/lib64/lua | 19 | deny /usr/lib64/lua |
20 | blacklist /usr/share/lua* | 20 | deny /usr/share/lua* |
21 | 21 | ||
22 | # mozjs | 22 | # mozjs |
23 | blacklist /usr/lib/libmozjs-* | 23 | deny /usr/lib/libmozjs-* |
24 | blacklist /usr/lib64/libmozjs-* | 24 | deny /usr/lib64/libmozjs-* |
25 | 25 | ||
26 | # Node.js | 26 | # Node.js |
27 | blacklist ${PATH}/node | 27 | deny ${PATH}/node |
28 | blacklist /usr/include/node | 28 | deny /usr/include/node |
29 | 29 | ||
30 | # nvm | 30 | # nvm |
31 | blacklist ${HOME}/.nvm | 31 | deny ${HOME}/.nvm |
32 | 32 | ||
33 | # Perl | 33 | # Perl |
34 | blacklist ${PATH}/core_perl | 34 | deny ${PATH}/core_perl |
35 | blacklist ${PATH}/cpan* | 35 | deny ${PATH}/cpan* |
36 | blacklist ${PATH}/perl | 36 | deny ${PATH}/perl |
37 | blacklist ${PATH}/site_perl | 37 | deny ${PATH}/site_perl |
38 | blacklist ${PATH}/vendor_perl | 38 | deny ${PATH}/vendor_perl |
39 | blacklist /usr/lib/perl* | 39 | deny /usr/lib/perl* |
40 | blacklist /usr/lib64/perl* | 40 | deny /usr/lib64/perl* |
41 | blacklist /usr/share/perl* | 41 | deny /usr/share/perl* |
42 | 42 | ||
43 | # PHP | 43 | # PHP |
44 | blacklist ${PATH}/php* | 44 | deny ${PATH}/php* |
45 | blacklist /usr/lib/php* | 45 | deny /usr/lib/php* |
46 | blacklist /usr/share/php* | 46 | deny /usr/share/php* |
47 | 47 | ||
48 | # Ruby | 48 | # Ruby |
49 | blacklist ${PATH}/ruby | 49 | deny ${PATH}/ruby |
50 | blacklist /usr/lib/ruby | 50 | deny /usr/lib/ruby |
51 | 51 | ||
52 | # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus | 52 | # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus |
53 | # Python 2 | 53 | # Python 2 |
54 | blacklist ${PATH}/python2* | 54 | deny ${PATH}/python2* |
55 | blacklist /usr/include/python2* | 55 | deny /usr/include/python2* |
56 | blacklist /usr/lib/python2* | 56 | deny /usr/lib/python2* |
57 | blacklist /usr/local/lib/python2* | 57 | deny /usr/local/lib/python2* |
58 | blacklist /usr/share/python2* | 58 | deny /usr/share/python2* |
59 | 59 | ||
60 | # You will want to add noblacklist for python3 stuff in the firefox and/or chromium profiles if you use the Gnome connector (see Issue #2026) | 60 | # You will want to add noblacklist for python3 stuff in the firefox and/or chromium profiles if you use the Gnome connector (see Issue #2026) |
61 | 61 | ||
62 | # Python 3 | 62 | # Python 3 |
63 | blacklist ${PATH}/python3* | 63 | deny ${PATH}/python3* |
64 | blacklist /usr/include/python3* | 64 | deny /usr/include/python3* |
65 | blacklist /usr/lib/python3* | 65 | deny /usr/lib/python3* |
66 | blacklist /usr/lib64/python3* | 66 | deny /usr/lib64/python3* |
67 | blacklist /usr/local/lib/python3* | 67 | deny /usr/local/lib/python3* |
68 | blacklist /usr/share/python3* | 68 | deny /usr/share/python3* |
diff --git a/etc/inc/disable-passwdmgr.inc b/etc/inc/disable-passwdmgr.inc index 3ed9a1b14..0a61bc46f 100644 --- a/etc/inc/disable-passwdmgr.inc +++ b/etc/inc/disable-passwdmgr.inc | |||
@@ -2,18 +2,18 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include disable-passwdmgr.local | 3 | include disable-passwdmgr.local |
4 | 4 | ||
5 | blacklist ${HOME}/.config/Bitwarden | 5 | deny ${HOME}/.config/Bitwarden |
6 | blacklist ${HOME}/.config/KeePass | 6 | deny ${HOME}/.config/KeePass |
7 | blacklist ${HOME}/.config/keepass | 7 | deny ${HOME}/.config/keepass |
8 | blacklist ${HOME}/.config/keepassx | 8 | deny ${HOME}/.config/keepassx |
9 | blacklist ${HOME}/.config/keepassxc | 9 | deny ${HOME}/.config/keepassxc |
10 | blacklist ${HOME}/.config/KeePassXCrc | 10 | deny ${HOME}/.config/KeePassXCrc |
11 | blacklist ${HOME}/.config/Sinew Software Systems | 11 | deny ${HOME}/.config/Sinew Software Systems |
12 | blacklist ${HOME}/.fpm | 12 | deny ${HOME}/.fpm |
13 | blacklist ${HOME}/.keepass | 13 | deny ${HOME}/.keepass |
14 | blacklist ${HOME}/.keepassx | 14 | deny ${HOME}/.keepassx |
15 | blacklist ${HOME}/.keepassxc | 15 | deny ${HOME}/.keepassxc |
16 | blacklist ${HOME}/.lastpass | 16 | deny ${HOME}/.lastpass |
17 | blacklist ${HOME}/.local/share/KeePass | 17 | deny ${HOME}/.local/share/KeePass |
18 | blacklist ${HOME}/.local/share/keepass | 18 | deny ${HOME}/.local/share/keepass |
19 | blacklist ${HOME}/.password-store | 19 | deny ${HOME}/.password-store |
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 0e575e5eb..7b5bd0387 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -2,1094 +2,1105 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include disable-programs.local | 3 | include disable-programs.local |
4 | 4 | ||
5 | blacklist ${HOME}/Arduino | 5 | deny ${HOME}/.*coin |
6 | blacklist ${HOME}/i2p | 6 | deny ${HOME}/.8pecxstudios |
7 | blacklist ${HOME}/Monero/wallets | 7 | deny ${HOME}/.AndroidStudio* |
8 | blacklist ${HOME}/Nextcloud | 8 | deny ${HOME}/.Atom |
9 | blacklist ${HOME}/Nextcloud/Notes | 9 | deny ${HOME}/.CLion* |
10 | blacklist ${HOME}/SoftMaker | 10 | deny ${HOME}/.FBReader |
11 | blacklist ${HOME}/Standard Notes Backups | 11 | deny ${HOME}/.FontForge |
12 | blacklist ${HOME}/TeamSpeak3-Client-linux_x86 | 12 | deny ${HOME}/.IdeaIC* |
13 | blacklist ${HOME}/TeamSpeak3-Client-linux_amd64 | 13 | deny ${HOME}/.LuminanceHDR |
14 | blacklist ${HOME}/hyperrogue.ini | 14 | deny ${HOME}/.Mathematica |
15 | blacklist ${HOME}/mps | 15 | deny ${HOME}/.Natron |
16 | blacklist ${HOME}/wallet.dat | 16 | deny ${HOME}/.PlayOnLinux |
17 | blacklist ${HOME}/.*coin | 17 | deny ${HOME}/.PyCharm* |
18 | blacklist ${HOME}/.8pecxstudios | 18 | deny ${HOME}/.Sayonara |
19 | blacklist ${HOME}/.AndroidStudio* | 19 | deny ${HOME}/.Steam |
20 | blacklist ${HOME}/.Atom | 20 | deny ${HOME}/.Steampath |
21 | blacklist ${HOME}/.CLion* | 21 | deny ${HOME}/.Steampid |
22 | blacklist ${HOME}/.FBReader | 22 | deny ${HOME}/.TelegramDesktop |
23 | blacklist ${HOME}/.FontForge | 23 | deny ${HOME}/.VSCodium |
24 | blacklist ${HOME}/.IdeaIC* | 24 | deny ${HOME}/.ViberPC |
25 | blacklist ${HOME}/.LuminanceHDR | 25 | deny ${HOME}/.VirtualBox |
26 | blacklist ${HOME}/.Mathematica | 26 | deny ${HOME}/.WebStorm* |
27 | blacklist ${HOME}/.Natron | 27 | deny ${HOME}/.Wolfram Research |
28 | blacklist ${HOME}/.PlayOnLinux | 28 | deny ${HOME}/.ZAP |
29 | blacklist ${HOME}/.PyCharm* | 29 | deny ${HOME}/.aMule |
30 | blacklist ${HOME}/.Sayonara | 30 | deny ${HOME}/.abook |
31 | blacklist ${HOME}/.Steam | 31 | deny ${HOME}/.addressbook |
32 | blacklist ${HOME}/.Steampath | 32 | deny ${HOME}/.alpine-smime |
33 | blacklist ${HOME}/.Steampid | 33 | deny ${HOME}/.android |
34 | blacklist ${HOME}/.TelegramDesktop | 34 | deny ${HOME}/.anydesk |
35 | blacklist ${HOME}/.VSCodium | 35 | deny ${HOME}/.arduino15 |
36 | blacklist ${HOME}/.ViberPC | 36 | deny ${HOME}/.aria2 |
37 | blacklist ${HOME}/.VirtualBox | 37 | deny ${HOME}/.arm |
38 | blacklist ${HOME}/.WebStorm* | 38 | deny ${HOME}/.asunder_album_artist |
39 | blacklist ${HOME}/.Wolfram Research | 39 | deny ${HOME}/.asunder_album_genre |
40 | blacklist ${HOME}/.ZAP | 40 | deny ${HOME}/.asunder_album_title |
41 | blacklist ${HOME}/.abook | 41 | deny ${HOME}/.atom |
42 | blacklist ${HOME}/.addressbook | 42 | deny ${HOME}/.attic |
43 | blacklist ${HOME}/.alpine-smime | 43 | deny ${HOME}/.audacity-data |
44 | blacklist ${HOME}/.aMule | 44 | deny ${HOME}/.avidemux6 |
45 | blacklist ${HOME}/.android | 45 | deny ${HOME}/.ballbuster.hs |
46 | blacklist ${HOME}/.anydesk | 46 | deny ${HOME}/.balsa |
47 | blacklist ${HOME}/.arduino15 | 47 | deny ${HOME}/.bcast5 |
48 | blacklist ${HOME}/.aria2 | 48 | deny ${HOME}/.bibletime |
49 | blacklist ${HOME}/.arm | 49 | deny ${HOME}/.bitcoin |
50 | blacklist ${HOME}/.asunder_album_artist | 50 | deny ${HOME}/.blobby |
51 | blacklist ${HOME}/.asunder_album_genre | 51 | deny ${HOME}/.bogofilter |
52 | blacklist ${HOME}/.asunder_album_title | 52 | deny ${HOME}/.bzf |
53 | blacklist ${HOME}/.atom | 53 | deny ${HOME}/.cargo/* |
54 | blacklist ${HOME}/.attic | 54 | deny ${HOME}/.claws-mail |
55 | blacklist ${HOME}/.audacity-data | 55 | deny ${HOME}/.cliqz |
56 | blacklist ${HOME}/.avidemux6 | 56 | deny ${HOME}/.clion* |
57 | blacklist ${HOME}/.ballbuster.hs | 57 | deny ${HOME}/.clonk |
58 | blacklist ${HOME}/.balsa | 58 | deny ${HOME}/.config/0ad |
59 | blacklist ${HOME}/.bcast5 | 59 | deny ${HOME}/.config/2048-qt |
60 | blacklist ${HOME}/.bibletime | 60 | deny ${HOME}/.config/Atom |
61 | blacklist ${HOME}/.bitcoin | 61 | deny ${HOME}/.config/Audaciousrc |
62 | blacklist ${HOME}/.blobby | 62 | deny ${HOME}/.config/Authenticator |
63 | blacklist ${HOME}/.bogofilter | 63 | deny ${HOME}/.config/Beaker Browser |
64 | blacklist ${HOME}/.bzf | 64 | deny ${HOME}/.config/Bitcoin |
65 | blacklist ${HOME}/.cargo/* | 65 | deny ${HOME}/.config/Bitwarden |
66 | blacklist ${HOME}/.claws-mail | 66 | deny ${HOME}/.config/Brackets |
67 | blacklist ${HOME}/.cliqz | 67 | deny ${HOME}/.config/BraveSoftware |
68 | blacklist ${HOME}/.clonk | 68 | deny ${HOME}/.config/Clementine |
69 | blacklist ${HOME}/.config/0ad | 69 | deny ${HOME}/.config/Code |
70 | blacklist ${HOME}/.config/2048-qt | 70 | deny ${HOME}/.config/Code - OSS |
71 | blacklist ${HOME}/.config/Atom | 71 | deny ${HOME}/.config/Code Industry |
72 | blacklist ${HOME}/.config/Audaciousrc | 72 | deny ${HOME}/.config/Cryptocat |
73 | blacklist ${HOME}/.config/Authenticator | 73 | deny ${HOME}/.config/Debauchee/Barrier.conf |
74 | blacklist ${HOME}/.config/Beaker Browser | 74 | deny ${HOME}/.config/Dharkael |
75 | blacklist ${HOME}/.config/Bitcoin | 75 | deny ${HOME}/.config/ENCOM |
76 | blacklist ${HOME}/.config/Bitwarden | 76 | deny ${HOME}/.config/Element |
77 | blacklist ${HOME}/.config/Brackets | 77 | deny ${HOME}/.config/Element (Riot) |
78 | blacklist ${HOME}/.config/BraveSoftware | 78 | deny ${HOME}/.config/Enox |
79 | blacklist ${HOME}/.config/Clementine | 79 | deny ${HOME}/.config/Epic |
80 | blacklist ${HOME}/.config/Code | 80 | deny ${HOME}/.config/Ferdi |
81 | blacklist ${HOME}/.config/Code - OSS | 81 | deny ${HOME}/.config/Flavio Tordini |
82 | blacklist ${HOME}/.config/Code Industry | 82 | deny ${HOME}/.config/Franz |
83 | blacklist ${HOME}/.config/Cryptocat | 83 | deny ${HOME}/.config/FreeCAD |
84 | blacklist ${HOME}/.config/Debauchee/Barrier.conf | 84 | deny ${HOME}/.config/FreeTube |
85 | blacklist ${HOME}/.config/Dharkael | 85 | deny ${HOME}/.config/Fritzing |
86 | blacklist ${HOME}/.config/Element | 86 | deny ${HOME}/.config/GIMP |
87 | blacklist ${HOME}/.config/Element (Riot) | 87 | deny ${HOME}/.config/GitHub Desktop |
88 | blacklist ${HOME}/.config/ENCOM | 88 | deny ${HOME}/.config/Gitter |
89 | blacklist ${HOME}/.config/Enox | 89 | deny ${HOME}/.config/Google |
90 | blacklist ${HOME}/.config/Epic | 90 | deny ${HOME}/.config/Google Play Music Desktop Player |
91 | blacklist ${HOME}/.config/Ferdi | 91 | deny ${HOME}/.config/Gpredict |
92 | blacklist ${HOME}/.config/Flavio Tordini | 92 | deny ${HOME}/.config/INRIA |
93 | blacklist ${HOME}/.config/Franz | 93 | deny ${HOME}/.config/InSilmaril |
94 | blacklist ${HOME}/.config/FreeCAD | 94 | deny ${HOME}/.config/Jitsi Meet |
95 | blacklist ${HOME}/.config/FreeTube | 95 | deny ${HOME}/.config/JetBrains/CLion* |
96 | blacklist ${HOME}/.config/Fritzing | 96 | deny ${HOME}/.config/KDE/neochat |
97 | blacklist ${HOME}/.config/GIMP | 97 | deny ${HOME}/.config/Kid3 |
98 | blacklist ${HOME}/.config/GitHub Desktop | 98 | deny ${HOME}/.config/Kingsoft |
99 | blacklist ${HOME}/.config/Gitter | 99 | deny ${HOME}/.config/LibreCAD |
100 | blacklist ${HOME}/.config/Google | 100 | deny ${HOME}/.config/Loop_Hero |
101 | blacklist ${HOME}/.config/Google Play Music Desktop Player | 101 | deny ${HOME}/.config/Luminance |
102 | blacklist ${HOME}/.config/Gpredict | 102 | deny ${HOME}/.config/LyX |
103 | blacklist ${HOME}/.config/INRIA | 103 | deny ${HOME}/.config/Mattermost |
104 | blacklist ${HOME}/.config/InSilmaril | 104 | deny ${HOME}/.config/Meltytech |
105 | blacklist ${HOME}/.config/Jitsi Meet | 105 | deny ${HOME}/.config/Mendeley Ltd. |
106 | blacklist ${HOME}/.config/KDE/neochat | 106 | deny ${HOME}/.config/Microsoft |
107 | blacklist ${HOME}/.config/Kid3 | 107 | deny ${HOME}/.config/Min |
108 | blacklist ${HOME}/.config/Kingsoft | 108 | deny ${HOME}/.config/ModTheSpire |
109 | blacklist ${HOME}/.config/LibreCAD | 109 | deny ${HOME}/.config/Mousepad |
110 | blacklist ${HOME}/.config/Loop_Hero | 110 | deny ${HOME}/.config/Mumble |
111 | blacklist ${HOME}/.config/Luminance | 111 | deny ${HOME}/.config/MusE |
112 | blacklist ${HOME}/.config/LyX | 112 | deny ${HOME}/.config/MuseScore |
113 | blacklist ${HOME}/.config/Mattermost | 113 | deny ${HOME}/.config/MusicBrainz |
114 | blacklist ${HOME}/.config/Meltytech | 114 | deny ${HOME}/.config/Nathan Osman |
115 | blacklist ${HOME}/.config/Mendeley Ltd. | 115 | deny ${HOME}/.config/Nextcloud |
116 | blacklist ${HOME}/.config/Min | 116 | deny ${HOME}/.config/NitroShare |
117 | blacklist ${HOME}/.config/ModTheSpire | 117 | deny ${HOME}/.config/Nylas Mail |
118 | blacklist ${HOME}/.config/Mousepad | 118 | deny ${HOME}/.config/PBE |
119 | blacklist ${HOME}/.config/Mumble | 119 | deny ${HOME}/.config/PacmanLogViewer |
120 | blacklist ${HOME}/.config/MusE | 120 | deny ${HOME}/.config/PawelStolowski |
121 | blacklist ${HOME}/.config/MuseScore | 121 | deny ${HOME}/.config/Philipp Schmieder |
122 | blacklist ${HOME}/.config/MusicBrainz | 122 | deny ${HOME}/.config/Pinta |
123 | blacklist ${HOME}/.config/Nathan Osman | 123 | deny ${HOME}/.config/QGIS |
124 | blacklist ${HOME}/.config/Nextcloud | 124 | deny ${HOME}/.config/QMediathekView |
125 | blacklist ${HOME}/.config/Nylas Mail | 125 | deny ${HOME}/.config/Qlipper |
126 | blacklist ${HOME}/.config/PacmanLogViewer | 126 | deny ${HOME}/.config/QuiteRss |
127 | blacklist ${HOME}/.config/PawelStolowski | 127 | deny ${HOME}/.config/QuiteRssrc |
128 | blacklist ${HOME}/.config/PBE | 128 | deny ${HOME}/.config/Quotient |
129 | blacklist ${HOME}/.config/Philipp Schmieder | 129 | deny ${HOME}/.config/Rambox |
130 | blacklist ${HOME}/.config/QGIS | 130 | deny ${HOME}/.config/Riot |
131 | blacklist ${HOME}/.config/QMediathekView | 131 | deny ${HOME}/.config/Rocket.Chat |
132 | blacklist ${HOME}/.config/Qlipper | 132 | deny ${HOME}/.config/RogueLegacy |
133 | blacklist ${HOME}/.config/QuiteRss | 133 | deny ${HOME}/.config/RogueLegacyStorageContainer |
134 | blacklist ${HOME}/.config/QuiteRssrc | 134 | deny ${HOME}/.config/Signal |
135 | blacklist ${HOME}/.config/Quotient | 135 | deny ${HOME}/.config/Sinew Software Systems |
136 | blacklist ${HOME}/.config/Rambox | 136 | deny ${HOME}/.config/Slack |
137 | blacklist ${HOME}/.config/Riot | 137 | deny ${HOME}/.config/Standard Notes |
138 | blacklist ${HOME}/.config/Rocket.Chat | 138 | deny ${HOME}/.config/SubDownloader |
139 | blacklist ${HOME}/.config/RogueLegacy | 139 | deny ${HOME}/.config/Thunar |
140 | blacklist ${HOME}/.config/RogueLegacyStorageContainer | 140 | deny ${HOME}/.config/Twitch |
141 | blacklist ${HOME}/.config/Signal | 141 | deny ${HOME}/.config/Unknown Organization |
142 | blacklist ${HOME}/.config/Sinew Software Systems | 142 | deny ${HOME}/.config/VirtualBox |
143 | blacklist ${HOME}/.config/Slack | 143 | deny ${HOME}/.config/Whalebird |
144 | blacklist ${HOME}/.config/Standard Notes | 144 | deny ${HOME}/.config/Wire |
145 | blacklist ${HOME}/.config/SubDownloader | 145 | deny ${HOME}/.config/Youtube |
146 | blacklist ${HOME}/.config/Thunar | 146 | deny ${HOME}/.config/ZeGrapher Project |
147 | blacklist ${HOME}/.config/Twitch | 147 | deny ${HOME}/.config/Zeal |
148 | blacklist ${HOME}/.config/Unknown Organization | 148 | deny ${HOME}/.config/Zulip |
149 | blacklist ${HOME}/.config/VirtualBox | 149 | deny ${HOME}/.config/aacs |
150 | blacklist ${HOME}/.config/Wire | 150 | deny ${HOME}/.config/abiword |
151 | blacklist ${HOME}/.config/Youtube | 151 | deny ${HOME}/.config/agenda |
152 | blacklist ${HOME}/.config/Zeal | 152 | deny ${HOME}/.config/akonadi* |
153 | blacklist ${HOME}/.config/ZeGrapher Project | 153 | deny ${HOME}/.config/akregatorrc |
154 | blacklist ${HOME}/.config/aacs | 154 | deny ${HOME}/.config/alacritty |
155 | blacklist ${HOME}/.config/abiword | 155 | deny ${HOME}/.config/ardour4 |
156 | blacklist ${HOME}/.config/agenda | 156 | deny ${HOME}/.config/ardour5 |
157 | blacklist ${HOME}/.config/akonadi* | 157 | deny ${HOME}/.config/aria2 |
158 | blacklist ${HOME}/.config/akregatorrc | 158 | deny ${HOME}/.config/arkrc |
159 | blacklist ${HOME}/.config/alacritty | 159 | deny ${HOME}/.config/artha.conf |
160 | blacklist ${HOME}/.config/ardour4 | 160 | deny ${HOME}/.config/artha.log |
161 | blacklist ${HOME}/.config/ardour5 | 161 | deny ${HOME}/.config/asunder |
162 | blacklist ${HOME}/.config/aria2 | 162 | deny ${HOME}/.config/atril |
163 | blacklist ${HOME}/.config/arkrc | 163 | deny ${HOME}/.config/audacious |
164 | blacklist ${HOME}/.config/artha.conf | 164 | deny ${HOME}/.config/autokey |
165 | blacklist ${HOME}/.config/artha.log | 165 | deny ${HOME}/.config/avidemux3_qt5rc |
166 | blacklist ${HOME}/.config/asunder | 166 | deny ${HOME}/.config/aweather |
167 | blacklist ${HOME}/.config/atril | 167 | deny ${HOME}/.config/backintime |
168 | blacklist ${HOME}/.config/audacious | 168 | deny ${HOME}/.config/baloofilerc |
169 | blacklist ${HOME}/.config/autokey | 169 | deny ${HOME}/.config/baloorc |
170 | blacklist ${HOME}/.config/avidemux3_qt5rc | 170 | deny ${HOME}/.config/bcompare |
171 | blacklist ${HOME}/.config/aweather | 171 | deny ${HOME}/.config/blender |
172 | blacklist ${HOME}/.config/backintime | 172 | deny ${HOME}/.config/bless |
173 | blacklist ${HOME}/.config/baloofilerc | 173 | deny ${HOME}/.config/bnox |
174 | blacklist ${HOME}/.config/baloorc | 174 | deny ${HOME}/.config/borg |
175 | blacklist ${HOME}/.config/bcompare | 175 | deny ${HOME}/.config/brasero |
176 | blacklist ${HOME}/.config/blender | 176 | deny ${HOME}/.config/brave |
177 | blacklist ${HOME}/.config/bless | 177 | deny ${HOME}/.config/brave-flags.conf |
178 | blacklist ${HOME}/.config/bnox | 178 | deny ${HOME}/.config/caja |
179 | blacklist ${HOME}/.config/borg | 179 | deny ${HOME}/.config/calibre |
180 | blacklist ${HOME}/.config/brasero | 180 | deny ${HOME}/.config/cantata |
181 | blacklist ${HOME}/.config/brave | 181 | deny ${HOME}/.config/catfish |
182 | blacklist ${HOME}/.config/brave-flags.conf | 182 | deny ${HOME}/.config/cawbird |
183 | blacklist ${HOME}/.config/caja | 183 | deny ${HOME}/.config/celluloid |
184 | blacklist ${HOME}/.config/calibre | 184 | deny ${HOME}/.config/cherrytree |
185 | blacklist ${HOME}/.config/cantata | 185 | deny ${HOME}/.config/chrome-beta-flags.conf |
186 | blacklist ${HOME}/.config/catfish | 186 | deny ${HOME}/.config/chrome-beta-flags.config |
187 | blacklist ${HOME}/.config/cawbird | 187 | deny ${HOME}/.config/chrome-flags.conf |
188 | blacklist ${HOME}/.config/celluloid | 188 | deny ${HOME}/.config/chrome-flags.config |
189 | blacklist ${HOME}/.config/cherrytree | 189 | deny ${HOME}/.config/chrome-unstable-flags.conf |
190 | blacklist ${HOME}/.config/chrome-beta-flags.conf | 190 | deny ${HOME}/.config/chrome-unstable-flags.config |
191 | blacklist ${HOME}/.config/chrome-beta-flags.config | 191 | deny ${HOME}/.config/chromium |
192 | blacklist ${HOME}/.config/chrome-flags.conf | 192 | deny ${HOME}/.config/chromium-dev |
193 | blacklist ${HOME}/.config/chrome-flags.config | 193 | deny ${HOME}/.config/chromium-flags.conf |
194 | blacklist ${HOME}/.config/chrome-unstable-flags.conf | 194 | deny ${HOME}/.config/clipit |
195 | blacklist ${HOME}/.config/chrome-unstable-flags.config | 195 | deny ${HOME}/.config/cliqz |
196 | blacklist ${HOME}/.config/chromium | 196 | deny ${HOME}/.config/cmus |
197 | blacklist ${HOME}/.config/chromium-dev | 197 | deny ${HOME}/.config/com.github.bleakgrey.tootle |
198 | blacklist ${HOME}/.config/chromium-flags.conf | 198 | deny ${HOME}/.config/corebird |
199 | blacklist ${HOME}/.config/clipit | 199 | deny ${HOME}/.config/cower |
200 | blacklist ${HOME}/.config/cliqz | 200 | deny ${HOME}/.config/coyim |
201 | blacklist ${HOME}/.config/cmus | 201 | deny ${HOME}/.config/d-feet |
202 | blacklist ${HOME}/.config/com.github.bleakgrey.tootle | 202 | deny ${HOME}/.config/darktable |
203 | blacklist ${HOME}/.config/corebird | 203 | deny ${HOME}/.config/deadbeef |
204 | blacklist ${HOME}/.config/cower | 204 | deny ${HOME}/.config/deluge |
205 | blacklist ${HOME}/.config/coyim | 205 | deny ${HOME}/.config/devilspie2 |
206 | blacklist ${HOME}/.config/darktable | 206 | deny ${HOME}/.config/digikam |
207 | blacklist ${HOME}/.config/deadbeef | 207 | deny ${HOME}/.config/digikamrc |
208 | blacklist ${HOME}/.config/deluge | 208 | deny ${HOME}/.config/discord |
209 | blacklist ${HOME}/.config/devilspie2 | 209 | deny ${HOME}/.config/discordcanary |
210 | blacklist ${HOME}/.config/digikam | 210 | deny ${HOME}/.config/dkl |
211 | blacklist ${HOME}/.config/digikamrc | 211 | deny ${HOME}/.config/dnox |
212 | blacklist ${HOME}/.config/discord | 212 | deny ${HOME}/.config/dolphin-emu |
213 | blacklist ${HOME}/.config/discordcanary | 213 | deny ${HOME}/.config/dolphinrc |
214 | blacklist ${HOME}/.config/dkl | 214 | deny ${HOME}/.config/dragonplayerrc |
215 | blacklist ${HOME}/.config/dnox | 215 | deny ${HOME}/.config/draw.io |
216 | blacklist ${HOME}/.config/dolphin-emu | 216 | deny ${HOME}/.config/electron-mail |
217 | blacklist ${HOME}/.config/dolphinrc | 217 | deny ${HOME}/.config/emaildefaults |
218 | blacklist ${HOME}/.config/dragonplayerrc | 218 | deny ${HOME}/.config/emailidentities |
219 | blacklist ${HOME}/.config/draw.io | 219 | deny ${HOME}/.config/emilia |
220 | blacklist ${HOME}/.config/d-feet | 220 | deny ${HOME}/.config/enchant |
221 | blacklist ${HOME}/.config/electron-mail | 221 | deny ${HOME}/.config/eog |
222 | blacklist ${HOME}/.config/emaildefaults | 222 | deny ${HOME}/.config/epiphany |
223 | blacklist ${HOME}/.config/emailidentities | 223 | deny ${HOME}/.config/equalx |
224 | blacklist ${HOME}/.config/emilia | 224 | deny ${HOME}/.config/evince |
225 | blacklist ${HOME}/.config/enchant | 225 | deny ${HOME}/.config/evolution |
226 | blacklist ${HOME}/.config/eog | 226 | deny ${HOME}/.config/falkon |
227 | blacklist ${HOME}/.config/epiphany | 227 | deny ${HOME}/.config/filezilla |
228 | blacklist ${HOME}/.config/equalx | 228 | deny ${HOME}/.config/flameshot |
229 | blacklist ${HOME}/.config/evince | 229 | deny ${HOME}/.config/flaska.net |
230 | blacklist ${HOME}/.config/evolution | 230 | deny ${HOME}/.config/flowblade |
231 | blacklist ${HOME}/.config/falkon | 231 | deny ${HOME}/.config/font-manager |
232 | blacklist ${HOME}/.config/filezilla | 232 | deny ${HOME}/.config/freecol |
233 | blacklist ${HOME}/.config/flameshot | 233 | deny ${HOME}/.config/gajim |
234 | blacklist ${HOME}/.config/flaska.net | 234 | deny ${HOME}/.config/galculator |
235 | blacklist ${HOME}/.config/flowblade | 235 | deny ${HOME}/.config/gconf |
236 | blacklist ${HOME}/.config/font-manager | 236 | deny ${HOME}/.config/geany |
237 | blacklist ${HOME}/.config/freecol | 237 | deny ${HOME}/.config/geary |
238 | blacklist ${HOME}/.config/gajim | 238 | deny ${HOME}/.config/gedit |
239 | blacklist ${HOME}/.config/galculator | 239 | deny ${HOME}/.config/geeqie |
240 | blacklist ${HOME}/.config/gconf | 240 | deny ${HOME}/.config/ghb |
241 | blacklist ${HOME}/.config/geany | 241 | deny ${HOME}/.config/ghostwriter |
242 | blacklist ${HOME}/.config/geary | 242 | deny ${HOME}/.config/git |
243 | blacklist ${HOME}/.config/gedit | 243 | deny ${HOME}/.config/git-cola |
244 | blacklist ${HOME}/.config/geeqie | 244 | deny ${HOME}/.config/glade.conf |
245 | blacklist ${HOME}/.config/ghb | 245 | deny ${HOME}/.config/globaltime |
246 | blacklist ${HOME}/.config/ghostwriter | 246 | deny ${HOME}/.config/gmpc |
247 | blacklist ${HOME}/.config/git | 247 | deny ${HOME}/.config/gnome-builder |
248 | blacklist ${HOME}/.config/git-cola | 248 | deny ${HOME}/.config/gnome-chess |
249 | blacklist ${HOME}/.config/glade.conf | 249 | deny ${HOME}/.config/gnome-control-center |
250 | blacklist ${HOME}/.config/globaltime | 250 | deny ${HOME}/.config/gnome-initial-setup-done |
251 | blacklist ${HOME}/.config/gmpc | 251 | deny ${HOME}/.config/gnome-latex |
252 | blacklist ${HOME}/.config/gnome-builder | 252 | deny ${HOME}/.config/gnome-mplayer |
253 | blacklist ${HOME}/.config/gnome-chess | 253 | deny ${HOME}/.config/gnome-mpv |
254 | blacklist ${HOME}/.config/gnome-control-center | 254 | deny ${HOME}/.config/gnome-pie |
255 | blacklist ${HOME}/.config/gnome-initial-setup-done | 255 | deny ${HOME}/.config/gnome-session |
256 | blacklist ${HOME}/.config/gnome-latex | 256 | deny ${HOME}/.config/gnote |
257 | blacklist ${HOME}/.config/gnome-mplayer | 257 | deny ${HOME}/.config/godot |
258 | blacklist ${HOME}/.config/gnome-mpv | 258 | deny ${HOME}/.config/google-chrome |
259 | blacklist ${HOME}/.config/gnome-pie | 259 | deny ${HOME}/.config/google-chrome-beta |
260 | blacklist ${HOME}/.config/gnome-session | 260 | deny ${HOME}/.config/google-chrome-unstable |
261 | blacklist ${HOME}/.config/gnote | 261 | deny ${HOME}/.config/gpicview |
262 | blacklist ${HOME}/.config/godot | 262 | deny ${HOME}/.config/gthumb |
263 | blacklist ${HOME}/.config/google-chrome | 263 | deny ${HOME}/.config/gummi |
264 | blacklist ${HOME}/.config/google-chrome-beta | 264 | deny ${HOME}/.config/guvcview2 |
265 | blacklist ${HOME}/.config/google-chrome-unstable | 265 | deny ${HOME}/.config/gwenviewrc |
266 | blacklist ${HOME}/.config/gpicview | 266 | deny ${HOME}/.config/hexchat |
267 | blacklist ${HOME}/.config/gthumb | 267 | deny ${HOME}/.config/homebank |
268 | blacklist ${HOME}/.config/gummi | 268 | deny ${HOME}/.config/i2p |
269 | blacklist ${HOME}/.config/guvcview2 | 269 | deny ${HOME}/.config/inkscape |
270 | blacklist ${HOME}/.config/gwenviewrc | 270 | deny ${HOME}/.config/inox |
271 | blacklist ${HOME}/.config/hexchat | 271 | deny ${HOME}/.config/iridium |
272 | blacklist ${HOME}/.config/homebank | 272 | deny ${HOME}/.config/itch |
273 | blacklist ${HOME}/.config/i2p | 273 | deny ${HOME}/.config/jami |
274 | blacklist ${HOME}/.config/inkscape | 274 | deny ${HOME}/.config/jd-gui.cfg |
275 | blacklist ${HOME}/.config/inox | 275 | deny ${HOME}/.config/k3brc |
276 | blacklist ${HOME}/.config/iridium | 276 | deny ${HOME}/.config/kaffeinerc |
277 | blacklist ${HOME}/.config/itch | 277 | deny ${HOME}/.config/kalgebrarc |
278 | blacklist ${HOME}/.config/jami | 278 | deny ${HOME}/.config/katemetainfos |
279 | blacklist ${HOME}/.config/jd-gui.cfg | 279 | deny ${HOME}/.config/katepartrc |
280 | blacklist ${HOME}/.config/k3brc | 280 | deny ${HOME}/.config/katerc |
281 | blacklist ${HOME}/.config/kaffeinerc | 281 | deny ${HOME}/.config/kateschemarc |
282 | blacklist ${HOME}/.config/kalgebrarc | 282 | deny ${HOME}/.config/katesyntaxhighlightingrc |
283 | blacklist ${HOME}/.config/katemetainfos | 283 | deny ${HOME}/.config/katevirc |
284 | blacklist ${HOME}/.config/katepartrc | 284 | deny ${HOME}/.config/kazam |
285 | blacklist ${HOME}/.config/katerc | 285 | deny ${HOME}/.config/kdeconnect |
286 | blacklist ${HOME}/.config/kateschemarc | 286 | deny ${HOME}/.config/kdenliverc |
287 | blacklist ${HOME}/.config/katesyntaxhighlightingrc | 287 | deny ${HOME}/.config/kdiff3fileitemactionrc |
288 | blacklist ${HOME}/.config/katevirc | 288 | deny ${HOME}/.config/kdiff3rc |
289 | blacklist ${HOME}/.config/kazam | 289 | deny ${HOME}/.config/kfindrc |
290 | blacklist ${HOME}/.config/kdeconnect | 290 | deny ${HOME}/.config/kgetrc |
291 | blacklist ${HOME}/.config/kdenliverc | 291 | deny ${HOME}/.config/kid3rc |
292 | blacklist ${HOME}/.config/kdiff3fileitemactionrc | 292 | deny ${HOME}/.config/klavaro |
293 | blacklist ${HOME}/.config/kdiff3rc | 293 | deny ${HOME}/.config/klipperrc |
294 | blacklist ${HOME}/.config/kfindrc | 294 | deny ${HOME}/.config/kmail2rc |
295 | blacklist ${HOME}/.config/kgetrc | 295 | deny ${HOME}/.config/kmailsearchindexingrc |
296 | blacklist ${HOME}/.config/kid3rc | 296 | deny ${HOME}/.config/kmplayerrc |
297 | blacklist ${HOME}/.config/klavaro | 297 | deny ${HOME}/.config/knotesrc |
298 | blacklist ${HOME}/.config/klipperrc | 298 | deny ${HOME}/.config/konversation.notifyrc |
299 | blacklist ${HOME}/.config/kmail2rc | 299 | deny ${HOME}/.config/konversationrc |
300 | blacklist ${HOME}/.config/kmailsearchindexingrc | 300 | deny ${HOME}/.config/kritarc |
301 | blacklist ${HOME}/.config/kmplayerrc | 301 | deny ${HOME}/.config/ktorrentrc |
302 | blacklist ${HOME}/.config/knotesrc | 302 | deny ${HOME}/.config/ktouch2rc |
303 | blacklist ${HOME}/.config/konversationrc | 303 | deny ${HOME}/.config/kube |
304 | blacklist ${HOME}/.config/konversation.notifyrc | 304 | deny ${HOME}/.config/kwriterc |
305 | blacklist ${HOME}/.config/kritarc | 305 | deny ${HOME}/.config/leafpad |
306 | blacklist ${HOME}/.config/ktorrentrc | 306 | deny ${HOME}/.config/libreoffice |
307 | blacklist ${HOME}/.config/ktouch2rc | 307 | deny ${HOME}/.config/liferea |
308 | blacklist ${HOME}/.config/kube | 308 | deny ${HOME}/.config/linphone |
309 | blacklist ${HOME}/.config/kwriterc | 309 | deny ${HOME}/.config/lugaru |
310 | blacklist ${HOME}/.config/leafpad | 310 | deny ${HOME}/.config/lutris |
311 | blacklist ${HOME}/.config/libreoffice | 311 | deny ${HOME}/.config/lximage-qt |
312 | blacklist ${HOME}/.config/liferea | 312 | deny ${HOME}/.config/mailtransports |
313 | blacklist ${HOME}/.config/linphone | 313 | deny ${HOME}/.config/mana |
314 | blacklist ${HOME}/.config/lugaru | 314 | deny ${HOME}/.config/mate-calc |
315 | blacklist ${HOME}/.config/lutris | 315 | deny ${HOME}/.config/mate/eom |
316 | blacklist ${HOME}/.config/lximage-qt | 316 | deny ${HOME}/.config/mate/mate-dictionary |
317 | blacklist ${HOME}/.config/mailtransports | 317 | deny ${HOME}/.config/matrix-mirage |
318 | blacklist ${HOME}/.config/mana | 318 | deny ${HOME}/.config/mcomix |
319 | blacklist ${HOME}/.config/mate-calc | 319 | deny ${HOME}/.config/meld |
320 | blacklist ${HOME}/.config/mate/eom | 320 | deny ${HOME}/.config/menulibre.cfg |
321 | blacklist ${HOME}/.config/mate/mate-dictionary | 321 | deny ${HOME}/.config/meteo-qt |
322 | blacklist ${HOME}/.config/matrix-mirage | 322 | deny ${HOME}/.config/mfusion |
323 | blacklist ${HOME}/.config/mcomix | 323 | deny ${HOME}/.config/microsoft-edge-beta |
324 | blacklist ${HOME}/.config/meld | 324 | deny ${HOME}/.config/microsoft-edge-dev |
325 | blacklist ${HOME}/.config/meteo-qt | 325 | deny ${HOME}/.config/midori |
326 | blacklist ${HOME}/.config/menulibre.cfg | 326 | deny ${HOME}/.config/mirage |
327 | blacklist ${HOME}/.config/mfusion | 327 | deny ${HOME}/.config/mono |
328 | blacklist ${HOME}/.config/Microsoft | 328 | deny ${HOME}/.config/mpDris2 |
329 | blacklist ${HOME}/.config/microsoft-edge-dev | 329 | deny ${HOME}/.config/mpd |
330 | blacklist ${HOME}/.config/midori | 330 | deny ${HOME}/.config/mps-youtube |
331 | blacklist ${HOME}/.config/mirage | 331 | deny ${HOME}/.config/mpv |
332 | blacklist ${HOME}/.config/mono | 332 | deny ${HOME}/.config/mupen64plus |
333 | blacklist ${HOME}/.config/mpDris2 | 333 | deny ${HOME}/.config/mutt |
334 | blacklist ${HOME}/.config/mpd | 334 | deny ${HOME}/.config/mutter |
335 | blacklist ${HOME}/.config/mps-youtube | 335 | deny ${HOME}/.config/mypaint |
336 | blacklist ${HOME}/.config/mpv | 336 | deny ${HOME}/.config/nano |
337 | blacklist ${HOME}/.config/mupen64plus | 337 | deny ${HOME}/.config/nautilus |
338 | blacklist ${HOME}/.config/mutt | 338 | deny ${HOME}/.config/nemo |
339 | blacklist ${HOME}/.config/mutter | 339 | deny ${HOME}/.config/neochat.notifyrc |
340 | blacklist ${HOME}/.config/mypaint | 340 | deny ${HOME}/.config/neochatrc |
341 | blacklist ${HOME}/.config/nano | 341 | deny ${HOME}/.config/neomutt |
342 | blacklist ${HOME}/.config/nautilus | 342 | deny ${HOME}/.config/netsurf |
343 | blacklist ${HOME}/.config/nemo | 343 | deny ${HOME}/.config/newsbeuter |
344 | blacklist ${HOME}/.config/neochatrc | 344 | deny ${HOME}/.config/newsboat |
345 | blacklist ${HOME}/.config/neochat.notifyrc | 345 | deny ${HOME}/.config/newsflash |
346 | blacklist ${HOME}/.config/neomutt | 346 | deny ${HOME}/.config/nheko |
347 | blacklist ${HOME}/.config/netsurf | 347 | deny ${HOME}/.config/nomacs |
348 | blacklist ${HOME}/.config/newsbeuter | 348 | deny ${HOME}/.config/nuclear |
349 | blacklist ${HOME}/.config/newsboat | 349 | deny ${HOME}/.config/obs-studio |
350 | blacklist ${HOME}/.config/newsflash | 350 | deny ${HOME}/.config/okularpartrc |
351 | blacklist ${HOME}/.config/nheko | 351 | deny ${HOME}/.config/okularrc |
352 | blacklist ${HOME}/.config/NitroShare | 352 | deny ${HOME}/.config/onboard |
353 | blacklist ${HOME}/.config/nomacs | 353 | deny ${HOME}/.config/onionshare |
354 | blacklist ${HOME}/.config/nuclear | 354 | deny ${HOME}/.config/onlyoffice |
355 | blacklist ${HOME}/.config/obs-studio | 355 | deny ${HOME}/.config/openmw |
356 | blacklist ${HOME}/.config/okularpartrc | 356 | deny ${HOME}/.config/opera |
357 | blacklist ${HOME}/.config/okularrc | 357 | deny ${HOME}/.config/opera-beta |
358 | blacklist ${HOME}/.config/onboard | 358 | deny ${HOME}/.config/orage |
359 | blacklist ${HOME}/.config/onionshare | 359 | deny ${HOME}/.config/org.gabmus.gfeeds.json |
360 | blacklist ${HOME}/.config/onlyoffice | 360 | deny ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
361 | blacklist ${HOME}/.config/openmw | 361 | deny ${HOME}/.config/org.kde.gwenviewrc |
362 | blacklist ${HOME}/.config/opera | 362 | deny ${HOME}/.config/otter |
363 | blacklist ${HOME}/.config/opera-beta | 363 | deny ${HOME}/.config/pavucontrol-qt |
364 | blacklist ${HOME}/.config/orage | 364 | deny ${HOME}/.config/pavucontrol.ini |
365 | blacklist ${HOME}/.config/org.gabmus.gfeeds.json | 365 | deny ${HOME}/.config/pcmanfm |
366 | blacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 366 | deny ${HOME}/.config/pdfmod |
367 | blacklist ${HOME}/.config/org.kde.gwenviewrc | 367 | deny ${HOME}/.config/pipe-viewer |
368 | blacklist ${HOME}/.config/otter | 368 | deny ${HOME}/.config/pitivi |
369 | blacklist ${HOME}/.config/pavucontrol-qt | 369 | deny ${HOME}/.config/pix |
370 | blacklist ${HOME}/.config/pavucontrol.ini | 370 | deny ${HOME}/.config/pluma |
371 | blacklist ${HOME}/.config/pcmanfm | 371 | deny ${HOME}/.config/ppsspp |
372 | blacklist ${HOME}/.config/pdfmod | 372 | deny ${HOME}/.config/pragha |
373 | blacklist ${HOME}/.config/Pinta | 373 | deny ${HOME}/.config/profanity |
374 | blacklist ${HOME}/.config/pipe-viewer | 374 | deny ${HOME}/.config/psi |
375 | blacklist ${HOME}/.config/pitivi | 375 | deny ${HOME}/.config/psi+ |
376 | blacklist ${HOME}/.config/pix | 376 | deny ${HOME}/.config/qBittorrent |
377 | blacklist ${HOME}/.config/pluma | 377 | deny ${HOME}/.config/qBittorrentrc |
378 | blacklist ${HOME}/.config/ppsspp | 378 | deny ${HOME}/.config/qnapi.ini |
379 | blacklist ${HOME}/.config/pragha | 379 | deny ${HOME}/.config/qpdfview |
380 | blacklist ${HOME}/.config/profanity | 380 | deny ${HOME}/.config/quodlibet |
381 | blacklist ${HOME}/.config/psi | 381 | deny ${HOME}/.config/qupzilla |
382 | blacklist ${HOME}/.config/psi+ | 382 | deny ${HOME}/.config/qutebrowser |
383 | blacklist ${HOME}/.config/qBittorrent | 383 | deny ${HOME}/.config/ranger |
384 | blacklist ${HOME}/.config/qBittorrentrc | 384 | deny ${HOME}/.config/redshift |
385 | blacklist ${HOME}/.config/qnapi.ini | 385 | deny ${HOME}/.config/redshift.conf |
386 | blacklist ${HOME}/.config/qpdfview | 386 | deny ${HOME}/.config/remmina |
387 | blacklist ${HOME}/.config/quodlibet | 387 | deny ${HOME}/.config/ristretto |
388 | blacklist ${HOME}/.config/qupzilla | 388 | deny ${HOME}/.config/rtv |
389 | blacklist ${HOME}/.config/qutebrowser | 389 | deny ${HOME}/.config/scribus |
390 | blacklist ${HOME}/.config/ranger | 390 | deny ${HOME}/.config/scribusrc |
391 | blacklist ${HOME}/.config/redshift | 391 | deny ${HOME}/.config/sinew.in |
392 | blacklist ${HOME}/.config/redshift.conf | 392 | deny ${HOME}/.config/sink |
393 | blacklist ${HOME}/.config/remmina | 393 | deny ${HOME}/.config/skypeforlinux |
394 | blacklist ${HOME}/.config/ristretto | 394 | deny ${HOME}/.config/slimjet |
395 | blacklist ${HOME}/.config/rtv | 395 | deny ${HOME}/.config/smplayer |
396 | blacklist ${HOME}/.config/scribus | 396 | deny ${HOME}/.config/smtube |
397 | blacklist ${HOME}/.config/scribusrc | 397 | deny ${HOME}/.config/smuxi |
398 | blacklist ${HOME}/.config/sinew.in | 398 | deny ${HOME}/.config/snox |
399 | blacklist ${HOME}/.config/sink | 399 | deny ${HOME}/.config/sound-juicer |
400 | blacklist ${HOME}/.config/skypeforlinux | 400 | deny ${HOME}/.config/specialmailcollectionsrc |
401 | blacklist ${HOME}/.config/slimjet | 401 | deny ${HOME}/.config/spectaclerc |
402 | blacklist ${HOME}/.config/smplayer | 402 | deny ${HOME}/.config/spotify |
403 | blacklist ${HOME}/.config/smtube | 403 | deny ${HOME}/.config/sqlitebrowser |
404 | blacklist ${HOME}/.config/smuxi | 404 | deny ${HOME}/.config/stellarium |
405 | blacklist ${HOME}/.config/snox | 405 | deny ${HOME}/.config/straw-viewer |
406 | blacklist ${HOME}/.config/sound-juicer | 406 | deny ${HOME}/.config/strawberry |
407 | blacklist ${HOME}/.config/specialmailcollectionsrc | 407 | deny ${HOME}/.config/supertuxkart |
408 | blacklist ${HOME}/.config/spectaclerc | 408 | deny ${HOME}/.config/synfig |
409 | blacklist ${HOME}/.config/spotify | 409 | deny ${HOME}/.config/teams |
410 | blacklist ${HOME}/.config/sqlitebrowser | 410 | deny ${HOME}/.config/teams-for-linux |
411 | blacklist ${HOME}/.config/stellarium | 411 | deny ${HOME}/.config/telepathy-account-widgets |
412 | blacklist ${HOME}/.config/strawberry | 412 | deny ${HOME}/.config/torbrowser |
413 | blacklist ${HOME}/.config/straw-viewer | 413 | deny ${HOME}/.config/totem |
414 | blacklist ${HOME}/.config/supertuxkart | 414 | deny ${HOME}/.config/tox |
415 | blacklist ${HOME}/.config/synfig | 415 | deny ${HOME}/.config/transgui |
416 | blacklist ${HOME}/.config/teams | 416 | deny ${HOME}/.config/transmission |
417 | blacklist ${HOME}/.config/teams-for-linux | 417 | deny ${HOME}/.config/truecraft |
418 | blacklist ${HOME}/.config/telepathy-account-widgets | 418 | deny ${HOME}/.config/tuta_integration |
419 | blacklist ${HOME}/.config/torbrowser | 419 | deny ${HOME}/.config/tutanota-desktop |
420 | blacklist ${HOME}/.config/totem | 420 | deny ${HOME}/.config/tvbrowser |
421 | blacklist ${HOME}/.config/tox | 421 | deny ${HOME}/.config/uGet |
422 | blacklist ${HOME}/.config/transgui | 422 | deny ${HOME}/.config/ungoogled-chromium |
423 | blacklist ${HOME}/.config/transmission | 423 | deny ${HOME}/.config/uzbl |
424 | blacklist ${HOME}/.config/truecraft | 424 | deny ${HOME}/.config/viewnior |
425 | blacklist ${HOME}/.config/tuta_integration | 425 | deny ${HOME}/.config/vivaldi |
426 | blacklist ${HOME}/.config/tutanota-desktop | 426 | deny ${HOME}/.config/vivaldi-snapshot |
427 | blacklist ${HOME}/.config/tvbrowser | 427 | deny ${HOME}/.config/vlc |
428 | blacklist ${HOME}/.config/uGet | 428 | deny ${HOME}/.config/wesnoth |
429 | blacklist ${HOME}/.config/ungoogled-chromium | 429 | deny ${HOME}/.config/wireshark |
430 | blacklist ${HOME}/.config/uzbl | 430 | deny ${HOME}/.config/wormux |
431 | blacklist ${HOME}/.config/viewnior | 431 | deny ${HOME}/.config/xchat |
432 | blacklist ${HOME}/.config/vivaldi | 432 | deny ${HOME}/.config/xed |
433 | blacklist ${HOME}/.config/vivaldi-snapshot | 433 | deny ${HOME}/.config/xfburn |
434 | blacklist ${HOME}/.config/vlc | 434 | deny ${HOME}/.config/xfce4-dict |
435 | blacklist ${HOME}/.config/wesnoth | 435 | deny ${HOME}/.config/xfce4/xfce4-notes.gtkrc |
436 | blacklist ${HOME}/.config/wormux | 436 | deny ${HOME}/.config/xfce4/xfce4-notes.rc |
437 | blacklist ${HOME}/.config/Whalebird | 437 | deny ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml |
438 | blacklist ${HOME}/.config/wireshark | 438 | deny ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml |
439 | blacklist ${HOME}/.config/xchat | 439 | deny ${HOME}/.config/xiaoyong |
440 | blacklist ${HOME}/.config/xed | 440 | deny ${HOME}/.config/xmms2 |
441 | blacklist ${HOME}/.config/xfburn | 441 | deny ${HOME}/.config/xplayer |
442 | blacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc | 442 | deny ${HOME}/.config/xreader |
443 | blacklist ${HOME}/.config/xfce4/xfce4-notes.rc | 443 | deny ${HOME}/.config/xviewer |
444 | blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml | 444 | deny ${HOME}/.config/yandex-browser |
445 | blacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml | 445 | deny ${HOME}/.config/yandex-browser-beta |
446 | blacklist ${HOME}/.config/xfce4-dict | 446 | deny ${HOME}/.config/yelp |
447 | blacklist ${HOME}/.config/xiaoyong | 447 | deny ${HOME}/.config/youtube-dl |
448 | blacklist ${HOME}/.config/xmms2 | 448 | deny ${HOME}/.config/youtube-dlg |
449 | blacklist ${HOME}/.config/xplayer | 449 | deny ${HOME}/.config/youtube-music-desktop-app |
450 | blacklist ${HOME}/.config/xreader | 450 | deny ${HOME}/.config/youtube-viewer |
451 | blacklist ${HOME}/.config/xviewer | 451 | deny ${HOME}/.config/youtubemusic-nativefier-040164 |
452 | blacklist ${HOME}/.config/yandex-browser | 452 | deny ${HOME}/.config/zathura |
453 | blacklist ${HOME}/.config/yandex-browser-beta | 453 | deny ${HOME}/.config/zim |
454 | blacklist ${HOME}/.config/yelp | 454 | deny ${HOME}/.config/zoomus.conf |
455 | blacklist ${HOME}/.config/youtube-dl | 455 | deny ${HOME}/.conkeror.mozdev.org |
456 | blacklist ${HOME}/.config/youtube-dlg | 456 | deny ${HOME}/.crawl |
457 | blacklist ${HOME}/.config/youtubemusic-nativefier-040164 | 457 | deny ${HOME}/.cups |
458 | blacklist ${HOME}/.config/youtube-music-desktop-app | 458 | deny ${HOME}/.curl-hsts |
459 | blacklist ${HOME}/.config/youtube-viewer | 459 | deny ${HOME}/.curlrc |
460 | blacklist ${HOME}/.config/zathura | 460 | deny ${HOME}/.dashcore |
461 | blacklist ${HOME}/.config/zoomus.conf | 461 | deny ${HOME}/.devilspie |
462 | blacklist ${HOME}/.config/Zulip | 462 | deny ${HOME}/.dia |
463 | blacklist ${HOME}/.conkeror.mozdev.org | 463 | deny ${HOME}/.digrc |
464 | blacklist ${HOME}/.crawl | 464 | deny ${HOME}/.dillo |
465 | blacklist ${HOME}/.cups | 465 | deny ${HOME}/.dooble |
466 | blacklist ${HOME}/.curl-hsts | 466 | deny ${HOME}/.dosbox |
467 | blacklist ${HOME}/.curlrc | 467 | deny ${HOME}/.dropbox* |
468 | blacklist ${HOME}/.dashcore | 468 | deny ${HOME}/.easystroke |
469 | blacklist ${HOME}/.devilspie | 469 | deny ${HOME}/.electron-cache |
470 | blacklist ${HOME}/.dia | 470 | deny ${HOME}/.electrum* |
471 | blacklist ${HOME}/.digrc | 471 | deny ${HOME}/.elinks |
472 | blacklist ${HOME}/.dillo | 472 | deny ${HOME}/.emacs |
473 | blacklist ${HOME}/.dooble | 473 | deny ${HOME}/.emacs.d |
474 | blacklist ${HOME}/.dosbox | 474 | deny ${HOME}/.equalx |
475 | blacklist ${HOME}/.dropbox* | 475 | deny ${HOME}/.ethereum |
476 | blacklist ${HOME}/.easystroke | 476 | deny ${HOME}/.etr |
477 | blacklist ${HOME}/.electron-cache | 477 | deny ${HOME}/.filezilla |
478 | blacklist ${HOME}/.electrum* | 478 | deny ${HOME}/.firedragon |
479 | blacklist ${HOME}/.elinks | 479 | deny ${HOME}/.flowblade |
480 | blacklist ${HOME}/.emacs | 480 | deny ${HOME}/.fltk |
481 | blacklist ${HOME}/.emacs.d | 481 | deny ${HOME}/.fossamail |
482 | blacklist ${HOME}/.equalx | 482 | deny ${HOME}/.freeciv |
483 | blacklist ${HOME}/.ethereum | 483 | deny ${HOME}/.freecol |
484 | blacklist ${HOME}/.etr | 484 | deny ${HOME}/.freemind |
485 | blacklist ${HOME}/.filezilla | 485 | deny ${HOME}/.frogatto |
486 | blacklist ${HOME}/.firedragon | 486 | deny ${HOME}/.frozen-bubble |
487 | blacklist ${HOME}/.flowblade | 487 | deny ${HOME}/.funnyboat |
488 | blacklist ${HOME}/.fltk | 488 | deny ${HOME}/.gimp* |
489 | blacklist ${HOME}/.fossamail | 489 | deny ${HOME}/.gist |
490 | blacklist ${HOME}/.freeciv | 490 | deny ${HOME}/.gitconfig |
491 | blacklist ${HOME}/.freecol | 491 | deny ${HOME}/.gl-117 |
492 | blacklist ${HOME}/.freemind | 492 | deny ${HOME}/.glaxiumrc |
493 | blacklist ${HOME}/.frogatto | 493 | deny ${HOME}/.gnome/gnome-schedule |
494 | blacklist ${HOME}/.frozen-bubble | 494 | deny ${HOME}/.googleearth |
495 | blacklist ${HOME}/.funnyboat | 495 | deny ${HOME}/.gradle |
496 | blacklist ${HOME}/.gimp* | 496 | deny ${HOME}/.gramps |
497 | blacklist ${HOME}/.gist | 497 | deny ${HOME}/.guayadeque |
498 | blacklist ${HOME}/.gitconfig | 498 | deny ${HOME}/.hashcat |
499 | blacklist ${HOME}/.gl-117 | 499 | deny ${HOME}/.hedgewars |
500 | blacklist ${HOME}/.glaxiumrc | 500 | deny ${HOME}/.hex-a-hop |
501 | blacklist ${HOME}/.gnome/gnome-schedule | 501 | deny ${HOME}/.hugin |
502 | blacklist ${HOME}/.googleearth | 502 | deny ${HOME}/.i2p |
503 | blacklist ${HOME}/.gradle | 503 | deny ${HOME}/.icedove |
504 | blacklist ${HOME}/.gramps | 504 | deny ${HOME}/.imagej |
505 | blacklist ${HOME}/.guayadeque | 505 | deny ${HOME}/.inkscape |
506 | blacklist ${HOME}/.hashcat | 506 | deny ${HOME}/.itch |
507 | blacklist ${HOME}/.hex-a-hop | 507 | deny ${HOME}/.jack-server |
508 | blacklist ${HOME}/.hedgewars | 508 | deny ${HOME}/.jack-settings |
509 | blacklist ${HOME}/.hugin | 509 | deny ${HOME}/.jak |
510 | blacklist ${HOME}/.i2p | 510 | deny ${HOME}/.java |
511 | blacklist ${HOME}/.icedove | 511 | deny ${HOME}/.jd |
512 | blacklist ${HOME}/.imagej | 512 | deny ${HOME}/.jitsi |
513 | blacklist ${HOME}/.inkscape | 513 | deny ${HOME}/.jumpnbump |
514 | blacklist ${HOME}/.itch | 514 | deny ${HOME}/.kde/share/apps/digikam |
515 | blacklist ${HOME}/.jack-server | 515 | deny ${HOME}/.kde/share/apps/gwenview |
516 | blacklist ${HOME}/.jack-settings | 516 | deny ${HOME}/.kde/share/apps/kaffeine |
517 | blacklist ${HOME}/.jak | 517 | deny ${HOME}/.kde/share/apps/kcookiejar |
518 | blacklist ${HOME}/.java | 518 | deny ${HOME}/.kde/share/apps/kget |
519 | blacklist ${HOME}/.jd | 519 | deny ${HOME}/.kde/share/apps/khtml |
520 | blacklist ${HOME}/.jitsi | 520 | deny ${HOME}/.kde/share/apps/klatexformula |
521 | blacklist ${HOME}/.jumpnbump | 521 | deny ${HOME}/.kde/share/apps/konqsidebartng |
522 | blacklist ${HOME}/.kde/share/apps/digikam | 522 | deny ${HOME}/.kde/share/apps/konqueror |
523 | blacklist ${HOME}/.kde/share/apps/gwenview | 523 | deny ${HOME}/.kde/share/apps/kopete |
524 | blacklist ${HOME}/.kde/share/apps/kaffeine | 524 | deny ${HOME}/.kde/share/apps/ktorrent |
525 | blacklist ${HOME}/.kde/share/apps/kcookiejar | 525 | deny ${HOME}/.kde/share/apps/okular |
526 | blacklist ${HOME}/.kde/share/apps/kget | 526 | deny ${HOME}/.kde/share/config/baloofilerc |
527 | blacklist ${HOME}/.kde/share/apps/khtml | 527 | deny ${HOME}/.kde/share/config/baloorc |
528 | blacklist ${HOME}/.kde/share/apps/klatexformula | 528 | deny ${HOME}/.kde/share/config/digikam |
529 | blacklist ${HOME}/.kde/share/apps/konqsidebartng | 529 | deny ${HOME}/.kde/share/config/gwenviewrc |
530 | blacklist ${HOME}/.kde/share/apps/konqueror | 530 | deny ${HOME}/.kde/share/config/k3brc |
531 | blacklist ${HOME}/.kde/share/apps/kopete | 531 | deny ${HOME}/.kde/share/config/kaffeinerc |
532 | blacklist ${HOME}/.kde/share/apps/ktorrent | 532 | deny ${HOME}/.kde/share/config/kcookiejarrc |
533 | blacklist ${HOME}/.kde/share/apps/okular | 533 | deny ${HOME}/.kde/share/config/kfindrc |
534 | blacklist ${HOME}/.kde/share/config/baloofilerc | 534 | deny ${HOME}/.kde/share/config/kgetrc |
535 | blacklist ${HOME}/.kde/share/config/baloorc | 535 | deny ${HOME}/.kde/share/config/khtmlrc |
536 | blacklist ${HOME}/.kde/share/config/digikam | 536 | deny ${HOME}/.kde/share/config/klipperrc |
537 | blacklist ${HOME}/.kde/share/config/gwenviewrc | 537 | deny ${HOME}/.kde/share/config/kmplayerrc |
538 | blacklist ${HOME}/.kde/share/config/k3brc | 538 | deny ${HOME}/.kde/share/config/konq_history |
539 | blacklist ${HOME}/.kde/share/config/kaffeinerc | 539 | deny ${HOME}/.kde/share/config/konqsidebartngrc |
540 | blacklist ${HOME}/.kde/share/config/kcookiejarrc | 540 | deny ${HOME}/.kde/share/config/konquerorrc |
541 | blacklist ${HOME}/.kde/share/config/kfindrc | 541 | deny ${HOME}/.kde/share/config/konversationrc |
542 | blacklist ${HOME}/.kde/share/config/kgetrc | 542 | deny ${HOME}/.kde/share/config/kopeterc |
543 | blacklist ${HOME}/.kde/share/config/khtmlrc | 543 | deny ${HOME}/.kde/share/config/ktorrentrc |
544 | blacklist ${HOME}/.kde/share/config/klipperrc | 544 | deny ${HOME}/.kde/share/config/okularpartrc |
545 | blacklist ${HOME}/.kde/share/config/kmplayerrc | 545 | deny ${HOME}/.kde/share/config/okularrc |
546 | blacklist ${HOME}/.kde/share/config/konq_history | 546 | deny ${HOME}/.kde4/share/apps/digikam |
547 | blacklist ${HOME}/.kde/share/config/konqsidebartngrc | 547 | deny ${HOME}/.kde4/share/apps/gwenview |
548 | blacklist ${HOME}/.kde/share/config/konquerorrc | 548 | deny ${HOME}/.kde4/share/apps/kaffeine |
549 | blacklist ${HOME}/.kde/share/config/konversationrc | 549 | deny ${HOME}/.kde4/share/apps/kcookiejar |
550 | blacklist ${HOME}/.kde/share/config/kopeterc | 550 | deny ${HOME}/.kde4/share/apps/kget |
551 | blacklist ${HOME}/.kde/share/config/ktorrentrc | 551 | deny ${HOME}/.kde4/share/apps/khtml |
552 | blacklist ${HOME}/.kde/share/config/okularpartrc | 552 | deny ${HOME}/.kde4/share/apps/konqsidebartng |
553 | blacklist ${HOME}/.kde/share/config/okularrc | 553 | deny ${HOME}/.kde4/share/apps/konqueror |
554 | blacklist ${HOME}/.kde4/share/apps/digikam | 554 | deny ${HOME}/.kde4/share/apps/kopete |
555 | blacklist ${HOME}/.kde4/share/apps/gwenview | 555 | deny ${HOME}/.kde4/share/apps/ktorrent |
556 | blacklist ${HOME}/.kde4/share/apps/kaffeine | 556 | deny ${HOME}/.kde4/share/apps/okular |
557 | blacklist ${HOME}/.kde4/share/apps/kcookiejar | 557 | deny ${HOME}/.kde4/share/config/baloofilerc |
558 | blacklist ${HOME}/.kde4/share/apps/kget | 558 | deny ${HOME}/.kde4/share/config/baloorc |
559 | blacklist ${HOME}/.kde4/share/apps/khtml | 559 | deny ${HOME}/.kde4/share/config/digikam |
560 | blacklist ${HOME}/.kde4/share/apps/konqsidebartng | 560 | deny ${HOME}/.kde4/share/config/gwenviewrc |
561 | blacklist ${HOME}/.kde4/share/apps/konqueror | 561 | deny ${HOME}/.kde4/share/config/k3brc |
562 | blacklist ${HOME}/.kde4/share/apps/kopete | 562 | deny ${HOME}/.kde4/share/config/kaffeinerc |
563 | blacklist ${HOME}/.kde4/share/apps/ktorrent | 563 | deny ${HOME}/.kde4/share/config/kcookiejarrc |
564 | blacklist ${HOME}/.kde4/share/apps/okular | 564 | deny ${HOME}/.kde4/share/config/kfindrc |
565 | blacklist ${HOME}/.kde4/share/config/baloofilerc | 565 | deny ${HOME}/.kde4/share/config/kgetrc |
566 | blacklist ${HOME}/.kde4/share/config/baloorc | 566 | deny ${HOME}/.kde4/share/config/khtmlrc |
567 | blacklist ${HOME}/.kde4/share/config/digikam | 567 | deny ${HOME}/.kde4/share/config/klipperrc |
568 | blacklist ${HOME}/.kde4/share/config/gwenviewrc | 568 | deny ${HOME}/.kde4/share/config/konq_history |
569 | blacklist ${HOME}/.kde4/share/config/k3brc | 569 | deny ${HOME}/.kde4/share/config/konqsidebartngrc |
570 | blacklist ${HOME}/.kde4/share/config/kaffeinerc | 570 | deny ${HOME}/.kde4/share/config/konquerorrc |
571 | blacklist ${HOME}/.kde4/share/config/kcookiejarrc | 571 | deny ${HOME}/.kde4/share/config/konversationrc |
572 | blacklist ${HOME}/.kde4/share/config/kfindrc | 572 | deny ${HOME}/.kde4/share/config/kopeterc |
573 | blacklist ${HOME}/.kde4/share/config/kgetrc | 573 | deny ${HOME}/.kde4/share/config/ktorrentrc |
574 | blacklist ${HOME}/.kde4/share/config/khtmlrc | 574 | deny ${HOME}/.kde4/share/config/okularpartrc |
575 | blacklist ${HOME}/.kde4/share/config/klipperrc | 575 | deny ${HOME}/.kde4/share/config/okularrc |
576 | blacklist ${HOME}/.kde4/share/config/konq_history | 576 | deny ${HOME}/.killingfloor |
577 | blacklist ${HOME}/.kde4/share/config/konqsidebartngrc | 577 | deny ${HOME}/.kingsoft |
578 | blacklist ${HOME}/.kde4/share/config/konquerorrc | 578 | deny ${HOME}/.kino-history |
579 | blacklist ${HOME}/.kde4/share/config/konversationrc | 579 | deny ${HOME}/.kinorc |
580 | blacklist ${HOME}/.kde4/share/config/kopeterc | 580 | deny ${HOME}/.klatexformula |
581 | blacklist ${HOME}/.kde4/share/config/ktorrentrc | 581 | deny ${HOME}/.klei |
582 | blacklist ${HOME}/.kde4/share/config/okularpartrc | 582 | deny ${HOME}/.kodi |
583 | blacklist ${HOME}/.kde4/share/config/okularrc | 583 | deny ${HOME}/.librewolf |
584 | blacklist ${HOME}/.killingfloor | 584 | deny ${HOME}/.lincity-ng |
585 | blacklist ${HOME}/.kingsoft | 585 | deny ${HOME}/.links |
586 | blacklist ${HOME}/.kino-history | 586 | deny ${HOME}/.links2 |
587 | blacklist ${HOME}/.kinorc | 587 | deny ${HOME}/.linphone-history.db |
588 | blacklist ${HOME}/.klatexformula | 588 | deny ${HOME}/.linphonerc |
589 | blacklist ${HOME}/.klei | 589 | deny ${HOME}/.lmmsrc.xml |
590 | blacklist ${HOME}/.kodi | 590 | deny ${HOME}/.local/lib/vivaldi |
591 | blacklist ${HOME}/.librewolf | 591 | deny ${HOME}/.local/share/0ad |
592 | blacklist ${HOME}/.lincity-ng | 592 | deny ${HOME}/.local/share/3909/PapersPlease |
593 | blacklist ${HOME}/.links | 593 | deny ${HOME}/.local/share/Anki2 |
594 | blacklist ${HOME}/.links2 | 594 | deny ${HOME}/.local/share/Dredmor |
595 | blacklist ${HOME}/.linphone-history.db | 595 | deny ${HOME}/.local/share/Empathy |
596 | blacklist ${HOME}/.linphonerc | 596 | deny ${HOME}/.local/share/Enpass |
597 | blacklist ${HOME}/.lmmsrc.xml | 597 | deny ${HOME}/.local/share/FasterThanLight |
598 | blacklist ${HOME}/.local/lib/vivaldi | 598 | deny ${HOME}/.local/share/Flavio Tordini |
599 | blacklist ${HOME}/.local/share/0ad | 599 | deny ${HOME}/.local/share/IntoTheBreach |
600 | blacklist ${HOME}/.local/share/3909/PapersPlease | 600 | deny ${HOME}/.local/share/JetBrains |
601 | blacklist ${HOME}/.local/share/Anki2 | 601 | deny ${HOME}/.local/share/KDE/neochat |
602 | blacklist ${HOME}/.local/share/Dredmor | 602 | deny ${HOME}/.local/share/Kingsoft |
603 | blacklist ${HOME}/.local/share/Empathy | 603 | deny ${HOME}/.local/share/LibreCAD |
604 | blacklist ${HOME}/.local/share/Enpass | 604 | deny ${HOME}/.local/share/Mendeley Ltd. |
605 | blacklist ${HOME}/.local/share/Flavio Tordini | 605 | deny ${HOME}/.local/share/Mumble |
606 | blacklist ${HOME}/.local/share/JetBrains | 606 | deny ${HOME}/.local/share/Nextcloud |
607 | blacklist ${HOME}/.local/share/KDE/neochat | 607 | deny ${HOME}/.local/share/PBE |
608 | blacklist ${HOME}/.local/share/Kingsoft | 608 | deny ${HOME}/.local/share/Paradox Interactive |
609 | blacklist ${HOME}/.local/share/LibreCAD | 609 | deny ${HOME}/.local/share/PawelStolowski |
610 | blacklist ${HOME}/.local/share/Mendeley Ltd. | 610 | deny ${HOME}/.local/share/PillarsOfEternity |
611 | blacklist ${HOME}/.local/share/Mumble | 611 | deny ${HOME}/.local/share/Psi |
612 | blacklist ${HOME}/.local/share/Nextcloud | 612 | deny ${HOME}/.local/share/QGIS |
613 | blacklist ${HOME}/.local/share/PBE | 613 | deny ${HOME}/.local/share/QMediathekView |
614 | blacklist ${HOME}/.local/share/PawelStolowski | 614 | deny ${HOME}/.local/share/QuiteRss |
615 | blacklist ${HOME}/.local/share/PillarsOfEternity | 615 | deny ${HOME}/.local/share/Ricochet |
616 | blacklist ${HOME}/.local/share/Psi | 616 | deny ${HOME}/.local/share/RogueLegacy |
617 | blacklist ${HOME}/.local/share/QGIS | 617 | deny ${HOME}/.local/share/RogueLegacyStorageContainer |
618 | blacklist ${HOME}/.local/share/QMediathekView | 618 | deny ${HOME}/.local/share/Shortwave |
619 | blacklist ${HOME}/.local/share/QuiteRss | 619 | deny ${HOME}/.local/share/Steam |
620 | blacklist ${HOME}/.local/share/Ricochet | 620 | deny ${HOME}/.local/share/SteamWorld Dig 2 |
621 | blacklist ${HOME}/.local/share/RogueLegacy | 621 | deny ${HOME}/.local/share/SteamWorldDig |
622 | blacklist ${HOME}/.local/share/RogueLegacyStorageContainer | 622 | deny ${HOME}/.local/share/SuperHexagon |
623 | blacklist ${HOME}/.local/share/Shortwave | 623 | deny ${HOME}/.local/share/TelegramDesktop |
624 | blacklist ${HOME}/.local/share/Steam | 624 | deny ${HOME}/.local/share/Terraria |
625 | blacklist ${HOME}/.local/share/SteamWorldDig | 625 | deny ${HOME}/.local/share/TpLogger |
626 | blacklist ${HOME}/.local/share/SteamWorld Dig 2 | 626 | deny ${HOME}/.local/share/Zeal |
627 | blacklist ${HOME}/.local/share/SuperHexagon | 627 | deny ${HOME}/.local/share/agenda |
628 | blacklist ${HOME}/.local/share/TelegramDesktop | 628 | deny ${HOME}/.local/share/akonadi* |
629 | blacklist ${HOME}/.local/share/Terraria | 629 | deny ${HOME}/.local/share/akregator |
630 | blacklist ${HOME}/.local/share/TpLogger | 630 | deny ${HOME}/.local/share/apps/korganizer |
631 | blacklist ${HOME}/.local/share/Zeal | 631 | deny ${HOME}/.local/share/aspyr-media |
632 | blacklist ${HOME}/.local/share/akonadi* | 632 | deny ${HOME}/.local/share/authenticator-rs |
633 | blacklist ${HOME}/.local/share/akregator | 633 | deny ${HOME}/.local/share/autokey |
634 | blacklist ${HOME}/.local/share/agenda | 634 | deny ${HOME}/.local/share/backintime |
635 | blacklist ${HOME}/.local/share/apps/korganizer | 635 | deny ${HOME}/.local/share/baloo |
636 | blacklist ${HOME}/.local/share/aspyr-media | 636 | deny ${HOME}/.local/share/barrier |
637 | blacklist ${HOME}/.local/share/autokey | 637 | deny ${HOME}/.local/share/bibletime |
638 | blacklist ${HOME}/.local/share/authenticator-rs | 638 | deny ${HOME}/.local/share/bijiben |
639 | blacklist ${HOME}/.local/share/backintime | 639 | deny ${HOME}/.local/share/bohemiainteractive |
640 | blacklist ${HOME}/.local/share/baloo | 640 | deny ${HOME}/.local/share/caja-python |
641 | blacklist ${HOME}/.local/share/barrier | 641 | deny ${HOME}/.local/share/calligragemini |
642 | blacklist ${HOME}/.local/share/bibletime | 642 | deny ${HOME}/.local/share/cantata |
643 | blacklist ${HOME}/.local/share/bijiben | 643 | deny ${HOME}/.local/share/cdprojektred |
644 | blacklist ${HOME}/.local/share/bohemiainteractive | 644 | deny ${HOME}/.local/share/clipit |
645 | blacklist ${HOME}/.local/share/caja-python | 645 | deny ${HOME}/.local/share/com.github.johnfactotum.Foliate |
646 | blacklist ${HOME}/.local/share/calligragemini | 646 | deny ${HOME}/.local/share/contacts |
647 | blacklist ${HOME}/.local/share/cantata | 647 | deny ${HOME}/.local/share/cor-games |
648 | blacklist ${HOME}/.local/share/cdprojektred | 648 | deny ${HOME}/.local/share/data/Mendeley Ltd. |
649 | blacklist ${HOME}/.local/share/clipit | 649 | deny ${HOME}/.local/share/data/Mumble |
650 | blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate | 650 | deny ${HOME}/.local/share/data/MusE |
651 | blacklist ${HOME}/.local/share/contacts | 651 | deny ${HOME}/.local/share/data/MuseScore |
652 | blacklist ${HOME}/.local/share/cor-games | 652 | deny ${HOME}/.local/share/data/nomacs |
653 | blacklist ${HOME}/.local/share/data/Mendeley Ltd. | 653 | deny ${HOME}/.local/share/data/qBittorrent |
654 | blacklist ${HOME}/.local/share/data/Mumble | 654 | deny ${HOME}/.local/share/dino |
655 | blacklist ${HOME}/.local/share/data/MusE | 655 | deny ${HOME}/.local/share/dolphin |
656 | blacklist ${HOME}/.local/share/data/MuseScore | 656 | deny ${HOME}/.local/share/dolphin-emu |
657 | blacklist ${HOME}/.local/share/data/nomacs | 657 | deny ${HOME}/.local/share/emailidentities |
658 | blacklist ${HOME}/.local/share/data/qBittorrent | 658 | deny ${HOME}/.local/share/epiphany |
659 | blacklist ${HOME}/.local/share/dino | 659 | deny ${HOME}/.local/share/evolution |
660 | blacklist ${HOME}/.local/share/dolphin | 660 | deny ${HOME}/.local/share/feedreader |
661 | blacklist ${HOME}/.local/share/dolphin-emu | 661 | deny ${HOME}/.local/share/feral-interactive |
662 | blacklist ${HOME}/.local/share/emailidentities | 662 | deny ${HOME}/.local/share/five-or-more |
663 | blacklist ${HOME}/.local/share/epiphany | 663 | deny ${HOME}/.local/share/freecol |
664 | blacklist ${HOME}/.local/share/evolution | 664 | deny ${HOME}/.local/share/gajim |
665 | blacklist ${HOME}/.local/share/FasterThanLight | 665 | deny ${HOME}/.local/share/geary |
666 | blacklist ${HOME}/.local/share/feedreader | 666 | deny ${HOME}/.local/share/geeqie |
667 | blacklist ${HOME}/.local/share/feral-interactive | 667 | deny ${HOME}/.local/share/ghostwriter |
668 | blacklist ${HOME}/.local/share/five-or-more | 668 | deny ${HOME}/.local/share/gitg |
669 | blacklist ${HOME}/.local/share/freecol | 669 | deny ${HOME}/.local/share/gnome-2048 |
670 | blacklist ${HOME}/.local/share/gajim | 670 | deny ${HOME}/.local/share/gnome-boxes |
671 | blacklist ${HOME}/.local/share/geary | 671 | deny ${HOME}/.local/share/gnome-builder |
672 | blacklist ${HOME}/.local/share/geeqie | 672 | deny ${HOME}/.local/share/gnome-chess |
673 | blacklist ${HOME}/.local/share/ghostwriter | 673 | deny ${HOME}/.local/share/gnome-klotski |
674 | blacklist ${HOME}/.local/share/gitg | 674 | deny ${HOME}/.local/share/gnome-latex |
675 | blacklist ${HOME}/.local/share/gnome-2048 | 675 | deny ${HOME}/.local/share/gnome-mines |
676 | blacklist ${HOME}/.local/share/gnome-boxes | 676 | deny ${HOME}/.local/share/gnome-music |
677 | blacklist ${HOME}/.local/share/gnome-builder | 677 | deny ${HOME}/.local/share/gnome-nibbles |
678 | blacklist ${HOME}/.local/share/gnome-chess | 678 | deny ${HOME}/.local/share/gnome-photos |
679 | blacklist ${HOME}/.local/share/gnome-klotski | 679 | deny ${HOME}/.local/share/gnome-pomodoro |
680 | blacklist ${HOME}/.local/share/gnome-latex | 680 | deny ${HOME}/.local/share/gnome-recipes |
681 | blacklist ${HOME}/.local/share/gnome-mines | 681 | deny ${HOME}/.local/share/gnome-ring |
682 | blacklist ${HOME}/.local/share/gnome-music | 682 | deny ${HOME}/.local/share/gnome-sudoku |
683 | blacklist ${HOME}/.local/share/gnome-nibbles | 683 | deny ${HOME}/.local/share/gnome-twitch |
684 | blacklist ${HOME}/.local/share/gnome-photos | 684 | deny ${HOME}/.local/share/gnote |
685 | blacklist ${HOME}/.local/share/gnome-pomodoro | 685 | deny ${HOME}/.local/share/godot |
686 | blacklist ${HOME}/.local/share/gnome-recipes | 686 | deny ${HOME}/.local/share/gradio |
687 | blacklist ${HOME}/.local/share/gnome-ring | 687 | deny ${HOME}/.local/share/gwenview |
688 | blacklist ${HOME}/.local/share/gnome-sudoku | 688 | deny ${HOME}/.local/share/i2p |
689 | blacklist ${HOME}/.local/share/gnome-twitch | 689 | deny ${HOME}/.local/share/io.github.lainsce.Notejot |
690 | blacklist ${HOME}/.local/share/gnote | 690 | deny ${HOME}/.local/share/jami |
691 | blacklist ${HOME}/.local/share/godot | 691 | deny ${HOME}/.local/share/kaffeine |
692 | blacklist ${HOME}/.local/share/gradio | 692 | deny ${HOME}/.local/share/kalgebra |
693 | blacklist ${HOME}/.local/share/gwenview | 693 | deny ${HOME}/.local/share/kate |
694 | blacklist ${HOME}/.local/share/i2p | 694 | deny ${HOME}/.local/share/kdenlive |
695 | blacklist ${HOME}/.local/share/IntoTheBreach | 695 | deny ${HOME}/.local/share/kget |
696 | blacklist ${HOME}/.local/share/jami | 696 | deny ${HOME}/.local/share/kiwix |
697 | blacklist ${HOME}/.local/share/kaffeine | 697 | deny ${HOME}/.local/share/kiwix-desktop |
698 | blacklist ${HOME}/.local/share/kalgebra | 698 | deny ${HOME}/.local/share/klavaro |
699 | blacklist ${HOME}/.local/share/kate | 699 | deny ${HOME}/.local/share/kmail2 |
700 | blacklist ${HOME}/.local/share/kdenlive | 700 | deny ${HOME}/.local/share/kmplayer |
701 | blacklist ${HOME}/.local/share/kget | 701 | deny ${HOME}/.local/share/knotes |
702 | blacklist ${HOME}/.local/share/kiwix | 702 | deny ${HOME}/.local/share/krita |
703 | blacklist ${HOME}/.local/share/kiwix-desktop | 703 | deny ${HOME}/.local/share/ktorrent |
704 | blacklist ${HOME}/.local/share/klavaro | 704 | deny ${HOME}/.local/share/ktorrentrc |
705 | blacklist ${HOME}/.local/share/kmail2 | 705 | deny ${HOME}/.local/share/ktouch |
706 | blacklist ${HOME}/.local/share/kmplayer | 706 | deny ${HOME}/.local/share/kube |
707 | blacklist ${HOME}/.local/share/knotes | 707 | deny ${HOME}/.local/share/kwrite |
708 | blacklist ${HOME}/.local/share/krita | 708 | deny ${HOME}/.local/share/kxmlgui5/* |
709 | blacklist ${HOME}/.local/share/ktorrent | 709 | deny ${HOME}/.local/share/liferea |
710 | blacklist ${HOME}/.local/share/ktorrentrc | 710 | deny ${HOME}/.local/share/linphone |
711 | blacklist ${HOME}/.local/share/ktouch | 711 | deny ${HOME}/.local/share/local-mail |
712 | blacklist ${HOME}/.local/share/kube | 712 | deny ${HOME}/.local/share/lollypop |
713 | blacklist ${HOME}/.local/share/kwrite | 713 | deny ${HOME}/.local/share/love |
714 | blacklist ${HOME}/.local/share/kxmlgui5/* | 714 | deny ${HOME}/.local/share/lugaru |
715 | blacklist ${HOME}/.local/share/liferea | 715 | deny ${HOME}/.local/share/lutris |
716 | blacklist ${HOME}/.local/share/linphone | 716 | deny ${HOME}/.local/share/man |
717 | blacklist ${HOME}/.local/share/local-mail | 717 | deny ${HOME}/.local/share/mana |
718 | blacklist ${HOME}/.local/share/lollypop | 718 | deny ${HOME}/.local/share/maps-places.json |
719 | blacklist ${HOME}/.local/share/love | 719 | deny ${HOME}/.local/share/matrix-mirage |
720 | blacklist ${HOME}/.local/share/lugaru | 720 | deny ${HOME}/.local/share/mcomix |
721 | blacklist ${HOME}/.local/share/lutris | 721 | deny ${HOME}/.local/share/meld |
722 | blacklist ${HOME}/.local/share/man | 722 | deny ${HOME}/.local/share/midori |
723 | blacklist ${HOME}/.local/share/mana | 723 | deny ${HOME}/.local/share/minder |
724 | blacklist ${HOME}/.local/share/maps-places.json | 724 | deny ${HOME}/.local/share/mirage |
725 | blacklist ${HOME}/.local/share/matrix-mirage | 725 | deny ${HOME}/.local/share/multimc |
726 | blacklist ${HOME}/.local/share/mcomix | 726 | deny ${HOME}/.local/share/multimc5 |
727 | blacklist ${HOME}/.local/share/meld | 727 | deny ${HOME}/.local/share/mupen64plus |
728 | blacklist ${HOME}/.local/share/midori | 728 | deny ${HOME}/.local/share/mypaint |
729 | blacklist ${HOME}/.local/share/minder | 729 | deny ${HOME}/.local/share/nautilus |
730 | blacklist ${HOME}/.local/share/mirage | 730 | deny ${HOME}/.local/share/nautilus-python |
731 | blacklist ${HOME}/.local/share/multimc | 731 | deny ${HOME}/.local/share/nemo |
732 | blacklist ${HOME}/.local/share/multimc5 | 732 | deny ${HOME}/.local/share/nemo-python |
733 | blacklist ${HOME}/.local/share/mupen64plus | 733 | deny ${HOME}/.local/share/news-flash |
734 | blacklist ${HOME}/.local/share/mypaint | 734 | deny ${HOME}/.local/share/newsbeuter |
735 | blacklist ${HOME}/.local/share/nautilus | 735 | deny ${HOME}/.local/share/newsboat |
736 | blacklist ${HOME}/.local/share/nautilus-python | 736 | deny ${HOME}/.local/share/nheko |
737 | blacklist ${HOME}/.local/share/nemo | 737 | deny ${HOME}/.local/share/nomacs |
738 | blacklist ${HOME}/.local/share/nemo-python | 738 | deny ${HOME}/.local/share/notes |
739 | blacklist ${HOME}/.local/share/news-flash | 739 | deny ${HOME}/.local/share/ocenaudio |
740 | blacklist ${HOME}/.local/share/newsbeuter | 740 | deny ${HOME}/.local/share/okular |
741 | blacklist ${HOME}/.local/share/newsboat | 741 | deny ${HOME}/.local/share/onlyoffice |
742 | blacklist ${HOME}/.local/share/nheko | 742 | deny ${HOME}/.local/share/openmw |
743 | blacklist ${HOME}/.local/share/nomacs | 743 | deny ${HOME}/.local/share/orage |
744 | blacklist ${HOME}/.local/share/notes | 744 | deny ${HOME}/.local/share/org.kde.gwenview |
745 | blacklist ${HOME}/.local/share/ocenaudio | 745 | deny ${HOME}/.local/share/pix |
746 | blacklist ${HOME}/.local/share/okular | 746 | deny ${HOME}/.local/share/plasma_notes |
747 | blacklist ${HOME}/.local/share/onlyoffice | 747 | deny ${HOME}/.local/share/profanity |
748 | blacklist ${HOME}/.local/share/openmw | 748 | deny ${HOME}/.local/share/psi |
749 | blacklist ${HOME}/.local/share/orage | 749 | deny ${HOME}/.local/share/psi+ |
750 | blacklist ${HOME}/.local/share/org.kde.gwenview | 750 | deny ${HOME}/.local/share/qpdfview |
751 | blacklist ${HOME}/.local/share/Paradox Interactive | 751 | deny ${HOME}/.local/share/quadrapassel |
752 | blacklist ${HOME}/.local/share/pix | 752 | deny ${HOME}/.local/share/qutebrowser |
753 | blacklist ${HOME}/.local/share/plasma_notes | 753 | deny ${HOME}/.local/share/remmina |
754 | blacklist ${HOME}/.local/share/profanity | 754 | deny ${HOME}/.local/share/rhythmbox |
755 | blacklist ${HOME}/.local/share/psi | 755 | deny ${HOME}/.local/share/rtv |
756 | blacklist ${HOME}/.local/share/psi+ | 756 | deny ${HOME}/.local/share/scribus |
757 | blacklist ${HOME}/.local/share/quadrapassel | 757 | deny ${HOME}/.local/share/shotwell |
758 | blacklist ${HOME}/.local/share/qpdfview | 758 | deny ${HOME}/.local/share/signal-cli |
759 | blacklist ${HOME}/.local/share/qutebrowser | 759 | deny ${HOME}/.local/share/sink |
760 | blacklist ${HOME}/.local/share/remmina | 760 | deny ${HOME}/.local/share/smuxi |
761 | blacklist ${HOME}/.local/share/rhythmbox | 761 | deny ${HOME}/.local/share/spotify |
762 | blacklist ${HOME}/.local/share/rtv | 762 | deny ${HOME}/.local/share/steam |
763 | blacklist ${HOME}/.local/share/scribus | 763 | deny ${HOME}/.local/share/strawberry |
764 | blacklist ${HOME}/.local/share/shotwell | 764 | deny ${HOME}/.local/share/supertux2 |
765 | blacklist ${HOME}/.local/share/signal-cli | 765 | deny ${HOME}/.local/share/supertuxkart |
766 | blacklist ${HOME}/.local/share/sink | 766 | deny ${HOME}/.local/share/swell-foop |
767 | blacklist ${HOME}/.local/share/smuxi | 767 | deny ${HOME}/.local/share/telepathy |
768 | blacklist ${HOME}/.local/share/spotify | 768 | deny ${HOME}/.local/share/terasology |
769 | blacklist ${HOME}/.local/share/steam | 769 | deny ${HOME}/.local/share/torbrowser |
770 | blacklist ${HOME}/.local/share/strawberry | 770 | deny ${HOME}/.local/share/totem |
771 | blacklist ${HOME}/.local/share/supertux2 | 771 | deny ${HOME}/.local/share/uzbl |
772 | blacklist ${HOME}/.local/share/supertuxkart | 772 | deny ${HOME}/.local/share/vlc |
773 | blacklist ${HOME}/.local/share/swell-foop | 773 | deny ${HOME}/.local/share/vpltd |
774 | blacklist ${HOME}/.local/share/telepathy | 774 | deny ${HOME}/.local/share/vulkan |
775 | blacklist ${HOME}/.local/share/terasology | 775 | deny ${HOME}/.local/share/warsow-2.1 |
776 | blacklist ${HOME}/.local/share/torbrowser | 776 | deny ${HOME}/.local/share/wesnoth |
777 | blacklist ${HOME}/.local/share/totem | 777 | deny ${HOME}/.local/share/wormux |
778 | blacklist ${HOME}/.local/share/uzbl | 778 | deny ${HOME}/.local/share/xplayer |
779 | blacklist ${HOME}/.local/share/vlc | 779 | deny ${HOME}/.local/share/xreader |
780 | blacklist ${HOME}/.local/share/vpltd | 780 | deny ${HOME}/.local/share/zathura |
781 | blacklist ${HOME}/.local/share/vulkan | 781 | deny ${HOME}/.lv2 |
782 | blacklist ${HOME}/.local/share/warsow-2.1 | 782 | deny ${HOME}/.lyx |
783 | blacklist ${HOME}/.local/share/wesnoth | 783 | deny ${HOME}/.magicor |
784 | blacklist ${HOME}/.local/share/wormux | 784 | deny ${HOME}/.masterpdfeditor |
785 | blacklist ${HOME}/.local/share/xplayer | 785 | deny ${HOME}/.mbwarband |
786 | blacklist ${HOME}/.local/share/xreader | 786 | deny ${HOME}/.mcabber |
787 | blacklist ${HOME}/.local/share/zathura | 787 | deny ${HOME}/.mcabberrc |
788 | blacklist ${HOME}/.lv2 | 788 | deny ${HOME}/.mediathek3 |
789 | blacklist ${HOME}/.lyx | 789 | deny ${HOME}/.megaglest |
790 | blacklist ${HOME}/.magicor | 790 | deny ${HOME}/.minecraft |
791 | blacklist ${HOME}/.masterpdfeditor | 791 | deny ${HOME}/.minetest |
792 | blacklist ${HOME}/.mbwarband | 792 | deny ${HOME}/.mirrormagic |
793 | blacklist ${HOME}/.mcabber | 793 | deny ${HOME}/.moc |
794 | blacklist ${HOME}/.mcabberrc | 794 | deny ${HOME}/.moonchild productions/basilisk |
795 | blacklist ${HOME}/.mediathek3 | 795 | deny ${HOME}/.moonchild productions/pale moon |
796 | blacklist ${HOME}/.megaglest | 796 | deny ${HOME}/.mozilla |
797 | blacklist ${HOME}/.minecraft | 797 | deny ${HOME}/.mp3splt-gtk |
798 | blacklist ${HOME}/.minetest | 798 | deny ${HOME}/.mpd |
799 | blacklist ${HOME}/.mirrormagic | 799 | deny ${HOME}/.mpdconf |
800 | blacklist ${HOME}/.moc | 800 | deny ${HOME}/.mplayer |
801 | blacklist ${HOME}/.moonchild productions/basilisk | 801 | deny ${HOME}/.msmtprc |
802 | blacklist ${HOME}/.moonchild productions/pale moon | 802 | deny ${HOME}/.multimc5 |
803 | blacklist ${HOME}/.mozilla | 803 | deny ${HOME}/.nanorc |
804 | blacklist ${HOME}/.mp3splt-gtk | 804 | deny ${HOME}/.netactview |
805 | blacklist ${HOME}/.mpd | 805 | deny ${HOME}/.neverball |
806 | blacklist ${HOME}/.mpdconf | 806 | deny ${HOME}/.newsbeuter |
807 | blacklist ${HOME}/.mplayer | 807 | deny ${HOME}/.newsboat |
808 | blacklist ${HOME}/.msmtprc | 808 | deny ${HOME}/.newsrc |
809 | blacklist ${HOME}/.multimc5 | 809 | deny ${HOME}/.nicotine |
810 | blacklist ${HOME}/.nanorc | 810 | deny ${HOME}/.node-gyp |
811 | blacklist ${HOME}/.netactview | 811 | deny ${HOME}/.npm |
812 | blacklist ${HOME}/.neverball | 812 | deny ${HOME}/.npmrc |
813 | blacklist ${HOME}/.newsbeuter | 813 | deny ${HOME}/.nv |
814 | blacklist ${HOME}/.newsboat | 814 | deny ${HOME}/.nvm |
815 | blacklist ${HOME}/.newsrc | 815 | deny ${HOME}/.nylas-mail |
816 | blacklist ${HOME}/.nicotine | 816 | deny ${HOME}/.openarena |
817 | blacklist ${HOME}/.node-gyp | 817 | deny ${HOME}/.opencity |
818 | blacklist ${HOME}/.npm | 818 | deny ${HOME}/.openinvaders |
819 | blacklist ${HOME}/.npmrc | 819 | deny ${HOME}/.openshot |
820 | blacklist ${HOME}/.nv | 820 | deny ${HOME}/.openshot_qt |
821 | blacklist ${HOME}/.nvm | 821 | deny ${HOME}/.openttd |
822 | blacklist ${HOME}/.nylas-mail | 822 | deny ${HOME}/.opera |
823 | blacklist ${HOME}/.openarena | 823 | deny ${HOME}/.opera-beta |
824 | blacklist ${HOME}/.opencity | 824 | deny ${HOME}/.ostrichriders |
825 | blacklist ${HOME}/.openinvaders | 825 | deny ${HOME}/.paradoxinteractive |
826 | blacklist ${HOME}/.openshot | 826 | deny ${HOME}/.parallelrealities/blobwars |
827 | blacklist ${HOME}/.openshot_qt | 827 | deny ${HOME}/.pcsxr |
828 | blacklist ${HOME}/.openttd | 828 | deny ${HOME}/.penguin-command |
829 | blacklist ${HOME}/.opera | 829 | deny ${HOME}/.pine-crash |
830 | blacklist ${HOME}/.opera-beta | 830 | deny ${HOME}/.pine-debug1 |
831 | blacklist ${HOME}/.ostrichriders | 831 | deny ${HOME}/.pine-debug2 |
832 | blacklist ${HOME}/.paradoxinteractive | 832 | deny ${HOME}/.pine-debug3 |
833 | blacklist ${HOME}/.parallelrealities/blobwars | 833 | deny ${HOME}/.pine-debug4 |
834 | blacklist ${HOME}/.pcsxr | 834 | deny ${HOME}/.pine-interrupted-mail |
835 | blacklist ${HOME}/.penguin-command | 835 | deny ${HOME}/.pinerc |
836 | blacklist ${HOME}/.pine-crash | 836 | deny ${HOME}/.pinercex |
837 | blacklist ${HOME}/.pine-debug1 | 837 | deny ${HOME}/.pingus |
838 | blacklist ${HOME}/.pine-debug2 | 838 | deny ${HOME}/.pioneer |
839 | blacklist ${HOME}/.pine-debug3 | 839 | deny ${HOME}/.purple |
840 | blacklist ${HOME}/.pine-debug4 | 840 | deny ${HOME}/.pylint.d |
841 | blacklist ${HOME}/.pine-interrupted-mail | 841 | deny ${HOME}/.qemu-launcher |
842 | blacklist ${HOME}/.pinerc | 842 | deny ${HOME}/.qgis2 |
843 | blacklist ${HOME}/.pinercex | 843 | deny ${HOME}/.qmmp |
844 | blacklist ${HOME}/.pingus | 844 | deny ${HOME}/.quodlibet |
845 | blacklist ${HOME}/.pioneer | 845 | deny ${HOME}/.redeclipse |
846 | blacklist ${HOME}/.purple | 846 | deny ${HOME}/.rednotebook |
847 | blacklist ${HOME}/.pylint.d | 847 | deny ${HOME}/.remmina |
848 | blacklist ${HOME}/.qemu-launcher | 848 | deny ${HOME}/.repo_.gitconfig.json |
849 | blacklist ${HOME}/.qgis2 | 849 | deny ${HOME}/.repoconfig |
850 | blacklist ${HOME}/.qmmp | 850 | deny ${HOME}/.retroshare |
851 | blacklist ${HOME}/.quodlibet | 851 | deny ${HOME}/.ripperXrc |
852 | blacklist ${HOME}/.redeclipse | 852 | deny ${HOME}/.scorched3d |
853 | blacklist ${HOME}/.remmina | 853 | deny ${HOME}/.scribus |
854 | blacklist ${HOME}/.repo_.gitconfig.json | 854 | deny ${HOME}/.scribusrc |
855 | blacklist ${HOME}/.repoconfig | 855 | deny ${HOME}/.simutrans |
856 | blacklist ${HOME}/.retroshare | 856 | deny ${HOME}/.smartgit/*/passwords |
857 | blacklist ${HOME}/.ripperXrc | 857 | deny ${HOME}/.ssr |
858 | blacklist ${HOME}/.scorched3d | 858 | deny ${HOME}/.steam |
859 | blacklist ${HOME}/.scribus | 859 | deny ${HOME}/.steampath |
860 | blacklist ${HOME}/.scribusrc | 860 | deny ${HOME}/.steampid |
861 | blacklist ${HOME}/.simutrans | 861 | deny ${HOME}/.stellarium |
862 | blacklist ${HOME}/.smartgit/*/passwords | 862 | deny ${HOME}/.subversion |
863 | blacklist ${HOME}/.ssr | 863 | deny ${HOME}/.surf |
864 | blacklist ${HOME}/.steam | 864 | deny ${HOME}/.suve/colorful |
865 | blacklist ${HOME}/.steampath | 865 | deny ${HOME}/.swb.ini |
866 | blacklist ${HOME}/.steampid | 866 | deny ${HOME}/.sword |
867 | blacklist ${HOME}/.stellarium | 867 | deny ${HOME}/.sylpheed-2.0 |
868 | blacklist ${HOME}/.subversion | 868 | deny ${HOME}/.synfig |
869 | blacklist ${HOME}/.surf | 869 | deny ${HOME}/.tb |
870 | blacklist ${HOME}/.suve/colorful | 870 | deny ${HOME}/.tconn |
871 | blacklist ${HOME}/.swb.ini | 871 | deny ${HOME}/.teeworlds |
872 | blacklist ${HOME}/.sword | 872 | deny ${HOME}/.texlive20* |
873 | blacklist ${HOME}/.sylpheed-2.0 | 873 | deny ${HOME}/.thunderbird |
874 | blacklist ${HOME}/.synfig | 874 | deny ${HOME}/.tilp |
875 | blacklist ${HOME}/.tb | 875 | deny ${HOME}/.tin |
876 | blacklist ${HOME}/.tconn | 876 | deny ${HOME}/.tooling |
877 | blacklist ${HOME}/.teeworlds | 877 | deny ${HOME}/.tor-browser* |
878 | blacklist ${HOME}/.texlive20* | 878 | deny ${HOME}/.torcs |
879 | blacklist ${HOME}/.thunderbird | 879 | deny ${HOME}/.tremulous |
880 | blacklist ${HOME}/.tilp | 880 | deny ${HOME}/.ts3client |
881 | blacklist ${HOME}/.tin | 881 | deny ${HOME}/.tuxguitar* |
882 | blacklist ${HOME}/.tooling | 882 | deny ${HOME}/.tvbrowser |
883 | blacklist ${HOME}/.tor-browser* | 883 | deny ${HOME}/.unknown-horizons |
884 | blacklist ${HOME}/.torcs | 884 | deny ${HOME}/.viking |
885 | blacklist ${HOME}/.tremulous | 885 | deny ${HOME}/.viking-maps |
886 | blacklist ${HOME}/.ts3client | 886 | deny ${HOME}/.vim |
887 | blacklist ${HOME}/.tuxguitar* | 887 | deny ${HOME}/.vimrc |
888 | blacklist ${HOME}/.tvbrowser | 888 | deny ${HOME}/.vmware |
889 | blacklist ${HOME}/.unknown-horizons | 889 | deny ${HOME}/.vscode |
890 | blacklist ${HOME}/.viking | 890 | deny ${HOME}/.vscode-oss |
891 | blacklist ${HOME}/.viking-maps | 891 | deny ${HOME}/.vst |
892 | blacklist ${HOME}/.vim | 892 | deny ${HOME}/.vultures |
893 | blacklist ${HOME}/.vimrc | 893 | deny ${HOME}/.w3m |
894 | blacklist ${HOME}/.vmware | 894 | deny ${HOME}/.warzone2100-3.* |
895 | blacklist ${HOME}/.vscode | 895 | deny ${HOME}/.waterfox |
896 | blacklist ${HOME}/.vscode-oss | 896 | deny ${HOME}/.weechat |
897 | blacklist ${HOME}/.vst | 897 | deny ${HOME}/.wget-hsts |
898 | blacklist ${HOME}/.vultures | 898 | deny ${HOME}/.wgetrc |
899 | blacklist ${HOME}/.w3m | 899 | deny ${HOME}/.widelands |
900 | blacklist ${HOME}/.warzone2100-3.* | 900 | deny ${HOME}/.wine |
901 | blacklist ${HOME}/.waterfox | 901 | deny ${HOME}/.wine64 |
902 | blacklist ${HOME}/.weechat | 902 | deny ${HOME}/.wireshark |
903 | blacklist ${HOME}/.wget-hsts | 903 | deny ${HOME}/.wordwarvi |
904 | blacklist ${HOME}/.wgetrc | 904 | deny ${HOME}/.wormux |
905 | blacklist ${HOME}/.widelands | 905 | deny ${HOME}/.xiphos |
906 | blacklist ${HOME}/.wine | 906 | deny ${HOME}/.xmind |
907 | blacklist ${HOME}/.wine64 | 907 | deny ${HOME}/.xmms |
908 | blacklist ${HOME}/.wireshark | 908 | deny ${HOME}/.xmr-stak |
909 | blacklist ${HOME}/.wordwarvi | 909 | deny ${HOME}/.xonotic |
910 | blacklist ${HOME}/.wormux | 910 | deny ${HOME}/.xournalpp |
911 | blacklist ${HOME}/.xiphos | 911 | deny ${HOME}/.xpdfrc |
912 | blacklist ${HOME}/.xmind | 912 | deny ${HOME}/.yarn |
913 | blacklist ${HOME}/.xmms | 913 | deny ${HOME}/.yarn-config |
914 | blacklist ${HOME}/.xmr-stak | 914 | deny ${HOME}/.yarncache |
915 | blacklist ${HOME}/.xonotic | 915 | deny ${HOME}/.yarnrc |
916 | blacklist ${HOME}/.xournalpp | 916 | deny ${HOME}/.zoom |
917 | blacklist ${HOME}/.xpdfrc | 917 | deny ${HOME}/Arduino |
918 | blacklist ${HOME}/.yarn | 918 | deny ${HOME}/Monero/wallets |
919 | blacklist ${HOME}/.yarn-config | 919 | deny ${HOME}/Nextcloud |
920 | blacklist ${HOME}/.yarncache | 920 | deny ${HOME}/Nextcloud/Notes |
921 | blacklist ${HOME}/.yarnrc | 921 | deny ${HOME}/SoftMaker |
922 | blacklist ${HOME}/.zoom | 922 | deny ${HOME}/Standard Notes Backups |
923 | blacklist /tmp/akonadi-* | 923 | deny ${HOME}/TeamSpeak3-Client-linux_amd64 |
924 | blacklist /tmp/.wine-* | 924 | deny ${HOME}/TeamSpeak3-Client-linux_x86 |
925 | blacklist /var/games/nethack | 925 | deny ${HOME}/hyperrogue.ini |
926 | blacklist /var/games/slashem | 926 | deny ${HOME}/i2p |
927 | blacklist /var/games/vulturesclaw | 927 | deny ${HOME}/mps |
928 | blacklist /var/games/vultureseye | 928 | deny ${HOME}/wallet.dat |
929 | blacklist /var/lib/games/Maelstrom-Scores | 929 | deny /tmp/.wine-* |
930 | deny /tmp/akonadi-* | ||
931 | deny /var/games/nethack | ||
932 | deny /var/games/slashem | ||
933 | deny /var/games/vulturesclaw | ||
934 | deny /var/games/vultureseye | ||
935 | deny /var/lib/games/Maelstrom-Scores | ||
930 | 936 | ||
931 | # ${HOME}/.cache directory | 937 | # ${HOME}/.cache directory |
932 | blacklist ${HOME}/.cache/0ad | 938 | deny ${HOME}/.cache/0ad |
933 | blacklist ${HOME}/.cache/8pecxstudios | 939 | deny ${HOME}/.cache/8pecxstudios |
934 | blacklist ${HOME}/.cache/Authenticator | 940 | deny ${HOME}/.cache/Authenticator |
935 | blacklist ${HOME}/.cache/BraveSoftware | 941 | deny ${HOME}/.cache/BraveSoftware |
936 | blacklist ${HOME}/.cache/Clementine | 942 | deny ${HOME}/.cache/Clementine |
937 | blacklist ${HOME}/.cache/ENCOM/Spectral | 943 | deny ${HOME}/.cache/ENCOM/Spectral |
938 | blacklist ${HOME}/.cache/Enox | 944 | deny ${HOME}/.cache/Enox |
939 | blacklist ${HOME}/.cache/Enpass | 945 | deny ${HOME}/.cache/Enpass |
940 | blacklist ${HOME}/.cache/Ferdi | 946 | deny ${HOME}/.cache/Ferdi |
941 | blacklist ${HOME}/.cache/Flavio Tordini | 947 | deny ${HOME}/.cache/Flavio Tordini |
942 | blacklist ${HOME}/.cache/Franz | 948 | deny ${HOME}/.cache/Franz |
943 | blacklist ${HOME}/.cache/INRIA | 949 | deny ${HOME}/.cache/INRIA |
944 | blacklist ${HOME}/.cache/MusicBrainz | 950 | deny ${HOME}/.cache/INRIA/Natron |
945 | blacklist ${HOME}/.cache/NewsFlashGTK | 951 | deny ${HOME}/.cache/KDE/neochat |
946 | blacklist ${HOME}/.cache/Otter | 952 | deny ${HOME}/.cache/Mendeley Ltd. |
947 | blacklist ${HOME}/.cache/PawelStolowski | 953 | deny ${HOME}/.cache/MusicBrainz |
948 | blacklist ${HOME}/.cache/Psi | 954 | deny ${HOME}/.cache/NewsFlashGTK |
949 | blacklist ${HOME}/.cache/QuiteRss | 955 | deny ${HOME}/.cache/Otter |
950 | blacklist ${HOME}/.cache/quodlibet | 956 | deny ${HOME}/.cache/PawelStolowski |
951 | blacklist ${HOME}/.cache/Quotient/quaternion | 957 | deny ${HOME}/.cache/Psi |
952 | blacklist ${HOME}/.cache/Shortwave | 958 | deny ${HOME}/.cache/QuiteRss |
953 | blacklist ${HOME}/.cache/Tox | 959 | deny ${HOME}/.cache/Quotient/quaternion |
954 | blacklist ${HOME}/.cache/Zeal | 960 | deny ${HOME}/.cache/Shortwave |
955 | blacklist ${HOME}/.cache/agenda | 961 | deny ${HOME}/.cache/Tox |
956 | blacklist ${HOME}/.cache/akonadi* | 962 | deny ${HOME}/.cache/Zeal |
957 | blacklist ${HOME}/.cache/atril | 963 | deny ${HOME}/.cache/agenda |
958 | blacklist ${HOME}/.cache/attic | 964 | deny ${HOME}/.cache/akonadi* |
959 | blacklist ${HOME}/.cache/babl | 965 | deny ${HOME}/.cache/atril |
960 | blacklist ${HOME}/.cache/bnox | 966 | deny ${HOME}/.cache/attic |
961 | blacklist ${HOME}/.cache/borg | 967 | deny ${HOME}/.cache/babl |
962 | blacklist ${HOME}/.cache/calibre | 968 | deny ${HOME}/.cache/bnox |
963 | blacklist ${HOME}/.cache/cantata | 969 | deny ${HOME}/.cache/borg |
964 | blacklist ${HOME}/.cache/champlain | 970 | deny ${HOME}/.cache/calibre |
965 | blacklist ${HOME}/.cache/chromium | 971 | deny ${HOME}/.cache/cantata |
966 | blacklist ${HOME}/.cache/chromium-dev | 972 | deny ${HOME}/.cache/champlain |
967 | blacklist ${HOME}/.cache/cliqz | 973 | deny ${HOME}/.cache/chromium |
968 | blacklist ${HOME}/.cache/com.github.johnfactotum.Foliate | 974 | deny ${HOME}/.cache/chromium-dev |
969 | blacklist ${HOME}/.cache/darktable | 975 | deny ${HOME}/.cache/cliqz |
970 | blacklist ${HOME}/.cache/deja-dup | 976 | deny ${HOME}/.cache/com.github.johnfactotum.Foliate |
971 | blacklist ${HOME}/.cache/discover | 977 | deny ${HOME}/.cache/darktable |
972 | blacklist ${HOME}/.cache/dnox | 978 | deny ${HOME}/.cache/deja-dup |
973 | blacklist ${HOME}/.cache/dolphin | 979 | deny ${HOME}/.cache/discover |
974 | blacklist ${HOME}/.cache/dolphin-emu | 980 | deny ${HOME}/.cache/dnox |
975 | blacklist ${HOME}/.cache/ephemeral | 981 | deny ${HOME}/.cache/dolphin |
976 | blacklist ${HOME}/.cache/epiphany | 982 | deny ${HOME}/.cache/dolphin-emu |
977 | blacklist ${HOME}/.cache/evolution | 983 | deny ${HOME}/.cache/ephemeral |
978 | blacklist ${HOME}/.cache/falkon | 984 | deny ${HOME}/.cache/epiphany |
979 | blacklist ${HOME}/.cache/feedreader | 985 | deny ${HOME}/.cache/evolution |
980 | blacklist ${HOME}/.cache/firedragon | 986 | deny ${HOME}/.cache/falkon |
981 | blacklist ${HOME}/.cache/flaska.net/trojita | 987 | deny ${HOME}/.cache/feedreader |
982 | blacklist ${HOME}/.cache/folks | 988 | deny ${HOME}/.cache/firedragon |
983 | blacklist ${HOME}/.cache/font-manager | 989 | deny ${HOME}/.cache/flaska.net/trojita |
984 | blacklist ${HOME}/.cache/fossamail | 990 | deny ${HOME}/.cache/folks |
985 | blacklist ${HOME}/.cache/fractal | 991 | deny ${HOME}/.cache/font-manager |
986 | blacklist ${HOME}/.cache/freecol | 992 | deny ${HOME}/.cache/fossamail |
987 | blacklist ${HOME}/.cache/gajim | 993 | deny ${HOME}/.cache/fractal |
988 | blacklist ${HOME}/.cache/geary | 994 | deny ${HOME}/.cache/freecol |
989 | blacklist ${HOME}/.cache/gegl-0.4 | 995 | deny ${HOME}/.cache/gajim |
990 | blacklist ${HOME}/.cache/geeqie | 996 | deny ${HOME}/.cache/geary |
991 | blacklist ${HOME}/.cache/gfeeds | 997 | deny ${HOME}/.cache/geeqie |
992 | blacklist ${HOME}/.cache/gimp | 998 | deny ${HOME}/.cache/gegl-0.4 |
993 | blacklist ${HOME}/.cache/gnome-boxes | 999 | deny ${HOME}/.cache/gfeeds |
994 | blacklist ${HOME}/.cache/gnome-builder | 1000 | deny ${HOME}/.cache/gimp |
995 | blacklist ${HOME}/.cache/gnome-control-center | 1001 | deny ${HOME}/.cache/gnome-boxes |
996 | blacklist ${HOME}/.cache/gnome-recipes | 1002 | deny ${HOME}/.cache/gnome-builder |
997 | blacklist ${HOME}/.cache/gnome-screenshot | 1003 | deny ${HOME}/.cache/gnome-control-center |
998 | blacklist ${HOME}/.cache/gnome-software | 1004 | deny ${HOME}/.cache/gnome-recipes |
999 | blacklist ${HOME}/.cache/gnome-twitch | 1005 | deny ${HOME}/.cache/gnome-screenshot |
1000 | blacklist ${HOME}/.cache/godot | 1006 | deny ${HOME}/.cache/gnome-software |
1001 | blacklist ${HOME}/.cache/google-chrome | 1007 | deny ${HOME}/.cache/gnome-twitch |
1002 | blacklist ${HOME}/.cache/google-chrome-beta | 1008 | deny ${HOME}/.cache/godot |
1003 | blacklist ${HOME}/.cache/google-chrome-unstable | 1009 | deny ${HOME}/.cache/google-chrome |
1004 | blacklist ${HOME}/.cache/gradio | 1010 | deny ${HOME}/.cache/google-chrome-beta |
1005 | blacklist ${HOME}/.cache/gummi | 1011 | deny ${HOME}/.cache/google-chrome-unstable |
1006 | blacklist ${HOME}/.cache/icedove | 1012 | deny ${HOME}/.cache/gradio |
1007 | blacklist ${HOME}/.cache/INRIA/Natron | 1013 | deny ${HOME}/.cache/gummi |
1008 | blacklist ${HOME}/.cache/inkscape | 1014 | deny ${HOME}/.cache/icedove |
1009 | blacklist ${HOME}/.cache/inox | 1015 | deny ${HOME}/.cache/inkscape |
1010 | blacklist ${HOME}/.cache/iridium | 1016 | deny ${HOME}/.cache/inox |
1011 | blacklist ${HOME}/.cache/kcmshell5 | 1017 | deny ${HOME}/.cache/io.github.lainsce.Notejot |
1012 | blacklist ${HOME}/.cache/KDE/neochat | 1018 | deny ${HOME}/.cache/iridium |
1013 | blacklist ${HOME}/.cache/kdenlive | 1019 | deny ${HOME}/.cache/JetBrains/CLion* |
1014 | blacklist ${HOME}/.cache/keepassxc | 1020 | deny ${HOME}/.cache/kcmshell5 |
1015 | blacklist ${HOME}/.cache/kfind | 1021 | deny ${HOME}/.cache/kdenlive |
1016 | blacklist ${HOME}/.cache/kinfocenter | 1022 | deny ${HOME}/.cache/keepassxc |
1017 | blacklist ${HOME}/.cache/kmail2 | 1023 | deny ${HOME}/.cache/kfind |
1018 | blacklist ${HOME}/.cache/krunner | 1024 | deny ${HOME}/.cache/kinfocenter |
1019 | blacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* | 1025 | deny ${HOME}/.cache/kmail2 |
1020 | blacklist ${HOME}/.cache/kscreenlocker_greet | 1026 | deny ${HOME}/.cache/krunner |
1021 | blacklist ${HOME}/.cache/ksmserver-logout-greeter | 1027 | deny ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* |
1022 | blacklist ${HOME}/.cache/ksplashqml | 1028 | deny ${HOME}/.cache/kscreenlocker_greet |
1023 | blacklist ${HOME}/.cache/kube | 1029 | deny ${HOME}/.cache/ksmserver-logout-greeter |
1024 | blacklist ${HOME}/.cache/kwin | 1030 | deny ${HOME}/.cache/ksplashqml |
1025 | blacklist ${HOME}/.cache/libgweather | 1031 | deny ${HOME}/.cache/kube |
1026 | blacklist ${HOME}/.cache/librewolf | 1032 | deny ${HOME}/.cache/kwin |
1027 | blacklist ${HOME}/.cache/liferea | 1033 | deny ${HOME}/.cache/libgweather |
1028 | blacklist ${HOME}/.cache/lutris | 1034 | deny ${HOME}/.cache/librewolf |
1029 | blacklist ${HOME}/.cache/Mendeley Ltd. | 1035 | deny ${HOME}/.cache/liferea |
1030 | blacklist ${HOME}/.cache/marker | 1036 | deny ${HOME}/.cache/lutris |
1031 | blacklist ${HOME}/.cache/matrix-mirage | 1037 | deny ${HOME}/.cache/marker |
1032 | blacklist ${HOME}/.cache/microsoft-edge-dev | 1038 | deny ${HOME}/.cache/matrix-mirage |
1033 | blacklist ${HOME}/.cache/midori | 1039 | deny ${HOME}/.cache/microsoft-edge-beta |
1034 | blacklist ${HOME}/.cache/minetest | 1040 | deny ${HOME}/.cache/microsoft-edge-dev |
1035 | blacklist ${HOME}/.cache/mirage | 1041 | deny ${HOME}/.cache/midori |
1036 | blacklist ${HOME}/.cache/moonchild productions/basilisk | 1042 | deny ${HOME}/.cache/minetest |
1037 | blacklist ${HOME}/.cache/moonchild productions/pale moon | 1043 | deny ${HOME}/.cache/mirage |
1038 | blacklist ${HOME}/.cache/mozilla | 1044 | deny ${HOME}/.cache/moonchild productions/basilisk |
1039 | blacklist ${HOME}/.cache/ms-excel-online | 1045 | deny ${HOME}/.cache/moonchild productions/pale moon |
1040 | blacklist ${HOME}/.cache/ms-office-online | 1046 | deny ${HOME}/.cache/mozilla |
1041 | blacklist ${HOME}/.cache/ms-onenote-online | 1047 | deny ${HOME}/.cache/ms-excel-online |
1042 | blacklist ${HOME}/.cache/ms-outlook-online | 1048 | deny ${HOME}/.cache/ms-office-online |
1043 | blacklist ${HOME}/.cache/ms-powerpoint-online | 1049 | deny ${HOME}/.cache/ms-onenote-online |
1044 | blacklist ${HOME}/.cache/ms-skype-online | 1050 | deny ${HOME}/.cache/ms-outlook-online |
1045 | blacklist ${HOME}/.cache/ms-word-online | 1051 | deny ${HOME}/.cache/ms-powerpoint-online |
1046 | blacklist ${HOME}/.cache/mutt | 1052 | deny ${HOME}/.cache/ms-skype-online |
1047 | blacklist ${HOME}/.cache/mypaint | 1053 | deny ${HOME}/.cache/ms-word-online |
1048 | blacklist ${HOME}/.cache/nheko | 1054 | deny ${HOME}/.cache/mutt |
1049 | blacklist ${HOME}/.cache/netsurf | 1055 | deny ${HOME}/.cache/mypaint |
1050 | blacklist ${HOME}/.cache/okular | 1056 | deny ${HOME}/.cache/netsurf |
1051 | blacklist ${HOME}/.cache/opera | 1057 | deny ${HOME}/.cache/nheko |
1052 | blacklist ${HOME}/.cache/opera-beta | 1058 | deny ${HOME}/.cache/okular |
1053 | blacklist ${HOME}/.cache/org.gabmus.gfeeds | 1059 | deny ${HOME}/.cache/opera |
1054 | blacklist ${HOME}/.cache/org.gnome.Books | 1060 | deny ${HOME}/.cache/opera-beta |
1055 | blacklist ${HOME}/.cache/org.gnome.Maps | 1061 | deny ${HOME}/.cache/org.gabmus.gfeeds |
1056 | blacklist ${HOME}/.cache/pdfmod | 1062 | deny ${HOME}/.cache/org.gnome.Books |
1057 | blacklist ${HOME}/.cache/peek | 1063 | deny ${HOME}/.cache/org.gnome.Maps |
1058 | blacklist ${HOME}/.cache/pip | 1064 | deny ${HOME}/.cache/pdfmod |
1059 | blacklist ${HOME}/.cache/pipe-viewer | 1065 | deny ${HOME}/.cache/peek |
1060 | blacklist ${HOME}/.cache/plasmashell | 1066 | deny ${HOME}/.cache/pip |
1061 | blacklist ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite* | 1067 | deny ${HOME}/.cache/pipe-viewer |
1062 | blacklist ${HOME}/.cache/psi | 1068 | deny ${HOME}/.cache/plasmashell |
1063 | blacklist ${HOME}/.cache/qBittorrent | 1069 | deny ${HOME}/.cache/plasmashellbookmarkrunnerfirefoxdbfile.sqlite* |
1064 | blacklist ${HOME}/.cache/qupzilla | 1070 | deny ${HOME}/.cache/psi |
1065 | blacklist ${HOME}/.cache/qutebrowser | 1071 | deny ${HOME}/.cache/qBittorrent |
1066 | blacklist ${HOME}/.cache/rhythmbox | 1072 | deny ${HOME}/.cache/quodlibet |
1067 | blacklist ${HOME}/.cache/shotwell | 1073 | deny ${HOME}/.cache/qupzilla |
1068 | blacklist ${HOME}/.cache/simple-scan | 1074 | deny ${HOME}/.cache/qutebrowser |
1069 | blacklist ${HOME}/.cache/slimjet | 1075 | deny ${HOME}/.cache/rednotebook |
1070 | blacklist ${HOME}/.cache/smuxi | 1076 | deny ${HOME}/.cache/rhythmbox |
1071 | blacklist ${HOME}/.cache/snox | 1077 | deny ${HOME}/.cache/shotwell |
1072 | blacklist ${HOME}/.cache/spotify | 1078 | deny ${HOME}/.cache/simple-scan |
1073 | blacklist ${HOME}/.cache/strawberry | 1079 | deny ${HOME}/.cache/slimjet |
1074 | blacklist ${HOME}/.cache/straw-viewer | 1080 | deny ${HOME}/.cache/smuxi |
1075 | blacklist ${HOME}/.cache/supertuxkart | 1081 | deny ${HOME}/.cache/snox |
1076 | blacklist ${HOME}/.cache/systemsettings | 1082 | deny ${HOME}/.cache/spotify |
1077 | blacklist ${HOME}/.cache/telepathy | 1083 | deny ${HOME}/.cache/straw-viewer |
1078 | blacklist ${HOME}/.cache/thunderbird | 1084 | deny ${HOME}/.cache/strawberry |
1079 | blacklist ${HOME}/.cache/torbrowser | 1085 | deny ${HOME}/.cache/supertuxkart |
1080 | blacklist ${HOME}/.cache/transmission | 1086 | deny ${HOME}/.cache/systemsettings |
1081 | blacklist ${HOME}/.cache/ungoogled-chromium | 1087 | deny ${HOME}/.cache/telepathy |
1082 | blacklist ${HOME}/.cache/vivaldi | 1088 | deny ${HOME}/.cache/thunderbird |
1083 | blacklist ${HOME}/.cache/vivaldi-snapshot | 1089 | deny ${HOME}/.cache/torbrowser |
1084 | blacklist ${HOME}/.cache/vlc | 1090 | deny ${HOME}/.cache/transmission |
1085 | blacklist ${HOME}/.cache/vmware | 1091 | deny ${HOME}/.cache/ungoogled-chromium |
1086 | blacklist ${HOME}/.cache/warsow-2.1 | 1092 | deny ${HOME}/.cache/vivaldi |
1087 | blacklist ${HOME}/.cache/waterfox | 1093 | deny ${HOME}/.cache/vivaldi-snapshot |
1088 | blacklist ${HOME}/.cache/wesnoth | 1094 | deny ${HOME}/.cache/vlc |
1089 | blacklist ${HOME}/.cache/winetricks | 1095 | deny ${HOME}/.cache/vmware |
1090 | blacklist ${HOME}/.cache/xmms2 | 1096 | deny ${HOME}/.cache/warsow-2.1 |
1091 | blacklist ${HOME}/.cache/xreader | 1097 | deny ${HOME}/.cache/waterfox |
1092 | blacklist ${HOME}/.cache/yandex-browser | 1098 | deny ${HOME}/.cache/wesnoth |
1093 | blacklist ${HOME}/.cache/yandex-browser-beta | 1099 | deny ${HOME}/.cache/winetricks |
1094 | blacklist ${HOME}/.cache/youtube-dl | 1100 | deny ${HOME}/.cache/xmms2 |
1095 | blacklist ${HOME}/.cache/youtube-viewer | 1101 | deny ${HOME}/.cache/xreader |
1102 | deny ${HOME}/.cache/yandex-browser | ||
1103 | deny ${HOME}/.cache/yandex-browser-beta | ||
1104 | deny ${HOME}/.cache/youtube-dl | ||
1105 | deny ${HOME}/.cache/youtube-viewer | ||
1106 | deny ${HOME}/.cache/zim | ||
diff --git a/etc/inc/disable-shell.inc b/etc/inc/disable-shell.inc index 8274b0215..da6fb31a3 100644 --- a/etc/inc/disable-shell.inc +++ b/etc/inc/disable-shell.inc | |||
@@ -2,14 +2,14 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include disable-shell.local | 3 | include disable-shell.local |
4 | 4 | ||
5 | blacklist ${PATH}/bash | 5 | deny ${PATH}/bash |
6 | blacklist ${PATH}/csh | 6 | deny ${PATH}/csh |
7 | blacklist ${PATH}/dash | 7 | deny ${PATH}/dash |
8 | blacklist ${PATH}/fish | 8 | deny ${PATH}/fish |
9 | blacklist ${PATH}/ksh | 9 | deny ${PATH}/ksh |
10 | blacklist ${PATH}/mksh | 10 | deny ${PATH}/mksh |
11 | blacklist ${PATH}/oksh | 11 | deny ${PATH}/oksh |
12 | blacklist ${PATH}/sh | 12 | deny ${PATH}/sh |
13 | blacklist ${PATH}/tclsh | 13 | deny ${PATH}/tclsh |
14 | blacklist ${PATH}/tcsh | 14 | deny ${PATH}/tcsh |
15 | blacklist ${PATH}/zsh | 15 | deny ${PATH}/zsh |
diff --git a/etc/inc/disable-xdg.inc b/etc/inc/disable-xdg.inc index 22acf272d..32aa8c7f6 100644 --- a/etc/inc/disable-xdg.inc +++ b/etc/inc/disable-xdg.inc | |||
@@ -2,10 +2,10 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include disable-xdg.local | 3 | include disable-xdg.local |
4 | 4 | ||
5 | blacklist ${DOCUMENTS} | 5 | deny ${DOCUMENTS} |
6 | blacklist ${MUSIC} | 6 | deny ${MUSIC} |
7 | blacklist ${PICTURES} | 7 | deny ${PICTURES} |
8 | blacklist ${VIDEOS} | 8 | deny ${VIDEOS} |
9 | 9 | ||
10 | # The following should be considered catch-all directories | 10 | # The following should be considered catch-all directories |
11 | #blacklist ${DESKTOP} | 11 | #blacklist ${DESKTOP} |
diff --git a/etc/inc/whitelist-1793-workaround.inc b/etc/inc/whitelist-1793-workaround.inc index 862837f12..06a424440 100644 --- a/etc/inc/whitelist-1793-workaround.inc +++ b/etc/inc/whitelist-1793-workaround.inc | |||
@@ -3,27 +3,27 @@ | |||
3 | include whitelist-1793-workaround.local | 3 | include whitelist-1793-workaround.local |
4 | # This works around bug 1793, and allows whitelisting to be used for some KDE applications. | 4 | # This works around bug 1793, and allows whitelisting to be used for some KDE applications. |
5 | 5 | ||
6 | noblacklist ${HOME}/.config/ibus | 6 | nodeny ${HOME}/.config/ibus |
7 | noblacklist ${HOME}/.config/mimeapps.list | 7 | nodeny ${HOME}/.config/mimeapps.list |
8 | noblacklist ${HOME}/.config/pkcs11 | 8 | nodeny ${HOME}/.config/pkcs11 |
9 | noblacklist ${HOME}/.config/user-dirs.dirs | 9 | nodeny ${HOME}/.config/user-dirs.dirs |
10 | noblacklist ${HOME}/.config/user-dirs.locale | 10 | nodeny ${HOME}/.config/user-dirs.locale |
11 | noblacklist ${HOME}/.config/dconf | 11 | nodeny ${HOME}/.config/dconf |
12 | noblacklist ${HOME}/.config/fontconfig | 12 | nodeny ${HOME}/.config/fontconfig |
13 | noblacklist ${HOME}/.config/gtk-2.0 | 13 | nodeny ${HOME}/.config/gtk-2.0 |
14 | noblacklist ${HOME}/.config/gtk-3.0 | 14 | nodeny ${HOME}/.config/gtk-3.0 |
15 | noblacklist ${HOME}/.config/gtk-4.0 | 15 | nodeny ${HOME}/.config/gtk-4.0 |
16 | noblacklist ${HOME}/.config/gtkrc | 16 | nodeny ${HOME}/.config/gtkrc |
17 | noblacklist ${HOME}/.config/gtkrc-2.0 | 17 | nodeny ${HOME}/.config/gtkrc-2.0 |
18 | noblacklist ${HOME}/.config/Kvantum | 18 | nodeny ${HOME}/.config/Kvantum |
19 | noblacklist ${HOME}/.config/Trolltech.conf | 19 | nodeny ${HOME}/.config/Trolltech.conf |
20 | noblacklist ${HOME}/.config/QtProject.conf | 20 | nodeny ${HOME}/.config/QtProject.conf |
21 | noblacklist ${HOME}/.config/kdeglobals | 21 | nodeny ${HOME}/.config/kdeglobals |
22 | noblacklist ${HOME}/.config/kio_httprc | 22 | nodeny ${HOME}/.config/kio_httprc |
23 | noblacklist ${HOME}/.config/kioslaverc | 23 | nodeny ${HOME}/.config/kioslaverc |
24 | noblacklist ${HOME}/.config/ksslcablacklist | 24 | nodeny ${HOME}/.config/ksslcablacklist |
25 | noblacklist ${HOME}/.config/qt5ct | 25 | nodeny ${HOME}/.config/qt5ct |
26 | noblacklist ${HOME}/.config/qtcurve | 26 | nodeny ${HOME}/.config/qtcurve |
27 | 27 | ||
28 | blacklist ${HOME}/.config/* | 28 | deny ${HOME}/.config/* |
29 | whitelist ${HOME}/.config | 29 | allow ${HOME}/.config |
diff --git a/etc/inc/whitelist-common.inc b/etc/inc/whitelist-common.inc index 1d3728521..11070e372 100644 --- a/etc/inc/whitelist-common.inc +++ b/etc/inc/whitelist-common.inc | |||
@@ -4,81 +4,82 @@ include whitelist-common.local | |||
4 | 4 | ||
5 | # common whitelist for all profiles | 5 | # common whitelist for all profiles |
6 | 6 | ||
7 | whitelist ${HOME}/.XCompose | 7 | allow ${HOME}/.XCompose |
8 | whitelist ${HOME}/.alsaequal.bin | 8 | allow ${HOME}/.alsaequal.bin |
9 | whitelist ${HOME}/.asoundrc | 9 | allow ${HOME}/.asoundrc |
10 | whitelist ${HOME}/.config/ibus | 10 | allow ${HOME}/.config/ibus |
11 | whitelist ${HOME}/.config/mimeapps.list | 11 | allow ${HOME}/.config/mimeapps.list |
12 | whitelist ${HOME}/.config/pkcs11 | 12 | allow ${HOME}/.config/pkcs11 |
13 | read-only ${HOME}/.config/pkcs11 | 13 | read-only ${HOME}/.config/pkcs11 |
14 | whitelist ${HOME}/.config/user-dirs.dirs | 14 | allow ${HOME}/.config/user-dirs.dirs |
15 | read-only ${HOME}/.config/user-dirs.dirs | 15 | read-only ${HOME}/.config/user-dirs.dirs |
16 | whitelist ${HOME}/.config/user-dirs.locale | 16 | allow ${HOME}/.config/user-dirs.locale |
17 | read-only ${HOME}/.config/user-dirs.locale | 17 | read-only ${HOME}/.config/user-dirs.locale |
18 | whitelist ${HOME}/.drirc | 18 | allow ${HOME}/.drirc |
19 | whitelist ${HOME}/.icons | 19 | allow ${HOME}/.icons |
20 | ?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit | 20 | ?HAS_APPIMAGE: whitelist ${HOME}/.local/share/appimagekit |
21 | whitelist ${HOME}/.local/share/applications | 21 | allow ${HOME}/.local/share/applications |
22 | read-only ${HOME}/.local/share/applications | 22 | read-only ${HOME}/.local/share/applications |
23 | whitelist ${HOME}/.local/share/icons | 23 | allow ${HOME}/.local/share/icons |
24 | whitelist ${HOME}/.local/share/mime | 24 | allow ${HOME}/.local/share/mime |
25 | whitelist ${HOME}/.mime.types | 25 | allow ${HOME}/.mime.types |
26 | whitelist ${HOME}/.uim.d | 26 | allow ${HOME}/.sndio/cookie |
27 | allow ${HOME}/.uim.d | ||
27 | 28 | ||
28 | # dconf | 29 | # dconf |
29 | mkdir ${HOME}/.config/dconf | 30 | mkdir ${HOME}/.config/dconf |
30 | whitelist ${HOME}/.config/dconf | 31 | allow ${HOME}/.config/dconf |
31 | 32 | ||
32 | # fonts | 33 | # fonts |
33 | whitelist ${HOME}/.cache/fontconfig | 34 | allow ${HOME}/.cache/fontconfig |
34 | whitelist ${HOME}/.config/fontconfig | 35 | allow ${HOME}/.config/fontconfig |
35 | whitelist ${HOME}/.fontconfig | 36 | allow ${HOME}/.fontconfig |
36 | whitelist ${HOME}/.fonts | 37 | allow ${HOME}/.fonts |
37 | whitelist ${HOME}/.fonts.conf | 38 | allow ${HOME}/.fonts.conf |
38 | whitelist ${HOME}/.fonts.conf.d | 39 | allow ${HOME}/.fonts.conf.d |
39 | whitelist ${HOME}/.fonts.d | 40 | allow ${HOME}/.fonts.d |
40 | whitelist ${HOME}/.local/share/fonts | 41 | allow ${HOME}/.local/share/fonts |
41 | whitelist ${HOME}/.pangorc | 42 | allow ${HOME}/.pangorc |
42 | 43 | ||
43 | # gtk | 44 | # gtk |
44 | whitelist ${HOME}/.config/gtk-2.0 | 45 | allow ${HOME}/.config/gtk-2.0 |
45 | whitelist ${HOME}/.config/gtk-3.0 | 46 | allow ${HOME}/.config/gtk-3.0 |
46 | whitelist ${HOME}/.config/gtk-4.0 | 47 | allow ${HOME}/.config/gtk-4.0 |
47 | whitelist ${HOME}/.config/gtkrc | 48 | allow ${HOME}/.config/gtkrc |
48 | whitelist ${HOME}/.config/gtkrc-2.0 | 49 | allow ${HOME}/.config/gtkrc-2.0 |
49 | whitelist ${HOME}/.gnome2 | 50 | allow ${HOME}/.gnome2 |
50 | whitelist ${HOME}/.gnome2-private | 51 | allow ${HOME}/.gnome2-private |
51 | whitelist ${HOME}/.gtk-2.0 | 52 | allow ${HOME}/.gtk-2.0 |
52 | whitelist ${HOME}/.gtkrc | 53 | allow ${HOME}/.gtkrc |
53 | whitelist ${HOME}/.gtkrc-2.0 | 54 | allow ${HOME}/.gtkrc-2.0 |
54 | whitelist ${HOME}/.kde/share/config/gtkrc | 55 | allow ${HOME}/.kde/share/config/gtkrc |
55 | whitelist ${HOME}/.kde/share/config/gtkrc-2.0 | 56 | allow ${HOME}/.kde/share/config/gtkrc-2.0 |
56 | whitelist ${HOME}/.kde4/share/config/gtkrc | 57 | allow ${HOME}/.kde4/share/config/gtkrc |
57 | whitelist ${HOME}/.kde4/share/config/gtkrc-2.0 | 58 | allow ${HOME}/.kde4/share/config/gtkrc-2.0 |
58 | whitelist ${HOME}/.local/share/themes | 59 | allow ${HOME}/.local/share/themes |
59 | whitelist ${HOME}/.themes | 60 | allow ${HOME}/.themes |
60 | 61 | ||
61 | # qt/kde | 62 | # qt/kde |
62 | whitelist ${HOME}/.cache/kioexec/krun | 63 | allow ${HOME}/.cache/kioexec/krun |
63 | whitelist ${HOME}/.config/Kvantum | 64 | allow ${HOME}/.config/Kvantum |
64 | whitelist ${HOME}/.config/Trolltech.conf | 65 | allow ${HOME}/.config/Trolltech.conf |
65 | whitelist ${HOME}/.config/QtProject.conf | 66 | allow ${HOME}/.config/QtProject.conf |
66 | whitelist ${HOME}/.config/kdeglobals | 67 | allow ${HOME}/.config/kdeglobals |
67 | whitelist ${HOME}/.config/kio_httprc | 68 | allow ${HOME}/.config/kio_httprc |
68 | whitelist ${HOME}/.config/kioslaverc | 69 | allow ${HOME}/.config/kioslaverc |
69 | whitelist ${HOME}/.config/ksslcablacklist | 70 | allow ${HOME}/.config/ksslcablacklist |
70 | whitelist ${HOME}/.config/qt5ct | 71 | allow ${HOME}/.config/qt5ct |
71 | whitelist ${HOME}/.config/qtcurve | 72 | allow ${HOME}/.config/qtcurve |
72 | whitelist ${HOME}/.kde/share/config/kdeglobals | 73 | allow ${HOME}/.kde/share/config/kdeglobals |
73 | whitelist ${HOME}/.kde/share/config/kio_httprc | 74 | allow ${HOME}/.kde/share/config/kio_httprc |
74 | whitelist ${HOME}/.kde/share/config/kioslaverc | 75 | allow ${HOME}/.kde/share/config/kioslaverc |
75 | whitelist ${HOME}/.kde/share/config/ksslcablacklist | 76 | allow ${HOME}/.kde/share/config/ksslcablacklist |
76 | whitelist ${HOME}/.kde/share/config/oxygenrc | 77 | allow ${HOME}/.kde/share/config/oxygenrc |
77 | whitelist ${HOME}/.kde/share/icons | 78 | allow ${HOME}/.kde/share/icons |
78 | whitelist ${HOME}/.kde4/share/config/kdeglobals | 79 | allow ${HOME}/.kde4/share/config/kdeglobals |
79 | whitelist ${HOME}/.kde4/share/config/kio_httprc | 80 | allow ${HOME}/.kde4/share/config/kio_httprc |
80 | whitelist ${HOME}/.kde4/share/config/kioslaverc | 81 | allow ${HOME}/.kde4/share/config/kioslaverc |
81 | whitelist ${HOME}/.kde4/share/config/ksslcablacklist | 82 | allow ${HOME}/.kde4/share/config/ksslcablacklist |
82 | whitelist ${HOME}/.kde4/share/config/oxygenrc | 83 | allow ${HOME}/.kde4/share/config/oxygenrc |
83 | whitelist ${HOME}/.kde4/share/icons | 84 | allow ${HOME}/.kde4/share/icons |
84 | whitelist ${HOME}/.local/share/qt5ct | 85 | allow ${HOME}/.local/share/qt5ct |
diff --git a/etc/inc/whitelist-player-common.inc b/etc/inc/whitelist-player-common.inc index e5bf36804..d6ae8eab6 100644 --- a/etc/inc/whitelist-player-common.inc +++ b/etc/inc/whitelist-player-common.inc | |||
@@ -4,8 +4,8 @@ include whitelist-player-common.local | |||
4 | 4 | ||
5 | # common whitelist for all media players | 5 | # common whitelist for all media players |
6 | 6 | ||
7 | whitelist ${DESKTOP} | 7 | allow ${DESKTOP} |
8 | whitelist ${DOWNLOADS} | 8 | allow ${DOWNLOADS} |
9 | whitelist ${MUSIC} | 9 | allow ${MUSIC} |
10 | whitelist ${PICTURES} | 10 | allow ${PICTURES} |
11 | whitelist ${VIDEOS} | 11 | allow ${VIDEOS} |
diff --git a/etc/inc/whitelist-run-common.inc b/etc/inc/whitelist-run-common.inc new file mode 100644 index 000000000..a1345eb43 --- /dev/null +++ b/etc/inc/whitelist-run-common.inc | |||
@@ -0,0 +1,9 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include whitelist-run-common.local | ||
4 | |||
5 | whitelist /run/NetworkManager/resolv.conf | ||
6 | whitelist /run/cups/cups.sock | ||
7 | whitelist /run/dbus/system_bus_socket | ||
8 | whitelist /run/systemd/resolve/resolv.conf | ||
9 | whitelist /run/systemd/resolve/stub-resolv.conf | ||
diff --git a/etc/inc/whitelist-runuser-common.inc b/etc/inc/whitelist-runuser-common.inc index 48309ffe3..86e5264b9 100644 --- a/etc/inc/whitelist-runuser-common.inc +++ b/etc/inc/whitelist-runuser-common.inc | |||
@@ -4,13 +4,13 @@ include whitelist-runuser-common.local | |||
4 | 4 | ||
5 | # common ${RUNUSER} (=/run/user/$UID) whitelist for all profiles | 5 | # common ${RUNUSER} (=/run/user/$UID) whitelist for all profiles |
6 | 6 | ||
7 | whitelist ${RUNUSER}/bus | 7 | allow ${RUNUSER}/bus |
8 | whitelist ${RUNUSER}/dconf | 8 | allow ${RUNUSER}/dconf |
9 | whitelist ${RUNUSER}/gdm/Xauthority | 9 | allow ${RUNUSER}/gdm/Xauthority |
10 | whitelist ${RUNUSER}/ICEauthority | 10 | allow ${RUNUSER}/ICEauthority |
11 | whitelist ${RUNUSER}/.mutter-Xwaylandauth.* | 11 | allow ${RUNUSER}/.mutter-Xwaylandauth.* |
12 | whitelist ${RUNUSER}/pulse/native | 12 | allow ${RUNUSER}/pulse/native |
13 | whitelist ${RUNUSER}/wayland-0 | 13 | allow ${RUNUSER}/wayland-0 |
14 | whitelist ${RUNUSER}/wayland-1 | 14 | allow ${RUNUSER}/wayland-1 |
15 | whitelist ${RUNUSER}/xauth_* | 15 | allow ${RUNUSER}/xauth_* |
16 | whitelist ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] | 16 | allow ${RUNUSER}/[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]]-[[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]][[:xdigit:]] |
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc index fe0097934..64296da15 100644 --- a/etc/inc/whitelist-usr-share-common.inc +++ b/etc/inc/whitelist-usr-share-common.inc | |||
@@ -4,66 +4,66 @@ include whitelist-usr-share-common.local | |||
4 | 4 | ||
5 | # common /usr/share whitelist for all profiles | 5 | # common /usr/share whitelist for all profiles |
6 | 6 | ||
7 | whitelist /usr/share/alsa | 7 | allow /usr/share/alsa |
8 | whitelist /usr/share/applications | 8 | allow /usr/share/applications |
9 | whitelist /usr/share/ca-certificates | 9 | allow /usr/share/ca-certificates |
10 | whitelist /usr/share/crypto-policies | 10 | allow /usr/share/crypto-policies |
11 | whitelist /usr/share/cursors | 11 | allow /usr/share/cursors |
12 | whitelist /usr/share/dconf | 12 | allow /usr/share/dconf |
13 | whitelist /usr/share/distro-info | 13 | allow /usr/share/distro-info |
14 | whitelist /usr/share/drirc.d | 14 | allow /usr/share/drirc.d |
15 | whitelist /usr/share/enchant | 15 | allow /usr/share/enchant |
16 | whitelist /usr/share/enchant-2 | 16 | allow /usr/share/enchant-2 |
17 | whitelist /usr/share/file | 17 | allow /usr/share/file |
18 | whitelist /usr/share/fontconfig | 18 | allow /usr/share/fontconfig |
19 | whitelist /usr/share/fonts | 19 | allow /usr/share/fonts |
20 | whitelist /usr/share/fonts-config | 20 | allow /usr/share/fonts-config |
21 | whitelist /usr/share/gir-1.0 | 21 | allow /usr/share/gir-1.0 |
22 | whitelist /usr/share/gjs-1.0 | 22 | allow /usr/share/gjs-1.0 |
23 | whitelist /usr/share/glib-2.0 | 23 | allow /usr/share/glib-2.0 |
24 | whitelist /usr/share/glvnd | 24 | allow /usr/share/glvnd |
25 | whitelist /usr/share/gtk-2.0 | 25 | allow /usr/share/gtk-2.0 |
26 | whitelist /usr/share/gtk-3.0 | 26 | allow /usr/share/gtk-3.0 |
27 | whitelist /usr/share/gtk-engines | 27 | allow /usr/share/gtk-engines |
28 | whitelist /usr/share/gtksourceview-3.0 | 28 | allow /usr/share/gtksourceview-3.0 |
29 | whitelist /usr/share/gtksourceview-4 | 29 | allow /usr/share/gtksourceview-4 |
30 | whitelist /usr/share/hunspell | 30 | allow /usr/share/hunspell |
31 | whitelist /usr/share/hwdata | 31 | allow /usr/share/hwdata |
32 | whitelist /usr/share/icons | 32 | allow /usr/share/icons |
33 | whitelist /usr/share/icu | 33 | allow /usr/share/icu |
34 | whitelist /usr/share/knotifications5 | 34 | allow /usr/share/knotifications5 |
35 | whitelist /usr/share/kservices5 | 35 | allow /usr/share/kservices5 |
36 | whitelist /usr/share/Kvantum | 36 | allow /usr/share/Kvantum |
37 | whitelist /usr/share/kxmlgui5 | 37 | allow /usr/share/kxmlgui5 |
38 | whitelist /usr/share/libdrm | 38 | allow /usr/share/libdrm |
39 | whitelist /usr/share/libthai | 39 | allow /usr/share/libthai |
40 | whitelist /usr/share/locale | 40 | allow /usr/share/locale |
41 | whitelist /usr/share/mime | 41 | allow /usr/share/mime |
42 | whitelist /usr/share/misc | 42 | allow /usr/share/misc |
43 | whitelist /usr/share/Modules | 43 | allow /usr/share/Modules |
44 | whitelist /usr/share/myspell | 44 | allow /usr/share/myspell |
45 | whitelist /usr/share/p11-kit | 45 | allow /usr/share/p11-kit |
46 | whitelist /usr/share/perl | 46 | allow /usr/share/perl |
47 | whitelist /usr/share/perl5 | 47 | allow /usr/share/perl5 |
48 | whitelist /usr/share/pixmaps | 48 | allow /usr/share/pixmaps |
49 | whitelist /usr/share/pki | 49 | allow /usr/share/pki |
50 | whitelist /usr/share/plasma | 50 | allow /usr/share/plasma |
51 | whitelist /usr/share/publicsuffix | 51 | allow /usr/share/publicsuffix |
52 | whitelist /usr/share/qt | 52 | allow /usr/share/qt |
53 | whitelist /usr/share/qt4 | 53 | allow /usr/share/qt4 |
54 | whitelist /usr/share/qt5 | 54 | allow /usr/share/qt5 |
55 | whitelist /usr/share/qt5ct | 55 | allow /usr/share/qt5ct |
56 | whitelist /usr/share/sounds | 56 | allow /usr/share/sounds |
57 | whitelist /usr/share/tcl8.6 | 57 | allow /usr/share/tcl8.6 |
58 | whitelist /usr/share/tcltk | 58 | allow /usr/share/tcltk |
59 | whitelist /usr/share/terminfo | 59 | allow /usr/share/terminfo |
60 | whitelist /usr/share/texlive | 60 | allow /usr/share/texlive |
61 | whitelist /usr/share/texmf | 61 | allow /usr/share/texmf |
62 | whitelist /usr/share/themes | 62 | allow /usr/share/themes |
63 | whitelist /usr/share/thumbnail.so | 63 | allow /usr/share/thumbnail.so |
64 | whitelist /usr/share/uim | 64 | allow /usr/share/uim |
65 | whitelist /usr/share/vulkan | 65 | allow /usr/share/vulkan |
66 | whitelist /usr/share/X11 | 66 | allow /usr/share/X11 |
67 | whitelist /usr/share/xml | 67 | allow /usr/share/xml |
68 | whitelist /usr/share/zenity | 68 | allow /usr/share/zenity |
69 | whitelist /usr/share/zoneinfo | 69 | allow /usr/share/zoneinfo |
diff --git a/etc/inc/whitelist-var-common.inc b/etc/inc/whitelist-var-common.inc index d8ba84ad0..c449e8905 100644 --- a/etc/inc/whitelist-var-common.inc +++ b/etc/inc/whitelist-var-common.inc | |||
@@ -4,12 +4,12 @@ include whitelist-var-common.local | |||
4 | 4 | ||
5 | # common /var whitelist for all profiles | 5 | # common /var whitelist for all profiles |
6 | 6 | ||
7 | whitelist /var/lib/aspell | 7 | allow /var/lib/aspell |
8 | whitelist /var/lib/ca-certificates | 8 | allow /var/lib/ca-certificates |
9 | whitelist /var/lib/dbus | 9 | allow /var/lib/dbus |
10 | whitelist /var/lib/menu-xdg | 10 | allow /var/lib/menu-xdg |
11 | whitelist /var/lib/uim | 11 | allow /var/lib/uim |
12 | whitelist /var/cache/fontconfig | 12 | allow /var/cache/fontconfig |
13 | whitelist /var/tmp | 13 | allow /var/tmp |
14 | whitelist /var/run | 14 | allow /var/run |
15 | whitelist /var/lock | 15 | allow /var/lock |
diff --git a/etc/profile-a-l/0ad.profile b/etc/profile-a-l/0ad.profile index 4009853d3..6f493fff1 100644 --- a/etc/profile-a-l/0ad.profile +++ b/etc/profile-a-l/0ad.profile | |||
@@ -6,11 +6,11 @@ include 0ad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/0ad | 9 | nodeny ${HOME}/.cache/0ad |
10 | noblacklist ${HOME}/.config/0ad | 10 | nodeny ${HOME}/.config/0ad |
11 | noblacklist ${HOME}/.local/share/0ad | 11 | nodeny ${HOME}/.local/share/0ad |
12 | 12 | ||
13 | blacklist /usr/libexec | 13 | deny /usr/libexec |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -23,11 +23,11 @@ include disable-xdg.inc | |||
23 | mkdir ${HOME}/.cache/0ad | 23 | mkdir ${HOME}/.cache/0ad |
24 | mkdir ${HOME}/.config/0ad | 24 | mkdir ${HOME}/.config/0ad |
25 | mkdir ${HOME}/.local/share/0ad | 25 | mkdir ${HOME}/.local/share/0ad |
26 | whitelist ${HOME}/.cache/0ad | 26 | allow ${HOME}/.cache/0ad |
27 | whitelist ${HOME}/.config/0ad | 27 | allow ${HOME}/.config/0ad |
28 | whitelist ${HOME}/.local/share/0ad | 28 | allow ${HOME}/.local/share/0ad |
29 | whitelist /usr/share/0ad | 29 | allow /usr/share/0ad |
30 | whitelist /usr/share/games | 30 | allow /usr/share/games |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/2048-qt.profile b/etc/profile-a-l/2048-qt.profile index 1d787cba7..3a7b331a7 100644 --- a/etc/profile-a-l/2048-qt.profile +++ b/etc/profile-a-l/2048-qt.profile | |||
@@ -6,8 +6,8 @@ include 2048-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/2048-qt | 9 | nodeny ${HOME}/.config/2048-qt |
10 | noblacklist ${HOME}/.config/xiaoyong | 10 | nodeny ${HOME}/.config/xiaoyong |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.config/2048-qt | 19 | mkdir ${HOME}/.config/2048-qt |
20 | mkdir ${HOME}/.config/xiaoyong | 20 | mkdir ${HOME}/.config/xiaoyong |
21 | whitelist ${HOME}/.config/2048-qt | 21 | allow ${HOME}/.config/2048-qt |
22 | whitelist ${HOME}/.config/xiaoyong | 22 | allow ${HOME}/.config/xiaoyong |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-a-l/Cryptocat.profile b/etc/profile-a-l/Cryptocat.profile index 1d86b0fbf..def0ec111 100644 --- a/etc/profile-a-l/Cryptocat.profile +++ b/etc/profile-a-l/Cryptocat.profile | |||
@@ -5,7 +5,7 @@ include Cryptocat.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Cryptocat | 8 | nodeny ${HOME}/.config/Cryptocat |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/Discord.profile b/etc/profile-a-l/Discord.profile index 3f274b21c..1d3ae49ca 100644 --- a/etc/profile-a-l/Discord.profile +++ b/etc/profile-a-l/Discord.profile | |||
@@ -5,10 +5,10 @@ include Discord.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/discord | 8 | nodeny ${HOME}/.config/discord |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discord | 10 | mkdir ${HOME}/.config/discord |
11 | whitelist ${HOME}/.config/discord | 11 | allow ${HOME}/.config/discord |
12 | 12 | ||
13 | private-bin Discord | 13 | private-bin Discord |
14 | private-opt Discord | 14 | private-opt Discord |
diff --git a/etc/profile-a-l/DiscordCanary.profile b/etc/profile-a-l/DiscordCanary.profile index d24e73ed8..3c85f187b 100644 --- a/etc/profile-a-l/DiscordCanary.profile +++ b/etc/profile-a-l/DiscordCanary.profile | |||
@@ -5,10 +5,10 @@ include DiscordCanary.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/discordcanary | 8 | nodeny ${HOME}/.config/discordcanary |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discordcanary | 10 | mkdir ${HOME}/.config/discordcanary |
11 | whitelist ${HOME}/.config/discordcanary | 11 | allow ${HOME}/.config/discordcanary |
12 | 12 | ||
13 | private-bin DiscordCanary | 13 | private-bin DiscordCanary |
14 | private-opt DiscordCanary | 14 | private-opt DiscordCanary |
diff --git a/etc/profile-a-l/Fritzing.profile b/etc/profile-a-l/Fritzing.profile index 7dc6b5ff0..8f746581f 100644 --- a/etc/profile-a-l/Fritzing.profile +++ b/etc/profile-a-l/Fritzing.profile | |||
@@ -6,8 +6,8 @@ include Fritzing.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Fritzing | 9 | nodeny ${HOME}/.config/Fritzing |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/JDownloader.profile b/etc/profile-a-l/JDownloader.profile index d10b70796..9a00c3230 100644 --- a/etc/profile-a-l/JDownloader.profile +++ b/etc/profile-a-l/JDownloader.profile | |||
@@ -5,7 +5,7 @@ include JDownloader.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.jd | 8 | nodeny ${HOME}/.jd |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
@@ -19,8 +19,8 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.jd | 21 | mkdir ${HOME}/.jd |
22 | whitelist ${HOME}/.jd | 22 | allow ${HOME}/.jd |
23 | whitelist ${DOWNLOADS} | 23 | allow ${DOWNLOADS} |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile index 75da9a956..2a92c7db4 100644 --- a/etc/profile-a-l/abiword.profile +++ b/etc/profile-a-l/abiword.profile | |||
@@ -6,7 +6,7 @@ include abiword.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/abiword | 9 | nodeny ${HOME}/.config/abiword |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | whitelist /usr/share/abiword-3.0 | 19 | allow /usr/share/abiword-3.0 |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/abrowser.profile b/etc/profile-a-l/abrowser.profile index 2e6e8f1af..70ddcec20 100644 --- a/etc/profile-a-l/abrowser.profile +++ b/etc/profile-a-l/abrowser.profile | |||
@@ -5,13 +5,13 @@ include abrowser.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/mozilla | 8 | nodeny ${HOME}/.cache/mozilla |
9 | noblacklist ${HOME}/.mozilla | 9 | nodeny ${HOME}/.mozilla |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/mozilla/abrowser | 11 | mkdir ${HOME}/.cache/mozilla/abrowser |
12 | mkdir ${HOME}/.mozilla | 12 | mkdir ${HOME}/.mozilla |
13 | whitelist ${HOME}/.cache/mozilla/abrowser | 13 | allow ${HOME}/.cache/mozilla/abrowser |
14 | whitelist ${HOME}/.mozilla | 14 | allow ${HOME}/.mozilla |
15 | 15 | ||
16 | # private-etc must first be enabled in firefox-common.profile | 16 | # private-etc must first be enabled in firefox-common.profile |
17 | #private-etc abrowser | 17 | #private-etc abrowser |
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile index 34f59769e..d32586c5b 100644 --- a/etc/profile-a-l/agetpkg.profile +++ b/etc/profile-a-l/agetpkg.profile | |||
@@ -7,8 +7,8 @@ include agetpkg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | #include allow-python2.inc | 14 | #include allow-python2.inc |
@@ -23,7 +23,7 @@ include disable-programs.inc | |||
23 | include disable-shell.inc | 23 | include disable-shell.inc |
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | whitelist ${DOWNLOADS} | 26 | allow ${DOWNLOADS} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/akonadi_control.profile b/etc/profile-a-l/akonadi_control.profile index 37fdb38b5..7b1d1445f 100644 --- a/etc/profile-a-l/akonadi_control.profile +++ b/etc/profile-a-l/akonadi_control.profile | |||
@@ -4,22 +4,22 @@ include akonadi_control.local | |||
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include globals.local | 5 | include globals.local |
6 | 6 | ||
7 | noblacklist ${HOME}/.cache/akonadi* | 7 | nodeny ${HOME}/.cache/akonadi* |
8 | noblacklist ${HOME}/.config/akonadi* | 8 | nodeny ${HOME}/.config/akonadi* |
9 | noblacklist ${HOME}/.config/baloorc | 9 | nodeny ${HOME}/.config/baloorc |
10 | noblacklist ${HOME}/.config/emaildefaults | 10 | nodeny ${HOME}/.config/emaildefaults |
11 | noblacklist ${HOME}/.config/emailidentities | 11 | nodeny ${HOME}/.config/emailidentities |
12 | noblacklist ${HOME}/.config/kmail2rc | 12 | nodeny ${HOME}/.config/kmail2rc |
13 | noblacklist ${HOME}/.config/mailtransports | 13 | nodeny ${HOME}/.config/mailtransports |
14 | noblacklist ${HOME}/.config/specialmailcollectionsrc | 14 | nodeny ${HOME}/.config/specialmailcollectionsrc |
15 | noblacklist ${HOME}/.local/share/akonadi* | 15 | nodeny ${HOME}/.local/share/akonadi* |
16 | noblacklist ${HOME}/.local/share/apps/korganizer | 16 | nodeny ${HOME}/.local/share/apps/korganizer |
17 | noblacklist ${HOME}/.local/share/contacts | 17 | nodeny ${HOME}/.local/share/contacts |
18 | noblacklist ${HOME}/.local/share/local-mail | 18 | nodeny ${HOME}/.local/share/local-mail |
19 | noblacklist ${HOME}/.local/share/notes | 19 | nodeny ${HOME}/.local/share/notes |
20 | noblacklist /sbin | 20 | nodeny /sbin |
21 | noblacklist /tmp/akonadi-* | 21 | nodeny /tmp/akonadi-* |
22 | noblacklist /usr/sbin | 22 | nodeny /usr/sbin |
23 | 23 | ||
24 | include disable-common.inc | 24 | include disable-common.inc |
25 | include disable-devel.inc | 25 | include disable-devel.inc |
diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile index 38fcd2dc1..b2323547c 100644 --- a/etc/profile-a-l/akregator.profile +++ b/etc/profile-a-l/akregator.profile | |||
@@ -6,9 +6,9 @@ include akregator.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/akregatorrc | 9 | nodeny ${HOME}/.config/akregatorrc |
10 | noblacklist ${HOME}/.local/share/akregator | 10 | nodeny ${HOME}/.local/share/akregator |
11 | noblacklist ${HOME}/.local/share/kxmlgui5/akregator | 11 | nodeny ${HOME}/.local/share/kxmlgui5/akregator |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,10 +21,10 @@ include disable-shell.inc | |||
21 | mkfile ${HOME}/.config/akregatorrc | 21 | mkfile ${HOME}/.config/akregatorrc |
22 | mkdir ${HOME}/.local/share/akregator | 22 | mkdir ${HOME}/.local/share/akregator |
23 | mkdir ${HOME}/.local/share/kxmlgui5/akregator | 23 | mkdir ${HOME}/.local/share/kxmlgui5/akregator |
24 | whitelist ${HOME}/.config/akregatorrc | 24 | allow ${HOME}/.config/akregatorrc |
25 | whitelist ${HOME}/.local/share/akregator | 25 | allow ${HOME}/.local/share/akregator |
26 | whitelist ${HOME}/.local/share/kssl | 26 | allow ${HOME}/.local/share/kssl |
27 | whitelist ${HOME}/.local/share/kxmlgui5/akregator | 27 | allow ${HOME}/.local/share/kxmlgui5/akregator |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
diff --git a/etc/profile-a-l/alacarte.profile b/etc/profile-a-l/alacarte.profile index 4c6d68020..ca6c8d887 100644 --- a/etc/profile-a-l/alacarte.profile +++ b/etc/profile-a-l/alacarte.profile | |||
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | # Whitelist your system icon directory,varies by distro | 21 | # Whitelist your system icon directory,varies by distro |
22 | whitelist /usr/share/alacarte | 22 | allow /usr/share/alacarte |
23 | whitelist /usr/share/app-info | 23 | allow /usr/share/app-info |
24 | whitelist /usr/share/desktop-directories | 24 | allow /usr/share/desktop-directories |
25 | whitelist /usr/share/icons | 25 | allow /usr/share/icons |
26 | whitelist /var/lib/app-info/icons | 26 | allow /var/lib/app-info/icons |
27 | whitelist /var/lib/flatpak/exports/share/applications | 27 | allow /var/lib/flatpak/exports/share/applications |
28 | whitelist /var/lib/flatpak/exports/share/icons | 28 | allow /var/lib/flatpak/exports/share/icons |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/alienarena.profile b/etc/profile-a-l/alienarena.profile index 81ee6bd46..220c3345d 100644 --- a/etc/profile-a-l/alienarena.profile +++ b/etc/profile-a-l/alienarena.profile | |||
@@ -6,7 +6,7 @@ include alienarena.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/cor-games | 9 | nodeny ${HOME}/.local/share/cor-games |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/cor-games | 20 | mkdir ${HOME}/.local/share/cor-games |
21 | whitelist ${HOME}/.local/share/cor-games | 21 | allow ${HOME}/.local/share/cor-games |
22 | whitelist /usr/share/alienarena | 22 | allow /usr/share/alienarena |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile index 0b5cf0df0..6fa3edfa1 100644 --- a/etc/profile-a-l/alpine.profile +++ b/etc/profile-a-l/alpine.profile | |||
@@ -10,28 +10,28 @@ include globals.local | |||
10 | # Workaround for bug https://github.com/netblue30/firejail/issues/2747 | 10 | # Workaround for bug https://github.com/netblue30/firejail/issues/2747 |
11 | # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)' | 11 | # firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)' |
12 | 12 | ||
13 | noblacklist /var/mail | 13 | nodeny /var/mail |
14 | noblacklist /var/spool/mail | 14 | nodeny /var/spool/mail |
15 | noblacklist ${DOCUMENTS} | 15 | nodeny ${DOCUMENTS} |
16 | noblacklist ${HOME}/.addressbook | 16 | nodeny ${HOME}/.addressbook |
17 | noblacklist ${HOME}/.alpine-smime | 17 | nodeny ${HOME}/.alpine-smime |
18 | noblacklist ${HOME}/.mailcap | 18 | nodeny ${HOME}/.mailcap |
19 | noblacklist ${HOME}/.mh_profile | 19 | nodeny ${HOME}/.mh_profile |
20 | noblacklist ${HOME}/.mime.types | 20 | nodeny ${HOME}/.mime.types |
21 | noblacklist ${HOME}/.newsrc | 21 | nodeny ${HOME}/.newsrc |
22 | noblacklist ${HOME}/.pine-crash | 22 | nodeny ${HOME}/.pine-crash |
23 | noblacklist ${HOME}/.pine-debug1 | 23 | nodeny ${HOME}/.pine-debug1 |
24 | noblacklist ${HOME}/.pine-debug2 | 24 | nodeny ${HOME}/.pine-debug2 |
25 | noblacklist ${HOME}/.pine-debug3 | 25 | nodeny ${HOME}/.pine-debug3 |
26 | noblacklist ${HOME}/.pine-debug4 | 26 | nodeny ${HOME}/.pine-debug4 |
27 | noblacklist ${HOME}/.pine-interrupted-mail | 27 | nodeny ${HOME}/.pine-interrupted-mail |
28 | noblacklist ${HOME}/.pinerc | 28 | nodeny ${HOME}/.pinerc |
29 | noblacklist ${HOME}/.pinercex | 29 | nodeny ${HOME}/.pinercex |
30 | noblacklist ${HOME}/.signature | 30 | nodeny ${HOME}/.signature |
31 | noblacklist ${HOME}/mail | 31 | nodeny ${HOME}/mail |
32 | 32 | ||
33 | blacklist /tmp/.X11-unix | 33 | deny /tmp/.X11-unix |
34 | blacklist ${RUNUSER}/wayland-* | 34 | deny ${RUNUSER}/wayland-* |
35 | 35 | ||
36 | include disable-common.inc | 36 | include disable-common.inc |
37 | include disable-devel.inc | 37 | include disable-devel.inc |
@@ -60,8 +60,8 @@ include disable-xdg.inc | |||
60 | #whitelist ${HOME}/.pine-debug4 | 60 | #whitelist ${HOME}/.pine-debug4 |
61 | #whitelist ${HOME}/.signature | 61 | #whitelist ${HOME}/.signature |
62 | #whitelist ${HOME}/mail | 62 | #whitelist ${HOME}/mail |
63 | whitelist /var/mail | 63 | allow /var/mail |
64 | whitelist /var/spool/mail | 64 | allow /var/spool/mail |
65 | #include whitelist-common.inc | 65 | #include whitelist-common.inc |
66 | include whitelist-runuser-common.inc | 66 | include whitelist-runuser-common.inc |
67 | include whitelist-usr-share-common.inc | 67 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/amarok.profile b/etc/profile-a-l/amarok.profile index a7caddc4c..03aba36e4 100644 --- a/etc/profile-a-l/amarok.profile +++ b/etc/profile-a-l/amarok.profile | |||
@@ -6,7 +6,7 @@ include amarok.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/amule.profile b/etc/profile-a-l/amule.profile index e3c4164ee..00039a7e9 100644 --- a/etc/profile-a-l/amule.profile +++ b/etc/profile-a-l/amule.profile | |||
@@ -6,7 +6,7 @@ include amule.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.aMule | 9 | nodeny ${HOME}/.aMule |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.aMule | 18 | mkdir ${HOME}/.aMule |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.aMule | 20 | allow ${HOME}/.aMule |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile index 5a21744cf..5bf6ed773 100644 --- a/etc/profile-a-l/android-studio.profile +++ b/etc/profile-a-l/android-studio.profile | |||
@@ -5,13 +5,13 @@ include android-studio.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Google | 8 | nodeny ${HOME}/.config/Google |
9 | noblacklist ${HOME}/.AndroidStudio* | 9 | nodeny ${HOME}/.AndroidStudio* |
10 | noblacklist ${HOME}/.android | 10 | nodeny ${HOME}/.android |
11 | noblacklist ${HOME}/.jack-server | 11 | nodeny ${HOME}/.jack-server |
12 | noblacklist ${HOME}/.jack-settings | 12 | nodeny ${HOME}/.jack-settings |
13 | noblacklist ${HOME}/.local/share/JetBrains | 13 | nodeny ${HOME}/.local/share/JetBrains |
14 | noblacklist ${HOME}/.tooling | 14 | nodeny ${HOME}/.tooling |
15 | 15 | ||
16 | # Allows files commonly used by IDEs | 16 | # Allows files commonly used by IDEs |
17 | include allow-common-devel.inc | 17 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile index ef60e91c2..c1aa18ff3 100644 --- a/etc/profile-a-l/anki.profile +++ b/etc/profile-a-l/anki.profile | |||
@@ -6,8 +6,8 @@ include anki.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${HOME}/.local/share/Anki2 | 10 | nodeny ${HOME}/.local/share/Anki2 |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -23,8 +23,8 @@ include disable-shell.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.local/share/Anki2 | 25 | mkdir ${HOME}/.local/share/Anki2 |
26 | whitelist ${DOCUMENTS} | 26 | allow ${DOCUMENTS} |
27 | whitelist ${HOME}/.local/share/Anki2 | 27 | allow ${HOME}/.local/share/Anki2 |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
@@ -46,7 +46,6 @@ protocol unix,inet,inet6 | |||
46 | # QtWebengine needs chroot to set up its own sandbox | 46 | # QtWebengine needs chroot to set up its own sandbox |
47 | seccomp !chroot | 47 | seccomp !chroot |
48 | shell none | 48 | shell none |
49 | tracelog | ||
50 | 49 | ||
51 | disable-mnt | 50 | disable-mnt |
52 | private-bin anki,python* | 51 | private-bin anki,python* |
diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile index fdaf10259..cb30ed8da 100644 --- a/etc/profile-a-l/anydesk.profile +++ b/etc/profile-a-l/anydesk.profile | |||
@@ -5,7 +5,7 @@ include anydesk.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.anydesk | 8 | nodeny ${HOME}/.anydesk |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.anydesk | 17 | mkdir ${HOME}/.anydesk |
18 | whitelist ${HOME}/.anydesk | 18 | allow ${HOME}/.anydesk |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile index e7b09283e..d647a4657 100644 --- a/etc/profile-a-l/aosp.profile +++ b/etc/profile-a-l/aosp.profile | |||
@@ -5,13 +5,13 @@ include aosp.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.android | 8 | nodeny ${HOME}/.android |
9 | noblacklist ${HOME}/.bash_history | 9 | nodeny ${HOME}/.bash_history |
10 | noblacklist ${HOME}/.jack-server | 10 | nodeny ${HOME}/.jack-server |
11 | noblacklist ${HOME}/.jack-settings | 11 | nodeny ${HOME}/.jack-settings |
12 | noblacklist ${HOME}/.repo_.gitconfig.json | 12 | nodeny ${HOME}/.repo_.gitconfig.json |
13 | noblacklist ${HOME}/.repoconfig | 13 | nodeny ${HOME}/.repoconfig |
14 | noblacklist ${HOME}/.tooling | 14 | nodeny ${HOME}/.tooling |
15 | 15 | ||
16 | # Allows files commonly used by IDEs | 16 | # Allows files commonly used by IDEs |
17 | include allow-common-devel.inc | 17 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/apostrophe.profile b/etc/profile-a-l/apostrophe.profile index 01566314f..020ae2812 100644 --- a/etc/profile-a-l/apostrophe.profile +++ b/etc/profile-a-l/apostrophe.profile | |||
@@ -6,9 +6,9 @@ include apostrophe.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.texlive20* | 9 | nodeny ${HOME}/.texlive20* |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -31,12 +31,12 @@ include disable-programs.inc | |||
31 | include disable-shell.inc | 31 | include disable-shell.inc |
32 | include disable-xdg.inc | 32 | include disable-xdg.inc |
33 | 33 | ||
34 | whitelist /usr/libexec/webkit2gtk-4.0 | 34 | allow /usr/libexec/webkit2gtk-4.0 |
35 | whitelist /usr/share/apostrophe | 35 | allow /usr/share/apostrophe |
36 | whitelist /usr/share/texlive | 36 | allow /usr/share/texlive |
37 | whitelist /usr/share/texmf | 37 | allow /usr/share/texmf |
38 | whitelist /usr/share/pandoc-* | 38 | allow /usr/share/pandoc-* |
39 | whitelist /usr/share/perl5 | 39 | allow /usr/share/perl5 |
40 | include whitelist-runuser-common.inc | 40 | include whitelist-runuser-common.inc |
41 | include whitelist-usr-share-common.inc | 41 | include whitelist-usr-share-common.inc |
42 | include whitelist-var-common.inc | 42 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile index accabb6f5..8c71dd574 100644 --- a/etc/profile-a-l/arch-audit.profile +++ b/etc/profile-a-l/arch-audit.profile | |||
@@ -7,7 +7,7 @@ include arch-audit.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist /var/lib/pacman | 10 | nodeny /var/lib/pacman |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist /usr/share/arch-audit | 21 | allow /usr/share/arch-audit |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | 23 | ||
24 | apparmor | 24 | apparmor |
diff --git a/etc/profile-a-l/archaudit-report.profile b/etc/profile-a-l/archaudit-report.profile index 19c37f90e..0915ede33 100644 --- a/etc/profile-a-l/archaudit-report.profile +++ b/etc/profile-a-l/archaudit-report.profile | |||
@@ -6,7 +6,7 @@ include archaudit-report.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /var/lib/pacman | 9 | nodeny /var/lib/pacman |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/archiver-common.profile b/etc/profile-a-l/archiver-common.profile index 1fab4606b..5b859ceb1 100644 --- a/etc/profile-a-l/archiver-common.profile +++ b/etc/profile-a-l/archiver-common.profile | |||
@@ -4,7 +4,7 @@ include archiver-common.local | |||
4 | 4 | ||
5 | # common profile for archiver/compression tools | 5 | # common profile for archiver/compression tools |
6 | 6 | ||
7 | blacklist ${RUNUSER} | 7 | deny ${RUNUSER} |
8 | 8 | ||
9 | # Comment/uncomment the relevant include file(s) in your archiver-common.local | 9 | # Comment/uncomment the relevant include file(s) in your archiver-common.local |
10 | # to (un)restrict file access for **all** archivers. Another option is to do this **per archiver** | 10 | # to (un)restrict file access for **all** archivers. Another option is to do this **per archiver** |
diff --git a/etc/profile-a-l/ardour5.profile b/etc/profile-a-l/ardour5.profile index 84b1d6c18..960948afc 100644 --- a/etc/profile-a-l/ardour5.profile +++ b/etc/profile-a-l/ardour5.profile | |||
@@ -5,12 +5,12 @@ include ardour5.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/ardour4 | 8 | nodeny ${HOME}/.config/ardour4 |
9 | noblacklist ${HOME}/.config/ardour5 | 9 | nodeny ${HOME}/.config/ardour5 |
10 | noblacklist ${HOME}/.lv2 | 10 | nodeny ${HOME}/.lv2 |
11 | noblacklist ${HOME}/.vst | 11 | nodeny ${HOME}/.vst |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | noblacklist ${MUSIC} | 13 | nodeny ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/arduino.profile b/etc/profile-a-l/arduino.profile index fd1ca9a09..88f14fbfe 100644 --- a/etc/profile-a-l/arduino.profile +++ b/etc/profile-a-l/arduino.profile | |||
@@ -6,9 +6,9 @@ include arduino.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.arduino15 | 9 | nodeny ${HOME}/.arduino15 |
10 | noblacklist ${HOME}/Arduino | 10 | nodeny ${HOME}/Arduino |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | # Allow java (blacklisted by disable-devel.inc) | 13 | # Allow java (blacklisted by disable-devel.inc) |
14 | include allow-java.inc | 14 | include allow-java.inc |
diff --git a/etc/profile-a-l/aria2c.profile b/etc/profile-a-l/aria2c.profile index 22b8ecd65..be56011f0 100644 --- a/etc/profile-a-l/aria2c.profile +++ b/etc/profile-a-l/aria2c.profile | |||
@@ -6,12 +6,12 @@ include aria2c.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.aria2 | 9 | nodeny ${HOME}/.aria2 |
10 | noblacklist ${HOME}/.config/aria2 | 10 | nodeny ${HOME}/.config/aria2 |
11 | noblacklist ${HOME}/.netrc | 11 | nodeny ${HOME}/.netrc |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | deny /tmp/.X11-unix |
14 | blacklist ${RUNUSER}/wayland-* | 14 | deny ${RUNUSER}/wayland-* |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile index a63dd8f5f..031c57080 100644 --- a/etc/profile-a-l/ark.profile +++ b/etc/profile-a-l/ark.profile | |||
@@ -6,8 +6,8 @@ include ark.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/arkrc | 9 | nodeny ${HOME}/.config/arkrc |
10 | noblacklist ${HOME}/.local/share/kxmlgui5/ark | 10 | nodeny ${HOME}/.local/share/kxmlgui5/ark |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-interpreters.inc | |||
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | whitelist /usr/share/ark | 19 | allow /usr/share/ark |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/arm.profile b/etc/profile-a-l/arm.profile index 2c8b630ce..9ed8076be 100644 --- a/etc/profile-a-l/arm.profile +++ b/etc/profile-a-l/arm.profile | |||
@@ -6,7 +6,7 @@ include arm.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.arm | 9 | nodeny ${HOME}/.arm |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.arm | 22 | mkdir ${HOME}/.arm |
23 | whitelist ${HOME}/.arm | 23 | allow ${HOME}/.arm |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile index fab72b7d3..7cfac4915 100644 --- a/etc/profile-a-l/artha.profile +++ b/etc/profile-a-l/artha.profile | |||
@@ -6,12 +6,12 @@ include artha.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/artha.conf | 9 | nodeny ${HOME}/.config/artha.conf |
10 | noblacklist ${HOME}/.config/artha.log | 10 | nodeny ${HOME}/.config/artha.log |
11 | noblacklist ${HOME}/.config/enchant | 11 | nodeny ${HOME}/.config/enchant |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | deny /tmp/.X11-unix |
14 | blacklist ${RUNUSER}/wayland-* | 14 | deny ${RUNUSER}/wayland-* |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -28,8 +28,8 @@ include disable-xdg.inc | |||
28 | #whitelist ${HOME}/.config/artha.conf | 28 | #whitelist ${HOME}/.config/artha.conf |
29 | #whitelist ${HOME}/.config/artha.log | 29 | #whitelist ${HOME}/.config/artha.log |
30 | #whitelist ${HOME}/.config/enchant | 30 | #whitelist ${HOME}/.config/enchant |
31 | whitelist /usr/share/artha | 31 | allow /usr/share/artha |
32 | whitelist /usr/share/wordnet | 32 | allow /usr/share/wordnet |
33 | #include whitelist-common.inc | 33 | #include whitelist-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile index 977fe30a4..f2251c210 100644 --- a/etc/profile-a-l/assogiate.profile +++ b/etc/profile-a-l/assogiate.profile | |||
@@ -6,7 +6,7 @@ include assogiate.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist ${PICTURES} | 20 | allow ${PICTURES} |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/asunder.profile b/etc/profile-a-l/asunder.profile index c97fd691a..e65072266 100644 --- a/etc/profile-a-l/asunder.profile +++ b/etc/profile-a-l/asunder.profile | |||
@@ -6,11 +6,11 @@ include asunder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/asunder | 9 | nodeny ${HOME}/.config/asunder |
10 | noblacklist ${HOME}/.asunder_album_genre | 10 | nodeny ${HOME}/.asunder_album_genre |
11 | noblacklist ${HOME}/.asunder_album_title | 11 | nodeny ${HOME}/.asunder_album_title |
12 | noblacklist ${HOME}/.asunder_album_artist | 12 | nodeny ${HOME}/.asunder_album_artist |
13 | noblacklist ${MUSIC} | 13 | nodeny ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/atom.profile b/etc/profile-a-l/atom.profile index 5f237ac59..ea3038537 100644 --- a/etc/profile-a-l/atom.profile +++ b/etc/profile-a-l/atom.profile | |||
@@ -18,8 +18,8 @@ ignore include whitelist-var-common.inc | |||
18 | ignore apparmor | 18 | ignore apparmor |
19 | ignore disable-mnt | 19 | ignore disable-mnt |
20 | 20 | ||
21 | noblacklist ${HOME}/.atom | 21 | nodeny ${HOME}/.atom |
22 | noblacklist ${HOME}/.config/Atom | 22 | nodeny ${HOME}/.config/Atom |
23 | 23 | ||
24 | # Allows files commonly used by IDEs | 24 | # Allows files commonly used by IDEs |
25 | include allow-common-devel.inc | 25 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/atril.profile b/etc/profile-a-l/atril.profile index 1c3ed66ff..8ae8617cf 100644 --- a/etc/profile-a-l/atril.profile +++ b/etc/profile-a-l/atril.profile | |||
@@ -6,9 +6,9 @@ include atril.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/atril | 9 | nodeny ${HOME}/.cache/atril |
10 | noblacklist ${HOME}/.config/atril | 10 | nodeny ${HOME}/.config/atril |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | #noblacklist ${HOME}/.local/share | 13 | #noblacklist ${HOME}/.local/share |
14 | # it seems to use only ${HOME}/.local/share/webkitgtk | 14 | # it seems to use only ${HOME}/.local/share/webkitgtk |
diff --git a/etc/profile-a-l/audacious.profile b/etc/profile-a-l/audacious.profile index f9f209786..53baf0a2a 100644 --- a/etc/profile-a-l/audacious.profile +++ b/etc/profile-a-l/audacious.profile | |||
@@ -6,9 +6,9 @@ include audacious.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Audaciousrc | 9 | nodeny ${HOME}/.config/Audaciousrc |
10 | noblacklist ${HOME}/.config/audacious | 10 | nodeny ${HOME}/.config/audacious |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile index a2de8436a..c244846e1 100644 --- a/etc/profile-a-l/audacity.profile +++ b/etc/profile-a-l/audacity.profile | |||
@@ -6,9 +6,9 @@ include audacity.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.audacity-data | 9 | nodeny ${HOME}/.audacity-data |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/audio-recorder.profile b/etc/profile-a-l/audio-recorder.profile index 2c7fdc812..534792cc6 100644 --- a/etc/profile-a-l/audio-recorder.profile +++ b/etc/profile-a-l/audio-recorder.profile | |||
@@ -7,7 +7,7 @@ include audio-recorder.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,10 +17,10 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist ${MUSIC} | 20 | allow ${MUSIC} |
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | whitelist /usr/share/audio-recorder | 22 | allow /usr/share/audio-recorder |
23 | whitelist /usr/share/gstreamer-1.0 | 23 | allow /usr/share/gstreamer-1.0 |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/authenticator-rs.profile b/etc/profile-a-l/authenticator-rs.profile index 2ebe35dd5..0d6eb6a21 100644 --- a/etc/profile-a-l/authenticator-rs.profile +++ b/etc/profile-a-l/authenticator-rs.profile | |||
@@ -6,7 +6,7 @@ include authenticator-rs.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/authenticator-rs | 9 | nodeny ${HOME}/.local/share/authenticator-rs |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/authenticator-rs | 20 | mkdir ${HOME}/.local/share/authenticator-rs |
21 | whitelist ${HOME}/.local/share/authenticator-rs | 21 | allow ${HOME}/.local/share/authenticator-rs |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist /usr/share/uk.co.grumlimited.authenticator-rs | 23 | allow /usr/share/uk.co.grumlimited.authenticator-rs |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/authenticator.profile b/etc/profile-a-l/authenticator.profile index 42d9cd56a..55d967e3e 100644 --- a/etc/profile-a-l/authenticator.profile +++ b/etc/profile-a-l/authenticator.profile | |||
@@ -6,8 +6,8 @@ include authenticator.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Authenticator | 9 | nodeny ${HOME}/.cache/Authenticator |
10 | noblacklist ${HOME}/.config/Authenticator | 10 | nodeny ${HOME}/.config/Authenticator |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | #include allow-python2.inc | 13 | #include allow-python2.inc |
diff --git a/etc/profile-a-l/autokey-common.profile b/etc/profile-a-l/autokey-common.profile index 891928e5a..a5b3b22f6 100644 --- a/etc/profile-a-l/autokey-common.profile +++ b/etc/profile-a-l/autokey-common.profile | |||
@@ -7,8 +7,8 @@ include autokey-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/autokey | 10 | nodeny ${HOME}/.config/autokey |
11 | noblacklist ${HOME}/.local/share/autokey | 11 | nodeny ${HOME}/.local/share/autokey |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-a-l/avidemux.profile b/etc/profile-a-l/avidemux.profile index 1ecc03da1..023ed1ce2 100644 --- a/etc/profile-a-l/avidemux.profile +++ b/etc/profile-a-l/avidemux.profile | |||
@@ -5,9 +5,9 @@ include avidemux.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.avidemux6 | 8 | nodeny ${HOME}/.avidemux6 |
9 | noblacklist ${HOME}/.config/avidemux3_qt5rc | 9 | nodeny ${HOME}/.config/avidemux3_qt5rc |
10 | noblacklist ${VIDEOS} | 10 | nodeny ${VIDEOS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,10 +19,10 @@ include disable-shell.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.avidemux6 | 21 | mkdir ${HOME}/.avidemux6 |
22 | mkdir ${HOME}/.config/avidemux3_qt5rc | 22 | mkfile ${HOME}/.config/avidemux3_qt5rc |
23 | whitelist ${HOME}/.avidemux6 | 23 | allow ${HOME}/.avidemux6 |
24 | whitelist ${HOME}/.config/avidemux3_qt5rc | 24 | allow ${HOME}/.config/avidemux3_qt5rc |
25 | whitelist ${VIDEOS} | 25 | allow ${VIDEOS} |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile index a57ad4014..abe9fdb24 100644 --- a/etc/profile-a-l/aweather.profile +++ b/etc/profile-a-l/aweather.profile | |||
@@ -6,7 +6,7 @@ include aweather.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/aweather | 9 | nodeny ${HOME}/.config/aweather |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/aweather | 18 | mkdir ${HOME}/.config/aweather |
19 | whitelist ${HOME}/.config/aweather | 19 | allow ${HOME}/.config/aweather |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/awesome.profile b/etc/profile-a-l/awesome.profile index 5d1bf5071..58f4f5e96 100644 --- a/etc/profile-a-l/awesome.profile +++ b/etc/profile-a-l/awesome.profile | |||
@@ -7,7 +7,7 @@ include awesome.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in awesome will run in this profile | 9 | # all applications started in awesome will run in this profile |
10 | noblacklist ${HOME}/.config/awesome | 10 | nodeny ${HOME}/.config/awesome |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/ballbuster.profile b/etc/profile-a-l/ballbuster.profile index 3952921a3..46bb0b44e 100644 --- a/etc/profile-a-l/ballbuster.profile +++ b/etc/profile-a-l/ballbuster.profile | |||
@@ -6,7 +6,7 @@ include ballbuster.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.ballbuster.hs | 9 | nodeny ${HOME}/.ballbuster.hs |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/.ballbuster.hs | 20 | mkfile ${HOME}/.ballbuster.hs |
21 | whitelist ${HOME}/.ballbuster.hs | 21 | allow ${HOME}/.ballbuster.hs |
22 | whitelist /usr/share/ballbuster | 22 | allow /usr/share/ballbuster |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/baloo_file.profile b/etc/profile-a-l/baloo_file.profile index fe86d9b80..2b10883f7 100644 --- a/etc/profile-a-l/baloo_file.profile +++ b/etc/profile-a-l/baloo_file.profile | |||
@@ -12,12 +12,12 @@ include globals.local | |||
12 | # read-write ${HOME}/.local/share/baloo | 12 | # read-write ${HOME}/.local/share/baloo |
13 | # ignore read-write | 13 | # ignore read-write |
14 | 14 | ||
15 | noblacklist ${HOME}/.config/baloofilerc | 15 | nodeny ${HOME}/.config/baloofilerc |
16 | noblacklist ${HOME}/.kde/share/config/baloofilerc | 16 | nodeny ${HOME}/.kde/share/config/baloofilerc |
17 | noblacklist ${HOME}/.kde/share/config/baloorc | 17 | nodeny ${HOME}/.kde/share/config/baloorc |
18 | noblacklist ${HOME}/.kde4/share/config/baloofilerc | 18 | nodeny ${HOME}/.kde4/share/config/baloofilerc |
19 | noblacklist ${HOME}/.kde4/share/config/baloorc | 19 | nodeny ${HOME}/.kde4/share/config/baloorc |
20 | noblacklist ${HOME}/.local/share/baloo | 20 | nodeny ${HOME}/.local/share/baloo |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
diff --git a/etc/profile-a-l/balsa.profile b/etc/profile-a-l/balsa.profile index 8c69652c5..1e74443aa 100644 --- a/etc/profile-a-l/balsa.profile +++ b/etc/profile-a-l/balsa.profile | |||
@@ -6,13 +6,13 @@ include balsa.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.balsa | 9 | nodeny ${HOME}/.balsa |
10 | noblacklist ${HOME}/.gnupg | 10 | nodeny ${HOME}/.gnupg |
11 | noblacklist ${HOME}/.mozilla | 11 | nodeny ${HOME}/.mozilla |
12 | noblacklist ${HOME}/.signature | 12 | nodeny ${HOME}/.signature |
13 | noblacklist ${HOME}/mail | 13 | nodeny ${HOME}/mail |
14 | noblacklist /var/mail | 14 | nodeny /var/mail |
15 | noblacklist /var/spool/mail | 15 | nodeny /var/spool/mail |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -27,17 +27,17 @@ mkdir ${HOME}/.balsa | |||
27 | mkdir ${HOME}/.gnupg | 27 | mkdir ${HOME}/.gnupg |
28 | mkfile ${HOME}/.signature | 28 | mkfile ${HOME}/.signature |
29 | mkdir ${HOME}/mail | 29 | mkdir ${HOME}/mail |
30 | whitelist ${HOME}/.balsa | 30 | allow ${HOME}/.balsa |
31 | whitelist ${HOME}/.gnupg | 31 | allow ${HOME}/.gnupg |
32 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 32 | allow ${HOME}/.mozilla/firefox/profiles.ini |
33 | whitelist ${HOME}/.signature | 33 | allow ${HOME}/.signature |
34 | whitelist ${HOME}/mail | 34 | allow ${HOME}/mail |
35 | whitelist ${RUNUSER}/gnupg | 35 | allow ${RUNUSER}/gnupg |
36 | whitelist /usr/share/balsa | 36 | allow /usr/share/balsa |
37 | whitelist /usr/share/gnupg | 37 | allow /usr/share/gnupg |
38 | whitelist /usr/share/gnupg2 | 38 | allow /usr/share/gnupg2 |
39 | whitelist /var/mail | 39 | allow /var/mail |
40 | whitelist /var/spool/mail | 40 | allow /var/spool/mail |
41 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-runuser-common.inc | 42 | include whitelist-runuser-common.inc |
43 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/barrier.profile b/etc/profile-a-l/barrier.profile index 7b50e9199..fcea9b3ba 100644 --- a/etc/profile-a-l/barrier.profile +++ b/etc/profile-a-l/barrier.profile | |||
@@ -6,9 +6,9 @@ include barrier.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Debauchee/Barrier.conf | 9 | nodeny ${HOME}/.config/Debauchee/Barrier.conf |
10 | noblacklist ${HOME}/.local/share/barrier | 10 | nodeny ${HOME}/.local/share/barrier |
11 | noblacklist ${PATH}/openssl | 11 | nodeny ${PATH}/openssl |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/basilisk.profile b/etc/profile-a-l/basilisk.profile index 8dc3847a0..547c67fc8 100644 --- a/etc/profile-a-l/basilisk.profile +++ b/etc/profile-a-l/basilisk.profile | |||
@@ -5,13 +5,13 @@ include basilisk.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/moonchild productions/basilisk | 8 | nodeny ${HOME}/.cache/moonchild productions/basilisk |
9 | noblacklist ${HOME}/.moonchild productions/basilisk | 9 | nodeny ${HOME}/.moonchild productions/basilisk |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/moonchild productions/basilisk | 11 | mkdir ${HOME}/.cache/moonchild productions/basilisk |
12 | mkdir ${HOME}/.moonchild productions | 12 | mkdir ${HOME}/.moonchild productions |
13 | whitelist ${HOME}/.cache/moonchild productions/basilisk | 13 | allow ${HOME}/.cache/moonchild productions/basilisk |
14 | whitelist ${HOME}/.moonchild productions | 14 | allow ${HOME}/.moonchild productions |
15 | 15 | ||
16 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) | 16 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) |
17 | seccomp | 17 | seccomp |
diff --git a/etc/profile-a-l/bcompare.profile b/etc/profile-a-l/bcompare.profile index 3ecaea7fe..a1d2b1e73 100644 --- a/etc/profile-a-l/bcompare.profile +++ b/etc/profile-a-l/bcompare.profile | |||
@@ -7,10 +7,10 @@ include bcompare.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/bcompare | 10 | nodeny ${HOME}/.config/bcompare |
11 | # In case the user decides to include disable-programs.inc, still allow | 11 | # In case the user decides to include disable-programs.inc, still allow |
12 | # KDE's Gwenview to view images via right click -> Open With -> Associated Application | 12 | # KDE's Gwenview to view images via right click -> Open With -> Associated Application |
13 | noblacklist ${HOME}/.config/gwenviewrc | 13 | nodeny ${HOME}/.config/gwenviewrc |
14 | 14 | ||
15 | # Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc. | 15 | # Add the next line to your bcompare.local if you don't need to compare files in disable-common.inc. |
16 | #include disable-common.inc | 16 | #include disable-common.inc |
diff --git a/etc/profile-a-l/beaker.profile b/etc/profile-a-l/beaker.profile index f3a9568bd..588f460a8 100644 --- a/etc/profile-a-l/beaker.profile +++ b/etc/profile-a-l/beaker.profile | |||
@@ -19,10 +19,10 @@ ignore private-cache | |||
19 | ignore private-dev | 19 | ignore private-dev |
20 | ignore private-tmp | 20 | ignore private-tmp |
21 | 21 | ||
22 | noblacklist ${HOME}/.config/Beaker Browser | 22 | nodeny ${HOME}/.config/Beaker Browser |
23 | 23 | ||
24 | mkdir ${HOME}/.config/Beaker Browser | 24 | mkdir ${HOME}/.config/Beaker Browser |
25 | whitelist ${HOME}/.config/Beaker Browser | 25 | allow ${HOME}/.config/Beaker Browser |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include electron.profile | 28 | include electron.profile |
diff --git a/etc/profile-a-l/bibletime.profile b/etc/profile-a-l/bibletime.profile index c7a82afbd..717d7258d 100644 --- a/etc/profile-a-l/bibletime.profile +++ b/etc/profile-a-l/bibletime.profile | |||
@@ -6,11 +6,11 @@ include bibletime.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.bibletime | 9 | nodeny ${HOME}/.bibletime |
10 | noblacklist ${HOME}/.sword | 10 | nodeny ${HOME}/.sword |
11 | noblacklist ${HOME}/.local/share/bibletime | 11 | nodeny ${HOME}/.local/share/bibletime |
12 | 12 | ||
13 | blacklist ${HOME}/.bashrc | 13 | deny ${HOME}/.bashrc |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,12 +22,12 @@ include disable-programs.inc | |||
22 | mkdir ${HOME}/.bibletime | 22 | mkdir ${HOME}/.bibletime |
23 | mkdir ${HOME}/.sword | 23 | mkdir ${HOME}/.sword |
24 | mkdir ${HOME}/.local/share/bibletime | 24 | mkdir ${HOME}/.local/share/bibletime |
25 | whitelist ${HOME}/.bibletime | 25 | allow ${HOME}/.bibletime |
26 | whitelist ${HOME}/.sword | 26 | allow ${HOME}/.sword |
27 | whitelist ${HOME}/.local/share/bibletime | 27 | allow ${HOME}/.local/share/bibletime |
28 | whitelist /usr/share/bibletime | 28 | allow /usr/share/bibletime |
29 | whitelist /usr/share/doc/bibletime | 29 | allow /usr/share/doc/bibletime |
30 | whitelist /usr/share/sword | 30 | allow /usr/share/sword |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/bijiben.profile b/etc/profile-a-l/bijiben.profile index 854fe5cb9..b02fcc3e0 100644 --- a/etc/profile-a-l/bijiben.profile +++ b/etc/profile-a-l/bijiben.profile | |||
@@ -6,7 +6,7 @@ include bijiben.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/bijiben | 9 | nodeny ${HOME}/.local/share/bijiben |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,12 +18,12 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/bijiben | 20 | mkdir ${HOME}/.local/share/bijiben |
21 | whitelist ${HOME}/.local/share/bijiben | 21 | allow ${HOME}/.local/share/bijiben |
22 | whitelist ${HOME}/.cache/tracker | 22 | allow ${HOME}/.cache/tracker |
23 | whitelist /usr/libexec/webkit2gtk-4.0 | 23 | allow /usr/libexec/webkit2gtk-4.0 |
24 | whitelist /usr/share/bijiben | 24 | allow /usr/share/bijiben |
25 | whitelist /usr/share/tracker | 25 | allow /usr/share/tracker |
26 | whitelist /usr/share/tracker3 | 26 | allow /usr/share/tracker3 |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile index 932db9b73..c4ec0f820 100644 --- a/etc/profile-a-l/bitcoin-qt.profile +++ b/etc/profile-a-l/bitcoin-qt.profile | |||
@@ -6,8 +6,8 @@ include bitcoin-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.bitcoin | 9 | nodeny ${HOME}/.bitcoin |
10 | noblacklist ${HOME}/.config/Bitcoin | 10 | nodeny ${HOME}/.config/Bitcoin |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-shell.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.bitcoin | 20 | mkdir ${HOME}/.bitcoin |
21 | mkdir ${HOME}/.config/Bitcoin | 21 | mkdir ${HOME}/.config/Bitcoin |
22 | whitelist ${HOME}/.bitcoin | 22 | allow ${HOME}/.bitcoin |
23 | whitelist ${HOME}/.config/Bitcoin | 23 | allow ${HOME}/.config/Bitcoin |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/bitlbee.profile b/etc/profile-a-l/bitlbee.profile index dd7651979..0f000b26b 100644 --- a/etc/profile-a-l/bitlbee.profile +++ b/etc/profile-a-l/bitlbee.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist /sbin | 11 | nodeny /sbin |
12 | noblacklist /usr/sbin | 12 | nodeny /usr/sbin |
13 | # noblacklist /var/log | 13 | # noblacklist /var/log |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile index bef25276d..4b292d72a 100644 --- a/etc/profile-a-l/bitwarden.profile +++ b/etc/profile-a-l/bitwarden.profile | |||
@@ -6,54 +6,25 @@ include bitwarden.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Disabled until someone reported positive feedback | ||
10 | ignore include whitelist-usr-share-common.inc | ||
11 | |||
9 | ignore noexec /tmp | 12 | ignore noexec /tmp |
10 | 13 | ||
11 | noblacklist ${HOME}/.config/Bitwarden | 14 | nodeny ${HOME}/.config/Bitwarden |
12 | 15 | ||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | include disable-shell.inc | 16 | include disable-shell.inc |
20 | include disable-xdg.inc | ||
21 | 17 | ||
22 | mkdir ${HOME}/.config/Bitwarden | 18 | mkdir ${HOME}/.config/Bitwarden |
23 | whitelist ${HOME}/.config/Bitwarden | 19 | allow ${HOME}/.config/Bitwarden |
24 | whitelist ${DOWNLOADS} | ||
25 | include whitelist-common.inc | ||
26 | include whitelist-var-common.inc | ||
27 | 20 | ||
28 | apparmor | ||
29 | caps.drop all | ||
30 | machine-id | 21 | machine-id |
31 | netfilter | ||
32 | no3d | 22 | no3d |
33 | nodvd | ||
34 | nogroups | ||
35 | noinput | ||
36 | nonewprivs | ||
37 | noroot | ||
38 | nosound | 23 | nosound |
39 | notv | 24 | |
40 | nou2f | ||
41 | novideo | ||
42 | protocol unix,inet,inet6,netlink | ||
43 | seccomp !chroot | ||
44 | shell none | ||
45 | #tracelog - breaks on Arch | ||
46 | |||
47 | private-bin bitwarden | ||
48 | private-cache | ||
49 | ?HAS_APPIMAGE: ignore private-dev | 25 | ?HAS_APPIMAGE: ignore private-dev |
50 | private-dev | ||
51 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,nsswitch.conf,pki,resolv.conf,ssl | 26 | private-etc alternatives,ca-certificates,crypto-policies,fonts,hosts,nsswitch.conf,pki,resolv.conf,ssl |
52 | private-opt Bitwarden | 27 | private-opt Bitwarden |
53 | private-tmp | ||
54 | |||
55 | # breaks appindicator (tray) functionality | ||
56 | # dbus-user none | ||
57 | # dbus-system none | ||
58 | 28 | ||
59 | #memory-deny-write-execute - breaks on Arch (see issue #1803) | 29 | # Redirect |
30 | include electron.profile | ||
diff --git a/etc/profile-a-l/blackbox.profile b/etc/profile-a-l/blackbox.profile index 233f9a96f..616ad6801 100644 --- a/etc/profile-a-l/blackbox.profile +++ b/etc/profile-a-l/blackbox.profile | |||
@@ -7,7 +7,7 @@ include blackbox.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in blackbox will run in this profile | 9 | # all applications started in blackbox will run in this profile |
10 | noblacklist ${HOME}/.blackbox | 10 | nodeny ${HOME}/.blackbox |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/blender.profile b/etc/profile-a-l/blender.profile index 701ae431e..8d0b5616f 100644 --- a/etc/profile-a-l/blender.profile +++ b/etc/profile-a-l/blender.profile | |||
@@ -6,7 +6,7 @@ include blender.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/blender | 9 | nodeny ${HOME}/.config/blender |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | # Allow usage of AMD GPU by OpenCL | 22 | # Allow usage of AMD GPU by OpenCL |
23 | noblacklist /sys/module | 23 | nodeny /sys/module |
24 | whitelist /sys/module/amdgpu | 24 | allow /sys/module/amdgpu |
25 | read-only /sys/module/amdgpu | 25 | read-only /sys/module/amdgpu |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-a-l/bless.profile b/etc/profile-a-l/bless.profile index 80dc750f7..ca5f96eee 100644 --- a/etc/profile-a-l/bless.profile +++ b/etc/profile-a-l/bless.profile | |||
@@ -6,7 +6,7 @@ include bless.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/bless | 9 | nodeny ${HOME}/.config/bless |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/blobby.profile b/etc/profile-a-l/blobby.profile index 229c20293..ee2a73b54 100644 --- a/etc/profile-a-l/blobby.profile +++ b/etc/profile-a-l/blobby.profile | |||
@@ -4,7 +4,7 @@ include blobby.local | |||
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include globals.local | 5 | include globals.local |
6 | 6 | ||
7 | noblacklist ${HOME}/.blobby | 7 | nodeny ${HOME}/.blobby |
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
10 | include disable-devel.inc | 10 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-shell.inc | |||
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.blobby | 18 | mkdir ${HOME}/.blobby |
19 | whitelist ${HOME}/.blobby | 19 | allow ${HOME}/.blobby |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | whitelist /usr/share/blobby | 21 | allow /usr/share/blobby |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile index 904710cb5..e0be5261e 100644 --- a/etc/profile-a-l/blobwars.profile +++ b/etc/profile-a-l/blobwars.profile | |||
@@ -6,7 +6,7 @@ include blobwars.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.parallelrealities/blobwars | 9 | nodeny ${HOME}/.parallelrealities/blobwars |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.parallelrealities/blobwars | 20 | mkdir ${HOME}/.parallelrealities/blobwars |
21 | whitelist ${HOME}/.parallelrealities/blobwars | 21 | allow ${HOME}/.parallelrealities/blobwars |
22 | whitelist /usr/share/blobwars | 22 | allow /usr/share/blobwars |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/bnox.profile b/etc/profile-a-l/bnox.profile index 6e8f0d7d1..dcfd5d8d2 100644 --- a/etc/profile-a-l/bnox.profile +++ b/etc/profile-a-l/bnox.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/bnox | 13 | nodeny ${HOME}/.cache/bnox |
14 | noblacklist ${HOME}/.config/bnox | 14 | nodeny ${HOME}/.config/bnox |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/bnox | 16 | mkdir ${HOME}/.cache/bnox |
17 | mkdir ${HOME}/.config/bnox | 17 | mkdir ${HOME}/.config/bnox |
18 | whitelist ${HOME}/.cache/bnox | 18 | allow ${HOME}/.cache/bnox |
19 | whitelist ${HOME}/.config/bnox | 19 | allow ${HOME}/.config/bnox |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/brackets.profile b/etc/profile-a-l/brackets.profile index 0cbac049a..a14bb8fef 100644 --- a/etc/profile-a-l/brackets.profile +++ b/etc/profile-a-l/brackets.profile | |||
@@ -5,7 +5,7 @@ include brackets.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Brackets | 8 | nodeny ${HOME}/.config/Brackets |
9 | #noblacklist /opt/brackets | 9 | #noblacklist /opt/brackets |
10 | #noblacklist /opt/google | 10 | #noblacklist /opt/google |
11 | 11 | ||
diff --git a/etc/profile-a-l/brasero.profile b/etc/profile-a-l/brasero.profile index 417a6b3e0..a78882409 100644 --- a/etc/profile-a-l/brasero.profile +++ b/etc/profile-a-l/brasero.profile | |||
@@ -6,7 +6,7 @@ include brasero.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/brasero | 9 | nodeny ${HOME}/.config/brasero |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/brave.profile b/etc/profile-a-l/brave.profile index 09548c761..bc2d7a6a1 100644 --- a/etc/profile-a-l/brave.profile +++ b/etc/profile-a-l/brave.profile | |||
@@ -14,24 +14,24 @@ ignore noexec /tmp | |||
14 | # Alternatively you can add 'ignore apparmor' to your brave.local. | 14 | # Alternatively you can add 'ignore apparmor' to your brave.local. |
15 | ignore noexec ${HOME} | 15 | ignore noexec ${HOME} |
16 | 16 | ||
17 | noblacklist ${HOME}/.cache/BraveSoftware | 17 | nodeny ${HOME}/.cache/BraveSoftware |
18 | noblacklist ${HOME}/.config/BraveSoftware | 18 | nodeny ${HOME}/.config/BraveSoftware |
19 | noblacklist ${HOME}/.config/brave | 19 | nodeny ${HOME}/.config/brave |
20 | noblacklist ${HOME}/.config/brave-flags.conf | 20 | nodeny ${HOME}/.config/brave-flags.conf |
21 | # brave uses gpg for built-in password manager | 21 | # brave uses gpg for built-in password manager |
22 | noblacklist ${HOME}/.gnupg | 22 | nodeny ${HOME}/.gnupg |
23 | 23 | ||
24 | mkdir ${HOME}/.cache/BraveSoftware | 24 | mkdir ${HOME}/.cache/BraveSoftware |
25 | mkdir ${HOME}/.config/BraveSoftware | 25 | mkdir ${HOME}/.config/BraveSoftware |
26 | mkdir ${HOME}/.config/brave | 26 | mkdir ${HOME}/.config/brave |
27 | whitelist ${HOME}/.cache/BraveSoftware | 27 | allow ${HOME}/.cache/BraveSoftware |
28 | whitelist ${HOME}/.config/BraveSoftware | 28 | allow ${HOME}/.config/BraveSoftware |
29 | whitelist ${HOME}/.config/brave | 29 | allow ${HOME}/.config/brave |
30 | whitelist ${HOME}/.config/brave-flags.conf | 30 | allow ${HOME}/.config/brave-flags.conf |
31 | whitelist ${HOME}/.gnupg | 31 | allow ${HOME}/.gnupg |
32 | 32 | ||
33 | # Brave sandbox needs read access to /proc/config.gz | 33 | # Brave sandbox needs read access to /proc/config.gz |
34 | noblacklist /proc/config.gz | 34 | nodeny /proc/config.gz |
35 | 35 | ||
36 | # Redirect | 36 | # Redirect |
37 | include chromium-common.profile | 37 | include chromium-common.profile |
diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile index bda96bbb3..62ca041c2 100644 --- a/etc/profile-a-l/bzflag.profile +++ b/etc/profile-a-l/bzflag.profile | |||
@@ -6,7 +6,7 @@ include bzflag.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.bzf | 9 | nodeny ${HOME}/.bzf |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.bzf | 20 | mkdir ${HOME}/.bzf |
21 | whitelist ${HOME}/.bzf | 21 | allow ${HOME}/.bzf |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/calibre.profile b/etc/profile-a-l/calibre.profile index 83571397b..99706620c 100644 --- a/etc/profile-a-l/calibre.profile +++ b/etc/profile-a-l/calibre.profile | |||
@@ -6,9 +6,9 @@ include calibre.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/calibre | 9 | nodeny ${HOME}/.cache/calibre |
10 | noblacklist ${HOME}/.config/calibre | 10 | nodeny ${HOME}/.config/calibre |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile index fcff47662..36ecc06a0 100644 --- a/etc/profile-a-l/calligra.profile +++ b/etc/profile-a-l/calligra.profile | |||
@@ -6,7 +6,7 @@ include calligra.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligra | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligra |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/calligragemini.profile b/etc/profile-a-l/calligragemini.profile index 006c307ab..76123c96a 100644 --- a/etc/profile-a-l/calligragemini.profile +++ b/etc/profile-a-l/calligragemini.profile | |||
@@ -6,7 +6,7 @@ include calligragemini.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/calligragemini | 9 | nodeny ${HOME}/.local/share/calligragemini |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligraplan.profile b/etc/profile-a-l/calligraplan.profile index 81dbd4dcd..5fb1e16da 100644 --- a/etc/profile-a-l/calligraplan.profile +++ b/etc/profile-a-l/calligraplan.profile | |||
@@ -6,7 +6,7 @@ include calligraplan.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligraplan | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligraplan |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligraplanwork.profile b/etc/profile-a-l/calligraplanwork.profile index bba91b66b..c176bfea1 100644 --- a/etc/profile-a-l/calligraplanwork.profile +++ b/etc/profile-a-l/calligraplanwork.profile | |||
@@ -6,7 +6,7 @@ include calligraplanwork.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligraplanwork | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligraplanwork |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligrasheets.profile b/etc/profile-a-l/calligrasheets.profile index 7bc296047..b7ac68945 100644 --- a/etc/profile-a-l/calligrasheets.profile +++ b/etc/profile-a-l/calligrasheets.profile | |||
@@ -6,7 +6,7 @@ include calligrasheets.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligrasheets | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligrasheets |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligrastage.profile b/etc/profile-a-l/calligrastage.profile index 7694abbe4..1258fec56 100644 --- a/etc/profile-a-l/calligrastage.profile +++ b/etc/profile-a-l/calligrastage.profile | |||
@@ -6,7 +6,7 @@ include calligrastage.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligrastage | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligrastage |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/calligrawords.profile b/etc/profile-a-l/calligrawords.profile index d69d56a95..c2b6c8041 100644 --- a/etc/profile-a-l/calligrawords.profile +++ b/etc/profile-a-l/calligrawords.profile | |||
@@ -6,7 +6,7 @@ include calligrawords.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/calligrawords | 9 | nodeny ${HOME}/.local/share/kxmlgui5/calligrawords |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include calligra.profile | 12 | include calligra.profile |
diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile index 74c7cc34b..390ae383c 100644 --- a/etc/profile-a-l/cameramonitor.profile +++ b/etc/profile-a-l/cameramonitor.profile | |||
@@ -20,7 +20,7 @@ include disable-programs.inc | |||
20 | include disable-shell.inc | 20 | include disable-shell.inc |
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | whitelist /usr/share/cameramonitor | 23 | allow /usr/share/cameramonitor |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile index 96f88a7c4..77bdc09e0 100644 --- a/etc/profile-a-l/cantata.profile +++ b/etc/profile-a-l/cantata.profile | |||
@@ -6,10 +6,10 @@ include cantata.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/cantata | 9 | nodeny ${HOME}/.cache/cantata |
10 | noblacklist ${HOME}/.config/cantata | 10 | nodeny ${HOME}/.config/cantata |
11 | noblacklist ${HOME}/.local/share/cantata | 11 | nodeny ${HOME}/.local/share/cantata |
12 | noblacklist ${MUSIC} | 12 | nodeny ${MUSIC} |
13 | 13 | ||
14 | # Allow perl (blacklisted by disable-interpreters.inc) | 14 | # Allow perl (blacklisted by disable-interpreters.inc) |
15 | include allow-perl.inc | 15 | include allow-perl.inc |
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile index 7cf04c550..9c53af84f 100644 --- a/etc/profile-a-l/cargo.profile +++ b/etc/profile-a-l/cargo.profile | |||
@@ -10,11 +10,11 @@ include globals.local | |||
10 | ignore noexec ${HOME} | 10 | ignore noexec ${HOME} |
11 | ignore noexec /tmp | 11 | ignore noexec /tmp |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | deny /tmp/.X11-unix |
14 | blacklist ${RUNUSER} | 14 | deny ${RUNUSER} |
15 | 15 | ||
16 | noblacklist ${HOME}/.cargo/credentials | 16 | nodeny ${HOME}/.cargo/credentials |
17 | noblacklist ${HOME}/.cargo/credentials.toml | 17 | nodeny ${HOME}/.cargo/credentials.toml |
18 | 18 | ||
19 | # Allows files commonly used by IDEs | 19 | # Allows files commonly used by IDEs |
20 | include allow-common-devel.inc | 20 | include allow-common-devel.inc |
@@ -34,7 +34,7 @@ include disable-xdg.inc | |||
34 | #whitelist ${HOME}/.cargo | 34 | #whitelist ${HOME}/.cargo |
35 | #whitelist ${HOME}/.rustup | 35 | #whitelist ${HOME}/.rustup |
36 | #include whitelist-common.inc | 36 | #include whitelist-common.inc |
37 | whitelist /usr/share/pkgconfig | 37 | allow /usr/share/pkgconfig |
38 | include whitelist-runuser-common.inc | 38 | include whitelist-runuser-common.inc |
39 | include whitelist-usr-share-common.inc | 39 | include whitelist-usr-share-common.inc |
40 | include whitelist-var-common.inc | 40 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/catfish.profile b/etc/profile-a-l/catfish.profile index 009d3a049..4ea53ea6b 100644 --- a/etc/profile-a-l/catfish.profile +++ b/etc/profile-a-l/catfish.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | # We can't blacklist much since catfish | 9 | # We can't blacklist much since catfish |
10 | # is for finding files/content | 10 | # is for finding files/content |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/catfish | 12 | nodeny ${HOME}/.config/catfish |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
@@ -21,7 +21,7 @@ include disable-interpreters.inc | |||
21 | include disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
22 | # include disable-programs.inc | 22 | # include disable-programs.inc |
23 | 23 | ||
24 | whitelist /var/lib/mlocate | 24 | allow /var/lib/mlocate |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
27 | apparmor | 27 | apparmor |
diff --git a/etc/profile-a-l/cawbird.profile b/etc/profile-a-l/cawbird.profile index 6e137010c..d7aee1902 100644 --- a/etc/profile-a-l/cawbird.profile +++ b/etc/profile-a-l/cawbird.profile | |||
@@ -6,7 +6,7 @@ include cawbird.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/cawbird | 9 | nodeny ${HOME}/.config/cawbird |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile index 1c539cc93..d6f4306ba 100644 --- a/etc/profile-a-l/celluloid.profile +++ b/etc/profile-a-l/celluloid.profile | |||
@@ -6,9 +6,9 @@ include celluloid.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/celluloid | 9 | nodeny ${HOME}/.config/celluloid |
10 | noblacklist ${HOME}/.config/gnome-mpv | 10 | nodeny ${HOME}/.config/gnome-mpv |
11 | noblacklist ${HOME}/.config/youtube-dl | 11 | nodeny ${HOME}/.config/youtube-dl |
12 | 12 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -17,7 +17,7 @@ include allow-lua.inc | |||
17 | include allow-python2.inc | 17 | include allow-python2.inc |
18 | include allow-python3.inc | 18 | include allow-python3.inc |
19 | 19 | ||
20 | blacklist /usr/libexec | 20 | deny /usr/libexec |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
@@ -30,9 +30,9 @@ read-only ${DESKTOP} | |||
30 | mkdir ${HOME}/.config/celluloid | 30 | mkdir ${HOME}/.config/celluloid |
31 | mkdir ${HOME}/.config/gnome-mpv | 31 | mkdir ${HOME}/.config/gnome-mpv |
32 | mkdir ${HOME}/.config/youtube-dl | 32 | mkdir ${HOME}/.config/youtube-dl |
33 | whitelist ${HOME}/.config/celluloid | 33 | allow ${HOME}/.config/celluloid |
34 | whitelist ${HOME}/.config/gnome-mpv | 34 | allow ${HOME}/.config/gnome-mpv |
35 | whitelist ${HOME}/.config/youtube-dl | 35 | allow ${HOME}/.config/youtube-dl |
36 | include whitelist-common.inc | 36 | include whitelist-common.inc |
37 | include whitelist-player-common.inc | 37 | include whitelist-player-common.inc |
38 | include whitelist-runuser-common.inc | 38 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile index 24939fc70..0f61084e0 100644 --- a/etc/profile-a-l/checkbashisms.profile +++ b/etc/profile-a-l/checkbashisms.profile | |||
@@ -7,9 +7,9 @@ include checkbashisms.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | # Allow perl (blacklisted by disable-interpreters.inc) | 14 | # Allow perl (blacklisted by disable-interpreters.inc) |
15 | include allow-perl.inc | 15 | include allow-perl.inc |
diff --git a/etc/profile-a-l/cheese.profile b/etc/profile-a-l/cheese.profile index aca1f5876..bde3e1311 100644 --- a/etc/profile-a-l/cheese.profile +++ b/etc/profile-a-l/cheese.profile | |||
@@ -6,8 +6,8 @@ include cheese.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${VIDEOS} | 9 | nodeny ${VIDEOS} |
10 | noblacklist ${PICTURES} | 10 | nodeny ${PICTURES} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist ${VIDEOS} | 20 | allow ${VIDEOS} |
21 | whitelist ${PICTURES} | 21 | allow ${PICTURES} |
22 | whitelist /usr/share/gnome-video-effects | 22 | allow /usr/share/gnome-video-effects |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/cherrytree.profile b/etc/profile-a-l/cherrytree.profile index 7621b3c8c..d5dedd81d 100644 --- a/etc/profile-a-l/cherrytree.profile +++ b/etc/profile-a-l/cherrytree.profile | |||
@@ -6,8 +6,8 @@ include cherrytree.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/cherrytree | 9 | nodeny ${HOME}/.config/cherrytree |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/chromium-browser-privacy.profile b/etc/profile-a-l/chromium-browser-privacy.profile index 8803a4d9d..64c45772a 100644 --- a/etc/profile-a-l/chromium-browser-privacy.profile +++ b/etc/profile-a-l/chromium-browser-privacy.profile | |||
@@ -3,15 +3,15 @@ | |||
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include chromium-browser-privacy.local | 4 | include chromium-browser-privacy.local |
5 | 5 | ||
6 | noblacklist ${HOME}/.cache/ungoogled-chromium | 6 | nodeny ${HOME}/.cache/ungoogled-chromium |
7 | noblacklist ${HOME}/.config/ungoogled-chromium | 7 | nodeny ${HOME}/.config/ungoogled-chromium |
8 | 8 | ||
9 | blacklist /usr/libexec | 9 | deny /usr/libexec |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/ungoogled-chromium | 11 | mkdir ${HOME}/.cache/ungoogled-chromium |
12 | mkdir ${HOME}/.config/ungoogled-chromium | 12 | mkdir ${HOME}/.config/ungoogled-chromium |
13 | whitelist ${HOME}/.cache/ungoogled-chromium | 13 | allow ${HOME}/.cache/ungoogled-chromium |
14 | whitelist ${HOME}/.config/ungoogled-chromium | 14 | allow ${HOME}/.config/ungoogled-chromium |
15 | 15 | ||
16 | # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings | 16 | # private-bin basename,bash,cat,chromium-browser-privacy,dirname,mkdir,readlink,sed,touch,which,xdg-settings |
17 | 17 | ||
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile index b0e0254d4..dbeb715d4 100644 --- a/etc/profile-a-l/chromium-common.profile +++ b/etc/profile-a-l/chromium-common.profile | |||
@@ -9,8 +9,8 @@ include chromium-common.local | |||
9 | # noexec ${HOME} breaks DRM binaries. | 9 | # noexec ${HOME} breaks DRM binaries. |
10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
11 | 11 | ||
12 | noblacklist ${HOME}/.pki | 12 | nodeny ${HOME}/.pki |
13 | noblacklist ${HOME}/.local/share/pki | 13 | nodeny ${HOME}/.local/share/pki |
14 | 14 | ||
15 | # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser | 15 | # Add the next line to your chromium-common.local if you want Google Chrome/Chromium browser |
16 | # to have access to Gnome extensions (extensions.gnome.org) via browser connector | 16 | # to have access to Gnome extensions (extensions.gnome.org) via browser connector |
@@ -26,9 +26,9 @@ include disable-xdg.inc | |||
26 | 26 | ||
27 | mkdir ${HOME}/.pki | 27 | mkdir ${HOME}/.pki |
28 | mkdir ${HOME}/.local/share/pki | 28 | mkdir ${HOME}/.local/share/pki |
29 | whitelist ${DOWNLOADS} | 29 | allow ${DOWNLOADS} |
30 | whitelist ${HOME}/.pki | 30 | allow ${HOME}/.pki |
31 | whitelist ${HOME}/.local/share/pki | 31 | allow ${HOME}/.local/share/pki |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/chromium.profile b/etc/profile-a-l/chromium.profile index 9ac33aa1c..ea92e90a8 100644 --- a/etc/profile-a-l/chromium.profile +++ b/etc/profile-a-l/chromium.profile | |||
@@ -6,17 +6,17 @@ include chromium.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/chromium | 9 | nodeny ${HOME}/.cache/chromium |
10 | noblacklist ${HOME}/.config/chromium | 10 | nodeny ${HOME}/.config/chromium |
11 | noblacklist ${HOME}/.config/chromium-flags.conf | 11 | nodeny ${HOME}/.config/chromium-flags.conf |
12 | 12 | ||
13 | mkdir ${HOME}/.cache/chromium | 13 | mkdir ${HOME}/.cache/chromium |
14 | mkdir ${HOME}/.config/chromium | 14 | mkdir ${HOME}/.config/chromium |
15 | whitelist ${HOME}/.cache/chromium | 15 | allow ${HOME}/.cache/chromium |
16 | whitelist ${HOME}/.config/chromium | 16 | allow ${HOME}/.config/chromium |
17 | whitelist ${HOME}/.config/chromium-flags.conf | 17 | allow ${HOME}/.config/chromium-flags.conf |
18 | whitelist /usr/share/chromium | 18 | allow /usr/share/chromium |
19 | whitelist /usr/share/mozilla/extensions | 19 | allow /usr/share/mozilla/extensions |
20 | 20 | ||
21 | # private-bin chromium,chromium-browser,chromedriver | 21 | # private-bin chromium,chromium-browser,chromedriver |
22 | 22 | ||
diff --git a/etc/profile-a-l/cin.profile b/etc/profile-a-l/cin.profile index e1f9523c4..c967e1c96 100644 --- a/etc/profile-a-l/cin.profile +++ b/etc/profile-a-l/cin.profile | |||
@@ -5,7 +5,7 @@ include cin.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.bcast5 | 8 | nodeny ${HOME}/.bcast5 |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/clamav.profile b/etc/profile-a-l/clamav.profile index e403c2c41..0efbcd4f2 100644 --- a/etc/profile-a-l/clamav.profile +++ b/etc/profile-a-l/clamav.profile | |||
@@ -7,7 +7,7 @@ include clamav.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-exec.inc | 12 | include disable-exec.inc |
13 | 13 | ||
diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile index 691657fa0..3e4e1f2a1 100644 --- a/etc/profile-a-l/claws-mail.profile +++ b/etc/profile-a-l/claws-mail.profile | |||
@@ -6,17 +6,17 @@ include claws-mail.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.claws-mail | 9 | nodeny ${HOME}/.claws-mail |
10 | 10 | ||
11 | mkdir ${HOME}/.claws-mail | 11 | mkdir ${HOME}/.claws-mail |
12 | whitelist ${HOME}/.claws-mail | 12 | allow ${HOME}/.claws-mail |
13 | 13 | ||
14 | # Add the below lines to your claws-mail.local if you use python-based plugins. | 14 | # Add the below lines to your claws-mail.local if you use python-based plugins. |
15 | # Allow python (blacklisted by disable-interpreters.inc) | 15 | # Allow python (blacklisted by disable-interpreters.inc) |
16 | #include allow-python2.inc | 16 | #include allow-python2.inc |
17 | #include allow-python3.inc | 17 | #include allow-python3.inc |
18 | 18 | ||
19 | whitelist /usr/share/doc/claws-mail | 19 | allow /usr/share/doc/claws-mail |
20 | 20 | ||
21 | # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2 | 21 | # private-bin claws-mail,curl,gpg,gpg2,gpg-agent,gpgsm,gpgme-config,pinentry,pinentry-gtk-2 |
22 | 22 | ||
diff --git a/etc/profile-a-l/clawsker.profile b/etc/profile-a-l/clawsker.profile index 9b62a1f73..ee64391d9 100644 --- a/etc/profile-a-l/clawsker.profile +++ b/etc/profile-a-l/clawsker.profile | |||
@@ -6,7 +6,7 @@ include clawsker.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.claws-mail | 9 | nodeny ${HOME}/.claws-mail |
10 | 10 | ||
11 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
12 | include allow-perl.inc | 12 | include allow-perl.inc |
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.claws-mail | 21 | mkdir ${HOME}/.claws-mail |
22 | whitelist ${HOME}/.claws-mail | 22 | allow ${HOME}/.claws-mail |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile index fa33795c1..f9c0006f9 100644 --- a/etc/profile-a-l/clementine.profile +++ b/etc/profile-a-l/clementine.profile | |||
@@ -6,9 +6,9 @@ include clementine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Clementine | 9 | nodeny ${HOME}/.cache/Clementine |
10 | noblacklist ${HOME}/.config/Clementine | 10 | nodeny ${HOME}/.config/Clementine |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/clion-eap.profile b/etc/profile-a-l/clion-eap.profile new file mode 100644 index 000000000..3602c3e7b --- /dev/null +++ b/etc/profile-a-l/clion-eap.profile | |||
@@ -0,0 +1,10 @@ | |||
1 | # Firejail profile for CLion EAP | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include clion-eap.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
8 | |||
9 | # Redirect | ||
10 | include clion.profile | ||
diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile index 22cecff09..5c5399069 100644 --- a/etc/profile-a-l/clion.profile +++ b/etc/profile-a-l/clion.profile | |||
@@ -5,13 +5,16 @@ include clion.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.CLion* | 8 | nodeny ${HOME}/.config/JetBrains/CLion* |
9 | noblacklist ${HOME}/.config/git | 9 | nodeny ${HOME}/.cache/JetBrains/CLion* |
10 | noblacklist ${HOME}/.gitconfig | 10 | nodeny ${HOME}/.clion* |
11 | noblacklist ${HOME}/.git-credentials | 11 | nodeny ${HOME}/.CLion* |
12 | noblacklist ${HOME}/.java | 12 | nodeny ${HOME}/.config/git |
13 | noblacklist ${HOME}/.local/share/JetBrains | 13 | nodeny ${HOME}/.gitconfig |
14 | noblacklist ${HOME}/.tooling | 14 | nodeny ${HOME}/.git-credentials |
15 | nodeny ${HOME}/.java | ||
16 | nodeny ${HOME}/.local/share/JetBrains | ||
17 | nodeny ${HOME}/.tooling | ||
15 | 18 | ||
16 | # Allow ssh (blacklisted by disable-common.inc) | 19 | # Allow ssh (blacklisted by disable-common.inc) |
17 | include allow-ssh.inc | 20 | include allow-ssh.inc |
diff --git a/etc/profile-a-l/clipgrab.profile b/etc/profile-a-l/clipgrab.profile index c8258da07..89f8d96f0 100644 --- a/etc/profile-a-l/clipgrab.profile +++ b/etc/profile-a-l/clipgrab.profile | |||
@@ -6,9 +6,9 @@ include clipgrab.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Philipp Schmieder | 9 | nodeny ${HOME}/.config/Philipp Schmieder |
10 | noblacklist ${HOME}/.pki | 10 | nodeny ${HOME}/.pki |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile index d421903a3..4a2a5171b 100644 --- a/etc/profile-a-l/clipit.profile +++ b/etc/profile-a-l/clipit.profile | |||
@@ -6,8 +6,8 @@ include clipit.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/clipit | 9 | nodeny ${HOME}/.config/clipit |
10 | noblacklist ${HOME}/.local/share/clipit | 10 | nodeny ${HOME}/.local/share/clipit |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.config/clipit | 20 | mkdir ${HOME}/.config/clipit |
21 | mkdir ${HOME}/.local/share/clipit | 21 | mkdir ${HOME}/.local/share/clipit |
22 | whitelist ${HOME}/.config/clipit | 22 | allow ${HOME}/.config/clipit |
23 | whitelist ${HOME}/.local/share/clipit | 23 | allow ${HOME}/.local/share/clipit |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/cliqz.profile b/etc/profile-a-l/cliqz.profile index d0b8cc0ef..22c6ef882 100644 --- a/etc/profile-a-l/cliqz.profile +++ b/etc/profile-a-l/cliqz.profile | |||
@@ -5,16 +5,16 @@ include cliqz.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/cliqz | 8 | nodeny ${HOME}/.cache/cliqz |
9 | noblacklist ${HOME}/.cliqz | 9 | nodeny ${HOME}/.cliqz |
10 | noblacklist ${HOME}/.config/cliqz | 10 | nodeny ${HOME}/.config/cliqz |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/cliqz | 12 | mkdir ${HOME}/.cache/cliqz |
13 | mkdir ${HOME}/.cliqz | 13 | mkdir ${HOME}/.cliqz |
14 | mkdir ${HOME}/.config/cliqz | 14 | mkdir ${HOME}/.config/cliqz |
15 | whitelist ${HOME}/.cache/cliqz | 15 | allow ${HOME}/.cache/cliqz |
16 | whitelist ${HOME}/.cliqz | 16 | allow ${HOME}/.cliqz |
17 | whitelist ${HOME}/.config/cliqz | 17 | allow ${HOME}/.config/cliqz |
18 | 18 | ||
19 | # private-etc must first be enabled in firefox-common.profile | 19 | # private-etc must first be enabled in firefox-common.profile |
20 | #private-etc cliqz | 20 | #private-etc cliqz |
diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile index bcd557787..51e53209f 100644 --- a/etc/profile-a-l/cmus.profile +++ b/etc/profile-a-l/cmus.profile | |||
@@ -6,8 +6,8 @@ include cmus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/cmus | 9 | nodeny ${HOME}/.config/cmus |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/code.profile b/etc/profile-a-l/code.profile index e19b78908..1933c66fa 100644 --- a/etc/profile-a-l/code.profile +++ b/etc/profile-a-l/code.profile | |||
@@ -5,10 +5,10 @@ include code.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Code | 8 | nodeny ${HOME}/.config/Code |
9 | noblacklist ${HOME}/.config/Code - OSS | 9 | nodeny ${HOME}/.config/Code - OSS |
10 | noblacklist ${HOME}/.vscode | 10 | nodeny ${HOME}/.vscode |
11 | noblacklist ${HOME}/.vscode-oss | 11 | nodeny ${HOME}/.vscode-oss |
12 | 12 | ||
13 | # Allows files commonly used by IDEs | 13 | # Allows files commonly used by IDEs |
14 | include allow-common-devel.inc | 14 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/colorful.profile b/etc/profile-a-l/colorful.profile index bd6d8f5b0..efa7f516c 100644 --- a/etc/profile-a-l/colorful.profile +++ b/etc/profile-a-l/colorful.profile | |||
@@ -6,7 +6,7 @@ include colorful.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.suve/colorful | 9 | nodeny ${HOME}/.suve/colorful |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.suve/colorful | 20 | mkdir ${HOME}/.suve/colorful |
21 | whitelist ${HOME}/.suve/colorful | 21 | allow ${HOME}/.suve/colorful |
22 | whitelist /usr/share/suve | 22 | allow /usr/share/suve |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/com.github.bleakgrey.tootle.profile b/etc/profile-a-l/com.github.bleakgrey.tootle.profile index c8bdfec23..34b662959 100644 --- a/etc/profile-a-l/com.github.bleakgrey.tootle.profile +++ b/etc/profile-a-l/com.github.bleakgrey.tootle.profile | |||
@@ -6,7 +6,7 @@ include com.github.bleakgrey.tootle.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/com.github.bleakgrey.tootle | 9 | nodeny ${HOME}/.config/com.github.bleakgrey.tootle |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/com.github.bleakgrey.tootle | 20 | mkdir ${HOME}/.config/com.github.bleakgrey.tootle |
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | whitelist ${HOME}/.config/com.github.bleakgrey.tootle | 22 | allow ${HOME}/.config/com.github.bleakgrey.tootle |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile index b467a0f7a..4e26e4925 100644 --- a/etc/profile-a-l/com.github.dahenson.agenda.profile +++ b/etc/profile-a-l/com.github.dahenson.agenda.profile | |||
@@ -6,9 +6,9 @@ include com.github.dahenson.agenda.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/agenda | 9 | nodeny ${HOME}/.cache/agenda |
10 | noblacklist ${HOME}/.config/agenda | 10 | nodeny ${HOME}/.config/agenda |
11 | noblacklist ${HOME}/.local/share/agenda | 11 | nodeny ${HOME}/.local/share/agenda |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,9 +22,9 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.cache/agenda | 22 | mkdir ${HOME}/.cache/agenda |
23 | mkdir ${HOME}/.config/agenda | 23 | mkdir ${HOME}/.config/agenda |
24 | mkdir ${HOME}/.local/share/agenda | 24 | mkdir ${HOME}/.local/share/agenda |
25 | whitelist ${HOME}/.cache/agenda | 25 | allow ${HOME}/.cache/agenda |
26 | whitelist ${HOME}/.config/agenda | 26 | allow ${HOME}/.config/agenda |
27 | whitelist ${HOME}/.local/share/agenda | 27 | allow ${HOME}/.local/share/agenda |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile index c13f9618b..bbfc1fe41 100644 --- a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile +++ b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile | |||
@@ -6,9 +6,9 @@ include foliate.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${HOME}/.cache/com.github.johnfactotum.Foliate | 10 | nodeny ${HOME}/.cache/com.github.johnfactotum.Foliate |
11 | noblacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate | 11 | nodeny ${HOME}/.local/share/com.github.johnfactotum.Foliate |
12 | 12 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | 13 | # Allow gjs (blacklisted by disable-interpreters.inc) |
14 | include allow-gjs.inc | 14 | include allow-gjs.inc |
@@ -24,12 +24,12 @@ include disable-xdg.inc | |||
24 | 24 | ||
25 | mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate | 25 | mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate |
26 | mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate | 26 | mkdir ${HOME}/.local/share/com.github.johnfactotum.Foliate |
27 | whitelist ${HOME}/.cache/com.github.johnfactotum.Foliate | 27 | allow ${HOME}/.cache/com.github.johnfactotum.Foliate |
28 | whitelist ${HOME}/.local/share/com.github.johnfactotum.Foliate | 28 | allow ${HOME}/.local/share/com.github.johnfactotum.Foliate |
29 | whitelist ${DOCUMENTS} | 29 | allow ${DOCUMENTS} |
30 | whitelist ${DOWNLOADS} | 30 | allow ${DOWNLOADS} |
31 | whitelist /usr/share/com.github.johnfactotum.Foliate | 31 | allow /usr/share/com.github.johnfactotum.Foliate |
32 | whitelist /usr/share/hyphen | 32 | allow /usr/share/hyphen |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/com.github.phase1geo.minder.profile b/etc/profile-a-l/com.github.phase1geo.minder.profile index d0402d188..3e9acc6c8 100644 --- a/etc/profile-a-l/com.github.phase1geo.minder.profile +++ b/etc/profile-a-l/com.github.phase1geo.minder.profile | |||
@@ -6,9 +6,9 @@ include com.github.phase1geo.minder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/minder | 9 | nodeny ${HOME}/.local/share/minder |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,10 +20,10 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.local/share/minder | 22 | mkdir ${HOME}/.local/share/minder |
23 | whitelist ${HOME}/.local/share/minder | 23 | allow ${HOME}/.local/share/minder |
24 | whitelist ${DOCUMENTS} | 24 | allow ${DOCUMENTS} |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | whitelist ${PICTURES} | 26 | allow ${PICTURES} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/conkeror.profile b/etc/profile-a-l/conkeror.profile index 38edf0d21..6cc9ec551 100644 --- a/etc/profile-a-l/conkeror.profile +++ b/etc/profile-a-l/conkeror.profile | |||
@@ -5,23 +5,23 @@ include conkeror.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.conkeror.mozdev.org | 8 | nodeny ${HOME}/.conkeror.mozdev.org |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-programs.inc | 11 | include disable-programs.inc |
12 | 12 | ||
13 | mkdir ${HOME}/.conkeror.mozdev.org | 13 | mkdir ${HOME}/.conkeror.mozdev.org |
14 | mkfile ${HOME}/.conkerorrc | 14 | mkfile ${HOME}/.conkerorrc |
15 | whitelist ${HOME}/.conkeror.mozdev.org | 15 | allow ${HOME}/.conkeror.mozdev.org |
16 | whitelist ${HOME}/.conkerorrc | 16 | allow ${HOME}/.conkerorrc |
17 | whitelist ${HOME}/.lastpass | 17 | allow ${HOME}/.lastpass |
18 | whitelist ${HOME}/.pentadactyl | 18 | allow ${HOME}/.pentadactyl |
19 | whitelist ${HOME}/.pentadactylrc | 19 | allow ${HOME}/.pentadactylrc |
20 | whitelist ${HOME}/.vimperator | 20 | allow ${HOME}/.vimperator |
21 | whitelist ${HOME}/.vimperatorrc | 21 | allow ${HOME}/.vimperatorrc |
22 | whitelist ${HOME}/.zotero | 22 | allow ${HOME}/.zotero |
23 | whitelist ${HOME}/dwhelper | 23 | allow ${HOME}/dwhelper |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-a-l/conky.profile b/etc/profile-a-l/conky.profile index eaa18739d..1b3fe6651 100644 --- a/etc/profile-a-l/conky.profile +++ b/etc/profile-a-l/conky.profile | |||
@@ -6,7 +6,7 @@ include conky.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | 10 | ||
11 | # Allow lua (blacklisted by disable-interpreters.inc) | 11 | # Allow lua (blacklisted by disable-interpreters.inc) |
12 | include allow-lua.inc | 12 | include allow-lua.inc |
diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile index 2fb446e2a..266c404ee 100644 --- a/etc/profile-a-l/corebird.profile +++ b/etc/profile-a-l/corebird.profile | |||
@@ -6,7 +6,7 @@ include corebird.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/corebird | 9 | nodeny ${HOME}/.config/corebird |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile index 1635995dc..0a1353e40 100644 --- a/etc/profile-a-l/cower.profile +++ b/etc/profile-a-l/cower.profile | |||
@@ -7,8 +7,8 @@ include cower.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/cower | 10 | nodeny ${HOME}/.config/cower |
11 | noblacklist /var/lib/pacman | 11 | nodeny /var/lib/pacman |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile index 7ece35c2b..5e48c8022 100644 --- a/etc/profile-a-l/coyim.profile +++ b/etc/profile-a-l/coyim.profile | |||
@@ -6,7 +6,7 @@ include coyim.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/coyim | 9 | nodeny ${HOME}/.config/coyim |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/coyim | 20 | mkdir ${HOME}/.config/coyim |
21 | whitelist ${HOME}/.config/coyim | 21 | allow ${HOME}/.config/coyim |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/cpio.profile b/etc/profile-a-l/cpio.profile index bdc4f21a6..dec8c086b 100644 --- a/etc/profile-a-l/cpio.profile +++ b/etc/profile-a-l/cpio.profile | |||
@@ -7,8 +7,8 @@ include cpio.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist /sbin | 10 | nodeny /sbin |
11 | noblacklist /usr/sbin | 11 | nodeny /usr/sbin |
12 | 12 | ||
13 | # Redirect | 13 | # Redirect |
14 | include archiver-common.profile | 14 | include archiver-common.profile |
diff --git a/etc/profile-a-l/crawl.profile b/etc/profile-a-l/crawl.profile index b10216895..81292c01c 100644 --- a/etc/profile-a-l/crawl.profile +++ b/etc/profile-a-l/crawl.profile | |||
@@ -6,7 +6,7 @@ include crawl-tiles.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.crawl | 9 | nodeny ${HOME}/.crawl |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.crawl | 19 | mkdir ${HOME}/.crawl |
20 | whitelist ${HOME}/.crawl | 20 | allow ${HOME}/.crawl |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile index 02b15ecc2..36bd93778 100644 --- a/etc/profile-a-l/crow.profile +++ b/etc/profile-a-l/crow.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | mkdir ${HOME}/.config/crow | 9 | mkdir ${HOME}/.config/crow |
10 | mkdir ${HOME}/.cache/gstreamer-1.0 | 10 | mkdir ${HOME}/.cache/gstreamer-1.0 |
11 | whitelist ${HOME}/.config/crow | 11 | allow ${HOME}/.config/crow |
12 | whitelist ${HOME}/.cache/gstreamer-1.0 | 12 | allow ${HOME}/.cache/gstreamer-1.0 |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile index c9867c5d7..4950b7a4c 100644 --- a/etc/profile-a-l/curl.profile +++ b/etc/profile-a-l/curl.profile | |||
@@ -12,11 +12,11 @@ include globals.local | |||
12 | # Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts. | 12 | # Technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts. |
13 | # If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local | 13 | # If your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local |
14 | # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact. | 14 | # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact. |
15 | noblacklist ${HOME}/.curl-hsts | 15 | nodeny ${HOME}/.curl-hsts |
16 | noblacklist ${HOME}/.curlrc | 16 | nodeny ${HOME}/.curlrc |
17 | 17 | ||
18 | blacklist /tmp/.X11-unix | 18 | deny /tmp/.X11-unix |
19 | blacklist ${RUNUSER} | 19 | deny ${RUNUSER} |
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-exec.inc | 22 | include disable-exec.inc |
diff --git a/etc/profile-a-l/cyberfox.profile b/etc/profile-a-l/cyberfox.profile index d1fff0004..49f972e4a 100644 --- a/etc/profile-a-l/cyberfox.profile +++ b/etc/profile-a-l/cyberfox.profile | |||
@@ -5,13 +5,13 @@ include cyberfox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.8pecxstudios | 8 | nodeny ${HOME}/.8pecxstudios |
9 | noblacklist ${HOME}/.cache/8pecxstudios | 9 | nodeny ${HOME}/.cache/8pecxstudios |
10 | 10 | ||
11 | mkdir ${HOME}/.8pecxstudios | 11 | mkdir ${HOME}/.8pecxstudios |
12 | mkdir ${HOME}/.cache/8pecxstudios | 12 | mkdir ${HOME}/.cache/8pecxstudios |
13 | whitelist ${HOME}/.8pecxstudios | 13 | allow ${HOME}/.8pecxstudios |
14 | whitelist ${HOME}/.cache/8pecxstudios | 14 | allow ${HOME}/.cache/8pecxstudios |
15 | 15 | ||
16 | # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which | 16 | # private-bin cyberfox,dbus-launch,dbus-send,env,sh,which |
17 | # private-etc must first be enabled in firefox-common.profile | 17 | # private-etc must first be enabled in firefox-common.profile |
diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile index ba1e7adad..c7ce1730a 100644 --- a/etc/profile-a-l/d-feet.profile +++ b/etc/profile-a-l/d-feet.profile | |||
@@ -6,7 +6,7 @@ include d-feet.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/d-feet | 9 | nodeny ${HOME}/.config/d-feet |
10 | 10 | ||
11 | # Allow python (disabled by disable-interpreters.inc) | 11 | # Allow python (disabled by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,8 +22,8 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.config/d-feet | 24 | mkdir ${HOME}/.config/d-feet |
25 | whitelist ${HOME}/.config/d-feet | 25 | allow ${HOME}/.config/d-feet |
26 | whitelist /usr/share/d-feet | 26 | allow /usr/share/d-feet |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/darktable.profile b/etc/profile-a-l/darktable.profile index 61fa52928..4d51c255e 100644 --- a/etc/profile-a-l/darktable.profile +++ b/etc/profile-a-l/darktable.profile | |||
@@ -6,9 +6,9 @@ include darktable.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/darktable | 9 | nodeny ${HOME}/.cache/darktable |
10 | noblacklist ${HOME}/.config/darktable | 10 | nodeny ${HOME}/.config/darktable |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dbus-send.profile b/etc/profile-a-l/dbus-send.profile index 67a61bb60..745042d6f 100644 --- a/etc/profile-a-l/dbus-send.profile +++ b/etc/profile-a-l/dbus-send.profile | |||
@@ -7,8 +7,8 @@ include dbus-send.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile index 0c221850a..c1231c6cf 100644 --- a/etc/profile-a-l/dconf-editor.profile +++ b/etc/profile-a-l/dconf-editor.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist ${HOME}/.local/share/glib-2.0 | 18 | allow ${HOME}/.local/share/glib-2.0 |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/dconf.profile b/etc/profile-a-l/dconf.profile index be7514cbf..b9d385adf 100644 --- a/etc/profile-a-l/dconf.profile +++ b/etc/profile-a-l/dconf.profile | |||
@@ -6,7 +6,7 @@ include dconf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist ${HOME}/.local/share/glib-2.0 | 19 | allow ${HOME}/.local/share/glib-2.0 |
20 | # dconf paths are whitelisted by the following | 20 | # dconf paths are whitelisted by the following |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/ddgtk.profile b/etc/profile-a-l/ddgtk.profile index 5b95b74be..09fa7a07a 100644 --- a/etc/profile-a-l/ddgtk.profile +++ b/etc/profile-a-l/ddgtk.profile | |||
@@ -18,8 +18,8 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | whitelist /usr/share/ddgtk | 22 | allow /usr/share/ddgtk |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/deadbeef.profile b/etc/profile-a-l/deadbeef.profile index a221ebbd7..25fa944a1 100644 --- a/etc/profile-a-l/deadbeef.profile +++ b/etc/profile-a-l/deadbeef.profile | |||
@@ -6,8 +6,8 @@ include deadbeef.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/deadbeef | 9 | nodeny ${HOME}/.config/deadbeef |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/deluge.profile b/etc/profile-a-l/deluge.profile index ad7aa6ed5..d41a4a023 100644 --- a/etc/profile-a-l/deluge.profile +++ b/etc/profile-a-l/deluge.profile | |||
@@ -6,7 +6,7 @@ include deluge.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/deluge | 9 | nodeny ${HOME}/.config/deluge |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -20,8 +20,8 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.config/deluge | 22 | mkdir ${HOME}/.config/deluge |
23 | whitelist ${DOWNLOADS} | 23 | allow ${DOWNLOADS} |
24 | whitelist ${HOME}/.config/deluge | 24 | allow ${HOME}/.config/deluge |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/desktopeditors.profile b/etc/profile-a-l/desktopeditors.profile index 212cdab60..aed4355d5 100644 --- a/etc/profile-a-l/desktopeditors.profile +++ b/etc/profile-a-l/desktopeditors.profile | |||
@@ -6,9 +6,9 @@ include desktopeditors.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/onlyoffice | 9 | nodeny ${HOME}/.config/onlyoffice |
10 | noblacklist ${HOME}/.local/share/onlyoffice | 10 | nodeny ${HOME}/.local/share/onlyoffice |
11 | noblacklist ${HOME}/.pki | 11 | nodeny ${HOME}/.pki |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile index 5007f8e74..dc0f290fb 100644 --- a/etc/profile-a-l/devhelp.profile +++ b/etc/profile-a-l/devhelp.profile | |||
@@ -16,9 +16,9 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist /usr/share/devhelp | 19 | allow /usr/share/devhelp |
20 | whitelist /usr/share/doc | 20 | allow /usr/share/doc |
21 | whitelist /usr/share/gtk-doc/html | 21 | allow /usr/share/gtk-doc/html |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile index 6267b5709..631f15f93 100644 --- a/etc/profile-a-l/devilspie.profile +++ b/etc/profile-a-l/devilspie.profile | |||
@@ -6,9 +6,9 @@ include devilspie.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | noblacklist ${HOME}/.devilspie | 11 | nodeny ${HOME}/.devilspie |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.devilspie | 21 | mkdir ${HOME}/.devilspie |
22 | whitelist ${HOME}/.devilspie | 22 | allow ${HOME}/.devilspie |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/devilspie2.profile b/etc/profile-a-l/devilspie2.profile index 9eab3f536..140c9da0f 100644 --- a/etc/profile-a-l/devilspie2.profile +++ b/etc/profile-a-l/devilspie2.profile | |||
@@ -6,17 +6,17 @@ include devilspie2.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | blacklist ${HOME}/.devilspie | 9 | deny ${HOME}/.devilspie |
10 | 10 | ||
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | noblacklist ${HOME}/.config/devilspie2 | 13 | nodeny ${HOME}/.config/devilspie2 |
14 | 14 | ||
15 | # Allow lua (blacklisted by disable-interpreters.inc) | 15 | # Allow lua (blacklisted by disable-interpreters.inc) |
16 | include allow-lua.inc | 16 | include allow-lua.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/devilspie2 | 18 | mkdir ${HOME}/.config/devilspie2 |
19 | whitelist ${HOME}/.config/devilspie2 | 19 | allow ${HOME}/.config/devilspie2 |
20 | 20 | ||
21 | private-bin devilspie2 | 21 | private-bin devilspie2 |
22 | 22 | ||
diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile index 531734b7d..2a808238b 100644 --- a/etc/profile-a-l/dia.profile +++ b/etc/profile-a-l/dia.profile | |||
@@ -6,8 +6,8 @@ include dia.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.dia | 9 | nodeny ${HOME}/.dia |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -25,7 +25,7 @@ include disable-xdg.inc | |||
25 | #whitelist ${HOME}/.dia | 25 | #whitelist ${HOME}/.dia |
26 | #whitelist ${DOCUMENTS} | 26 | #whitelist ${DOCUMENTS} |
27 | #include whitelist-common.inc | 27 | #include whitelist-common.inc |
28 | whitelist /usr/share/dia | 28 | allow /usr/share/dia |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/dig.profile b/etc/profile-a-l/dig.profile index 247159a8a..2d683b811 100644 --- a/etc/profile-a-l/dig.profile +++ b/etc/profile-a-l/dig.profile | |||
@@ -7,11 +7,11 @@ include dig.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.digrc | 10 | nodeny ${HOME}/.digrc |
11 | noblacklist ${PATH}/dig | 11 | nodeny ${PATH}/dig |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | deny /tmp/.X11-unix |
14 | blacklist ${RUNUSER} | 14 | deny ${RUNUSER} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | # include disable-devel.inc | 17 | # include disable-devel.inc |
@@ -22,7 +22,7 @@ include disable-programs.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | #mkfile ${HOME}/.digrc - see #903 | 24 | #mkfile ${HOME}/.digrc - see #903 |
25 | whitelist ${HOME}/.digrc | 25 | allow ${HOME}/.digrc |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/digikam.profile b/etc/profile-a-l/digikam.profile index 2ca7bd400..124b50952 100644 --- a/etc/profile-a-l/digikam.profile +++ b/etc/profile-a-l/digikam.profile | |||
@@ -6,12 +6,12 @@ include digikam.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/digikam | 9 | nodeny ${HOME}/.config/digikam |
10 | noblacklist ${HOME}/.config/digikamrc | 10 | nodeny ${HOME}/.config/digikamrc |
11 | noblacklist ${HOME}/.kde/share/apps/digikam | 11 | nodeny ${HOME}/.kde/share/apps/digikam |
12 | noblacklist ${HOME}/.kde4/share/apps/digikam | 12 | nodeny ${HOME}/.kde4/share/apps/digikam |
13 | noblacklist ${HOME}/.local/share/kxmlgui5/digikam | 13 | nodeny ${HOME}/.local/share/kxmlgui5/digikam |
14 | noblacklist ${PICTURES} | 14 | nodeny ${PICTURES} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dillo.profile b/etc/profile-a-l/dillo.profile index 9871a6095..883466f4d 100644 --- a/etc/profile-a-l/dillo.profile +++ b/etc/profile-a-l/dillo.profile | |||
@@ -6,7 +6,7 @@ include dillo.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.dillo | 9 | nodeny ${HOME}/.dillo |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-programs.inc | |||
16 | 16 | ||
17 | mkdir ${HOME}/.dillo | 17 | mkdir ${HOME}/.dillo |
18 | mkdir ${HOME}/.fltk | 18 | mkdir ${HOME}/.fltk |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.dillo | 20 | allow ${HOME}/.dillo |
21 | whitelist ${HOME}/.fltk | 21 | allow ${HOME}/.fltk |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile index c3174b35f..3078bef71 100644 --- a/etc/profile-a-l/dino.profile +++ b/etc/profile-a-l/dino.profile | |||
@@ -6,7 +6,7 @@ include dino.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/dino | 9 | nodeny ${HOME}/.local/share/dino |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.local/share/dino | 19 | mkdir ${HOME}/.local/share/dino |
20 | whitelist ${HOME}/.local/share/dino | 20 | allow ${HOME}/.local/share/dino |
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/discord-canary.profile b/etc/profile-a-l/discord-canary.profile index 43db95b8a..1c53cd211 100644 --- a/etc/profile-a-l/discord-canary.profile +++ b/etc/profile-a-l/discord-canary.profile | |||
@@ -5,10 +5,10 @@ include discord-canary.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/discordcanary | 8 | nodeny ${HOME}/.config/discordcanary |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discordcanary | 10 | mkdir ${HOME}/.config/discordcanary |
11 | whitelist ${HOME}/.config/discordcanary | 11 | allow ${HOME}/.config/discordcanary |
12 | 12 | ||
13 | private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9] | 13 | private-bin discord-canary,electron,electron[0-9],electron[0-9][0-9] |
14 | private-opt discord-canary | 14 | private-opt discord-canary |
diff --git a/etc/profile-a-l/discord-common.profile b/etc/profile-a-l/discord-common.profile index 19e7bd9ab..6bee1901c 100644 --- a/etc/profile-a-l/discord-common.profile +++ b/etc/profile-a-l/discord-common.profile | |||
@@ -20,8 +20,8 @@ ignore dbus-system none | |||
20 | ignore noexec ${HOME} | 20 | ignore noexec ${HOME} |
21 | ignore novideo | 21 | ignore novideo |
22 | 22 | ||
23 | whitelist ${HOME}/.config/BetterDiscord | 23 | allow ${HOME}/.config/BetterDiscord |
24 | whitelist ${HOME}/.local/share/betterdiscordctl | 24 | allow ${HOME}/.local/share/betterdiscordctl |
25 | 25 | ||
26 | private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh | 26 | private-bin bash,cut,echo,egrep,fish,grep,head,sed,sh,tclsh,tr,xdg-mime,xdg-open,zsh |
27 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl | 27 | private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl |
diff --git a/etc/profile-a-l/discord.profile b/etc/profile-a-l/discord.profile index 8ef02a30f..658d3fc83 100644 --- a/etc/profile-a-l/discord.profile +++ b/etc/profile-a-l/discord.profile | |||
@@ -5,10 +5,10 @@ include discord.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/discord | 8 | nodeny ${HOME}/.config/discord |
9 | 9 | ||
10 | mkdir ${HOME}/.config/discord | 10 | mkdir ${HOME}/.config/discord |
11 | whitelist ${HOME}/.config/discord | 11 | allow ${HOME}/.config/discord |
12 | 12 | ||
13 | private-bin discord | 13 | private-bin discord |
14 | private-opt discord | 14 | private-opt discord |
diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile index 11f3fd36e..4474b97d2 100644 --- a/etc/profile-a-l/display.profile +++ b/etc/profile-a-l/display.profile | |||
@@ -5,7 +5,7 @@ include display.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${PICTURES} | 8 | nodeny ${PICTURES} |
9 | 9 | ||
10 | # Allow python (blacklisted by disable-interpreters.inc) | 10 | # Allow python (blacklisted by disable-interpreters.inc) |
11 | include allow-python2.inc | 11 | include allow-python2.inc |
diff --git a/etc/profile-a-l/dnox.profile b/etc/profile-a-l/dnox.profile index 51ba6f8b7..8c3d6211b 100644 --- a/etc/profile-a-l/dnox.profile +++ b/etc/profile-a-l/dnox.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/dnox | 13 | nodeny ${HOME}/.cache/dnox |
14 | noblacklist ${HOME}/.config/dnox | 14 | nodeny ${HOME}/.config/dnox |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/dnox | 16 | mkdir ${HOME}/.cache/dnox |
17 | mkdir ${HOME}/.config/dnox | 17 | mkdir ${HOME}/.config/dnox |
18 | whitelist ${HOME}/.cache/dnox | 18 | allow ${HOME}/.cache/dnox |
19 | whitelist ${HOME}/.config/dnox | 19 | allow ${HOME}/.config/dnox |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/dnscrypt-proxy.profile b/etc/profile-a-l/dnscrypt-proxy.profile index f8fb1a331..dbcef36f8 100644 --- a/etc/profile-a-l/dnscrypt-proxy.profile +++ b/etc/profile-a-l/dnscrypt-proxy.profile | |||
@@ -7,11 +7,11 @@ include dnscrypt-proxy.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | noblacklist /sbin | 13 | nodeny /sbin |
14 | noblacklist /usr/sbin | 14 | nodeny /usr/sbin |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc | |||
21 | include disable-programs.inc | 21 | include disable-programs.inc |
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | whitelist /usr/share/dnscrypt-proxy | 24 | allow /usr/share/dnscrypt-proxy |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile index 01398c2b2..b1acbf392 100644 --- a/etc/profile-a-l/dnsmasq.profile +++ b/etc/profile-a-l/dnsmasq.profile | |||
@@ -7,11 +7,11 @@ include dnsmasq.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist /sbin | 10 | nodeny /sbin |
11 | noblacklist /usr/sbin | 11 | nodeny /usr/sbin |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | 13 | deny /tmp/.X11-unix |
14 | blacklist ${RUNUSER}/wayland-* | 14 | deny ${RUNUSER}/wayland-* |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dolphin-emu.profile b/etc/profile-a-l/dolphin-emu.profile index 49feec32e..15b312ecb 100644 --- a/etc/profile-a-l/dolphin-emu.profile +++ b/etc/profile-a-l/dolphin-emu.profile | |||
@@ -8,9 +8,9 @@ include globals.local | |||
8 | 8 | ||
9 | # Note: you must whitelist your games folder in your dolphin-emu.local. | 9 | # Note: you must whitelist your games folder in your dolphin-emu.local. |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/dolphin-emu | 11 | nodeny ${HOME}/.cache/dolphin-emu |
12 | noblacklist ${HOME}/.config/dolphin-emu | 12 | nodeny ${HOME}/.config/dolphin-emu |
13 | noblacklist ${HOME}/.local/share/dolphin-emu | 13 | nodeny ${HOME}/.local/share/dolphin-emu |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -24,10 +24,10 @@ include disable-xdg.inc | |||
24 | mkdir ${HOME}/.cache/dolphin-emu | 24 | mkdir ${HOME}/.cache/dolphin-emu |
25 | mkdir ${HOME}/.config/dolphin-emu | 25 | mkdir ${HOME}/.config/dolphin-emu |
26 | mkdir ${HOME}/.local/share/dolphin-emu | 26 | mkdir ${HOME}/.local/share/dolphin-emu |
27 | whitelist ${HOME}/.cache/dolphin-emu | 27 | allow ${HOME}/.cache/dolphin-emu |
28 | whitelist ${HOME}/.config/dolphin-emu | 28 | allow ${HOME}/.config/dolphin-emu |
29 | whitelist ${HOME}/.local/share/dolphin-emu | 29 | allow ${HOME}/.local/share/dolphin-emu |
30 | whitelist /usr/share/dolphin-emu | 30 | allow /usr/share/dolphin-emu |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
33 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/dooble.profile b/etc/profile-a-l/dooble.profile index 37a4113cb..3b0adcc36 100644 --- a/etc/profile-a-l/dooble.profile +++ b/etc/profile-a-l/dooble.profile | |||
@@ -7,7 +7,7 @@ include dooble-qt4.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.dooble | 10 | nodeny ${HOME}/.dooble |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.dooble | 19 | mkdir ${HOME}/.dooble |
20 | whitelist ${DOWNLOADS} | 20 | allow ${DOWNLOADS} |
21 | whitelist ${HOME}/.dooble | 21 | allow ${HOME}/.dooble |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile index 988f66f28..29e506764 100644 --- a/etc/profile-a-l/dosbox.profile +++ b/etc/profile-a-l/dosbox.profile | |||
@@ -6,8 +6,8 @@ include dosbox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.dosbox | 9 | nodeny ${HOME}/.dosbox |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile index 8fa01d504..90ca11774 100644 --- a/etc/profile-a-l/dragon.profile +++ b/etc/profile-a-l/dragon.profile | |||
@@ -6,9 +6,9 @@ include dragon.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/dragonplayerrc | 9 | nodeny ${HOME}/.config/dragonplayerrc |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist /usr/share/dragonplayer | 22 | allow /usr/share/dragonplayer |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile index 82d96e405..84a77ce34 100644 --- a/etc/profile-a-l/drawio.profile +++ b/etc/profile-a-l/drawio.profile | |||
@@ -6,7 +6,7 @@ include drawio.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/draw.io | 9 | nodeny ${HOME}/.config/draw.io |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/draw.io | 20 | mkdir ${HOME}/.config/draw.io |
21 | whitelist ${HOME}/.config/draw.io | 21 | allow ${HOME}/.config/draw.io |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile index 068bd88d8..e177fd60e 100644 --- a/etc/profile-a-l/drill.profile +++ b/etc/profile-a-l/drill.profile | |||
@@ -7,10 +7,10 @@ include drill.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${PATH}/drill | 10 | nodeny ${PATH}/drill |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | deny /tmp/.X11-unix |
13 | blacklist ${RUNUSER} | 13 | deny ${RUNUSER} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | # include disable-devel.inc | 16 | # include disable-devel.inc |
diff --git a/etc/profile-a-l/dropbox.profile b/etc/profile-a-l/dropbox.profile index b3b2aaf40..274cdd478 100644 --- a/etc/profile-a-l/dropbox.profile +++ b/etc/profile-a-l/dropbox.profile | |||
@@ -5,9 +5,9 @@ include dropbox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/autostart | 8 | nodeny ${HOME}/.config/autostart |
9 | noblacklist ${HOME}/.dropbox | 9 | nodeny ${HOME}/.dropbox |
10 | noblacklist ${HOME}/.dropbox-dist | 10 | nodeny ${HOME}/.dropbox-dist |
11 | 11 | ||
12 | # Allow python3 (blacklisted by disable-interpreters.inc) | 12 | # Allow python3 (blacklisted by disable-interpreters.inc) |
13 | include allow-python3.inc | 13 | include allow-python3.inc |
@@ -22,10 +22,10 @@ mkdir ${HOME}/.dropbox | |||
22 | mkdir ${HOME}/.dropbox-dist | 22 | mkdir ${HOME}/.dropbox-dist |
23 | mkdir ${HOME}/Dropbox | 23 | mkdir ${HOME}/Dropbox |
24 | mkfile ${HOME}/.config/autostart/dropbox.desktop | 24 | mkfile ${HOME}/.config/autostart/dropbox.desktop |
25 | whitelist ${HOME}/.config/autostart/dropbox.desktop | 25 | allow ${HOME}/.config/autostart/dropbox.desktop |
26 | whitelist ${HOME}/.dropbox | 26 | allow ${HOME}/.dropbox |
27 | whitelist ${HOME}/.dropbox-dist | 27 | allow ${HOME}/.dropbox-dist |
28 | whitelist ${HOME}/Dropbox | 28 | allow ${HOME}/Dropbox |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | 30 | ||
31 | caps.drop all | 31 | caps.drop all |
diff --git a/etc/profile-a-l/easystroke.profile b/etc/profile-a-l/easystroke.profile index 38e4b16f7..da54fec34 100644 --- a/etc/profile-a-l/easystroke.profile +++ b/etc/profile-a-l/easystroke.profile | |||
@@ -6,7 +6,7 @@ include easystroke.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.easystroke | 9 | nodeny ${HOME}/.easystroke |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.easystroke | 19 | mkdir ${HOME}/.easystroke |
20 | whitelist ${HOME}/.easystroke | 20 | allow ${HOME}/.easystroke |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile index 278dd6cbd..10e57371e 100644 --- a/etc/profile-a-l/electron-mail.profile +++ b/etc/profile-a-l/electron-mail.profile | |||
@@ -6,7 +6,7 @@ include electron-mail.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/electron-mail | 9 | nodeny ${HOME}/.config/electron-mail |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/electron-mail | 20 | mkdir ${HOME}/.config/electron-mail |
21 | whitelist ${HOME}/.config/electron-mail | 21 | allow ${HOME}/.config/electron-mail |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | 23 | ||
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile index 493af79d4..e8d8d35c4 100644 --- a/etc/profile-a-l/electron.profile +++ b/etc/profile-a-l/electron.profile | |||
@@ -12,7 +12,7 @@ include disable-passwdmgr.inc | |||
12 | include disable-programs.inc | 12 | include disable-programs.inc |
13 | include disable-xdg.inc | 13 | include disable-xdg.inc |
14 | 14 | ||
15 | whitelist ${DOWNLOADS} | 15 | allow ${DOWNLOADS} |
16 | include whitelist-common.inc | 16 | include whitelist-common.inc |
17 | include whitelist-runuser-common.inc | 17 | include whitelist-runuser-common.inc |
18 | include whitelist-usr-share-common.inc | 18 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile index ad636d71a..f6691017c 100644 --- a/etc/profile-a-l/electrum.profile +++ b/etc/profile-a-l/electrum.profile | |||
@@ -6,7 +6,7 @@ include electrum.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.electrum | 9 | nodeny ${HOME}/.electrum |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,7 +22,7 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.electrum | 24 | mkdir ${HOME}/.electrum |
25 | whitelist ${HOME}/.electrum | 25 | allow ${HOME}/.electrum |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-a-l/element-desktop.profile b/etc/profile-a-l/element-desktop.profile index 48a826f2e..ec28866b8 100644 --- a/etc/profile-a-l/element-desktop.profile +++ b/etc/profile-a-l/element-desktop.profile | |||
@@ -9,11 +9,11 @@ include element-desktop.local | |||
9 | 9 | ||
10 | ignore dbus-user none | 10 | ignore dbus-user none |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/Element | 12 | nodeny ${HOME}/.config/Element |
13 | 13 | ||
14 | mkdir ${HOME}/.config/Element | 14 | mkdir ${HOME}/.config/Element |
15 | whitelist ${HOME}/.config/Element | 15 | allow ${HOME}/.config/Element |
16 | whitelist /opt/Element | 16 | allow /opt/Element |
17 | 17 | ||
18 | private-opt Element | 18 | private-opt Element |
19 | 19 | ||
diff --git a/etc/profile-a-l/elinks.profile b/etc/profile-a-l/elinks.profile index 5a29eb24b..30dca05cb 100644 --- a/etc/profile-a-l/elinks.profile +++ b/etc/profile-a-l/elinks.profile | |||
@@ -7,10 +7,10 @@ include elinks.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.elinks | 10 | nodeny ${HOME}/.elinks |
11 | 11 | ||
12 | mkdir ${HOME}/.elinks | 12 | mkdir ${HOME}/.elinks |
13 | whitelist ${HOME}/.elinks | 13 | allow ${HOME}/.elinks |
14 | 14 | ||
15 | private-bin elinks | 15 | private-bin elinks |
16 | 16 | ||
diff --git a/etc/profile-a-l/emacs.profile b/etc/profile-a-l/emacs.profile index 55bf743ef..f0e0e2830 100644 --- a/etc/profile-a-l/emacs.profile +++ b/etc/profile-a-l/emacs.profile | |||
@@ -6,8 +6,8 @@ include emacs.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.emacs | 9 | nodeny ${HOME}/.emacs |
10 | noblacklist ${HOME}/.emacs.d | 10 | nodeny ${HOME}/.emacs.d |
11 | # Add the next line to your emacs.local if you need gpg support. | 11 | # Add the next line to your emacs.local if you need gpg support. |
12 | #noblacklist ${HOME}/.gnupg | 12 | #noblacklist ${HOME}/.gnupg |
13 | 13 | ||
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 6c9a8a6ea..5fc72d340 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile | |||
@@ -7,14 +7,14 @@ include email-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.gnupg | 10 | nodeny ${HOME}/.gnupg |
11 | noblacklist ${HOME}/.mozilla | 11 | nodeny ${HOME}/.mozilla |
12 | noblacklist ${HOME}/.signature | 12 | nodeny ${HOME}/.signature |
13 | # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local | 13 | # when storing mail outside the default ${HOME}/Mail path, 'noblacklist' the custom path in your email-common.local |
14 | # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications | 14 | # and 'blacklist' it in your disable-common.local too so it is kept hidden from other applications |
15 | noblacklist ${HOME}/Mail | 15 | nodeny ${HOME}/Mail |
16 | 16 | ||
17 | noblacklist ${DOCUMENTS} | 17 | nodeny ${DOCUMENTS} |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
@@ -27,17 +27,17 @@ include disable-xdg.inc | |||
27 | mkdir ${HOME}/.gnupg | 27 | mkdir ${HOME}/.gnupg |
28 | mkfile ${HOME}/.config/mimeapps.list | 28 | mkfile ${HOME}/.config/mimeapps.list |
29 | mkfile ${HOME}/.signature | 29 | mkfile ${HOME}/.signature |
30 | whitelist ${HOME}/.config/mimeapps.list | 30 | allow ${HOME}/.config/mimeapps.list |
31 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 31 | allow ${HOME}/.mozilla/firefox/profiles.ini |
32 | whitelist ${HOME}/.gnupg | 32 | allow ${HOME}/.gnupg |
33 | whitelist ${HOME}/.signature | 33 | allow ${HOME}/.signature |
34 | whitelist ${DOCUMENTS} | 34 | allow ${DOCUMENTS} |
35 | whitelist ${DOWNLOADS} | 35 | allow ${DOWNLOADS} |
36 | # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local | 36 | # when storing mail outside the default ${HOME}/Mail path, 'whitelist' the custom path in your email-common.local |
37 | whitelist ${HOME}/Mail | 37 | allow ${HOME}/Mail |
38 | whitelist ${RUNUSER}/gnupg | 38 | allow ${RUNUSER}/gnupg |
39 | whitelist /usr/share/gnupg | 39 | allow /usr/share/gnupg |
40 | whitelist /usr/share/gnupg2 | 40 | allow /usr/share/gnupg2 |
41 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-runuser-common.inc | 42 | include whitelist-runuser-common.inc |
43 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile index ac17b1726..36015b702 100644 --- a/etc/profile-a-l/enchant.profile +++ b/etc/profile-a-l/enchant.profile | |||
@@ -6,9 +6,9 @@ include enchant.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/enchant | 11 | nodeny ${HOME}/.config/enchant |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.config/enchant | 21 | mkdir ${HOME}/.config/enchant |
22 | whitelist ${HOME}/.config/enchant | 22 | allow ${HOME}/.config/enchant |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/enox.profile b/etc/profile-a-l/enox.profile index d982433e2..9a1d89bba 100644 --- a/etc/profile-a-l/enox.profile +++ b/etc/profile-a-l/enox.profile | |||
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/Enox | 13 | nodeny ${HOME}/.cache/Enox |
14 | noblacklist ${HOME}/.config/Enox | 14 | nodeny ${HOME}/.config/Enox |
15 | 15 | ||
16 | #mkdir ${HOME}/.cache/dnox | 16 | #mkdir ${HOME}/.cache/dnox |
17 | #mkdir ${HOME}/.config/dnox | 17 | #mkdir ${HOME}/.config/dnox |
18 | mkdir ${HOME}/.cache/Enox | 18 | mkdir ${HOME}/.cache/Enox |
19 | mkdir ${HOME}/.config/Enox | 19 | mkdir ${HOME}/.config/Enox |
20 | whitelist ${HOME}/.cache/Enox | 20 | allow ${HOME}/.cache/Enox |
21 | whitelist ${HOME}/.config/Enox | 21 | allow ${HOME}/.config/Enox |
22 | 22 | ||
23 | # Redirect | 23 | # Redirect |
24 | include chromium-common.profile | 24 | include chromium-common.profile |
diff --git a/etc/profile-a-l/enpass.profile b/etc/profile-a-l/enpass.profile index c4123b4c2..5d8f8a0b9 100644 --- a/etc/profile-a-l/enpass.profile +++ b/etc/profile-a-l/enpass.profile | |||
@@ -6,11 +6,11 @@ include enpass.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Enpass | 9 | nodeny ${HOME}/.cache/Enpass |
10 | noblacklist ${HOME}/.config/sinew.in | 10 | nodeny ${HOME}/.config/sinew.in |
11 | noblacklist ${HOME}/.config/Sinew Software Systems | 11 | nodeny ${HOME}/.config/Sinew Software Systems |
12 | noblacklist ${HOME}/.local/share/Enpass | 12 | nodeny ${HOME}/.local/share/Enpass |
13 | noblacklist ${DOCUMENTS} | 13 | nodeny ${DOCUMENTS} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -24,11 +24,11 @@ mkdir ${HOME}/.cache/Enpass | |||
24 | mkfile ${HOME}/.config/sinew.in | 24 | mkfile ${HOME}/.config/sinew.in |
25 | mkdir ${HOME}/.config/Sinew Software Systems | 25 | mkdir ${HOME}/.config/Sinew Software Systems |
26 | mkdir ${HOME}/.local/share/Enpass | 26 | mkdir ${HOME}/.local/share/Enpass |
27 | whitelist ${HOME}/.cache/Enpass | 27 | allow ${HOME}/.cache/Enpass |
28 | whitelist ${HOME}/.config/sinew.in | 28 | allow ${HOME}/.config/sinew.in |
29 | whitelist ${HOME}/.config/Sinew Software Systems | 29 | allow ${HOME}/.config/Sinew Software Systems |
30 | whitelist ${HOME}/.local/share/Enpass | 30 | allow ${HOME}/.local/share/Enpass |
31 | whitelist ${DOCUMENTS} | 31 | allow ${DOCUMENTS} |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile index fe7913e77..ff7040e5c 100644 --- a/etc/profile-a-l/eo-common.profile +++ b/etc/profile-a-l/eo-common.profile | |||
@@ -7,11 +7,11 @@ include eo-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.local/share/Trash | 10 | nodeny ${HOME}/.local/share/Trash |
11 | noblacklist ${HOME}/.Steam | 11 | nodeny ${HOME}/.Steam |
12 | noblacklist ${HOME}/.steam | 12 | nodeny ${HOME}/.steam |
13 | 13 | ||
14 | blacklist /usr/libexec | 14 | deny /usr/libexec |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/eog.profile b/etc/profile-a-l/eog.profile index 5892374bd..e8592c7df 100644 --- a/etc/profile-a-l/eog.profile +++ b/etc/profile-a-l/eog.profile | |||
@@ -6,9 +6,9 @@ include eog.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/eog | 9 | nodeny ${HOME}/.config/eog |
10 | 10 | ||
11 | whitelist /usr/share/eog | 11 | allow /usr/share/eog |
12 | 12 | ||
13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. | 13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. |
14 | # Add the next lines to your eog.local if you need that functionality. | 14 | # Add the next lines to your eog.local if you need that functionality. |
diff --git a/etc/profile-a-l/eom.profile b/etc/profile-a-l/eom.profile index 7143a8e03..323f5ade2 100644 --- a/etc/profile-a-l/eom.profile +++ b/etc/profile-a-l/eom.profile | |||
@@ -6,9 +6,9 @@ include eom.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mate/eom | 9 | nodeny ${HOME}/.config/mate/eom |
10 | 10 | ||
11 | whitelist /usr/share/eom | 11 | allow /usr/share/eom |
12 | 12 | ||
13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. | 13 | # private-bin, private-etc and private-lib break 'Open With' / 'Open in file manager'. |
14 | # Add the next lines to your eom.local if you need that functionality. | 14 | # Add the next lines to your eom.local if you need that functionality. |
diff --git a/etc/profile-a-l/ephemeral.profile b/etc/profile-a-l/ephemeral.profile index 131d68951..3657742b9 100644 --- a/etc/profile-a-l/ephemeral.profile +++ b/etc/profile-a-l/ephemeral.profile | |||
@@ -9,8 +9,8 @@ include globals.local | |||
9 | # enforce private-cache | 9 | # enforce private-cache |
10 | #noblacklist ${HOME}/.cache/ephemeral | 10 | #noblacklist ${HOME}/.cache/ephemeral |
11 | 11 | ||
12 | noblacklist ${HOME}/.pki | 12 | nodeny ${HOME}/.pki |
13 | noblacklist ${HOME}/.local/share/pki | 13 | nodeny ${HOME}/.local/share/pki |
14 | 14 | ||
15 | # noexec ${HOME} breaks DRM binaries. | 15 | # noexec ${HOME} breaks DRM binaries. |
16 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 16 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
@@ -27,9 +27,9 @@ mkdir ${HOME}/.pki | |||
27 | mkdir ${HOME}/.local/share/pki | 27 | mkdir ${HOME}/.local/share/pki |
28 | # enforce private-cache | 28 | # enforce private-cache |
29 | #whitelist ${HOME}/.cache/ephemeral | 29 | #whitelist ${HOME}/.cache/ephemeral |
30 | whitelist ${HOME}/.pki | 30 | allow ${HOME}/.pki |
31 | whitelist ${HOME}/.local/share/pki | 31 | allow ${HOME}/.local/share/pki |
32 | whitelist ${DOWNLOADS} | 32 | allow ${DOWNLOADS} |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/epiphany.profile b/etc/profile-a-l/epiphany.profile index 225811226..daedb2193 100644 --- a/etc/profile-a-l/epiphany.profile +++ b/etc/profile-a-l/epiphany.profile | |||
@@ -9,9 +9,9 @@ include globals.local | |||
9 | # Note: Epiphany use bwrap since 3.34 and can not be firejailed any more. | 9 | # Note: Epiphany use bwrap since 3.34 and can not be firejailed any more. |
10 | # See https://github.com/netblue30/firejail/issues/2995 | 10 | # See https://github.com/netblue30/firejail/issues/2995 |
11 | 11 | ||
12 | noblacklist ${HOME}/.cache/epiphany | 12 | nodeny ${HOME}/.cache/epiphany |
13 | noblacklist ${HOME}/.config/epiphany | 13 | nodeny ${HOME}/.config/epiphany |
14 | noblacklist ${HOME}/.local/share/epiphany | 14 | nodeny ${HOME}/.local/share/epiphany |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -21,10 +21,10 @@ include disable-programs.inc | |||
21 | mkdir ${HOME}/.cache/epiphany | 21 | mkdir ${HOME}/.cache/epiphany |
22 | mkdir ${HOME}/.config/epiphany | 22 | mkdir ${HOME}/.config/epiphany |
23 | mkdir ${HOME}/.local/share/epiphany | 23 | mkdir ${HOME}/.local/share/epiphany |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | whitelist ${HOME}/.cache/epiphany | 25 | allow ${HOME}/.cache/epiphany |
26 | whitelist ${HOME}/.config/epiphany | 26 | allow ${HOME}/.config/epiphany |
27 | whitelist ${HOME}/.local/share/epiphany | 27 | allow ${HOME}/.local/share/epiphany |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | 29 | ||
30 | caps.drop all | 30 | caps.drop all |
diff --git a/etc/profile-a-l/equalx.profile b/etc/profile-a-l/equalx.profile index 964d3b7ca..ac957870c 100644 --- a/etc/profile-a-l/equalx.profile +++ b/etc/profile-a-l/equalx.profile | |||
@@ -6,8 +6,8 @@ include equalx.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/equalx | 9 | nodeny ${HOME}/.config/equalx |
10 | noblacklist ${HOME}/.equalx | 10 | nodeny ${HOME}/.equalx |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,13 +20,13 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.config/equalx | 21 | mkdir ${HOME}/.config/equalx |
22 | mkdir ${HOME}/.equalx | 22 | mkdir ${HOME}/.equalx |
23 | whitelist ${HOME}/.config/equalx | 23 | allow ${HOME}/.config/equalx |
24 | whitelist ${HOME}/.equalx | 24 | allow ${HOME}/.equalx |
25 | whitelist /usr/share/poppler | 25 | allow /usr/share/poppler |
26 | whitelist /usr/share/ghostscript | 26 | allow /usr/share/ghostscript |
27 | whitelist /usr/share/texlive | 27 | allow /usr/share/texlive |
28 | whitelist /usr/share/equalx | 28 | allow /usr/share/equalx |
29 | whitelist /var/lib/texmf | 29 | allow /var/lib/texmf |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile index fdff1e4b5..a2f46b757 100644 --- a/etc/profile-a-l/etr.profile +++ b/etc/profile-a-l/etr.profile | |||
@@ -6,9 +6,9 @@ include etr.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.etr | 9 | nodeny ${HOME}/.etr |
10 | 10 | ||
11 | blacklist /usr/libexec | 11 | deny /usr/libexec |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,10 +20,10 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.etr | 22 | mkdir ${HOME}/.etr |
23 | whitelist ${HOME}/.etr | 23 | allow ${HOME}/.etr |
24 | whitelist /usr/share/etr | 24 | allow /usr/share/etr |
25 | # Debian version | 25 | # Debian version |
26 | whitelist /usr/share/games/etr | 26 | allow /usr/share/games/etr |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile index a9e39b15c..ce2617ad6 100644 --- a/etc/profile-a-l/evince.profile +++ b/etc/profile-a-l/evince.profile | |||
@@ -10,10 +10,10 @@ include globals.local | |||
10 | # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below). | 10 | # Add the next line to your evince.local if you need bookmarks support. This also needs additional dbus-user filtering (see below). |
11 | #noblacklist ${HOME}/.local/share/gvfs-metadata | 11 | #noblacklist ${HOME}/.local/share/gvfs-metadata |
12 | 12 | ||
13 | noblacklist ${HOME}/.config/evince | 13 | nodeny ${HOME}/.config/evince |
14 | noblacklist ${DOCUMENTS} | 14 | nodeny ${DOCUMENTS} |
15 | 15 | ||
16 | blacklist /usr/libexec | 16 | deny /usr/libexec |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -24,10 +24,10 @@ include disable-programs.inc | |||
24 | include disable-shell.inc | 24 | include disable-shell.inc |
25 | include disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | whitelist /usr/share/doc | 27 | allow /usr/share/doc |
28 | whitelist /usr/share/evince | 28 | allow /usr/share/evince |
29 | whitelist /usr/share/poppler | 29 | allow /usr/share/poppler |
30 | whitelist /usr/share/tracker | 30 | allow /usr/share/tracker |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/evolution.profile b/etc/profile-a-l/evolution.profile index 7222493ac..142498a28 100644 --- a/etc/profile-a-l/evolution.profile +++ b/etc/profile-a-l/evolution.profile | |||
@@ -6,15 +6,15 @@ include evolution.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /var/mail | 9 | nodeny /var/mail |
10 | noblacklist /var/spool/mail | 10 | nodeny /var/spool/mail |
11 | noblacklist ${HOME}/.bogofilter | 11 | nodeny ${HOME}/.bogofilter |
12 | noblacklist ${HOME}/.cache/evolution | 12 | nodeny ${HOME}/.cache/evolution |
13 | noblacklist ${HOME}/.config/evolution | 13 | nodeny ${HOME}/.config/evolution |
14 | noblacklist ${HOME}/.gnupg | 14 | nodeny ${HOME}/.gnupg |
15 | noblacklist ${HOME}/.local/share/evolution | 15 | nodeny ${HOME}/.local/share/evolution |
16 | noblacklist ${HOME}/.pki | 16 | nodeny ${HOME}/.pki |
17 | noblacklist ${HOME}/.local/share/pki | 17 | nodeny ${HOME}/.local/share/pki |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile index 7b09a2c64..216814989 100644 --- a/etc/profile-a-l/exiftool.profile +++ b/etc/profile-a-l/exiftool.profile | |||
@@ -6,7 +6,7 @@ include exiftool.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
12 | include allow-perl.inc | 12 | include allow-perl.inc |
@@ -18,7 +18,7 @@ include disable-interpreters.inc | |||
18 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | whitelist /usr/share/perl-image-exiftool | 21 | allow /usr/share/perl-image-exiftool |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/falkon.profile b/etc/profile-a-l/falkon.profile index b2061db79..9bb42945b 100644 --- a/etc/profile-a-l/falkon.profile +++ b/etc/profile-a-l/falkon.profile | |||
@@ -6,8 +6,8 @@ include falkon.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/falkon | 9 | nodeny ${HOME}/.cache/falkon |
10 | noblacklist ${HOME}/.config/falkon | 10 | nodeny ${HOME}/.config/falkon |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,10 +19,10 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.cache/falkon | 20 | mkdir ${HOME}/.cache/falkon |
21 | mkdir ${HOME}/.config/falkon | 21 | mkdir ${HOME}/.config/falkon |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist ${HOME}/.cache/falkon | 23 | allow ${HOME}/.cache/falkon |
24 | whitelist ${HOME}/.config/falkon | 24 | allow ${HOME}/.config/falkon |
25 | whitelist /usr/share/falkon | 25 | allow /usr/share/falkon |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile index 8e81000fd..d141c6ed5 100644 --- a/etc/profile-a-l/fbreader.profile +++ b/etc/profile-a-l/fbreader.profile | |||
@@ -6,8 +6,8 @@ include fbreader.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.FBReader | 9 | nodeny ${HOME}/.FBReader |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile index 31cb1776c..17a365053 100644 --- a/etc/profile-a-l/fdns.profile +++ b/etc/profile-a-l/fdns.profile | |||
@@ -5,11 +5,11 @@ include fdns.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist /sbin | 8 | nodeny /sbin |
9 | noblacklist /usr/sbin | 9 | nodeny /usr/sbin |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | deny /tmp/.X11-unix |
12 | blacklist ${RUNUSER}/wayland-* | 12 | deny ${RUNUSER}/wayland-* |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-a-l/feedreader.profile b/etc/profile-a-l/feedreader.profile index 664ec2da6..359be083e 100644 --- a/etc/profile-a-l/feedreader.profile +++ b/etc/profile-a-l/feedreader.profile | |||
@@ -6,8 +6,8 @@ include feedreader.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/feedreader | 9 | nodeny ${HOME}/.cache/feedreader |
10 | noblacklist ${HOME}/.local/share/feedreader | 10 | nodeny ${HOME}/.local/share/feedreader |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.cache/feedreader | 21 | mkdir ${HOME}/.cache/feedreader |
22 | mkdir ${HOME}/.local/share/feedreader | 22 | mkdir ${HOME}/.local/share/feedreader |
23 | whitelist ${HOME}/.cache/feedreader | 23 | allow ${HOME}/.cache/feedreader |
24 | whitelist ${HOME}/.local/share/feedreader | 24 | allow ${HOME}/.local/share/feedreader |
25 | whitelist /usr/share/feedreader | 25 | allow /usr/share/feedreader |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/ferdi.profile b/etc/profile-a-l/ferdi.profile index a2372ec8a..f60055f37 100644 --- a/etc/profile-a-l/ferdi.profile +++ b/etc/profile-a-l/ferdi.profile | |||
@@ -7,10 +7,10 @@ include globals.local | |||
7 | 7 | ||
8 | ignore noexec /tmp | 8 | ignore noexec /tmp |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/Ferdi | 10 | nodeny ${HOME}/.cache/Ferdi |
11 | noblacklist ${HOME}/.config/Ferdi | 11 | nodeny ${HOME}/.config/Ferdi |
12 | noblacklist ${HOME}/.pki | 12 | nodeny ${HOME}/.pki |
13 | noblacklist ${HOME}/.local/share/pki | 13 | nodeny ${HOME}/.local/share/pki |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Ferdi | |||
22 | mkdir ${HOME}/.config/Ferdi | 22 | mkdir ${HOME}/.config/Ferdi |
23 | mkdir ${HOME}/.pki | 23 | mkdir ${HOME}/.pki |
24 | mkdir ${HOME}/.local/share/pki | 24 | mkdir ${HOME}/.local/share/pki |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | whitelist ${HOME}/.cache/Ferdi | 26 | allow ${HOME}/.cache/Ferdi |
27 | whitelist ${HOME}/.config/Ferdi | 27 | allow ${HOME}/.config/Ferdi |
28 | whitelist ${HOME}/.pki | 28 | allow ${HOME}/.pki |
29 | whitelist ${HOME}/.local/share/pki | 29 | allow ${HOME}/.local/share/pki |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | 31 | ||
32 | caps.drop all | 32 | caps.drop all |
diff --git a/etc/profile-a-l/fetchmail.profile b/etc/profile-a-l/fetchmail.profile index 7358ed5c7..1e06ec29a 100644 --- a/etc/profile-a-l/fetchmail.profile +++ b/etc/profile-a-l/fetchmail.profile | |||
@@ -6,8 +6,8 @@ include fetchmail.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.fetchmailrc | 9 | nodeny ${HOME}/.fetchmailrc |
10 | noblacklist ${HOME}/.netrc | 10 | nodeny ${HOME}/.netrc |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile index 13ef1beb9..1a64183ab 100644 --- a/etc/profile-a-l/ffmpeg.profile +++ b/etc/profile-a-l/ffmpeg.profile | |||
@@ -7,8 +7,8 @@ include ffmpeg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist /usr/share/devedeng | 22 | allow /usr/share/devedeng |
23 | whitelist /usr/share/ffmpeg | 23 | allow /usr/share/ffmpeg |
24 | whitelist /usr/share/qtchooser | 24 | allow /usr/share/qtchooser |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/file-roller.profile b/etc/profile-a-l/file-roller.profile index 4e651ed61..f7a938f24 100644 --- a/etc/profile-a-l/file-roller.profile +++ b/etc/profile-a-l/file-roller.profile | |||
@@ -13,8 +13,9 @@ include disable-interpreters.inc | |||
13 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | whitelist /usr/libexec/file-roller | 16 | allow /usr/libexec/file-roller |
17 | whitelist /usr/share/file-roller | 17 | allow /usr/libexec/p7zip |
18 | allow /usr/share/file-roller | ||
18 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
19 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
20 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/file.profile b/etc/profile-a-l/file.profile index 5c7583605..426d1e72d 100644 --- a/etc/profile-a-l/file.profile +++ b/etc/profile-a-l/file.profile | |||
@@ -7,7 +7,7 @@ include file.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-exec.inc | 13 | include disable-exec.inc |
diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile index dc5def54f..d9e0e9da0 100644 --- a/etc/profile-a-l/filezilla.profile +++ b/etc/profile-a-l/filezilla.profile | |||
@@ -6,8 +6,8 @@ include filezilla.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/filezilla | 9 | nodeny ${HOME}/.config/filezilla |
10 | noblacklist ${HOME}/.filezilla | 10 | nodeny ${HOME}/.filezilla |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/firedragon.profile b/etc/profile-a-l/firedragon.profile index 77487161e..e22424794 100644 --- a/etc/profile-a-l/firedragon.profile +++ b/etc/profile-a-l/firedragon.profile | |||
@@ -6,13 +6,13 @@ include firedragon.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/firedragon | 9 | nodeny ${HOME}/.cache/firedragon |
10 | noblacklist ${HOME}/.firedragon | 10 | nodeny ${HOME}/.firedragon |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/firedragon | 12 | mkdir ${HOME}/.cache/firedragon |
13 | mkdir ${HOME}/.firedragon | 13 | mkdir ${HOME}/.firedragon |
14 | whitelist ${HOME}/.cache/firedragon | 14 | allow ${HOME}/.cache/firedragon |
15 | whitelist ${HOME}/.firedragon | 15 | allow ${HOME}/.firedragon |
16 | 16 | ||
17 | # Add the next lines to your firedragon.local if you want to use the migration wizard. | 17 | # Add the next lines to your firedragon.local if you want to use the migration wizard. |
18 | #noblacklist ${HOME}/.mozilla | 18 | #noblacklist ${HOME}/.mozilla |
diff --git a/etc/profile-a-l/firefox-common-addons.profile b/etc/profile-a-l/firefox-common-addons.profile index d282f9a60..7e2e8760d 100644 --- a/etc/profile-a-l/firefox-common-addons.profile +++ b/etc/profile-a-l/firefox-common-addons.profile | |||
@@ -5,74 +5,74 @@ include firefox-common-addons.local | |||
5 | ignore include whitelist-runuser-common.inc | 5 | ignore include whitelist-runuser-common.inc |
6 | ignore private-cache | 6 | ignore private-cache |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/youtube-dl | 8 | nodeny ${HOME}/.cache/youtube-dl |
9 | noblacklist ${HOME}/.config/kgetrc | 9 | nodeny ${HOME}/.config/kgetrc |
10 | noblacklist ${HOME}/.config/mpv | 10 | nodeny ${HOME}/.config/mpv |
11 | noblacklist ${HOME}/.config/okularpartrc | 11 | nodeny ${HOME}/.config/okularpartrc |
12 | noblacklist ${HOME}/.config/okularrc | 12 | nodeny ${HOME}/.config/okularrc |
13 | noblacklist ${HOME}/.config/qpdfview | 13 | nodeny ${HOME}/.config/qpdfview |
14 | noblacklist ${HOME}/.config/youtube-dl | 14 | nodeny ${HOME}/.config/youtube-dl |
15 | noblacklist ${HOME}/.kde/share/apps/kget | 15 | nodeny ${HOME}/.kde/share/apps/kget |
16 | noblacklist ${HOME}/.kde/share/apps/okular | 16 | nodeny ${HOME}/.kde/share/apps/okular |
17 | noblacklist ${HOME}/.kde/share/config/kgetrc | 17 | nodeny ${HOME}/.kde/share/config/kgetrc |
18 | noblacklist ${HOME}/.kde/share/config/okularpartrc | 18 | nodeny ${HOME}/.kde/share/config/okularpartrc |
19 | noblacklist ${HOME}/.kde/share/config/okularrc | 19 | nodeny ${HOME}/.kde/share/config/okularrc |
20 | noblacklist ${HOME}/.kde4/share/apps/kget | 20 | nodeny ${HOME}/.kde4/share/apps/kget |
21 | noblacklist ${HOME}/.kde4/share/apps/okular | 21 | nodeny ${HOME}/.kde4/share/apps/okular |
22 | noblacklist ${HOME}/.kde4/share/config/kgetrc | 22 | nodeny ${HOME}/.kde4/share/config/kgetrc |
23 | noblacklist ${HOME}/.kde4/share/config/okularpartrc | 23 | nodeny ${HOME}/.kde4/share/config/okularpartrc |
24 | noblacklist ${HOME}/.kde4/share/config/okularrc | 24 | nodeny ${HOME}/.kde4/share/config/okularrc |
25 | noblacklist ${HOME}/.local/share/kget | 25 | nodeny ${HOME}/.local/share/kget |
26 | noblacklist ${HOME}/.local/share/kxmlgui5/okular | 26 | nodeny ${HOME}/.local/share/kxmlgui5/okular |
27 | noblacklist ${HOME}/.local/share/okular | 27 | nodeny ${HOME}/.local/share/okular |
28 | noblacklist ${HOME}/.local/share/qpdfview | 28 | nodeny ${HOME}/.local/share/qpdfview |
29 | noblacklist ${HOME}/.netrc | 29 | nodeny ${HOME}/.netrc |
30 | 30 | ||
31 | whitelist ${HOME}/.cache/gnome-mplayer/plugin | 31 | allow ${HOME}/.cache/gnome-mplayer/plugin |
32 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs | 32 | allow ${HOME}/.cache/youtube-dl/youtube-sigfuncs |
33 | whitelist ${HOME}/.config/gnome-mplayer | 33 | allow ${HOME}/.config/gnome-mplayer |
34 | whitelist ${HOME}/.config/kgetrc | 34 | allow ${HOME}/.config/kgetrc |
35 | whitelist ${HOME}/.config/mpv | 35 | allow ${HOME}/.config/mpv |
36 | whitelist ${HOME}/.config/okularpartrc | 36 | allow ${HOME}/.config/okularpartrc |
37 | whitelist ${HOME}/.config/okularrc | 37 | allow ${HOME}/.config/okularrc |
38 | whitelist ${HOME}/.config/pipelight-silverlight5.1 | 38 | allow ${HOME}/.config/pipelight-silverlight5.1 |
39 | whitelist ${HOME}/.config/pipelight-widevine | 39 | allow ${HOME}/.config/pipelight-widevine |
40 | whitelist ${HOME}/.config/qpdfview | 40 | allow ${HOME}/.config/qpdfview |
41 | whitelist ${HOME}/.config/youtube-dl | 41 | allow ${HOME}/.config/youtube-dl |
42 | whitelist ${HOME}/.kde/share/apps/kget | 42 | allow ${HOME}/.kde/share/apps/kget |
43 | whitelist ${HOME}/.kde/share/apps/okular | 43 | allow ${HOME}/.kde/share/apps/okular |
44 | whitelist ${HOME}/.kde/share/config/kgetrc | 44 | allow ${HOME}/.kde/share/config/kgetrc |
45 | whitelist ${HOME}/.kde/share/config/okularpartrc | 45 | allow ${HOME}/.kde/share/config/okularpartrc |
46 | whitelist ${HOME}/.kde/share/config/okularrc | 46 | allow ${HOME}/.kde/share/config/okularrc |
47 | whitelist ${HOME}/.kde4/share/apps/kget | 47 | allow ${HOME}/.kde4/share/apps/kget |
48 | whitelist ${HOME}/.kde4/share/apps/okular | 48 | allow ${HOME}/.kde4/share/apps/okular |
49 | whitelist ${HOME}/.kde4/share/config/kgetrc | 49 | allow ${HOME}/.kde4/share/config/kgetrc |
50 | whitelist ${HOME}/.kde4/share/config/okularpartrc | 50 | allow ${HOME}/.kde4/share/config/okularpartrc |
51 | whitelist ${HOME}/.kde4/share/config/okularrc | 51 | allow ${HOME}/.kde4/share/config/okularrc |
52 | whitelist ${HOME}/.keysnail.js | 52 | allow ${HOME}/.keysnail.js |
53 | whitelist ${HOME}/.lastpass | 53 | allow ${HOME}/.lastpass |
54 | whitelist ${HOME}/.local/share/kget | 54 | allow ${HOME}/.local/share/kget |
55 | whitelist ${HOME}/.local/share/kxmlgui5/okular | 55 | allow ${HOME}/.local/share/kxmlgui5/okular |
56 | whitelist ${HOME}/.local/share/okular | 56 | allow ${HOME}/.local/share/okular |
57 | whitelist ${HOME}/.local/share/qpdfview | 57 | allow ${HOME}/.local/share/qpdfview |
58 | whitelist ${HOME}/.local/share/tridactyl | 58 | allow ${HOME}/.local/share/tridactyl |
59 | whitelist ${HOME}/.netrc | 59 | allow ${HOME}/.netrc |
60 | whitelist ${HOME}/.pentadactyl | 60 | allow ${HOME}/.pentadactyl |
61 | whitelist ${HOME}/.pentadactylrc | 61 | allow ${HOME}/.pentadactylrc |
62 | whitelist ${HOME}/.tridactylrc | 62 | allow ${HOME}/.tridactylrc |
63 | whitelist ${HOME}/.vimperator | 63 | allow ${HOME}/.vimperator |
64 | whitelist ${HOME}/.vimperatorrc | 64 | allow ${HOME}/.vimperatorrc |
65 | whitelist ${HOME}/.wine-pipelight | 65 | allow ${HOME}/.wine-pipelight |
66 | whitelist ${HOME}/.wine-pipelight64 | 66 | allow ${HOME}/.wine-pipelight64 |
67 | whitelist ${HOME}/.zotero | 67 | allow ${HOME}/.zotero |
68 | whitelist ${HOME}/dwhelper | 68 | allow ${HOME}/dwhelper |
69 | whitelist /usr/share/lua | 69 | allow /usr/share/lua |
70 | whitelist /usr/share/lua* | 70 | allow /usr/share/lua* |
71 | whitelist /usr/share/vulkan | 71 | allow /usr/share/vulkan |
72 | 72 | ||
73 | # GNOME Shell integration (chrome-gnome-shell) needs dbus and python | 73 | # GNOME Shell integration (chrome-gnome-shell) needs dbus and python |
74 | noblacklist ${HOME}/.local/share/gnome-shell | 74 | nodeny ${HOME}/.local/share/gnome-shell |
75 | whitelist ${HOME}/.local/share/gnome-shell | 75 | allow ${HOME}/.local/share/gnome-shell |
76 | dbus-user.talk ca.desrt.dconf | 76 | dbus-user.talk ca.desrt.dconf |
77 | dbus-user.talk org.gnome.ChromeGnomeShell | 77 | dbus-user.talk org.gnome.ChromeGnomeShell |
78 | dbus-user.talk org.gnome.Shell | 78 | dbus-user.talk org.gnome.Shell |
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index 8b74ed979..cb0fae5dc 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile | |||
@@ -12,8 +12,8 @@ include firefox-common.local | |||
12 | # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins. | 12 | # Add the next line to your firefox-common.local to allow access to common programs/addons/plugins. |
13 | #include firefox-common-addons.profile | 13 | #include firefox-common-addons.profile |
14 | 14 | ||
15 | noblacklist ${HOME}/.pki | 15 | nodeny ${HOME}/.pki |
16 | noblacklist ${HOME}/.local/share/pki | 16 | nodeny ${HOME}/.local/share/pki |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -23,9 +23,9 @@ include disable-programs.inc | |||
23 | 23 | ||
24 | mkdir ${HOME}/.pki | 24 | mkdir ${HOME}/.pki |
25 | mkdir ${HOME}/.local/share/pki | 25 | mkdir ${HOME}/.local/share/pki |
26 | whitelist ${DOWNLOADS} | 26 | allow ${DOWNLOADS} |
27 | whitelist ${HOME}/.pki | 27 | allow ${HOME}/.pki |
28 | whitelist ${HOME}/.local/share/pki | 28 | allow ${HOME}/.local/share/pki |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/firefox-esr.profile b/etc/profile-a-l/firefox-esr.profile index 5e69fdb51..4fd315fdf 100644 --- a/etc/profile-a-l/firefox-esr.profile +++ b/etc/profile-a-l/firefox-esr.profile | |||
@@ -6,7 +6,7 @@ include firefox-esr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | whitelist /usr/share/firefox-esr | 9 | allow /usr/share/firefox-esr |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include firefox.profile | 12 | include firefox.profile |
diff --git a/etc/profile-a-l/firefox.profile b/etc/profile-a-l/firefox.profile index 3ad67734d..8acfe7c2a 100644 --- a/etc/profile-a-l/firefox.profile +++ b/etc/profile-a-l/firefox.profile | |||
@@ -14,27 +14,27 @@ include globals.local | |||
14 | # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox | 14 | # https://github.com/netblue30/firejail/wiki/Frequently-Asked-Questions#how-do-i-run-two-instances-of-firefox |
15 | # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968 | 15 | # https://github.com/netblue30/firejail/issues/4206#issuecomment-824806968 |
16 | 16 | ||
17 | noblacklist ${HOME}/.cache/mozilla | 17 | nodeny ${HOME}/.cache/mozilla |
18 | noblacklist ${HOME}/.mozilla | 18 | nodeny ${HOME}/.mozilla |
19 | 19 | ||
20 | blacklist /usr/libexec | 20 | deny /usr/libexec |
21 | 21 | ||
22 | mkdir ${HOME}/.cache/mozilla/firefox | 22 | mkdir ${HOME}/.cache/mozilla/firefox |
23 | mkdir ${HOME}/.mozilla | 23 | mkdir ${HOME}/.mozilla |
24 | whitelist ${HOME}/.cache/mozilla/firefox | 24 | allow ${HOME}/.cache/mozilla/firefox |
25 | whitelist ${HOME}/.mozilla | 25 | allow ${HOME}/.mozilla |
26 | 26 | ||
27 | # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support. | 27 | # Add one of the following whitelist options to your firefox.local to enable KeePassXC Plugin support. |
28 | # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them. | 28 | # NOTE: start KeePassXC before Firefox and keep it open to allow communication between them. |
29 | #whitelist ${RUNUSER}/kpxc_server | 29 | #whitelist ${RUNUSER}/kpxc_server |
30 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | 30 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer |
31 | 31 | ||
32 | whitelist /usr/share/doc | 32 | allow /usr/share/doc |
33 | whitelist /usr/share/firefox | 33 | allow /usr/share/firefox |
34 | whitelist /usr/share/gnome-shell/search-providers/firefox-search-provider.ini | 34 | allow /usr/share/gnome-shell/search-providers/firefox-search-provider.ini |
35 | whitelist /usr/share/gtk-doc/html | 35 | allow /usr/share/gtk-doc/html |
36 | whitelist /usr/share/mozilla | 36 | allow /usr/share/mozilla |
37 | whitelist /usr/share/webext | 37 | allow /usr/share/webext |
38 | include whitelist-usr-share-common.inc | 38 | include whitelist-usr-share-common.inc |
39 | 39 | ||
40 | # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin. | 40 | # firefox requires a shell to launch on Arch - add the next line to your firefox.local to enable private-bin. |
diff --git a/etc/profile-a-l/five-or-more.profile b/etc/profile-a-l/five-or-more.profile index 2c86d3ac7..bd1becaf0 100644 --- a/etc/profile-a-l/five-or-more.profile +++ b/etc/profile-a-l/five-or-more.profile | |||
@@ -6,12 +6,12 @@ include five-or-more.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/five-or-more | 9 | nodeny ${HOME}/.local/share/five-or-more |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/five-or-more | 11 | mkdir ${HOME}/.local/share/five-or-more |
12 | whitelist ${HOME}/.local/share/five-or-more | 12 | allow ${HOME}/.local/share/five-or-more |
13 | 13 | ||
14 | whitelist /usr/share/five-or-more | 14 | allow /usr/share/five-or-more |
15 | 15 | ||
16 | private-bin five-or-more | 16 | private-bin five-or-more |
17 | 17 | ||
diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile index 55af96c84..f16a65536 100644 --- a/etc/profile-a-l/flameshot.profile +++ b/etc/profile-a-l/flameshot.profile | |||
@@ -7,9 +7,9 @@ include flameshot.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${PICTURES} | 10 | nodeny ${PICTURES} |
11 | noblacklist ${HOME}/.config/Dharkael | 11 | nodeny ${HOME}/.config/Dharkael |
12 | noblacklist ${HOME}/.config/flameshot | 12 | nodeny ${HOME}/.config/flameshot |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -25,7 +25,7 @@ include disable-xdg.inc | |||
25 | #whitelist ${PICTURES} | 25 | #whitelist ${PICTURES} |
26 | #whitelist ${HOME}/.config/Dharkael | 26 | #whitelist ${HOME}/.config/Dharkael |
27 | #whitelist ${HOME}/.config/flameshot | 27 | #whitelist ${HOME}/.config/flameshot |
28 | whitelist /usr/share/flameshot | 28 | allow /usr/share/flameshot |
29 | #include whitelist-common.inc | 29 | #include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/flashpeak-slimjet.profile b/etc/profile-a-l/flashpeak-slimjet.profile index 310fb378f..af114e129 100644 --- a/etc/profile-a-l/flashpeak-slimjet.profile +++ b/etc/profile-a-l/flashpeak-slimjet.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/slimjet | 13 | nodeny ${HOME}/.cache/slimjet |
14 | noblacklist ${HOME}/.config/slimjet | 14 | nodeny ${HOME}/.config/slimjet |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/slimjet | 16 | mkdir ${HOME}/.cache/slimjet |
17 | mkdir ${HOME}/.config/slimjet | 17 | mkdir ${HOME}/.config/slimjet |
18 | whitelist ${HOME}/.cache/slimjet | 18 | allow ${HOME}/.cache/slimjet |
19 | whitelist ${HOME}/.config/slimjet | 19 | allow ${HOME}/.config/slimjet |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/flowblade.profile b/etc/profile-a-l/flowblade.profile index a4421e3ce..505763fb9 100644 --- a/etc/profile-a-l/flowblade.profile +++ b/etc/profile-a-l/flowblade.profile | |||
@@ -6,8 +6,8 @@ include flowblade.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/flowblade | 9 | nodeny ${HOME}/.config/flowblade |
10 | noblacklist ${HOME}/.flowblade | 10 | nodeny ${HOME}/.flowblade |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/fluxbox.profile b/etc/profile-a-l/fluxbox.profile index 1210f365c..a22c0e103 100644 --- a/etc/profile-a-l/fluxbox.profile +++ b/etc/profile-a-l/fluxbox.profile | |||
@@ -7,7 +7,7 @@ include fluxbox.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in fluxbox will run in this profile | 9 | # all applications started in fluxbox will run in this profile |
10 | noblacklist ${HOME}/.fluxbox | 10 | nodeny ${HOME}/.fluxbox |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile index cd0129436..ff9167c1a 100644 --- a/etc/profile-a-l/font-manager.profile +++ b/etc/profile-a-l/font-manager.profile | |||
@@ -6,8 +6,8 @@ include font-manager.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/font-manager | 9 | nodeny ${HOME}/.cache/font-manager |
10 | noblacklist ${HOME}/.config/font-manager | 10 | nodeny ${HOME}/.config/font-manager |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -24,9 +24,9 @@ include disable-xdg.inc | |||
24 | 24 | ||
25 | mkdir ${HOME}/.cache/font-manager | 25 | mkdir ${HOME}/.cache/font-manager |
26 | mkdir ${HOME}/.config/font-manager | 26 | mkdir ${HOME}/.config/font-manager |
27 | whitelist ${HOME}/.cache/font-manager | 27 | allow ${HOME}/.cache/font-manager |
28 | whitelist ${HOME}/.config/font-manager | 28 | allow ${HOME}/.config/font-manager |
29 | whitelist /usr/share/font-manager | 29 | allow /usr/share/font-manager |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
32 | include whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/fontforge.profile b/etc/profile-a-l/fontforge.profile index bd1495877..64c7655e2 100644 --- a/etc/profile-a-l/fontforge.profile +++ b/etc/profile-a-l/fontforge.profile | |||
@@ -6,8 +6,8 @@ include fontforge.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.FontForge | 9 | nodeny ${HOME}/.FontForge |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/fossamail.profile b/etc/profile-a-l/fossamail.profile index 2d700d336..5e5a12794 100644 --- a/etc/profile-a-l/fossamail.profile +++ b/etc/profile-a-l/fossamail.profile | |||
@@ -6,16 +6,16 @@ include fossamail.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/fossamail | 9 | nodeny ${HOME}/.cache/fossamail |
10 | noblacklist ${HOME}/.fossamail | 10 | nodeny ${HOME}/.fossamail |
11 | noblacklist ${HOME}/.gnupg | 11 | nodeny ${HOME}/.gnupg |
12 | 12 | ||
13 | mkdir ${HOME}/.cache/fossamail | 13 | mkdir ${HOME}/.cache/fossamail |
14 | mkdir ${HOME}/.fossamail | 14 | mkdir ${HOME}/.fossamail |
15 | mkdir ${HOME}/.gnupg | 15 | mkdir ${HOME}/.gnupg |
16 | whitelist ${HOME}/.cache/fossamail | 16 | allow ${HOME}/.cache/fossamail |
17 | whitelist ${HOME}/.fossamail | 17 | allow ${HOME}/.fossamail |
18 | whitelist ${HOME}/.gnupg | 18 | allow ${HOME}/.gnupg |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | # allow browsers | 21 | # allow browsers |
diff --git a/etc/profile-a-l/four-in-a-row.profile b/etc/profile-a-l/four-in-a-row.profile index eb0c43ca5..97fd4a626 100644 --- a/etc/profile-a-l/four-in-a-row.profile +++ b/etc/profile-a-l/four-in-a-row.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | whitelist /usr/share/four-in-a-row | 12 | allow /usr/share/four-in-a-row |
13 | 13 | ||
14 | private-bin four-in-a-row | 14 | private-bin four-in-a-row |
15 | 15 | ||
diff --git a/etc/profile-a-l/fractal.profile b/etc/profile-a-l/fractal.profile index 1b1d031b4..8edc9b02d 100644 --- a/etc/profile-a-l/fractal.profile +++ b/etc/profile-a-l/fractal.profile | |||
@@ -6,7 +6,7 @@ include fractal.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/fractal | 9 | nodeny ${HOME}/.cache/fractal |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,8 +22,8 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.cache/fractal | 24 | mkdir ${HOME}/.cache/fractal |
25 | whitelist ${HOME}/.cache/fractal | 25 | allow ${HOME}/.cache/fractal |
26 | whitelist ${DOWNLOADS} | 26 | allow ${DOWNLOADS} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/franz.profile b/etc/profile-a-l/franz.profile index 9b780a572..1a8ec8f99 100644 --- a/etc/profile-a-l/franz.profile +++ b/etc/profile-a-l/franz.profile | |||
@@ -7,10 +7,10 @@ include globals.local | |||
7 | 7 | ||
8 | ignore noexec /tmp | 8 | ignore noexec /tmp |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/Franz | 10 | nodeny ${HOME}/.cache/Franz |
11 | noblacklist ${HOME}/.config/Franz | 11 | nodeny ${HOME}/.config/Franz |
12 | noblacklist ${HOME}/.pki | 12 | nodeny ${HOME}/.pki |
13 | noblacklist ${HOME}/.local/share/pki | 13 | nodeny ${HOME}/.local/share/pki |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,11 +22,11 @@ mkdir ${HOME}/.cache/Franz | |||
22 | mkdir ${HOME}/.config/Franz | 22 | mkdir ${HOME}/.config/Franz |
23 | mkdir ${HOME}/.pki | 23 | mkdir ${HOME}/.pki |
24 | mkdir ${HOME}/.local/share/pki | 24 | mkdir ${HOME}/.local/share/pki |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | whitelist ${HOME}/.cache/Franz | 26 | allow ${HOME}/.cache/Franz |
27 | whitelist ${HOME}/.config/Franz | 27 | allow ${HOME}/.config/Franz |
28 | whitelist ${HOME}/.pki | 28 | allow ${HOME}/.pki |
29 | whitelist ${HOME}/.local/share/pki | 29 | allow ${HOME}/.local/share/pki |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | 31 | ||
32 | caps.drop all | 32 | caps.drop all |
diff --git a/etc/profile-a-l/freecad.profile b/etc/profile-a-l/freecad.profile index 8043d0530..a45ad4c7a 100644 --- a/etc/profile-a-l/freecad.profile +++ b/etc/profile-a-l/freecad.profile | |||
@@ -6,8 +6,8 @@ include freecad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/FreeCAD | 9 | nodeny ${HOME}/.config/FreeCAD |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/freeciv.profile b/etc/profile-a-l/freeciv.profile index 23c19682c..20abd4056 100644 --- a/etc/profile-a-l/freeciv.profile +++ b/etc/profile-a-l/freeciv.profile | |||
@@ -6,7 +6,7 @@ include freeciv.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.freeciv | 9 | nodeny ${HOME}/.freeciv |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.freeciv | 19 | mkdir ${HOME}/.freeciv |
20 | whitelist ${HOME}/.freeciv | 20 | allow ${HOME}/.freeciv |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-a-l/freecol.profile b/etc/profile-a-l/freecol.profile index 93fa7da03..79ccf4101 100644 --- a/etc/profile-a-l/freecol.profile +++ b/etc/profile-a-l/freecol.profile | |||
@@ -6,10 +6,10 @@ include freecol.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.freecol | 9 | nodeny ${HOME}/.freecol |
10 | noblacklist ${HOME}/.cache/freecol | 10 | nodeny ${HOME}/.cache/freecol |
11 | noblacklist ${HOME}/.config/freecol | 11 | nodeny ${HOME}/.config/freecol |
12 | noblacklist ${HOME}/.local/share/freecol | 12 | nodeny ${HOME}/.local/share/freecol |
13 | 13 | ||
14 | # Allow java (blacklisted by disable-devel.inc) | 14 | # Allow java (blacklisted by disable-devel.inc) |
15 | include allow-java.inc | 15 | include allow-java.inc |
@@ -26,11 +26,11 @@ mkdir ${HOME}/.java | |||
26 | mkdir ${HOME}/.cache/freecol | 26 | mkdir ${HOME}/.cache/freecol |
27 | mkdir ${HOME}/.config/freecol | 27 | mkdir ${HOME}/.config/freecol |
28 | mkdir ${HOME}/.local/share/freecol | 28 | mkdir ${HOME}/.local/share/freecol |
29 | whitelist ${HOME}/.freecol | 29 | allow ${HOME}/.freecol |
30 | whitelist ${HOME}/.java | 30 | allow ${HOME}/.java |
31 | whitelist ${HOME}/.cache/freecol | 31 | allow ${HOME}/.cache/freecol |
32 | whitelist ${HOME}/.config/freecol | 32 | allow ${HOME}/.config/freecol |
33 | whitelist ${HOME}/.local/share/freecol | 33 | allow ${HOME}/.local/share/freecol |
34 | include whitelist-common.inc | 34 | include whitelist-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
36 | 36 | ||
diff --git a/etc/profile-a-l/freemind.profile b/etc/profile-a-l/freemind.profile index 699177039..ba52dd208 100644 --- a/etc/profile-a-l/freemind.profile +++ b/etc/profile-a-l/freemind.profile | |||
@@ -6,8 +6,8 @@ include freemind.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${HOME}/.freemind | 10 | nodeny ${HOME}/.freemind |
11 | 11 | ||
12 | # Allow java (blacklisted by disable-devel.inc) | 12 | # Allow java (blacklisted by disable-devel.inc) |
13 | include allow-java.inc | 13 | include allow-java.inc |
diff --git a/etc/profile-a-l/freetube.profile b/etc/profile-a-l/freetube.profile index e6aff533d..4c321322c 100644 --- a/etc/profile-a-l/freetube.profile +++ b/etc/profile-a-l/freetube.profile | |||
@@ -6,12 +6,12 @@ include freetube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/FreeTube | 9 | nodeny ${HOME}/.config/FreeTube |
10 | 10 | ||
11 | include disable-shell.inc | 11 | include disable-shell.inc |
12 | 12 | ||
13 | mkdir ${HOME}/.config/FreeTube | 13 | mkdir ${HOME}/.config/FreeTube |
14 | whitelist ${HOME}/.config/FreeTube | 14 | allow ${HOME}/.config/FreeTube |
15 | 15 | ||
16 | private-bin freetube | 16 | private-bin freetube |
17 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg | 17 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,pki,pulse,resolv.conf,ssl,X11,xdg |
diff --git a/etc/profile-a-l/frogatto.profile b/etc/profile-a-l/frogatto.profile index b4ad81046..3a6dfcfd6 100644 --- a/etc/profile-a-l/frogatto.profile +++ b/etc/profile-a-l/frogatto.profile | |||
@@ -6,7 +6,7 @@ include frogatto.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.frogatto | 9 | nodeny ${HOME}/.frogatto |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.frogatto | 19 | mkdir ${HOME}/.frogatto |
20 | whitelist ${HOME}/.frogatto | 20 | allow ${HOME}/.frogatto |
21 | whitelist /usr/libexec/frogatto | 21 | allow /usr/libexec/frogatto |
22 | whitelist /usr/share/frogatto | 22 | allow /usr/share/frogatto |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile index 76352e41e..12eca8eb0 100644 --- a/etc/profile-a-l/frozen-bubble.profile +++ b/etc/profile-a-l/frozen-bubble.profile | |||
@@ -6,7 +6,7 @@ include frozen-bubble.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.frozen-bubble | 9 | nodeny ${HOME}/.frozen-bubble |
10 | 10 | ||
11 | # Allow perl (blacklisted by disable-interpreters.inc) | 11 | # Allow perl (blacklisted by disable-interpreters.inc) |
12 | include allow-perl.inc | 12 | include allow-perl.inc |
@@ -20,7 +20,7 @@ include disable-programs.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.frozen-bubble | 22 | mkdir ${HOME}/.frozen-bubble |
23 | whitelist ${HOME}/.frozen-bubble | 23 | allow ${HOME}/.frozen-bubble |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/funnyboat.profile b/etc/profile-a-l/funnyboat.profile index 8852925b1..07030df4b 100644 --- a/etc/profile-a-l/funnyboat.profile +++ b/etc/profile-a-l/funnyboat.profile | |||
@@ -5,7 +5,7 @@ include funnyboat.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.funnyboat | 8 | nodeny ${HOME}/.funnyboat |
9 | 9 | ||
10 | ignore noexec /dev/shm | 10 | ignore noexec /dev/shm |
11 | include allow-python2.inc | 11 | include allow-python2.inc |
@@ -21,12 +21,12 @@ include disable-programs.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.funnyboat | 23 | mkdir ${HOME}/.funnyboat |
24 | whitelist ${HOME}/.funnyboat | 24 | allow ${HOME}/.funnyboat |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | whitelist /usr/share/funnyboat | 27 | allow /usr/share/funnyboat |
28 | # Debian: | 28 | # Debian: |
29 | whitelist /usr/share/games/funnyboat | 29 | allow /usr/share/games/funnyboat |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
diff --git a/etc/profile-a-l/gajim.profile b/etc/profile-a-l/gajim.profile index ed3f0357d..4cd2cb1e6 100644 --- a/etc/profile-a-l/gajim.profile +++ b/etc/profile-a-l/gajim.profile | |||
@@ -6,10 +6,10 @@ include gajim.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gnupg | 9 | nodeny ${HOME}/.gnupg |
10 | noblacklist ${HOME}/.cache/gajim | 10 | nodeny ${HOME}/.cache/gajim |
11 | noblacklist ${HOME}/.config/gajim | 11 | nodeny ${HOME}/.config/gajim |
12 | noblacklist ${HOME}/.local/share/gajim | 12 | nodeny ${HOME}/.local/share/gajim |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | #include allow-python2.inc | 15 | #include allow-python2.inc |
@@ -28,14 +28,14 @@ mkdir ${HOME}/.gnupg | |||
28 | mkdir ${HOME}/.cache/gajim | 28 | mkdir ${HOME}/.cache/gajim |
29 | mkdir ${HOME}/.config/gajim | 29 | mkdir ${HOME}/.config/gajim |
30 | mkdir ${HOME}/.local/share/gajim | 30 | mkdir ${HOME}/.local/share/gajim |
31 | whitelist ${HOME}/.gnupg | 31 | allow ${HOME}/.gnupg |
32 | whitelist ${HOME}/.cache/gajim | 32 | allow ${HOME}/.cache/gajim |
33 | whitelist ${HOME}/.config/gajim | 33 | allow ${HOME}/.config/gajim |
34 | whitelist ${HOME}/.local/share/gajim | 34 | allow ${HOME}/.local/share/gajim |
35 | whitelist ${DOWNLOADS} | 35 | allow ${DOWNLOADS} |
36 | whitelist ${RUNUSER}/gnupg | 36 | allow ${RUNUSER}/gnupg |
37 | whitelist /usr/share/gnupg | 37 | allow /usr/share/gnupg |
38 | whitelist /usr/share/gnupg2 | 38 | allow /usr/share/gnupg2 |
39 | include whitelist-common.inc | 39 | include whitelist-common.inc |
40 | include whitelist-runuser-common.inc | 40 | include whitelist-runuser-common.inc |
41 | include whitelist-usr-share-common.inc | 41 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile index 550b3808b..0b1b595a6 100644 --- a/etc/profile-a-l/galculator.profile +++ b/etc/profile-a-l/galculator.profile | |||
@@ -6,7 +6,7 @@ include galculator.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/galculator | 9 | nodeny ${HOME}/.config/galculator |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/galculator | 20 | mkdir ${HOME}/.config/galculator |
21 | whitelist ${HOME}/.config/galculator | 21 | allow ${HOME}/.config/galculator |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/gapplication.profile b/etc/profile-a-l/gapplication.profile index 3a8c055f2..00b830234 100644 --- a/etc/profile-a-l/gapplication.profile +++ b/etc/profile-a-l/gapplication.profile | |||
@@ -6,8 +6,8 @@ include gapplication.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | blacklist /usr/libexec | 10 | deny /usr/libexec |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gcloud.profile b/etc/profile-a-l/gcloud.profile index 388f4c0df..896a100fc 100644 --- a/etc/profile-a-l/gcloud.profile +++ b/etc/profile-a-l/gcloud.profile | |||
@@ -8,9 +8,9 @@ include globals.local | |||
8 | # noexec ${HOME} will break user-local installs of gcloud tooling | 8 | # noexec ${HOME} will break user-local installs of gcloud tooling |
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.boto | 11 | nodeny ${HOME}/.boto |
12 | noblacklist ${HOME}/.config/gcloud | 12 | nodeny ${HOME}/.config/gcloud |
13 | noblacklist /var/run/docker.sock | 13 | nodeny /var/run/docker.sock |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gconf-editor.profile b/etc/profile-a-l/gconf-editor.profile index cb39174e5..8f72f0b34 100644 --- a/etc/profile-a-l/gconf-editor.profile +++ b/etc/profile-a-l/gconf-editor.profile | |||
@@ -7,9 +7,9 @@ include gconf-editor.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | 11 | ||
12 | whitelist /usr/share/gconf-editor | 12 | allow /usr/share/gconf-editor |
13 | 13 | ||
14 | ignore x11 none | 14 | ignore x11 none |
15 | 15 | ||
diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile index fec1a555a..8c7013574 100644 --- a/etc/profile-a-l/gconf.profile +++ b/etc/profile-a-l/gconf.profile | |||
@@ -6,9 +6,9 @@ include gconf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/gconf | 11 | nodeny ${HOME}/.config/gconf |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -23,9 +23,9 @@ include disable-programs.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.config/gconf | 25 | mkdir ${HOME}/.config/gconf |
26 | whitelist ${HOME}/.config/gconf | 26 | allow ${HOME}/.config/gconf |
27 | whitelist /usr/share/GConf | 27 | allow /usr/share/GConf |
28 | whitelist /usr/share/gconf | 28 | allow /usr/share/gconf |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/geany.profile b/etc/profile-a-l/geany.profile index 6fdb9b37a..706a85c75 100644 --- a/etc/profile-a-l/geany.profile +++ b/etc/profile-a-l/geany.profile | |||
@@ -6,7 +6,7 @@ include geany.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/geany | 9 | nodeny ${HOME}/.config/geany |
10 | 10 | ||
11 | # Allows files commonly used by IDEs | 11 | # Allows files commonly used by IDEs |
12 | include allow-common-devel.inc | 12 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/geary.profile b/etc/profile-a-l/geary.profile index 74e135a7c..512fc1e59 100644 --- a/etc/profile-a-l/geary.profile +++ b/etc/profile-a-l/geary.profile | |||
@@ -6,14 +6,14 @@ include geary.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/evolution | 9 | nodeny ${HOME}/.cache/evolution |
10 | noblacklist ${HOME}/.cache/folks | 10 | nodeny ${HOME}/.cache/folks |
11 | noblacklist ${HOME}/.cache/geary | 11 | nodeny ${HOME}/.cache/geary |
12 | noblacklist ${HOME}/.config/evolution | 12 | nodeny ${HOME}/.config/evolution |
13 | noblacklist ${HOME}/.config/geary | 13 | nodeny ${HOME}/.config/geary |
14 | noblacklist ${HOME}/.local/share/evolution | 14 | nodeny ${HOME}/.local/share/evolution |
15 | noblacklist ${HOME}/.local/share/geary | 15 | nodeny ${HOME}/.local/share/geary |
16 | noblacklist ${HOME}/.mozilla | 16 | nodeny ${HOME}/.mozilla |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -31,16 +31,16 @@ mkdir ${HOME}/.config/evolution | |||
31 | mkdir ${HOME}/.config/geary | 31 | mkdir ${HOME}/.config/geary |
32 | mkdir ${HOME}/.local/share/evolution | 32 | mkdir ${HOME}/.local/share/evolution |
33 | mkdir ${HOME}/.local/share/geary | 33 | mkdir ${HOME}/.local/share/geary |
34 | whitelist ${DOWNLOADS} | 34 | allow ${DOWNLOADS} |
35 | whitelist ${HOME}/.cache/evolution | 35 | allow ${HOME}/.cache/evolution |
36 | whitelist ${HOME}/.cache/folks | 36 | allow ${HOME}/.cache/folks |
37 | whitelist ${HOME}/.cache/geary | 37 | allow ${HOME}/.cache/geary |
38 | whitelist ${HOME}/.config/evolution | 38 | allow ${HOME}/.config/evolution |
39 | whitelist ${HOME}/.config/geary | 39 | allow ${HOME}/.config/geary |
40 | whitelist ${HOME}/.local/share/evolution | 40 | allow ${HOME}/.local/share/evolution |
41 | whitelist ${HOME}/.local/share/geary | 41 | allow ${HOME}/.local/share/geary |
42 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 42 | allow ${HOME}/.mozilla/firefox/profiles.ini |
43 | whitelist /usr/share/geary | 43 | allow /usr/share/geary |
44 | include whitelist-common.inc | 44 | include whitelist-common.inc |
45 | include whitelist-runuser-common.inc | 45 | include whitelist-runuser-common.inc |
46 | include whitelist-usr-share-common.inc | 46 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gedit.profile b/etc/profile-a-l/gedit.profile index 108b7041d..f11540374 100644 --- a/etc/profile-a-l/gedit.profile +++ b/etc/profile-a-l/gedit.profile | |||
@@ -6,8 +6,8 @@ include gedit.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/enchant | 9 | nodeny ${HOME}/.config/enchant |
10 | noblacklist ${HOME}/.config/gedit | 10 | nodeny ${HOME}/.config/gedit |
11 | 11 | ||
12 | # Allows files commonly used by IDEs | 12 | # Allows files commonly used by IDEs |
13 | include allow-common-devel.inc | 13 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/geeqie.profile b/etc/profile-a-l/geeqie.profile index dd33b3fb5..8ec3bbaf9 100644 --- a/etc/profile-a-l/geeqie.profile +++ b/etc/profile-a-l/geeqie.profile | |||
@@ -6,9 +6,9 @@ include geeqie.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/geeqie | 9 | nodeny ${HOME}/.cache/geeqie |
10 | noblacklist ${HOME}/.config/geeqie | 10 | nodeny ${HOME}/.config/geeqie |
11 | noblacklist ${HOME}/.local/share/geeqie | 11 | nodeny ${HOME}/.local/share/geeqie |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile index f894a42ca..1661da639 100644 --- a/etc/profile-a-l/gfeeds.profile +++ b/etc/profile-a-l/gfeeds.profile | |||
@@ -6,10 +6,10 @@ include gfeeds.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/gfeeds | 9 | nodeny ${HOME}/.cache/gfeeds |
10 | noblacklist ${HOME}/.cache/org.gabmus.gfeeds | 10 | nodeny ${HOME}/.cache/org.gabmus.gfeeds |
11 | noblacklist ${HOME}/.config/org.gabmus.gfeeds.json | 11 | nodeny ${HOME}/.config/org.gabmus.gfeeds.json |
12 | noblacklist ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 12 | nodeny ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python3.inc | 15 | include allow-python3.inc |
@@ -27,12 +27,12 @@ mkdir ${HOME}/.cache/gfeeds | |||
27 | mkdir ${HOME}/.cache/org.gabmus.gfeeds | 27 | mkdir ${HOME}/.cache/org.gabmus.gfeeds |
28 | mkfile ${HOME}/.config/org.gabmus.gfeeds.json | 28 | mkfile ${HOME}/.config/org.gabmus.gfeeds.json |
29 | mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 29 | mkdir ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
30 | whitelist ${HOME}/.cache/gfeeds | 30 | allow ${HOME}/.cache/gfeeds |
31 | whitelist ${HOME}/.cache/org.gabmus.gfeeds | 31 | allow ${HOME}/.cache/org.gabmus.gfeeds |
32 | whitelist ${HOME}/.config/org.gabmus.gfeeds.json | 32 | allow ${HOME}/.config/org.gabmus.gfeeds.json |
33 | whitelist ${HOME}/.config/org.gabmus.gfeeds.saved_articles | 33 | allow ${HOME}/.config/org.gabmus.gfeeds.saved_articles |
34 | whitelist /usr/libexec/webkit2gtk-4.0 | 34 | allow /usr/libexec/webkit2gtk-4.0 |
35 | whitelist /usr/share/gfeeds | 35 | allow /usr/share/gfeeds |
36 | include whitelist-common.inc | 36 | include whitelist-common.inc |
37 | include whitelist-runuser-common.inc | 37 | include whitelist-runuser-common.inc |
38 | include whitelist-usr-share-common.inc | 38 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gget.profile b/etc/profile-a-l/gget.profile index d9c5a0d9a..06929dbe3 100644 --- a/etc/profile-a-l/gget.profile +++ b/etc/profile-a-l/gget.profile | |||
@@ -7,8 +7,8 @@ include gget.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | deny ${RUNUSER} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile index 276ab76df..0577fe24f 100644 --- a/etc/profile-a-l/ghostwriter.profile +++ b/etc/profile-a-l/ghostwriter.profile | |||
@@ -6,10 +6,10 @@ include ghostwriter.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ghostwriter | 9 | nodeny ${HOME}/.config/ghostwriter |
10 | noblacklist ${HOME}/.local/share/ghostwriter | 10 | nodeny ${HOME}/.local/share/ghostwriter |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | noblacklist ${PICTURES} | 12 | nodeny ${PICTURES} |
13 | 13 | ||
14 | include allow-lua.inc | 14 | include allow-lua.inc |
15 | 15 | ||
@@ -22,10 +22,10 @@ include disable-programs.inc | |||
22 | include disable-shell.inc | 22 | include disable-shell.inc |
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | whitelist /usr/share/ghostwriter | 25 | allow /usr/share/ghostwriter |
26 | whitelist /usr/share/mozilla-dicts | 26 | allow /usr/share/mozilla-dicts |
27 | whitelist /usr/share/texlive | 27 | allow /usr/share/texlive |
28 | whitelist /usr/share/pandoc* | 28 | allow /usr/share/pandoc* |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gimp.profile b/etc/profile-a-l/gimp.profile index dfc1304d1..de9db8d0f 100644 --- a/etc/profile-a-l/gimp.profile +++ b/etc/profile-a-l/gimp.profile | |||
@@ -18,13 +18,13 @@ include globals.local | |||
18 | # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local. | 18 | # If you are not using external plugins, you can add 'noexec ${HOME}' to your gimp.local. |
19 | ignore noexec ${HOME} | 19 | ignore noexec ${HOME} |
20 | 20 | ||
21 | noblacklist ${HOME}/.cache/babl | 21 | nodeny ${HOME}/.cache/babl |
22 | noblacklist ${HOME}/.cache/gegl-0.4 | 22 | nodeny ${HOME}/.cache/gegl-0.4 |
23 | noblacklist ${HOME}/.cache/gimp | 23 | nodeny ${HOME}/.cache/gimp |
24 | noblacklist ${HOME}/.config/GIMP | 24 | nodeny ${HOME}/.config/GIMP |
25 | noblacklist ${HOME}/.gimp* | 25 | nodeny ${HOME}/.gimp* |
26 | noblacklist ${DOCUMENTS} | 26 | nodeny ${DOCUMENTS} |
27 | noblacklist ${PICTURES} | 27 | nodeny ${PICTURES} |
28 | 28 | ||
29 | include disable-common.inc | 29 | include disable-common.inc |
30 | include disable-exec.inc | 30 | include disable-exec.inc |
@@ -33,10 +33,10 @@ include disable-passwdmgr.inc | |||
33 | include disable-programs.inc | 33 | include disable-programs.inc |
34 | include disable-xdg.inc | 34 | include disable-xdg.inc |
35 | 35 | ||
36 | whitelist /usr/share/gegl-0.4 | 36 | allow /usr/share/gegl-0.4 |
37 | whitelist /usr/share/gimp | 37 | allow /usr/share/gimp |
38 | whitelist /usr/share/mypaint-data | 38 | allow /usr/share/mypaint-data |
39 | whitelist /usr/share/lensfun | 39 | allow /usr/share/lensfun |
40 | include whitelist-usr-share-common.inc | 40 | include whitelist-usr-share-common.inc |
41 | include whitelist-var-common.inc | 41 | include whitelist-var-common.inc |
42 | 42 | ||
diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile index 661c3a375..e601d3ab0 100644 --- a/etc/profile-a-l/gist.profile +++ b/etc/profile-a-l/gist.profile | |||
@@ -7,10 +7,10 @@ include gist.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | noblacklist ${HOME}/.gist | 13 | nodeny ${HOME}/.gist |
14 | 14 | ||
15 | # Allow ruby (blacklisted by disable-interpreters.inc) | 15 | # Allow ruby (blacklisted by disable-interpreters.inc) |
16 | include allow-ruby.inc | 16 | include allow-ruby.inc |
@@ -24,8 +24,8 @@ include disable-programs.inc | |||
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | mkdir ${HOME}/.gist | 26 | mkdir ${HOME}/.gist |
27 | whitelist ${HOME}/.gist | 27 | allow ${HOME}/.gist |
28 | whitelist ${DOWNLOADS} | 28 | allow ${DOWNLOADS} |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index 5e4249376..74b7506cf 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile | |||
@@ -8,12 +8,12 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.gitconfig | 11 | nodeny ${HOME}/.gitconfig |
12 | noblacklist ${HOME}/.git-credentials | 12 | nodeny ${HOME}/.git-credentials |
13 | noblacklist ${HOME}/.gnupg | 13 | nodeny ${HOME}/.gnupg |
14 | noblacklist ${HOME}/.subversion | 14 | nodeny ${HOME}/.subversion |
15 | noblacklist ${HOME}/.config/git | 15 | nodeny ${HOME}/.config/git |
16 | noblacklist ${HOME}/.config/git-cola | 16 | nodeny ${HOME}/.config/git-cola |
17 | # Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings. | 17 | # Add your editor/diff viewer config paths and the next line to your git-cola.local to load settings. |
18 | #noblacklist ${HOME}/ | 18 | #noblacklist ${HOME}/ |
19 | 19 | ||
@@ -32,17 +32,17 @@ include disable-passwdmgr.inc | |||
32 | include disable-programs.inc | 32 | include disable-programs.inc |
33 | include disable-xdg.inc | 33 | include disable-xdg.inc |
34 | 34 | ||
35 | whitelist ${RUNUSER}/gnupg | 35 | allow ${RUNUSER}/gnupg |
36 | whitelist ${RUNUSER}/keyring | 36 | allow ${RUNUSER}/keyring |
37 | # Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer. | 37 | # Add additional whitelist paths below /usr/share to your git-cola.local to support your editor/diff viewer. |
38 | whitelist /usr/share/git | 38 | allow /usr/share/git |
39 | whitelist /usr/share/git-cola | 39 | allow /usr/share/git-cola |
40 | whitelist /usr/share/git-core | 40 | allow /usr/share/git-core |
41 | whitelist /usr/share/git-gui | 41 | allow /usr/share/git-gui |
42 | whitelist /usr/share/gitk | 42 | allow /usr/share/gitk |
43 | whitelist /usr/share/gitweb | 43 | allow /usr/share/gitweb |
44 | whitelist /usr/share/gnupg | 44 | allow /usr/share/gnupg |
45 | whitelist /usr/share/gnupg2 | 45 | allow /usr/share/gnupg2 |
46 | include whitelist-runuser-common.inc | 46 | include whitelist-runuser-common.inc |
47 | include whitelist-usr-share-common.inc | 47 | include whitelist-usr-share-common.inc |
48 | include whitelist-var-common.inc | 48 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile index bfa0081c6..680e91085 100644 --- a/etc/profile-a-l/git.profile +++ b/etc/profile-a-l/git.profile | |||
@@ -7,33 +7,33 @@ include git.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/git | 10 | nodeny ${HOME}/.config/git |
11 | noblacklist ${HOME}/.config/nano | 11 | nodeny ${HOME}/.config/nano |
12 | noblacklist ${HOME}/.emacs | 12 | nodeny ${HOME}/.emacs |
13 | noblacklist ${HOME}/.emacs.d | 13 | nodeny ${HOME}/.emacs.d |
14 | noblacklist ${HOME}/.gitconfig | 14 | nodeny ${HOME}/.gitconfig |
15 | noblacklist ${HOME}/.git-credentials | 15 | nodeny ${HOME}/.git-credentials |
16 | noblacklist ${HOME}/.gnupg | 16 | nodeny ${HOME}/.gnupg |
17 | noblacklist ${HOME}/.nanorc | 17 | nodeny ${HOME}/.nanorc |
18 | noblacklist ${HOME}/.vim | 18 | nodeny ${HOME}/.vim |
19 | noblacklist ${HOME}/.viminfo | 19 | nodeny ${HOME}/.viminfo |
20 | 20 | ||
21 | # Allow ssh (blacklisted by disable-common.inc) | 21 | # Allow ssh (blacklisted by disable-common.inc) |
22 | include allow-ssh.inc | 22 | include allow-ssh.inc |
23 | 23 | ||
24 | blacklist /tmp/.X11-unix | 24 | deny /tmp/.X11-unix |
25 | blacklist ${RUNUSER}/wayland-* | 25 | deny ${RUNUSER}/wayland-* |
26 | 26 | ||
27 | include disable-common.inc | 27 | include disable-common.inc |
28 | include disable-exec.inc | 28 | include disable-exec.inc |
29 | include disable-passwdmgr.inc | 29 | include disable-passwdmgr.inc |
30 | include disable-programs.inc | 30 | include disable-programs.inc |
31 | 31 | ||
32 | whitelist /usr/share/git | 32 | allow /usr/share/git |
33 | whitelist /usr/share/git-core | 33 | allow /usr/share/git-core |
34 | whitelist /usr/share/gitgui | 34 | allow /usr/share/gitgui |
35 | whitelist /usr/share/gitweb | 35 | allow /usr/share/gitweb |
36 | whitelist /usr/share/nano | 36 | allow /usr/share/nano |
37 | include whitelist-usr-share-common.inc | 37 | include whitelist-usr-share-common.inc |
38 | include whitelist-var-common.inc | 38 | include whitelist-var-common.inc |
39 | 39 | ||
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile index 05d7dffa9..d313b5022 100644 --- a/etc/profile-a-l/gitg.profile +++ b/etc/profile-a-l/gitg.profile | |||
@@ -6,10 +6,10 @@ include gitg.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/git | 9 | nodeny ${HOME}/.config/git |
10 | noblacklist ${HOME}/.gitconfig | 10 | nodeny ${HOME}/.gitconfig |
11 | noblacklist ${HOME}/.git-credentials | 11 | nodeny ${HOME}/.git-credentials |
12 | noblacklist ${HOME}/.local/share/gitg | 12 | nodeny ${HOME}/.local/share/gitg |
13 | 13 | ||
14 | # Allow ssh (blacklisted by disable-common.inc) | 14 | # Allow ssh (blacklisted by disable-common.inc) |
15 | include allow-ssh.inc | 15 | include allow-ssh.inc |
@@ -29,7 +29,7 @@ include disable-programs.inc | |||
29 | #whitelist ${HOME}/.ssh | 29 | #whitelist ${HOME}/.ssh |
30 | #include whitelist-common.inc | 30 | #include whitelist-common.inc |
31 | 31 | ||
32 | whitelist /usr/share/gitg | 32 | allow /usr/share/gitg |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/github-desktop.profile b/etc/profile-a-l/github-desktop.profile index 325c54ced..81b534a74 100644 --- a/etc/profile-a-l/github-desktop.profile +++ b/etc/profile-a-l/github-desktop.profile | |||
@@ -22,10 +22,10 @@ ignore apparmor | |||
22 | ignore dbus-user none | 22 | ignore dbus-user none |
23 | ignore dbus-system none | 23 | ignore dbus-system none |
24 | 24 | ||
25 | noblacklist ${HOME}/.config/GitHub Desktop | 25 | nodeny ${HOME}/.config/GitHub Desktop |
26 | noblacklist ${HOME}/.config/git | 26 | nodeny ${HOME}/.config/git |
27 | noblacklist ${HOME}/.gitconfig | 27 | nodeny ${HOME}/.gitconfig |
28 | noblacklist ${HOME}/.git-credentials | 28 | nodeny ${HOME}/.git-credentials |
29 | 29 | ||
30 | # no3d | 30 | # no3d |
31 | nosound | 31 | nosound |
diff --git a/etc/profile-a-l/gitter.profile b/etc/profile-a-l/gitter.profile index 460e2b990..2d1694ef7 100644 --- a/etc/profile-a-l/gitter.profile +++ b/etc/profile-a-l/gitter.profile | |||
@@ -5,8 +5,8 @@ include gitter.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/autostart | 8 | nodeny ${HOME}/.config/autostart |
9 | noblacklist ${HOME}/.config/Gitter | 9 | nodeny ${HOME}/.config/Gitter |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/Gitter | 18 | mkdir ${HOME}/.config/Gitter |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.config/autostart | 20 | allow ${HOME}/.config/autostart |
21 | whitelist ${HOME}/.config/Gitter | 21 | allow ${HOME}/.config/Gitter |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-a-l/gjs.profile b/etc/profile-a-l/gjs.profile index ed68b3c2d..e00bb1dbf 100644 --- a/etc/profile-a-l/gjs.profile +++ b/etc/profile-a-l/gjs.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/libgweather | 11 | nodeny ${HOME}/.cache/libgweather |
12 | noblacklist ${HOME}/.cache/org.gnome.Books | 12 | nodeny ${HOME}/.cache/org.gnome.Books |
13 | noblacklist ${HOME}/.config/libreoffice | 13 | nodeny ${HOME}/.config/libreoffice |
14 | noblacklist ${HOME}/.local/share/gnome-photos | 14 | nodeny ${HOME}/.local/share/gnome-photos |
15 | 15 | ||
16 | # Allow gjs (blacklisted by disable-interpreters.inc) | 16 | # Allow gjs (blacklisted by disable-interpreters.inc) |
17 | include allow-gjs.inc | 17 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gl-117.profile b/etc/profile-a-l/gl-117.profile index c8cefc67e..a3236c2be 100644 --- a/etc/profile-a-l/gl-117.profile +++ b/etc/profile-a-l/gl-117.profile | |||
@@ -6,7 +6,7 @@ include gl-117.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gl-117 | 9 | nodeny ${HOME}/.gl-117 |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.gl-117 | 20 | mkdir ${HOME}/.gl-117 |
21 | whitelist ${HOME}/.gl-117 | 21 | allow ${HOME}/.gl-117 |
22 | whitelist /usr/share/gl-117 | 22 | allow /usr/share/gl-117 |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/glaxium.profile b/etc/profile-a-l/glaxium.profile index ee7af0546..ec894a5f3 100644 --- a/etc/profile-a-l/glaxium.profile +++ b/etc/profile-a-l/glaxium.profile | |||
@@ -6,7 +6,7 @@ include glaxium.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.glaxiumrc | 9 | nodeny ${HOME}/.glaxiumrc |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/.glaxiumrc | 20 | mkfile ${HOME}/.glaxiumrc |
21 | whitelist ${HOME}/.glaxiumrc | 21 | allow ${HOME}/.glaxiumrc |
22 | whitelist /usr/share/glaxium | 22 | allow /usr/share/glaxium |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/globaltime.profile b/etc/profile-a-l/globaltime.profile index 14b3ef811..e091b811f 100644 --- a/etc/profile-a-l/globaltime.profile +++ b/etc/profile-a-l/globaltime.profile | |||
@@ -5,7 +5,7 @@ include globaltime.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/globaltime | 8 | nodeny ${HOME}/.config/globaltime |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gmpc.profile b/etc/profile-a-l/gmpc.profile index b3aad8b2c..79397d28f 100644 --- a/etc/profile-a-l/gmpc.profile +++ b/etc/profile-a-l/gmpc.profile | |||
@@ -6,8 +6,8 @@ include gmpc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gmpc | 9 | nodeny ${HOME}/.config/gmpc |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-programs.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/gmpc | 20 | mkdir ${HOME}/.config/gmpc |
21 | whitelist ${HOME}/.config/gmpc | 21 | allow ${HOME}/.config/gmpc |
22 | whitelist ${MUSIC} | 22 | allow ${MUSIC} |
23 | whitelist /usr/share/gmpc | 23 | allow /usr/share/gmpc |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-2048.profile b/etc/profile-a-l/gnome-2048.profile index 777c81dbe..c723f6e46 100644 --- a/etc/profile-a-l/gnome-2048.profile +++ b/etc/profile-a-l/gnome-2048.profile | |||
@@ -6,10 +6,10 @@ include gnome-2048.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-2048 | 9 | nodeny ${HOME}/.local/share/gnome-2048 |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-2048 | 11 | mkdir ${HOME}/.local/share/gnome-2048 |
12 | whitelist ${HOME}/.local/share/gnome-2048 | 12 | allow ${HOME}/.local/share/gnome-2048 |
13 | 13 | ||
14 | private-bin gnome-2048 | 14 | private-bin gnome-2048 |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-books.profile b/etc/profile-a-l/gnome-books.profile index 34a7f557c..2ed5fa76b 100644 --- a/etc/profile-a-l/gnome-books.profile +++ b/etc/profile-a-l/gnome-books.profile | |||
@@ -7,8 +7,8 @@ include globals.local | |||
7 | 7 | ||
8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 8 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/org.gnome.Books | 10 | nodeny ${HOME}/.cache/org.gnome.Books |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | 13 | # Allow gjs (blacklisted by disable-interpreters.inc) |
14 | include allow-gjs.inc | 14 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnome-builder.profile b/etc/profile-a-l/gnome-builder.profile index 37ca5aeff..7dd1c6e22 100644 --- a/etc/profile-a-l/gnome-builder.profile +++ b/etc/profile-a-l/gnome-builder.profile | |||
@@ -6,11 +6,11 @@ include gnome-builder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.bash_history | 9 | nodeny ${HOME}/.bash_history |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/gnome-builder | 11 | nodeny ${HOME}/.cache/gnome-builder |
12 | noblacklist ${HOME}/.config/gnome-builder | 12 | nodeny ${HOME}/.config/gnome-builder |
13 | noblacklist ${HOME}/.local/share/gnome-builder | 13 | nodeny ${HOME}/.local/share/gnome-builder |
14 | 14 | ||
15 | # Allows files commonly used by IDEs | 15 | # Allows files commonly used by IDEs |
16 | include allow-common-devel.inc | 16 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/gnome-calendar.profile b/etc/profile-a-l/gnome-calendar.profile index eaf25b177..d91fbaa4b 100644 --- a/etc/profile-a-l/gnome-calendar.profile +++ b/etc/profile-a-l/gnome-calendar.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/libgweather | 18 | allow /usr/share/libgweather |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
@@ -46,7 +46,7 @@ private | |||
46 | private-bin gnome-calendar | 46 | private-bin gnome-calendar |
47 | private-cache | 47 | private-cache |
48 | private-dev | 48 | private-dev |
49 | private-etc ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,nsswitch.conf,pki,resolv.conf,ssl | 49 | private-etc ca-certificates,crypto-policies,dconf,fonts,gtk-3.0,localtime,nsswitch.conf,pki,resolv.conf,ssl |
50 | private-tmp | 50 | private-tmp |
51 | 51 | ||
52 | dbus-user filter | 52 | dbus-user filter |
diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile index 741fe9bf7..806d7e571 100644 --- a/etc/profile-a-l/gnome-characters.profile +++ b/etc/profile-a-l/gnome-characters.profile | |||
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist /usr/share/org.gnome.Characters | 21 | allow /usr/share/org.gnome.Characters |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile index bd39f625c..095210565 100644 --- a/etc/profile-a-l/gnome-chess.profile +++ b/etc/profile-a-l/gnome-chess.profile | |||
@@ -6,8 +6,8 @@ include gnome-chess.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnome-chess | 9 | nodeny ${HOME}/.config/gnome-chess |
10 | noblacklist ${HOME}/.local/share/gnome-chess | 10 | nodeny ${HOME}/.local/share/gnome-chess |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | #whitelist ${HOME}/.local/share/gnome-chess | 22 | #whitelist ${HOME}/.local/share/gnome-chess |
23 | #include whitelist-common.inc | 23 | #include whitelist-common.inc |
24 | 24 | ||
25 | whitelist /usr/share/gnuchess | 25 | allow /usr/share/gnuchess |
26 | whitelist /usr/share/gnome-chess | 26 | allow /usr/share/gnome-chess |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-clocks.profile b/etc/profile-a-l/gnome-clocks.profile index 1e7c70b84..7e2d458fd 100644 --- a/etc/profile-a-l/gnome-clocks.profile +++ b/etc/profile-a-l/gnome-clocks.profile | |||
@@ -15,8 +15,8 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/gnome-clocks | 18 | allow /usr/share/gnome-clocks |
19 | whitelist /usr/share/libgweather | 19 | allow /usr/share/libgweather |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-contacts.profile b/etc/profile-a-l/gnome-contacts.profile index dcc6163b6..7902fa169 100644 --- a/etc/profile-a-l/gnome-contacts.profile +++ b/etc/profile-a-l/gnome-contacts.profile | |||
@@ -6,7 +6,7 @@ include gnome-contacts.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-documents.profile b/etc/profile-a-l/gnome-documents.profile index 29ad67af8..0f601149f 100644 --- a/etc/profile-a-l/gnome-documents.profile +++ b/etc/profile-a-l/gnome-documents.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/libreoffice | 11 | nodeny ${HOME}/.config/libreoffice |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | # Allow gjs (blacklisted by disable-interpreters.inc) | 14 | # Allow gjs (blacklisted by disable-interpreters.inc) |
15 | include allow-gjs.inc | 15 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile index 2db956faf..50c3e2c6f 100644 --- a/etc/profile-a-l/gnome-hexgl.profile +++ b/etc/profile-a-l/gnome-hexgl.profile | |||
@@ -16,7 +16,7 @@ include disable-shell.inc | |||
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/mesa_shader_cache | 18 | mkdir ${HOME}/.cache/mesa_shader_cache |
19 | whitelist /usr/share/gnome-hexgl | 19 | allow /usr/share/gnome-hexgl |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-keyring.profile b/etc/profile-a-l/gnome-keyring.profile index 25b4c47de..62a5a34ea 100644 --- a/etc/profile-a-l/gnome-keyring.profile +++ b/etc/profile-a-l/gnome-keyring.profile | |||
@@ -7,7 +7,7 @@ include gnome-keyring.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.gnupg | 10 | nodeny ${HOME}/.gnupg |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,12 +18,12 @@ include disable-programs.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.gnupg | 20 | mkdir ${HOME}/.gnupg |
21 | whitelist ${HOME}/.gnupg | 21 | allow ${HOME}/.gnupg |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist ${RUNUSER}/gnupg | 23 | allow ${RUNUSER}/gnupg |
24 | whitelist ${RUNUSER}/keyring | 24 | allow ${RUNUSER}/keyring |
25 | whitelist /usr/share/gnupg | 25 | allow /usr/share/gnupg |
26 | whitelist /usr/share/gnupg2 | 26 | allow /usr/share/gnupg2 |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-klotski.profile b/etc/profile-a-l/gnome-klotski.profile index c67a5c0da..ed074f944 100644 --- a/etc/profile-a-l/gnome-klotski.profile +++ b/etc/profile-a-l/gnome-klotski.profile | |||
@@ -6,10 +6,10 @@ include gnome-klotski.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-klotski | 9 | nodeny ${HOME}/.local/share/gnome-klotski |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-klotski | 11 | mkdir ${HOME}/.local/share/gnome-klotski |
12 | whitelist ${HOME}/.local/share/gnome-klotski | 12 | allow ${HOME}/.local/share/gnome-klotski |
13 | 13 | ||
14 | private-bin gnome-klotski | 14 | private-bin gnome-klotski |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-latex.profile b/etc/profile-a-l/gnome-latex.profile index 1a7eafeca..4a03a7ff5 100644 --- a/etc/profile-a-l/gnome-latex.profile +++ b/etc/profile-a-l/gnome-latex.profile | |||
@@ -6,8 +6,8 @@ include gnome-latex.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnome-latex | 9 | nodeny ${HOME}/.config/gnome-latex |
10 | noblacklist ${HOME}/.local/share/gnome-latex | 10 | nodeny ${HOME}/.local/share/gnome-latex |
11 | 11 | ||
12 | # Allow perl (blacklisted by disable-interpreters.inc) | 12 | # Allow perl (blacklisted by disable-interpreters.inc) |
13 | include allow-perl.inc | 13 | include allow-perl.inc |
@@ -19,8 +19,8 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | whitelist /usr/share/gnome-latex | 22 | allow /usr/share/gnome-latex |
23 | whitelist /usr/share/texlive | 23 | allow /usr/share/texlive |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | # May cause issues. | 26 | # May cause issues. |
diff --git a/etc/profile-a-l/gnome-logs.profile b/etc/profile-a-l/gnome-logs.profile index 9d2ea7b7b..fcc02dc76 100644 --- a/etc/profile-a-l/gnome-logs.profile +++ b/etc/profile-a-l/gnome-logs.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /var/log/journal | 18 | allow /var/log/journal |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-mahjongg.profile b/etc/profile-a-l/gnome-mahjongg.profile index 42409dce8..e21f03efe 100644 --- a/etc/profile-a-l/gnome-mahjongg.profile +++ b/etc/profile-a-l/gnome-mahjongg.profile | |||
@@ -6,7 +6,7 @@ include gnome-mahjongg.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | whitelist /usr/share/gnome-mahjongg | 9 | allow /usr/share/gnome-mahjongg |
10 | 10 | ||
11 | private-bin gnome-mahjongg | 11 | private-bin gnome-mahjongg |
12 | 12 | ||
diff --git a/etc/profile-a-l/gnome-maps.profile b/etc/profile-a-l/gnome-maps.profile index 23aab343f..cf4eceee3 100644 --- a/etc/profile-a-l/gnome-maps.profile +++ b/etc/profile-a-l/gnome-maps.profile | |||
@@ -11,14 +11,14 @@ include globals.local | |||
11 | 11 | ||
12 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 12 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
13 | 13 | ||
14 | noblacklist ${HOME}/.cache/champlain | 14 | nodeny ${HOME}/.cache/champlain |
15 | noblacklist ${HOME}/.cache/org.gnome.Maps | 15 | nodeny ${HOME}/.cache/org.gnome.Maps |
16 | noblacklist ${HOME}/.local/share/maps-places.json | 16 | nodeny ${HOME}/.local/share/maps-places.json |
17 | 17 | ||
18 | # Allow gjs (blacklisted by disable-interpreters.inc) | 18 | # Allow gjs (blacklisted by disable-interpreters.inc) |
19 | include allow-gjs.inc | 19 | include allow-gjs.inc |
20 | 20 | ||
21 | blacklist /usr/libexec | 21 | deny /usr/libexec |
22 | 22 | ||
23 | include disable-common.inc | 23 | include disable-common.inc |
24 | include disable-devel.inc | 24 | include disable-devel.inc |
@@ -31,12 +31,12 @@ include disable-xdg.inc | |||
31 | 31 | ||
32 | mkdir ${HOME}/.cache/champlain | 32 | mkdir ${HOME}/.cache/champlain |
33 | mkfile ${HOME}/.local/share/maps-places.json | 33 | mkfile ${HOME}/.local/share/maps-places.json |
34 | whitelist ${HOME}/.cache/champlain | 34 | allow ${HOME}/.cache/champlain |
35 | whitelist ${HOME}/.local/share/maps-places.json | 35 | allow ${HOME}/.local/share/maps-places.json |
36 | whitelist ${DOWNLOADS} | 36 | allow ${DOWNLOADS} |
37 | whitelist ${PICTURES} | 37 | allow ${PICTURES} |
38 | whitelist /usr/share/gnome-maps | 38 | allow /usr/share/gnome-maps |
39 | whitelist /usr/share/libgweather | 39 | allow /usr/share/libgweather |
40 | include whitelist-common.inc | 40 | include whitelist-common.inc |
41 | include whitelist-runuser-common.inc | 41 | include whitelist-runuser-common.inc |
42 | include whitelist-usr-share-common.inc | 42 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-mines.profile b/etc/profile-a-l/gnome-mines.profile index 4fe8986c2..1b2949bc5 100644 --- a/etc/profile-a-l/gnome-mines.profile +++ b/etc/profile-a-l/gnome-mines.profile | |||
@@ -6,11 +6,11 @@ include gnome-mines.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-mines | 9 | nodeny ${HOME}/.local/share/gnome-mines |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-mines | 11 | mkdir ${HOME}/.local/share/gnome-mines |
12 | whitelist ${HOME}/.local/share/gnome-mines | 12 | allow ${HOME}/.local/share/gnome-mines |
13 | whitelist /usr/share/gnome-mines | 13 | allow /usr/share/gnome-mines |
14 | 14 | ||
15 | private-bin gnome-mines | 15 | private-bin gnome-mines |
16 | 16 | ||
diff --git a/etc/profile-a-l/gnome-mplayer.profile b/etc/profile-a-l/gnome-mplayer.profile index 43fe71f5e..c1cbc796a 100644 --- a/etc/profile-a-l/gnome-mplayer.profile +++ b/etc/profile-a-l/gnome-mplayer.profile | |||
@@ -6,9 +6,9 @@ include gnome-mplayer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnome-mplayer | 9 | nodeny ${HOME}/.config/gnome-mplayer |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-music.profile b/etc/profile-a-l/gnome-music.profile index 2fcbe9910..8fd0826c4 100644 --- a/etc/profile-a-l/gnome-music.profile +++ b/etc/profile-a-l/gnome-music.profile | |||
@@ -6,8 +6,8 @@ include gnome-music.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-music | 9 | nodeny ${HOME}/.local/share/gnome-music |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/gnome-nettool.profile b/etc/profile-a-l/gnome-nettool.profile index 814751db3..a929582f8 100644 --- a/etc/profile-a-l/gnome-nettool.profile +++ b/etc/profile-a-l/gnome-nettool.profile | |||
@@ -14,7 +14,7 @@ include disable-passwdmgr.inc | |||
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | include disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | whitelist /usr/share/gnome-nettool | 17 | allow /usr/share/gnome-nettool |
18 | #include whitelist-common.inc -- see #903 | 18 | #include whitelist-common.inc -- see #903 |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-nibbles.profile b/etc/profile-a-l/gnome-nibbles.profile index b22810d34..d4c037a41 100644 --- a/etc/profile-a-l/gnome-nibbles.profile +++ b/etc/profile-a-l/gnome-nibbles.profile | |||
@@ -9,11 +9,11 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | noblacklist ${HOME}/.local/share/gnome-nibbles | 12 | nodeny ${HOME}/.local/share/gnome-nibbles |
13 | 13 | ||
14 | mkdir ${HOME}/.local/share/gnome-nibbles | 14 | mkdir ${HOME}/.local/share/gnome-nibbles |
15 | whitelist ${HOME}/.local/share/gnome-nibbles | 15 | allow ${HOME}/.local/share/gnome-nibbles |
16 | whitelist /usr/share/gnome-nibbles | 16 | allow /usr/share/gnome-nibbles |
17 | 17 | ||
18 | private-bin gnome-nibbles | 18 | private-bin gnome-nibbles |
19 | 19 | ||
diff --git a/etc/profile-a-l/gnome-passwordsafe.profile b/etc/profile-a-l/gnome-passwordsafe.profile index fee5f88b9..d2cf828cc 100644 --- a/etc/profile-a-l/gnome-passwordsafe.profile +++ b/etc/profile-a-l/gnome-passwordsafe.profile | |||
@@ -6,14 +6,14 @@ include gnome-passwordsafe.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${HOME}/*.kdb | 10 | nodeny ${HOME}/*.kdb |
11 | noblacklist ${HOME}/*.kdbx | 11 | nodeny ${HOME}/*.kdbx |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python3.inc | 14 | include allow-python3.inc |
15 | 15 | ||
16 | blacklist /usr/libexec | 16 | deny /usr/libexec |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -24,8 +24,8 @@ include disable-programs.inc | |||
24 | include disable-shell.inc | 24 | include disable-shell.inc |
25 | include disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | whitelist /usr/share/cracklib | 27 | allow /usr/share/cracklib |
28 | whitelist /usr/share/passwordsafe | 28 | allow /usr/share/passwordsafe |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-photos.profile b/etc/profile-a-l/gnome-photos.profile index 58bf3f349..3702da2c7 100644 --- a/etc/profile-a-l/gnome-photos.profile +++ b/etc/profile-a-l/gnome-photos.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | noblacklist ${HOME}/.local/share/gnome-photos | 11 | nodeny ${HOME}/.local/share/gnome-photos |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-pie.profile b/etc/profile-a-l/gnome-pie.profile index 41903b136..e9ae2bcb0 100644 --- a/etc/profile-a-l/gnome-pie.profile +++ b/etc/profile-a-l/gnome-pie.profile | |||
@@ -6,7 +6,7 @@ include gnome-pie.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnome-pie | 9 | nodeny ${HOME}/.config/gnome-pie |
10 | 10 | ||
11 | #include disable-common.inc | 11 | #include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-pomodoro.profile b/etc/profile-a-l/gnome-pomodoro.profile index c2ba7556d..bec23910c 100644 --- a/etc/profile-a-l/gnome-pomodoro.profile +++ b/etc/profile-a-l/gnome-pomodoro.profile | |||
@@ -6,7 +6,7 @@ include gnome-pomodoro.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-pomodoro | 9 | nodeny ${HOME}/.local/share/gnome-pomodoro |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.local/share/gnome-pomodoro | 19 | mkdir ${HOME}/.local/share/gnome-pomodoro |
20 | whitelist ${HOME}/.local/share/gnome-pomodoro | 20 | allow ${HOME}/.local/share/gnome-pomodoro |
21 | whitelist /usr/share/gnome-pomodoro | 21 | allow /usr/share/gnome-pomodoro |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/gnome-recipes.profile b/etc/profile-a-l/gnome-recipes.profile index 48c98ebe0..5ef33fdd8 100644 --- a/etc/profile-a-l/gnome-recipes.profile +++ b/etc/profile-a-l/gnome-recipes.profile | |||
@@ -7,8 +7,8 @@ include gnome-recipes.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/gnome-recipes | 10 | nodeny ${HOME}/.cache/gnome-recipes |
11 | noblacklist ${HOME}/.local/share/gnome-recipes | 11 | nodeny ${HOME}/.local/share/gnome-recipes |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-shell.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.cache/gnome-recipes | 21 | mkdir ${HOME}/.cache/gnome-recipes |
22 | mkdir ${HOME}/.local/share/gnome-recipes | 22 | mkdir ${HOME}/.local/share/gnome-recipes |
23 | whitelist ${HOME}/.cache/gnome-recipes | 23 | allow ${HOME}/.cache/gnome-recipes |
24 | whitelist ${HOME}/.local/share/gnome-recipes | 24 | allow ${HOME}/.local/share/gnome-recipes |
25 | whitelist /usr/share/gnome-recipes | 25 | allow /usr/share/gnome-recipes |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-ring.profile b/etc/profile-a-l/gnome-ring.profile index 78ceb9c4f..b34d264f4 100644 --- a/etc/profile-a-l/gnome-ring.profile +++ b/etc/profile-a-l/gnome-ring.profile | |||
@@ -5,7 +5,7 @@ include gnome-ring.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.local/share/gnome-ring | 8 | nodeny ${HOME}/.local/share/gnome-ring |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-robots.profile b/etc/profile-a-l/gnome-robots.profile index 8835f2b93..836d4e2b2 100644 --- a/etc/profile-a-l/gnome-robots.profile +++ b/etc/profile-a-l/gnome-robots.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | whitelist /usr/share/gnome-robots | 12 | allow /usr/share/gnome-robots |
13 | 13 | ||
14 | private-bin gnome-robots | 14 | private-bin gnome-robots |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-schedule.profile b/etc/profile-a-l/gnome-schedule.profile index 69c90b33d..146f8bc4e 100644 --- a/etc/profile-a-l/gnome-schedule.profile +++ b/etc/profile-a-l/gnome-schedule.profile | |||
@@ -6,17 +6,17 @@ include gnome-schedule.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gnome/gnome-schedule | 9 | nodeny ${HOME}/.gnome/gnome-schedule |
10 | 10 | ||
11 | # Needs at and crontab to read/write user cron | 11 | # Needs at and crontab to read/write user cron |
12 | noblacklist ${PATH}/at | 12 | nodeny ${PATH}/at |
13 | noblacklist ${PATH}/crontab | 13 | nodeny ${PATH}/crontab |
14 | 14 | ||
15 | # Needs access to these files/dirs | 15 | # Needs access to these files/dirs |
16 | noblacklist /etc/cron.allow | 16 | nodeny /etc/cron.allow |
17 | noblacklist /etc/cron.deny | 17 | nodeny /etc/cron.deny |
18 | noblacklist /etc/shadow | 18 | nodeny /etc/shadow |
19 | noblacklist /var/spool/cron | 19 | nodeny /var/spool/cron |
20 | 20 | ||
21 | # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc) | 21 | # cron job testing needs a terminal, resulting in sandbox escape (see disable-common.inc) |
22 | # add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality | 22 | # add 'noblacklist ${PATH}/your-terminal' to gnome-schedule.local if you need that functionality |
@@ -34,10 +34,10 @@ include disable-programs.inc | |||
34 | include disable-xdg.inc | 34 | include disable-xdg.inc |
35 | 35 | ||
36 | mkfile ${HOME}/.gnome/gnome-schedule | 36 | mkfile ${HOME}/.gnome/gnome-schedule |
37 | whitelist ${HOME}/.gnome/gnome-schedule | 37 | allow ${HOME}/.gnome/gnome-schedule |
38 | whitelist /usr/share/gnome-schedule | 38 | allow /usr/share/gnome-schedule |
39 | whitelist /var/spool/atd | 39 | allow /var/spool/atd |
40 | whitelist /var/spool/cron | 40 | allow /var/spool/cron |
41 | include whitelist-common.inc | 41 | include whitelist-common.inc |
42 | include whitelist-runuser-common.inc | 42 | include whitelist-runuser-common.inc |
43 | include whitelist-usr-share-common.inc | 43 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnome-screenshot.profile b/etc/profile-a-l/gnome-screenshot.profile index b683b6f6c..175549e99 100644 --- a/etc/profile-a-l/gnome-screenshot.profile +++ b/etc/profile-a-l/gnome-screenshot.profile | |||
@@ -6,8 +6,8 @@ include gnome-screenshot.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | noblacklist ${HOME}/.cache/gnome-screenshot | 10 | nodeny ${HOME}/.cache/gnome-screenshot |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gnome-sound-recorder.profile b/etc/profile-a-l/gnome-sound-recorder.profile index 34f5fdeff..c2fb14fa4 100644 --- a/etc/profile-a-l/gnome-sound-recorder.profile +++ b/etc/profile-a-l/gnome-sound-recorder.profile | |||
@@ -6,8 +6,8 @@ include gnome-sound-recorder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | noblacklist ${HOME}/.local/share/Trash | 10 | nodeny ${HOME}/.local/share/Trash |
11 | 11 | ||
12 | # Allow gjs (blacklisted by disable-interpreters.inc) | 12 | # Allow gjs (blacklisted by disable-interpreters.inc) |
13 | include allow-gjs.inc | 13 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnome-sudoku.profile b/etc/profile-a-l/gnome-sudoku.profile index 12fd48a86..3b7835e52 100644 --- a/etc/profile-a-l/gnome-sudoku.profile +++ b/etc/profile-a-l/gnome-sudoku.profile | |||
@@ -6,10 +6,10 @@ include gnome-sudoku.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/gnome-sudoku | 9 | nodeny ${HOME}/.local/share/gnome-sudoku |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/gnome-sudoku | 11 | mkdir ${HOME}/.local/share/gnome-sudoku |
12 | whitelist ${HOME}/.local/share/gnome-sudoku | 12 | allow ${HOME}/.local/share/gnome-sudoku |
13 | 13 | ||
14 | private-bin gnome-sudoku | 14 | private-bin gnome-sudoku |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-system-log.profile b/etc/profile-a-l/gnome-system-log.profile index 8a818695d..6978f7cab 100644 --- a/etc/profile-a-l/gnome-system-log.profile +++ b/etc/profile-a-l/gnome-system-log.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /var/log | 18 | allow /var/log |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gnome-taquin.profile b/etc/profile-a-l/gnome-taquin.profile index 2341334f7..ac87cf70f 100644 --- a/etc/profile-a-l/gnome-taquin.profile +++ b/etc/profile-a-l/gnome-taquin.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore machine-id | 9 | ignore machine-id |
10 | ignore nosound | 10 | ignore nosound |
11 | 11 | ||
12 | whitelist /usr/share/gnome-taquin | 12 | allow /usr/share/gnome-taquin |
13 | 13 | ||
14 | private-bin gnome-taquin | 14 | private-bin gnome-taquin |
15 | 15 | ||
diff --git a/etc/profile-a-l/gnome-todo.profile b/etc/profile-a-l/gnome-todo.profile index 3b147cd48..092fd58a3 100644 --- a/etc/profile-a-l/gnome-todo.profile +++ b/etc/profile-a-l/gnome-todo.profile | |||
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist /usr/share/gnome-todo | 21 | allow /usr/share/gnome-todo |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/gnome-twitch.profile b/etc/profile-a-l/gnome-twitch.profile index b8ec195d3..d76872ea6 100644 --- a/etc/profile-a-l/gnome-twitch.profile +++ b/etc/profile-a-l/gnome-twitch.profile | |||
@@ -6,8 +6,8 @@ include gnome-twitch.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/gnome-twitch | 9 | nodeny ${HOME}/.cache/gnome-twitch |
10 | noblacklist ${HOME}/.local/share/gnome-twitch | 10 | nodeny ${HOME}/.local/share/gnome-twitch |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.cache/gnome-twitch | 19 | mkdir ${HOME}/.cache/gnome-twitch |
20 | mkdir ${HOME}/.local/share/gnome-twitch | 20 | mkdir ${HOME}/.local/share/gnome-twitch |
21 | whitelist ${HOME}/.cache/gnome-twitch | 21 | allow ${HOME}/.cache/gnome-twitch |
22 | whitelist ${HOME}/.local/share/gnome-twitch | 22 | allow ${HOME}/.local/share/gnome-twitch |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-a-l/gnome-weather.profile b/etc/profile-a-l/gnome-weather.profile index 2e08fa41d..6f557ff8d 100644 --- a/etc/profile-a-l/gnome-weather.profile +++ b/etc/profile-a-l/gnome-weather.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them | 9 | # when gjs apps are started via gnome-shell, firejail is not applied because systemd will start them |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/libgweather | 11 | nodeny ${HOME}/.cache/libgweather |
12 | 12 | ||
13 | # Allow gjs (blacklisted by disable-interpreters.inc) | 13 | # Allow gjs (blacklisted by disable-interpreters.inc) |
14 | include allow-gjs.inc | 14 | include allow-gjs.inc |
diff --git a/etc/profile-a-l/gnote.profile b/etc/profile-a-l/gnote.profile index c3014a288..261efefac 100644 --- a/etc/profile-a-l/gnote.profile +++ b/etc/profile-a-l/gnote.profile | |||
@@ -6,8 +6,8 @@ include gnote.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gnote | 9 | nodeny ${HOME}/.config/gnote |
10 | noblacklist ${HOME}/.local/share/gnote | 10 | nodeny ${HOME}/.local/share/gnote |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.config/gnote | 21 | mkdir ${HOME}/.config/gnote |
22 | mkdir ${HOME}/.local/share/gnote | 22 | mkdir ${HOME}/.local/share/gnote |
23 | whitelist ${HOME}/.config/gnote | 23 | allow ${HOME}/.config/gnote |
24 | whitelist ${HOME}/.local/share/gnote | 24 | allow ${HOME}/.local/share/gnote |
25 | whitelist /usr/share/gnote | 25 | allow /usr/share/gnote |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gnubik.profile b/etc/profile-a-l/gnubik.profile index 22851ce9f..e6fbca26f 100644 --- a/etc/profile-a-l/gnubik.profile +++ b/etc/profile-a-l/gnubik.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/gnubik | 18 | allow /usr/share/gnubik |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/godot.profile b/etc/profile-a-l/godot.profile index 09ca17caa..f35a53ca4 100644 --- a/etc/profile-a-l/godot.profile +++ b/etc/profile-a-l/godot.profile | |||
@@ -6,9 +6,9 @@ include godot.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/godot | 9 | nodeny ${HOME}/.cache/godot |
10 | noblacklist ${HOME}/.config/godot | 10 | nodeny ${HOME}/.config/godot |
11 | noblacklist ${HOME}/.local/share/godot | 11 | nodeny ${HOME}/.local/share/godot |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/goobox.profile b/etc/profile-a-l/goobox.profile index 8399d77c4..95dd41c2a 100644 --- a/etc/profile-a-l/goobox.profile +++ b/etc/profile-a-l/goobox.profile | |||
@@ -6,7 +6,7 @@ include goobox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/google-chrome-beta.profile b/etc/profile-a-l/google-chrome-beta.profile index ebe5e870b..07f0e587d 100644 --- a/etc/profile-a-l/google-chrome-beta.profile +++ b/etc/profile-a-l/google-chrome-beta.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/google-chrome-beta | 13 | nodeny ${HOME}/.cache/google-chrome-beta |
14 | noblacklist ${HOME}/.config/google-chrome-beta | 14 | nodeny ${HOME}/.config/google-chrome-beta |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/chrome-beta-flags.conf | 16 | nodeny ${HOME}/.config/chrome-beta-flags.conf |
17 | noblacklist ${HOME}/.config/chrome-beta-flags.config | 17 | nodeny ${HOME}/.config/chrome-beta-flags.config |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/google-chrome-beta | 19 | mkdir ${HOME}/.cache/google-chrome-beta |
20 | mkdir ${HOME}/.config/google-chrome-beta | 20 | mkdir ${HOME}/.config/google-chrome-beta |
21 | whitelist ${HOME}/.cache/google-chrome-beta | 21 | allow ${HOME}/.cache/google-chrome-beta |
22 | whitelist ${HOME}/.config/google-chrome-beta | 22 | allow ${HOME}/.config/google-chrome-beta |
23 | 23 | ||
24 | whitelist ${HOME}/.config/chrome-beta-flags.conf | 24 | allow ${HOME}/.config/chrome-beta-flags.conf |
25 | whitelist ${HOME}/.config/chrome-beta-flags.config | 25 | allow ${HOME}/.config/chrome-beta-flags.config |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-a-l/google-chrome-unstable.profile b/etc/profile-a-l/google-chrome-unstable.profile index 4d303f71b..229904411 100644 --- a/etc/profile-a-l/google-chrome-unstable.profile +++ b/etc/profile-a-l/google-chrome-unstable.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/google-chrome-unstable | 13 | nodeny ${HOME}/.cache/google-chrome-unstable |
14 | noblacklist ${HOME}/.config/google-chrome-unstable | 14 | nodeny ${HOME}/.config/google-chrome-unstable |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/chrome-unstable-flags.conf | 16 | nodeny ${HOME}/.config/chrome-unstable-flags.conf |
17 | noblacklist ${HOME}/.config/chrome-unstable-flags.config | 17 | nodeny ${HOME}/.config/chrome-unstable-flags.config |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/google-chrome-unstable | 19 | mkdir ${HOME}/.cache/google-chrome-unstable |
20 | mkdir ${HOME}/.config/google-chrome-unstable | 20 | mkdir ${HOME}/.config/google-chrome-unstable |
21 | whitelist ${HOME}/.cache/google-chrome-unstable | 21 | allow ${HOME}/.cache/google-chrome-unstable |
22 | whitelist ${HOME}/.config/google-chrome-unstable | 22 | allow ${HOME}/.config/google-chrome-unstable |
23 | 23 | ||
24 | whitelist ${HOME}/.config/chrome-unstable-flags.conf | 24 | allow ${HOME}/.config/chrome-unstable-flags.conf |
25 | whitelist ${HOME}/.config/chrome-unstable-flags.config | 25 | allow ${HOME}/.config/chrome-unstable-flags.config |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-a-l/google-chrome.profile b/etc/profile-a-l/google-chrome.profile index ed2595f72..f61642f17 100644 --- a/etc/profile-a-l/google-chrome.profile +++ b/etc/profile-a-l/google-chrome.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/google-chrome | 13 | nodeny ${HOME}/.cache/google-chrome |
14 | noblacklist ${HOME}/.config/google-chrome | 14 | nodeny ${HOME}/.config/google-chrome |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/chrome-flags.conf | 16 | nodeny ${HOME}/.config/chrome-flags.conf |
17 | noblacklist ${HOME}/.config/chrome-flags.config | 17 | nodeny ${HOME}/.config/chrome-flags.config |
18 | 18 | ||
19 | mkdir ${HOME}/.cache/google-chrome | 19 | mkdir ${HOME}/.cache/google-chrome |
20 | mkdir ${HOME}/.config/google-chrome | 20 | mkdir ${HOME}/.config/google-chrome |
21 | whitelist ${HOME}/.cache/google-chrome | 21 | allow ${HOME}/.cache/google-chrome |
22 | whitelist ${HOME}/.config/google-chrome | 22 | allow ${HOME}/.config/google-chrome |
23 | 23 | ||
24 | whitelist ${HOME}/.config/chrome-flags.conf | 24 | allow ${HOME}/.config/chrome-flags.conf |
25 | whitelist ${HOME}/.config/chrome-flags.config | 25 | allow ${HOME}/.config/chrome-flags.config |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-a-l/google-earth.profile b/etc/profile-a-l/google-earth.profile index 65ac04771..6039f7cbd 100644 --- a/etc/profile-a-l/google-earth.profile +++ b/etc/profile-a-l/google-earth.profile | |||
@@ -5,8 +5,8 @@ include google-earth.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Google | 8 | nodeny ${HOME}/.config/Google |
9 | noblacklist ${HOME}/.googleearth | 9 | nodeny ${HOME}/.googleearth |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | 17 | ||
18 | mkdir ${HOME}/.config/Google | 18 | mkdir ${HOME}/.config/Google |
19 | mkdir ${HOME}/.googleearth | 19 | mkdir ${HOME}/.googleearth |
20 | whitelist ${HOME}/.config/Google | 20 | allow ${HOME}/.config/Google |
21 | whitelist ${HOME}/.googleearth | 21 | allow ${HOME}/.googleearth |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-a-l/google-play-music-desktop-player.profile b/etc/profile-a-l/google-play-music-desktop-player.profile index a7aabe105..fdb65b93c 100644 --- a/etc/profile-a-l/google-play-music-desktop-player.profile +++ b/etc/profile-a-l/google-play-music-desktop-player.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | # noexec /tmp breaks mpris support | 8 | # noexec /tmp breaks mpris support |
9 | ignore noexec /tmp | 9 | ignore noexec /tmp |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/Google Play Music Desktop Player | 11 | nodeny ${HOME}/.config/Google Play Music Desktop Player |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,7 +20,7 @@ include disable-programs.inc | |||
20 | mkdir ${HOME}/.config/Google Play Music Desktop Player | 20 | mkdir ${HOME}/.config/Google Play Music Desktop Player |
21 | # whitelist ${HOME}/.config/pulse | 21 | # whitelist ${HOME}/.config/pulse |
22 | # whitelist ${HOME}/.pulse | 22 | # whitelist ${HOME}/.pulse |
23 | whitelist ${HOME}/.config/Google Play Music Desktop Player | 23 | allow ${HOME}/.config/Google Play Music Desktop Player |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile index 2d0bce52b..952c9c1d4 100644 --- a/etc/profile-a-l/googler-common.profile +++ b/etc/profile-a-l/googler-common.profile | |||
@@ -7,10 +7,10 @@ include googler-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | deny ${RUNUSER} |
12 | 12 | ||
13 | noblacklist ${HOME}/.w3m | 13 | nodeny ${HOME}/.w3m |
14 | 14 | ||
15 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 15 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
16 | include allow-bin-sh.inc | 16 | include allow-bin-sh.inc |
@@ -26,7 +26,7 @@ include disable-programs.inc | |||
26 | include disable-shell.inc | 26 | include disable-shell.inc |
27 | include disable-xdg.inc | 27 | include disable-xdg.inc |
28 | 28 | ||
29 | whitelist ${HOME}/.w3m | 29 | allow ${HOME}/.w3m |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
diff --git a/etc/profile-a-l/gpa.profile b/etc/profile-a-l/gpa.profile index 37b4f0b1c..9b8da361b 100644 --- a/etc/profile-a-l/gpa.profile +++ b/etc/profile-a-l/gpa.profile | |||
@@ -6,7 +6,7 @@ include gpa.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gnupg | 9 | nodeny ${HOME}/.gnupg |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gpg-agent.profile b/etc/profile-a-l/gpg-agent.profile index 7f0b614b1..5fa66bb55 100644 --- a/etc/profile-a-l/gpg-agent.profile +++ b/etc/profile-a-l/gpg-agent.profile | |||
@@ -7,10 +7,10 @@ include gpg-agent.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.gnupg | 10 | nodeny ${HOME}/.gnupg |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | deny /tmp/.X11-unix |
13 | blacklist ${RUNUSER}/wayland-* | 13 | deny ${RUNUSER}/wayland-* |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -20,11 +20,11 @@ include disable-programs.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.gnupg | 22 | mkdir ${HOME}/.gnupg |
23 | whitelist ${HOME}/.gnupg | 23 | allow ${HOME}/.gnupg |
24 | whitelist ${RUNUSER}/gnupg | 24 | allow ${RUNUSER}/gnupg |
25 | whitelist ${RUNUSER}/keyring | 25 | allow ${RUNUSER}/keyring |
26 | whitelist /usr/share/gnupg | 26 | allow /usr/share/gnupg |
27 | whitelist /usr/share/gnupg2 | 27 | allow /usr/share/gnupg2 |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gpg.profile b/etc/profile-a-l/gpg.profile index 4a4d6527c..2ad896abe 100644 --- a/etc/profile-a-l/gpg.profile +++ b/etc/profile-a-l/gpg.profile | |||
@@ -7,10 +7,10 @@ include gpg.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.gnupg | 10 | nodeny ${HOME}/.gnupg |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | deny /tmp/.X11-unix |
13 | blacklist ${RUNUSER}/wayland-* | 13 | deny ${RUNUSER}/wayland-* |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -18,11 +18,11 @@ include disable-interpreters.inc | |||
18 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | 20 | ||
21 | whitelist ${RUNUSER}/gnupg | 21 | allow ${RUNUSER}/gnupg |
22 | whitelist ${RUNUSER}/keyring | 22 | allow ${RUNUSER}/keyring |
23 | whitelist /usr/share/gnupg | 23 | allow /usr/share/gnupg |
24 | whitelist /usr/share/gnupg2 | 24 | allow /usr/share/gnupg2 |
25 | whitelist /usr/share/pacman/keyrings | 25 | allow /usr/share/pacman/keyrings |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gpicview.profile b/etc/profile-a-l/gpicview.profile index fa53c26c8..0552dc3d7 100644 --- a/etc/profile-a-l/gpicview.profile +++ b/etc/profile-a-l/gpicview.profile | |||
@@ -6,7 +6,7 @@ include gpicview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gpicview | 9 | nodeny ${HOME}/.config/gpicview |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | whitelist /usr/share/gpicview | 19 | allow /usr/share/gpicview |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/gpredict.profile b/etc/profile-a-l/gpredict.profile index 253d644f1..c9e62a73f 100644 --- a/etc/profile-a-l/gpredict.profile +++ b/etc/profile-a-l/gpredict.profile | |||
@@ -6,7 +6,7 @@ include gpredict.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Gpredict | 9 | nodeny ${HOME}/.config/Gpredict |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.config/Gpredict | 19 | mkdir ${HOME}/.config/Gpredict |
20 | whitelist ${HOME}/.config/Gpredict | 20 | allow ${HOME}/.config/Gpredict |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile index 2b4c536d2..2aebe2338 100644 --- a/etc/profile-a-l/gradio.profile +++ b/etc/profile-a-l/gradio.profile | |||
@@ -5,8 +5,8 @@ include gradio.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/gradio | 8 | nodeny ${HOME}/.cache/gradio |
9 | noblacklist ${HOME}/.local/share/gradio | 9 | nodeny ${HOME}/.local/share/gradio |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-xdg.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.cache/gradio | 19 | mkdir ${HOME}/.cache/gradio |
20 | mkdir ${HOME}/.local/share/gradio | 20 | mkdir ${HOME}/.local/share/gradio |
21 | whitelist ${HOME}/.cache/gradio | 21 | allow ${HOME}/.cache/gradio |
22 | whitelist ${HOME}/.local/share/gradio | 22 | allow ${HOME}/.local/share/gradio |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gramps.profile b/etc/profile-a-l/gramps.profile index c7e0c2977..53f0baccb 100644 --- a/etc/profile-a-l/gramps.profile +++ b/etc/profile-a-l/gramps.profile | |||
@@ -6,7 +6,7 @@ include gramps.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gramps | 9 | nodeny ${HOME}/.gramps |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | #include allow-python2.inc | 12 | #include allow-python2.inc |
@@ -21,7 +21,7 @@ include disable-programs.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.gramps | 23 | mkdir ${HOME}/.gramps |
24 | whitelist ${HOME}/.gramps | 24 | allow ${HOME}/.gramps |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile index 890ba2560..ecc871c2e 100644 --- a/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile +++ b/etc/profile-a-l/gravity-beams-and-evaporating-stars.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/gravity-beams-and-evaporating-stars | 18 | allow /usr/share/gravity-beams-and-evaporating-stars |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gthumb.profile b/etc/profile-a-l/gthumb.profile index 5927e8c4d..9a4f7b4fb 100644 --- a/etc/profile-a-l/gthumb.profile +++ b/etc/profile-a-l/gthumb.profile | |||
@@ -6,9 +6,9 @@ include gthumb.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/gthumb | 9 | nodeny ${HOME}/.config/gthumb |
10 | noblacklist ${HOME}/.Steam | 10 | nodeny ${HOME}/.Steam |
11 | noblacklist ${HOME}/.steam | 11 | nodeny ${HOME}/.steam |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gtk-update-icon-cache.profile b/etc/profile-a-l/gtk-update-icon-cache.profile index c8addae75..d6bb9902a 100644 --- a/etc/profile-a-l/gtk-update-icon-cache.profile +++ b/etc/profile-a-l/gtk-update-icon-cache.profile | |||
@@ -7,7 +7,7 @@ include gtk-update-icon-cache.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gtk2-youtube-viewer.profile b/etc/profile-a-l/gtk2-youtube-viewer.profile index 787c7bd90..8241de43a 100644 --- a/etc/profile-a-l/gtk2-youtube-viewer.profile +++ b/etc/profile-a-l/gtk2-youtube-viewer.profile | |||
@@ -8,8 +8,8 @@ include gtk2-youtube-viewer.local | |||
8 | 8 | ||
9 | ignore quiet | 9 | ignore quiet |
10 | 10 | ||
11 | noblacklist /tmp/.X11-unix | 11 | nodeny /tmp/.X11-unix |
12 | noblacklist ${RUNUSER} | 12 | nodeny ${RUNUSER} |
13 | 13 | ||
14 | include whitelist-runuser-common.inc | 14 | include whitelist-runuser-common.inc |
15 | 15 | ||
diff --git a/etc/profile-a-l/gtk3-youtube-viewer.profile b/etc/profile-a-l/gtk3-youtube-viewer.profile index 988882622..6ea4ebbdc 100644 --- a/etc/profile-a-l/gtk3-youtube-viewer.profile +++ b/etc/profile-a-l/gtk3-youtube-viewer.profile | |||
@@ -8,8 +8,8 @@ include gtk3-youtube-viewer.local | |||
8 | 8 | ||
9 | ignore quiet | 9 | ignore quiet |
10 | 10 | ||
11 | noblacklist /tmp/.X11-unix | 11 | nodeny /tmp/.X11-unix |
12 | noblacklist ${RUNUSER} | 12 | nodeny ${RUNUSER} |
13 | 13 | ||
14 | include whitelist-runuser-common.inc | 14 | include whitelist-runuser-common.inc |
15 | 15 | ||
diff --git a/etc/profile-a-l/guayadeque.profile b/etc/profile-a-l/guayadeque.profile index 3d2b71e9d..731bcad1d 100644 --- a/etc/profile-a-l/guayadeque.profile +++ b/etc/profile-a-l/guayadeque.profile | |||
@@ -5,8 +5,8 @@ include guayadeque.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.guayadeque | 8 | nodeny ${HOME}/.guayadeque |
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gummi.profile b/etc/profile-a-l/gummi.profile index 2223c37a1..5cdc2cc18 100644 --- a/etc/profile-a-l/gummi.profile +++ b/etc/profile-a-l/gummi.profile | |||
@@ -5,8 +5,8 @@ include gummi.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/gummi | 8 | nodeny ${HOME}/.cache/gummi |
9 | noblacklist ${HOME}/.config/gummi | 9 | nodeny ${HOME}/.config/gummi |
10 | 10 | ||
11 | # Allow lua (blacklisted by disable-interpreters.inc) | 11 | # Allow lua (blacklisted by disable-interpreters.inc) |
12 | include allow-lua.inc | 12 | include allow-lua.inc |
diff --git a/etc/profile-a-l/guvcview.profile b/etc/profile-a-l/guvcview.profile index 9221ca31c..3404f5177 100644 --- a/etc/profile-a-l/guvcview.profile +++ b/etc/profile-a-l/guvcview.profile | |||
@@ -6,10 +6,10 @@ include guvcview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/guvcview2 | 9 | nodeny ${HOME}/.config/guvcview2 |
10 | 10 | ||
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | noblacklist ${VIDEOS} | 12 | nodeny ${VIDEOS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -21,9 +21,9 @@ include disable-shell.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.config/guvcview2 | 23 | mkdir ${HOME}/.config/guvcview2 |
24 | whitelist ${HOME}/.config/guvcview2 | 24 | allow ${HOME}/.config/guvcview2 |
25 | whitelist ${PICTURES} | 25 | allow ${PICTURES} |
26 | whitelist ${VIDEOS} | 26 | allow ${VIDEOS} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile index d33e2a673..132b5a2e2 100644 --- a/etc/profile-a-l/gwenview.profile +++ b/etc/profile-a-l/gwenview.profile | |||
@@ -6,17 +6,17 @@ include gwenview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/GIMP | 9 | nodeny ${HOME}/.config/GIMP |
10 | noblacklist ${HOME}/.config/gwenviewrc | 10 | nodeny ${HOME}/.config/gwenviewrc |
11 | noblacklist ${HOME}/.config/org.kde.gwenviewrc | 11 | nodeny ${HOME}/.config/org.kde.gwenviewrc |
12 | noblacklist ${HOME}/.gimp* | 12 | nodeny ${HOME}/.gimp* |
13 | noblacklist ${HOME}/.kde/share/apps/gwenview | 13 | nodeny ${HOME}/.kde/share/apps/gwenview |
14 | noblacklist ${HOME}/.kde/share/config/gwenviewrc | 14 | nodeny ${HOME}/.kde/share/config/gwenviewrc |
15 | noblacklist ${HOME}/.kde4/share/apps/gwenview | 15 | nodeny ${HOME}/.kde4/share/apps/gwenview |
16 | noblacklist ${HOME}/.kde4/share/config/gwenviewrc | 16 | nodeny ${HOME}/.kde4/share/config/gwenviewrc |
17 | noblacklist ${HOME}/.local/share/gwenview | 17 | nodeny ${HOME}/.local/share/gwenview |
18 | noblacklist ${HOME}/.local/share/kxmlgui5/gwenview | 18 | nodeny ${HOME}/.local/share/kxmlgui5/gwenview |
19 | noblacklist ${HOME}/.local/share/org.kde.gwenview | 19 | nodeny ${HOME}/.local/share/org.kde.gwenview |
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-devel.inc | 22 | include disable-devel.inc |
diff --git a/etc/profile-a-l/gzip.profile b/etc/profile-a-l/gzip.profile index b261c16f4..46c98bdc2 100644 --- a/etc/profile-a-l/gzip.profile +++ b/etc/profile-a-l/gzip.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | 9 | ||
10 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop | 10 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop |
11 | # all capabilities this is automatically read-only. | 11 | # all capabilities this is automatically read-only. |
12 | noblacklist /var/lib/pacman | 12 | nodeny /var/lib/pacman |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include archiver-common.profile | 15 | include archiver-common.profile |
diff --git a/etc/profile-a-l/handbrake.profile b/etc/profile-a-l/handbrake.profile index 847e1ec1e..c102ac4cb 100644 --- a/etc/profile-a-l/handbrake.profile +++ b/etc/profile-a-l/handbrake.profile | |||
@@ -6,9 +6,9 @@ include handbrake.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ghb | 9 | nodeny ${HOME}/.config/ghb |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile index aab4b0c21..d98a1b554 100644 --- a/etc/profile-a-l/hashcat.profile +++ b/etc/profile-a-l/hashcat.profile | |||
@@ -7,11 +7,11 @@ include hashcat.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | noblacklist ${HOME}/.hashcat | 12 | nodeny ${HOME}/.hashcat |
13 | noblacklist /usr/include | 13 | nodeny /usr/include |
14 | noblacklist ${DOCUMENTS} | 14 | nodeny ${DOCUMENTS} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile index 44584f26b..1c2a44e06 100644 --- a/etc/profile-a-l/hasher-common.profile +++ b/etc/profile-a-l/hasher-common.profile | |||
@@ -4,7 +4,7 @@ include hasher-common.local | |||
4 | 4 | ||
5 | # common profile for hasher/checksum tools | 5 | # common profile for hasher/checksum tools |
6 | 6 | ||
7 | blacklist ${RUNUSER} | 7 | deny ${RUNUSER} |
8 | 8 | ||
9 | # Comment/uncomment the relevant include file(s) in your hasher-common.local | 9 | # Comment/uncomment the relevant include file(s) in your hasher-common.local |
10 | # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher** | 10 | # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher** |
diff --git a/etc/profile-a-l/hedgewars.profile b/etc/profile-a-l/hedgewars.profile index c0675d8ec..90833af91 100644 --- a/etc/profile-a-l/hedgewars.profile +++ b/etc/profile-a-l/hedgewars.profile | |||
@@ -6,7 +6,7 @@ include hedgewars.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.hedgewars | 9 | nodeny ${HOME}/.hedgewars |
10 | 10 | ||
11 | include allow-lua.inc | 11 | include allow-lua.inc |
12 | 12 | ||
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.hedgewars | 19 | mkdir ${HOME}/.hedgewars |
20 | whitelist ${HOME}/.hedgewars | 20 | allow ${HOME}/.hedgewars |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-a-l/hexchat.profile b/etc/profile-a-l/hexchat.profile index b887de147..993efb591 100644 --- a/etc/profile-a-l/hexchat.profile +++ b/etc/profile-a-l/hexchat.profile | |||
@@ -6,7 +6,7 @@ include hexchat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/hexchat | 9 | nodeny ${HOME}/.config/hexchat |
10 | 10 | ||
11 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 11 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
12 | include allow-bin-sh.inc | 12 | include allow-bin-sh.inc |
@@ -28,7 +28,7 @@ include disable-shell.inc | |||
28 | include disable-xdg.inc | 28 | include disable-xdg.inc |
29 | 29 | ||
30 | mkdir ${HOME}/.config/hexchat | 30 | mkdir ${HOME}/.config/hexchat |
31 | whitelist ${HOME}/.config/hexchat | 31 | allow ${HOME}/.config/hexchat |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile index 643736ac7..53db642dc 100644 --- a/etc/profile-a-l/highlight.profile +++ b/etc/profile-a-l/highlight.profile | |||
@@ -6,7 +6,7 @@ include highlight.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER} | 9 | deny ${RUNUSER} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/homebank.profile b/etc/profile-a-l/homebank.profile index 199b1a5e5..ef259cc00 100644 --- a/etc/profile-a-l/homebank.profile +++ b/etc/profile-a-l/homebank.profile | |||
@@ -6,7 +6,7 @@ include homebank.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/homebank | 9 | nodeny ${HOME}/.config/homebank |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/homebank | 20 | mkdir ${HOME}/.config/homebank |
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | whitelist ${HOME}/.config/homebank | 22 | allow ${HOME}/.config/homebank |
23 | whitelist /usr/share/homebank | 23 | allow /usr/share/homebank |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile index 00d9f7a76..63e1be259 100644 --- a/etc/profile-a-l/host.profile +++ b/etc/profile-a-l/host.profile | |||
@@ -7,8 +7,8 @@ include host.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | noblacklist ${PATH}/host | 11 | nodeny ${PATH}/host |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hugin.profile b/etc/profile-a-l/hugin.profile index 267712c87..db5cd29cc 100644 --- a/etc/profile-a-l/hugin.profile +++ b/etc/profile-a-l/hugin.profile | |||
@@ -6,9 +6,9 @@ include hugin.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.hugin | 9 | nodeny ${HOME}/.hugin |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/hyperrogue.profile b/etc/profile-a-l/hyperrogue.profile index e66ffd7e1..1fb33ceb8 100644 --- a/etc/profile-a-l/hyperrogue.profile +++ b/etc/profile-a-l/hyperrogue.profile | |||
@@ -6,7 +6,7 @@ include hyperrogue.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/hyperrogue.ini | 9 | nodeny ${HOME}/hyperrogue.ini |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/hyperrogue.ini | 20 | mkfile ${HOME}/hyperrogue.ini |
21 | whitelist ${HOME}/hyperrogue.ini | 21 | allow ${HOME}/hyperrogue.ini |
22 | whitelist /usr/share/hyperrogue | 22 | allow /usr/share/hyperrogue |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/i2prouter.profile b/etc/profile-a-l/i2prouter.profile index 47c984175..c8a2e8a04 100644 --- a/etc/profile-a-l/i2prouter.profile +++ b/etc/profile-a-l/i2prouter.profile | |||
@@ -14,12 +14,12 @@ include globals.local | |||
14 | # Only needed when i2prouter binary resides in home directory (official I2P java installer does so). | 14 | # Only needed when i2prouter binary resides in home directory (official I2P java installer does so). |
15 | ignore noexec ${HOME} | 15 | ignore noexec ${HOME} |
16 | 16 | ||
17 | noblacklist ${HOME}/.config/i2p | 17 | nodeny ${HOME}/.config/i2p |
18 | noblacklist ${HOME}/.i2p | 18 | nodeny ${HOME}/.i2p |
19 | noblacklist ${HOME}/.local/share/i2p | 19 | nodeny ${HOME}/.local/share/i2p |
20 | noblacklist ${HOME}/i2p | 20 | nodeny ${HOME}/i2p |
21 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). | 21 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). |
22 | noblacklist /usr/sbin | 22 | nodeny /usr/sbin |
23 | 23 | ||
24 | # Allow java (blacklisted by disable-devel.inc) | 24 | # Allow java (blacklisted by disable-devel.inc) |
25 | include allow-java.inc | 25 | include allow-java.inc |
@@ -36,12 +36,12 @@ mkdir ${HOME}/.config/i2p | |||
36 | mkdir ${HOME}/.i2p | 36 | mkdir ${HOME}/.i2p |
37 | mkdir ${HOME}/.local/share/i2p | 37 | mkdir ${HOME}/.local/share/i2p |
38 | mkdir ${HOME}/i2p | 38 | mkdir ${HOME}/i2p |
39 | whitelist ${HOME}/.config/i2p | 39 | allow ${HOME}/.config/i2p |
40 | whitelist ${HOME}/.i2p | 40 | allow ${HOME}/.i2p |
41 | whitelist ${HOME}/.local/share/i2p | 41 | allow ${HOME}/.local/share/i2p |
42 | whitelist ${HOME}/i2p | 42 | allow ${HOME}/i2p |
43 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). | 43 | # Only needed when wrapper resides in /usr/sbin/ (Ubuntu official I2P PPA package does so). |
44 | whitelist /usr/sbin/wrapper* | 44 | allow /usr/sbin/wrapper* |
45 | 45 | ||
46 | include whitelist-common.inc | 46 | include whitelist-common.inc |
47 | 47 | ||
diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile index e96b1843c..95ddad221 100644 --- a/etc/profile-a-l/i3.profile +++ b/etc/profile-a-l/i3.profile | |||
@@ -7,7 +7,7 @@ include i3.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in i3 will run in this profile | 9 | # all applications started in i3 will run in this profile |
10 | noblacklist ${HOME}/.config/i3 | 10 | nodeny ${HOME}/.config/i3 |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-a-l/icecat.profile b/etc/profile-a-l/icecat.profile index 660343a29..0de2f658b 100644 --- a/etc/profile-a-l/icecat.profile +++ b/etc/profile-a-l/icecat.profile | |||
@@ -5,13 +5,13 @@ include icecat.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/mozilla | 8 | nodeny ${HOME}/.cache/mozilla |
9 | noblacklist ${HOME}/.mozilla | 9 | nodeny ${HOME}/.mozilla |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/mozilla/icecat | 11 | mkdir ${HOME}/.cache/mozilla/icecat |
12 | mkdir ${HOME}/.mozilla | 12 | mkdir ${HOME}/.mozilla |
13 | whitelist ${HOME}/.cache/mozilla/icecat | 13 | allow ${HOME}/.cache/mozilla/icecat |
14 | whitelist ${HOME}/.mozilla | 14 | allow ${HOME}/.mozilla |
15 | 15 | ||
16 | # private-etc must first be enabled in firefox-common.profile | 16 | # private-etc must first be enabled in firefox-common.profile |
17 | #private-etc icecat | 17 | #private-etc icecat |
diff --git a/etc/profile-a-l/icedove.profile b/etc/profile-a-l/icedove.profile index 19690cd5a..0c22d87d0 100644 --- a/etc/profile-a-l/icedove.profile +++ b/etc/profile-a-l/icedove.profile | |||
@@ -9,16 +9,16 @@ include icedove.local | |||
9 | # Users have icedove set to open a browser by clicking a link in an email | 9 | # Users have icedove set to open a browser by clicking a link in an email |
10 | # We are not allowed to blacklist browser-specific directories | 10 | # We are not allowed to blacklist browser-specific directories |
11 | 11 | ||
12 | noblacklist ${HOME}/.cache/icedove | 12 | nodeny ${HOME}/.cache/icedove |
13 | noblacklist ${HOME}/.gnupg | 13 | nodeny ${HOME}/.gnupg |
14 | noblacklist ${HOME}/.icedove | 14 | nodeny ${HOME}/.icedove |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/icedove | 16 | mkdir ${HOME}/.cache/icedove |
17 | mkdir ${HOME}/.gnupg | 17 | mkdir ${HOME}/.gnupg |
18 | mkdir ${HOME}/.icedove | 18 | mkdir ${HOME}/.icedove |
19 | whitelist ${HOME}/.cache/icedove | 19 | allow ${HOME}/.cache/icedove |
20 | whitelist ${HOME}/.gnupg | 20 | allow ${HOME}/.gnupg |
21 | whitelist ${HOME}/.icedove | 21 | allow ${HOME}/.icedove |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | ignore private-tmp | 24 | ignore private-tmp |
diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile index 680b8e777..180b62ec2 100644 --- a/etc/profile-a-l/idea.sh.profile +++ b/etc/profile-a-l/idea.sh.profile | |||
@@ -5,12 +5,12 @@ include idea.sh.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.IdeaIC* | 8 | nodeny ${HOME}/.IdeaIC* |
9 | noblacklist ${HOME}/.android | 9 | nodeny ${HOME}/.android |
10 | noblacklist ${HOME}/.jack-server | 10 | nodeny ${HOME}/.jack-server |
11 | noblacklist ${HOME}/.jack-settings | 11 | nodeny ${HOME}/.jack-settings |
12 | noblacklist ${HOME}/.local/share/JetBrains | 12 | nodeny ${HOME}/.local/share/JetBrains |
13 | noblacklist ${HOME}/.tooling | 13 | nodeny ${HOME}/.tooling |
14 | 14 | ||
15 | # Allows files commonly used by IDEs | 15 | # Allows files commonly used by IDEs |
16 | include allow-common-devel.inc | 16 | include allow-common-devel.inc |
diff --git a/etc/profile-a-l/imagej.profile b/etc/profile-a-l/imagej.profile index 12ce7976b..5d28e7aca 100644 --- a/etc/profile-a-l/imagej.profile +++ b/etc/profile-a-l/imagej.profile | |||
@@ -6,7 +6,7 @@ include imagej.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.imagej | 9 | nodeny ${HOME}/.imagej |
10 | 10 | ||
11 | # Allow java (blacklisted by disable-devel.inc) | 11 | # Allow java (blacklisted by disable-devel.inc) |
12 | include allow-java.inc | 12 | include allow-java.inc |
diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile index c26958d06..70d56a7dc 100644 --- a/etc/profile-a-l/img2txt.profile +++ b/etc/profile-a-l/img2txt.profile | |||
@@ -5,10 +5,10 @@ include img2txt.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | blacklist ${RUNUSER}/wayland-* | 8 | deny ${RUNUSER}/wayland-* |
9 | 9 | ||
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist /usr/share/imlib2 | 21 | allow /usr/share/imlib2 |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/impressive.profile b/etc/profile-a-l/impressive.profile index c152be01c..4914cd9d0 100644 --- a/etc/profile-a-l/impressive.profile +++ b/etc/profile-a-l/impressive.profile | |||
@@ -6,9 +6,9 @@ include impressive.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist /sbin | 10 | nodeny /sbin |
11 | noblacklist /usr/sbin | 11 | nodeny /usr/sbin |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | #include allow-python2.inc | 14 | #include allow-python2.inc |
@@ -23,8 +23,8 @@ include disable-programs.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.cache/mesa_shader_cache | 25 | mkdir ${HOME}/.cache/mesa_shader_cache |
26 | whitelist /usr/share/opengl-games-utils | 26 | allow /usr/share/opengl-games-utils |
27 | whitelist /usr/share/zenity | 27 | allow /usr/share/zenity |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
diff --git a/etc/profile-a-l/inkscape.profile b/etc/profile-a-l/inkscape.profile index 35dd86b32..1a949b300 100644 --- a/etc/profile-a-l/inkscape.profile +++ b/etc/profile-a-l/inkscape.profile | |||
@@ -6,14 +6,14 @@ include inkscape.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/inkscape | 9 | nodeny ${HOME}/.cache/inkscape |
10 | noblacklist ${HOME}/.config/inkscape | 10 | nodeny ${HOME}/.config/inkscape |
11 | noblacklist ${HOME}/.inkscape | 11 | nodeny ${HOME}/.inkscape |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | noblacklist ${PICTURES} | 13 | nodeny ${PICTURES} |
14 | # Allow exporting .xcf files | 14 | # Allow exporting .xcf files |
15 | noblacklist ${HOME}/.config/GIMP | 15 | nodeny ${HOME}/.config/GIMP |
16 | noblacklist ${HOME}/.gimp* | 16 | nodeny ${HOME}/.gimp* |
17 | 17 | ||
18 | 18 | ||
19 | # Allow python (blacklisted by disable-interpreters.inc) | 19 | # Allow python (blacklisted by disable-interpreters.inc) |
@@ -28,7 +28,7 @@ include disable-passwdmgr.inc | |||
28 | include disable-programs.inc | 28 | include disable-programs.inc |
29 | include disable-xdg.inc | 29 | include disable-xdg.inc |
30 | 30 | ||
31 | whitelist /usr/share/inkscape | 31 | allow /usr/share/inkscape |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-a-l/inox.profile b/etc/profile-a-l/inox.profile index a5cac12f2..1591ed7ea 100644 --- a/etc/profile-a-l/inox.profile +++ b/etc/profile-a-l/inox.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/inox | 13 | nodeny ${HOME}/.cache/inox |
14 | noblacklist ${HOME}/.config/inox | 14 | nodeny ${HOME}/.config/inox |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/inox | 16 | mkdir ${HOME}/.cache/inox |
17 | mkdir ${HOME}/.config/inox | 17 | mkdir ${HOME}/.config/inox |
18 | whitelist ${HOME}/.cache/inox | 18 | allow ${HOME}/.cache/inox |
19 | whitelist ${HOME}/.config/inox | 19 | allow ${HOME}/.config/inox |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/iridium.profile b/etc/profile-a-l/iridium.profile index 3037d00e9..f361fd663 100644 --- a/etc/profile-a-l/iridium.profile +++ b/etc/profile-a-l/iridium.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/iridium | 13 | nodeny ${HOME}/.cache/iridium |
14 | noblacklist ${HOME}/.config/iridium | 14 | nodeny ${HOME}/.config/iridium |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/iridium | 16 | mkdir ${HOME}/.cache/iridium |
17 | mkdir ${HOME}/.config/iridium | 17 | mkdir ${HOME}/.config/iridium |
18 | whitelist ${HOME}/.cache/iridium | 18 | allow ${HOME}/.cache/iridium |
19 | whitelist ${HOME}/.config/iridium | 19 | allow ${HOME}/.config/iridium |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-a-l/itch.profile b/etc/profile-a-l/itch.profile index e02dcbdb1..fa0bcf986 100644 --- a/etc/profile-a-l/itch.profile +++ b/etc/profile-a-l/itch.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | # itch.io has native firejail/sandboxing support bundled in | 8 | # itch.io has native firejail/sandboxing support bundled in |
9 | # See https://itch.io/docs/itch/using/sandbox/linux.html | 9 | # See https://itch.io/docs/itch/using/sandbox/linux.html |
10 | 10 | ||
11 | noblacklist ${HOME}/.itch | 11 | nodeny ${HOME}/.itch |
12 | noblacklist ${HOME}/.config/itch | 12 | nodeny ${HOME}/.config/itch |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-programs.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.itch | 20 | mkdir ${HOME}/.itch |
21 | mkdir ${HOME}/.config/itch | 21 | mkdir ${HOME}/.config/itch |
22 | whitelist ${HOME}/.itch | 22 | allow ${HOME}/.itch |
23 | whitelist ${HOME}/.config/itch | 23 | allow ${HOME}/.config/itch |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/profile-a-l/jami-gnome.profile b/etc/profile-a-l/jami-gnome.profile index 3e9abf369..e4be574df 100644 --- a/etc/profile-a-l/jami-gnome.profile +++ b/etc/profile-a-l/jami-gnome.profile | |||
@@ -6,8 +6,8 @@ include jami-gnome.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/jami | 9 | nodeny ${HOME}/.config/jami |
10 | noblacklist ${HOME}/.local/share/jami | 10 | nodeny ${HOME}/.local/share/jami |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.config/jami | 19 | mkdir ${HOME}/.config/jami |
20 | mkdir ${HOME}/.local/share/jami | 20 | mkdir ${HOME}/.local/share/jami |
21 | whitelist ${HOME}/.config/jami | 21 | allow ${HOME}/.config/jami |
22 | whitelist ${HOME}/.local/share/jami | 22 | allow ${HOME}/.local/share/jami |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-a-l/jd-gui.profile b/etc/profile-a-l/jd-gui.profile index 7d29f1068..bfea84c69 100644 --- a/etc/profile-a-l/jd-gui.profile +++ b/etc/profile-a-l/jd-gui.profile | |||
@@ -5,7 +5,7 @@ include jd-gui.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/jd-gui.cfg | 8 | nodeny ${HOME}/.config/jd-gui.cfg |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
diff --git a/etc/profile-a-l/jerry.profile b/etc/profile-a-l/jerry.profile index 85b1f2120..c41027618 100644 --- a/etc/profile-a-l/jerry.profile +++ b/etc/profile-a-l/jerry.profile | |||
@@ -6,7 +6,7 @@ include jerry.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/dkl | 9 | nodeny ${HOME}/.config/dkl |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/jitsi-meet-desktop.profile b/etc/profile-a-l/jitsi-meet-desktop.profile index edb7ed840..9ca30c36d 100644 --- a/etc/profile-a-l/jitsi-meet-desktop.profile +++ b/etc/profile-a-l/jitsi-meet-desktop.profile | |||
@@ -13,12 +13,12 @@ ignore shell none | |||
13 | 13 | ||
14 | ignore noexec /tmp | 14 | ignore noexec /tmp |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/Jitsi Meet | 16 | nodeny ${HOME}/.config/Jitsi Meet |
17 | 17 | ||
18 | nowhitelist ${DOWNLOADS} | 18 | noallow ${DOWNLOADS} |
19 | 19 | ||
20 | mkdir ${HOME}/.config/Jitsi Meet | 20 | mkdir ${HOME}/.config/Jitsi Meet |
21 | whitelist ${HOME}/.config/Jitsi Meet | 21 | allow ${HOME}/.config/Jitsi Meet |
22 | 22 | ||
23 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh | 23 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],jitsi-meet-desktop,sh |
24 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg | 24 | private-etc alsa,alternatives,asound.conf,bumblebee,ca-certificates,crypto-policies,drirc,fonts,glvnd,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,nvidia,pango,passwd,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg |
diff --git a/etc/profile-a-l/jitsi.profile b/etc/profile-a-l/jitsi.profile index 223c360b8..f53e6ca32 100644 --- a/etc/profile-a-l/jitsi.profile +++ b/etc/profile-a-l/jitsi.profile | |||
@@ -5,7 +5,7 @@ include jitsi.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.jitsi | 8 | nodeny ${HOME}/.jitsi |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
diff --git a/etc/profile-a-l/jumpnbump.profile b/etc/profile-a-l/jumpnbump.profile index 9954b8aea..c0a78ecc0 100644 --- a/etc/profile-a-l/jumpnbump.profile +++ b/etc/profile-a-l/jumpnbump.profile | |||
@@ -6,7 +6,7 @@ include jumpnbump.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.jumpnbump | 9 | nodeny ${HOME}/.jumpnbump |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.jumpnbump | 19 | mkdir ${HOME}/.jumpnbump |
20 | whitelist ${HOME}/.jumpnbump | 20 | allow ${HOME}/.jumpnbump |
21 | whitelist /usr/share/jumpnbump | 21 | allow /usr/share/jumpnbump |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile index 5ae90dff6..73ce8670f 100644 --- a/etc/profile-a-l/k3b.profile +++ b/etc/profile-a-l/k3b.profile | |||
@@ -6,11 +6,11 @@ include k3b.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/k3brc | 9 | nodeny ${HOME}/.config/k3brc |
10 | noblacklist ${HOME}/.kde/share/config/k3brc | 10 | nodeny ${HOME}/.kde/share/config/k3brc |
11 | noblacklist ${HOME}/.kde4/share/config/k3brc | 11 | nodeny ${HOME}/.kde4/share/config/k3brc |
12 | noblacklist ${HOME}/.local/share/kxmlgui5/k3b | 12 | nodeny ${HOME}/.local/share/kxmlgui5/k3b |
13 | noblacklist ${MUSIC} | 13 | nodeny ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kaffeine.profile b/etc/profile-a-l/kaffeine.profile index d55fd22cb..e6a00e350 100644 --- a/etc/profile-a-l/kaffeine.profile +++ b/etc/profile-a-l/kaffeine.profile | |||
@@ -6,14 +6,14 @@ include kaffeine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kaffeinerc | 9 | nodeny ${HOME}/.config/kaffeinerc |
10 | noblacklist ${HOME}/.kde/share/apps/kaffeine | 10 | nodeny ${HOME}/.kde/share/apps/kaffeine |
11 | noblacklist ${HOME}/.kde/share/config/kaffeinerc | 11 | nodeny ${HOME}/.kde/share/config/kaffeinerc |
12 | noblacklist ${HOME}/.kde4/share/apps/kaffeine | 12 | nodeny ${HOME}/.kde4/share/apps/kaffeine |
13 | noblacklist ${HOME}/.kde4/share/config/kaffeinerc | 13 | nodeny ${HOME}/.kde4/share/config/kaffeinerc |
14 | noblacklist ${HOME}/.local/share/kaffeine | 14 | nodeny ${HOME}/.local/share/kaffeine |
15 | noblacklist ${MUSIC} | 15 | nodeny ${MUSIC} |
16 | noblacklist ${VIDEOS} | 16 | nodeny ${VIDEOS} |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kalgebra.profile b/etc/profile-a-l/kalgebra.profile index 503dac4b6..98b04353e 100644 --- a/etc/profile-a-l/kalgebra.profile +++ b/etc/profile-a-l/kalgebra.profile | |||
@@ -6,8 +6,8 @@ include kalgebra.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kalgebrarc | 9 | nodeny ${HOME}/.config/kalgebrarc |
10 | noblacklist ${HOME}/.local/share/kalgebra | 10 | nodeny ${HOME}/.local/share/kalgebra |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist /usr/share/kalgebramobile | 20 | allow /usr/share/kalgebramobile |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-a-l/karbon.profile b/etc/profile-a-l/karbon.profile index 231299a2f..db5394550 100644 --- a/etc/profile-a-l/karbon.profile +++ b/etc/profile-a-l/karbon.profile | |||
@@ -6,7 +6,7 @@ include karbon.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/karbon | 9 | nodeny ${HOME}/.local/share/kxmlgui5/karbon |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include krita.profile | 12 | include krita.profile |
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile index 27b87e7c3..d2b180492 100644 --- a/etc/profile-a-l/kate.profile +++ b/etc/profile-a-l/kate.profile | |||
@@ -8,20 +8,20 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/katemetainfos | 11 | nodeny ${HOME}/.config/katemetainfos |
12 | noblacklist ${HOME}/.config/katepartrc | 12 | nodeny ${HOME}/.config/katepartrc |
13 | noblacklist ${HOME}/.config/katerc | 13 | nodeny ${HOME}/.config/katerc |
14 | noblacklist ${HOME}/.config/kateschemarc | 14 | nodeny ${HOME}/.config/kateschemarc |
15 | noblacklist ${HOME}/.config/katesyntaxhighlightingrc | 15 | nodeny ${HOME}/.config/katesyntaxhighlightingrc |
16 | noblacklist ${HOME}/.config/katevirc | 16 | nodeny ${HOME}/.config/katevirc |
17 | noblacklist ${HOME}/.local/share/kate | 17 | nodeny ${HOME}/.local/share/kate |
18 | noblacklist ${HOME}/.local/share/kxmlgui5/kate | 18 | nodeny ${HOME}/.local/share/kxmlgui5/kate |
19 | noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree | 19 | nodeny ${HOME}/.local/share/kxmlgui5/katefiletree |
20 | noblacklist ${HOME}/.local/share/kxmlgui5/katekonsole | 20 | nodeny ${HOME}/.local/share/kxmlgui5/katekonsole |
21 | noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin | 21 | nodeny ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin |
22 | noblacklist ${HOME}/.local/share/kxmlgui5/katepart | 22 | nodeny ${HOME}/.local/share/kxmlgui5/katepart |
23 | noblacklist ${HOME}/.local/share/kxmlgui5/kateproject | 23 | nodeny ${HOME}/.local/share/kxmlgui5/kateproject |
24 | noblacklist ${HOME}/.local/share/kxmlgui5/katesearch | 24 | nodeny ${HOME}/.local/share/kxmlgui5/katesearch |
25 | 25 | ||
26 | include disable-common.inc | 26 | include disable-common.inc |
27 | # include disable-devel.inc | 27 | # include disable-devel.inc |
diff --git a/etc/profile-a-l/kazam.profile b/etc/profile-a-l/kazam.profile index 9795cf168..a4e2e64f4 100644 --- a/etc/profile-a-l/kazam.profile +++ b/etc/profile-a-l/kazam.profile | |||
@@ -8,9 +8,9 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | noblacklist ${VIDEOS} | 12 | nodeny ${VIDEOS} |
13 | noblacklist ${HOME}/.config/kazam | 13 | nodeny ${HOME}/.config/kazam |
14 | 14 | ||
15 | # Allow python (blacklisted by disable-interpreters.inc) | 15 | # Allow python (blacklisted by disable-interpreters.inc) |
16 | include allow-python2.inc | 16 | include allow-python2.inc |
@@ -25,7 +25,7 @@ include disable-passwdmgr.inc | |||
25 | include disable-shell.inc | 25 | include disable-shell.inc |
26 | include disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | whitelist /usr/share/kazam | 28 | allow /usr/share/kazam |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile index e36ee5ed2..fcb168d4d 100644 --- a/etc/profile-a-l/kcalc.profile +++ b/etc/profile-a-l/kcalc.profile | |||
@@ -6,7 +6,7 @@ include kcalc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kxmlgui5/kcalc | 9 | nodeny ${HOME}/.local/share/kxmlgui5/kcalc |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -21,13 +21,13 @@ mkdir ${HOME}/.local/share/kxmlgui5/kcalc | |||
21 | mkfile ${HOME}/.config/kcalcrc | 21 | mkfile ${HOME}/.config/kcalcrc |
22 | mkfile ${HOME}/.kde/share/config/kcalcrc | 22 | mkfile ${HOME}/.kde/share/config/kcalcrc |
23 | mkfile ${HOME}/.kde4/share/config/kcalcrc | 23 | mkfile ${HOME}/.kde4/share/config/kcalcrc |
24 | whitelist ${HOME}/.config/kcalcrc | 24 | allow ${HOME}/.config/kcalcrc |
25 | whitelist ${HOME}/.kde/share/config/kcalcrc | 25 | allow ${HOME}/.kde/share/config/kcalcrc |
26 | whitelist ${HOME}/.kde4/share/config/kcalcrc | 26 | allow ${HOME}/.kde4/share/config/kcalcrc |
27 | whitelist ${HOME}/.local/share/kxmlgui5/kcalc | 27 | allow ${HOME}/.local/share/kxmlgui5/kcalc |
28 | whitelist /usr/share/config.kcfg/kcalc.kcfg | 28 | allow /usr/share/config.kcfg/kcalc.kcfg |
29 | whitelist /usr/share/kcalc | 29 | allow /usr/share/kcalc |
30 | whitelist /usr/share/kconf_update/kcalcrc.upd | 30 | allow /usr/share/kconf_update/kcalcrc.upd |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
33 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile index d2a08a269..4acafbf2a 100644 --- a/etc/profile-a-l/kdenlive.profile +++ b/etc/profile-a-l/kdenlive.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/kdenlive | 11 | nodeny ${HOME}/.cache/kdenlive |
12 | noblacklist ${HOME}/.config/kdenliverc | 12 | nodeny ${HOME}/.config/kdenliverc |
13 | noblacklist ${HOME}/.local/share/kdenlive | 13 | nodeny ${HOME}/.local/share/kdenlive |
14 | noblacklist ${HOME}/.local/share/kxmlgui5/kdenlive | 14 | nodeny ${HOME}/.local/share/kxmlgui5/kdenlive |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile index 7c1cb2294..0c37f7968 100644 --- a/etc/profile-a-l/kdiff3.profile +++ b/etc/profile-a-l/kdiff3.profile | |||
@@ -6,14 +6,14 @@ include kdiff3.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kdiff3fileitemactionrc | 9 | nodeny ${HOME}/.config/kdiff3fileitemactionrc |
10 | noblacklist ${HOME}/.config/kdiff3rc | 10 | nodeny ${HOME}/.config/kdiff3rc |
11 | 11 | ||
12 | # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc. | 12 | # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc. |
13 | # By default we deny access only to .ssh and .gnupg. | 13 | # By default we deny access only to .ssh and .gnupg. |
14 | #include disable-common.inc | 14 | #include disable-common.inc |
15 | blacklist ${HOME}/.ssh | 15 | deny ${HOME}/.ssh |
16 | blacklist ${HOME}/.gnupg | 16 | deny ${HOME}/.gnupg |
17 | 17 | ||
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | 19 | include disable-exec.inc |
diff --git a/etc/profile-a-l/keepass.profile b/etc/profile-a-l/keepass.profile index ae8971ab4..9c06962bc 100644 --- a/etc/profile-a-l/keepass.profile +++ b/etc/profile-a-l/keepass.profile | |||
@@ -6,14 +6,14 @@ include keepass.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/*.kdb | 9 | nodeny ${HOME}/*.kdb |
10 | noblacklist ${HOME}/*.kdbx | 10 | nodeny ${HOME}/*.kdbx |
11 | noblacklist ${HOME}/.config/KeePass | 11 | nodeny ${HOME}/.config/KeePass |
12 | noblacklist ${HOME}/.config/keepass | 12 | nodeny ${HOME}/.config/keepass |
13 | noblacklist ${HOME}/.keepass | 13 | nodeny ${HOME}/.keepass |
14 | noblacklist ${HOME}/.local/share/KeePass | 14 | nodeny ${HOME}/.local/share/KeePass |
15 | noblacklist ${HOME}/.local/share/keepass | 15 | nodeny ${HOME}/.local/share/keepass |
16 | noblacklist ${DOCUMENTS} | 16 | nodeny ${DOCUMENTS} |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
diff --git a/etc/profile-a-l/keepassx.profile b/etc/profile-a-l/keepassx.profile index ac364986d..2772fa8bf 100644 --- a/etc/profile-a-l/keepassx.profile +++ b/etc/profile-a-l/keepassx.profile | |||
@@ -6,11 +6,11 @@ include keepassx.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/*.kdb | 9 | nodeny ${HOME}/*.kdb |
10 | noblacklist ${HOME}/*.kdbx | 10 | nodeny ${HOME}/*.kdbx |
11 | noblacklist ${HOME}/.config/keepassx | 11 | nodeny ${HOME}/.config/keepassx |
12 | noblacklist ${HOME}/.keepassx | 12 | nodeny ${HOME}/.keepassx |
13 | noblacklist ${DOCUMENTS} | 13 | nodeny ${DOCUMENTS} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/keepassxc.profile b/etc/profile-a-l/keepassxc.profile index f71dcf82b..9c530b20d 100644 --- a/etc/profile-a-l/keepassxc.profile +++ b/etc/profile-a-l/keepassxc.profile | |||
@@ -6,23 +6,23 @@ include keepassxc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/*.kdb | 9 | nodeny ${HOME}/*.kdb |
10 | noblacklist ${HOME}/*.kdbx | 10 | nodeny ${HOME}/*.kdbx |
11 | noblacklist ${HOME}/.cache/keepassxc | 11 | nodeny ${HOME}/.cache/keepassxc |
12 | noblacklist ${HOME}/.config/keepassxc | 12 | nodeny ${HOME}/.config/keepassxc |
13 | noblacklist ${HOME}/.config/KeePassXCrc | 13 | nodeny ${HOME}/.config/KeePassXCrc |
14 | noblacklist ${HOME}/.keepassxc | 14 | nodeny ${HOME}/.keepassxc |
15 | noblacklist ${DOCUMENTS} | 15 | nodeny ${DOCUMENTS} |
16 | 16 | ||
17 | # Allow browser profiles, required for browser integration. | 17 | # Allow browser profiles, required for browser integration. |
18 | noblacklist ${HOME}/.config/BraveSoftware | 18 | nodeny ${HOME}/.config/BraveSoftware |
19 | noblacklist ${HOME}/.config/chromium | 19 | nodeny ${HOME}/.config/chromium |
20 | noblacklist ${HOME}/.config/google-chrome | 20 | nodeny ${HOME}/.config/google-chrome |
21 | noblacklist ${HOME}/.config/vivaldi | 21 | nodeny ${HOME}/.config/vivaldi |
22 | noblacklist ${HOME}/.local/share/torbrowser | 22 | nodeny ${HOME}/.local/share/torbrowser |
23 | noblacklist ${HOME}/.mozilla | 23 | nodeny ${HOME}/.mozilla |
24 | 24 | ||
25 | blacklist /usr/libexec | 25 | deny /usr/libexec |
26 | 26 | ||
27 | include disable-common.inc | 27 | include disable-common.inc |
28 | include disable-devel.inc | 28 | include disable-devel.inc |
@@ -57,7 +57,7 @@ include disable-xdg.inc | |||
57 | #whitelist ${HOME}/.config/KeePassXCrc | 57 | #whitelist ${HOME}/.config/KeePassXCrc |
58 | #include whitelist-common.inc | 58 | #include whitelist-common.inc |
59 | 59 | ||
60 | whitelist /usr/share/keepassxc | 60 | allow /usr/share/keepassxc |
61 | include whitelist-usr-share-common.inc | 61 | include whitelist-usr-share-common.inc |
62 | include whitelist-var-common.inc | 62 | include whitelist-var-common.inc |
63 | 63 | ||
diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile index 2c684504b..30c041cbc 100644 --- a/etc/profile-a-l/kget.profile +++ b/etc/profile-a-l/kget.profile | |||
@@ -6,13 +6,13 @@ include kget.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kgetrc | 9 | nodeny ${HOME}/.config/kgetrc |
10 | noblacklist ${HOME}/.kde/share/apps/kget | 10 | nodeny ${HOME}/.kde/share/apps/kget |
11 | noblacklist ${HOME}/.kde/share/config/kgetrc | 11 | nodeny ${HOME}/.kde/share/config/kgetrc |
12 | noblacklist ${HOME}/.kde4/share/apps/kget | 12 | nodeny ${HOME}/.kde4/share/apps/kget |
13 | noblacklist ${HOME}/.kde4/share/config/kgetrc | 13 | nodeny ${HOME}/.kde4/share/config/kgetrc |
14 | noblacklist ${HOME}/.local/share/kget | 14 | nodeny ${HOME}/.local/share/kget |
15 | noblacklist ${HOME}/.local/share/kxmlgui5/kget | 15 | nodeny ${HOME}/.local/share/kxmlgui5/kget |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kid3-qt.profile b/etc/profile-a-l/kid3-qt.profile index 9bcede077..84d135fc3 100644 --- a/etc/profile-a-l/kid3-qt.profile +++ b/etc/profile-a-l/kid3-qt.profile | |||
@@ -2,7 +2,7 @@ | |||
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | include kid3-qt.local | 3 | include kid3-qt.local |
4 | 4 | ||
5 | noblacklist ${HOME}/.config/Kid3 | 5 | nodeny ${HOME}/.config/Kid3 |
6 | 6 | ||
7 | # Redirect | 7 | # Redirect |
8 | include kid3.profile | 8 | include kid3.profile |
diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile index e18292e99..0ef2a7845 100644 --- a/etc/profile-a-l/kid3.profile +++ b/etc/profile-a-l/kid3.profile | |||
@@ -6,9 +6,9 @@ include kid3.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | noblacklist ${HOME}/.config/kid3rc | 10 | nodeny ${HOME}/.config/kid3rc |
11 | noblacklist ${HOME}/.local/share/kxmlgui5/kid3 | 11 | nodeny ${HOME}/.local/share/kxmlgui5/kid3 |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kino.profile b/etc/profile-a-l/kino.profile index 74014ffe6..833c1d22a 100644 --- a/etc/profile-a-l/kino.profile +++ b/etc/profile-a-l/kino.profile | |||
@@ -6,8 +6,8 @@ include kino.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.kino-history | 9 | nodeny ${HOME}/.kino-history |
10 | noblacklist ${HOME}/.kinorc | 10 | nodeny ${HOME}/.kinorc |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kiwix-desktop.profile b/etc/profile-a-l/kiwix-desktop.profile index 40ee0bbc7..b188ba0e3 100644 --- a/etc/profile-a-l/kiwix-desktop.profile +++ b/etc/profile-a-l/kiwix-desktop.profile | |||
@@ -6,8 +6,8 @@ include kiwix-desktop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/kiwix | 9 | nodeny ${HOME}/.local/share/kiwix |
10 | noblacklist ${HOME}/.local/share/kiwix-desktop | 10 | nodeny ${HOME}/.local/share/kiwix-desktop |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/kiwix | 20 | mkdir ${HOME}/.local/share/kiwix |
21 | mkdir ${HOME}/.local/share/kiwix-desktop | 21 | mkdir ${HOME}/.local/share/kiwix-desktop |
22 | whitelist ${HOME}/.local/share/kiwix | 22 | allow ${HOME}/.local/share/kiwix |
23 | whitelist ${HOME}/.local/share/kiwix-desktop | 23 | allow ${HOME}/.local/share/kiwix-desktop |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/klatexformula.profile b/etc/profile-a-l/klatexformula.profile index c6a9023f1..e087e4973 100644 --- a/etc/profile-a-l/klatexformula.profile +++ b/etc/profile-a-l/klatexformula.profile | |||
@@ -6,8 +6,8 @@ include klatexformula.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.kde/share/apps/klatexformula | 9 | nodeny ${HOME}/.kde/share/apps/klatexformula |
10 | noblacklist ${HOME}/.klatexformula | 10 | nodeny ${HOME}/.klatexformula |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/klavaro.profile b/etc/profile-a-l/klavaro.profile index f5cd3a48c..ec3912419 100644 --- a/etc/profile-a-l/klavaro.profile +++ b/etc/profile-a-l/klavaro.profile | |||
@@ -6,8 +6,8 @@ include klavaro.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/klavaro | 9 | nodeny ${HOME}/.config/klavaro |
10 | noblacklist ${HOME}/.local/share/klavaro | 10 | nodeny ${HOME}/.local/share/klavaro |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/klavaro | 20 | mkdir ${HOME}/.local/share/klavaro |
21 | mkdir ${HOME}/.config/klavaro | 21 | mkdir ${HOME}/.config/klavaro |
22 | whitelist ${HOME}/.local/share/klavaro | 22 | allow ${HOME}/.local/share/klavaro |
23 | whitelist ${HOME}/.config/klavaro | 23 | allow ${HOME}/.config/klavaro |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile index 95ae98e53..3c582c08c 100644 --- a/etc/profile-a-l/kmail.profile +++ b/etc/profile-a-l/kmail.profile | |||
@@ -9,27 +9,27 @@ include globals.local | |||
9 | # kmail has problems launching akonadi in debian and ubuntu. | 9 | # kmail has problems launching akonadi in debian and ubuntu. |
10 | # one solution is to have akonadi already running when kmail is started | 10 | # one solution is to have akonadi already running when kmail is started |
11 | 11 | ||
12 | noblacklist ${HOME}/.cache/akonadi* | 12 | nodeny ${HOME}/.cache/akonadi* |
13 | noblacklist ${HOME}/.cache/kmail2 | 13 | nodeny ${HOME}/.cache/kmail2 |
14 | noblacklist ${HOME}/.config/akonadi* | 14 | nodeny ${HOME}/.config/akonadi* |
15 | noblacklist ${HOME}/.config/baloorc | 15 | nodeny ${HOME}/.config/baloorc |
16 | noblacklist ${HOME}/.config/emaildefaults | 16 | nodeny ${HOME}/.config/emaildefaults |
17 | noblacklist ${HOME}/.config/emailidentities | 17 | nodeny ${HOME}/.config/emailidentities |
18 | noblacklist ${HOME}/.config/kmail2rc | 18 | nodeny ${HOME}/.config/kmail2rc |
19 | noblacklist ${HOME}/.config/kmailsearchindexingrc | 19 | nodeny ${HOME}/.config/kmailsearchindexingrc |
20 | noblacklist ${HOME}/.config/mailtransports | 20 | nodeny ${HOME}/.config/mailtransports |
21 | noblacklist ${HOME}/.config/specialmailcollectionsrc | 21 | nodeny ${HOME}/.config/specialmailcollectionsrc |
22 | noblacklist ${HOME}/.gnupg | 22 | nodeny ${HOME}/.gnupg |
23 | noblacklist ${HOME}/.local/share/akonadi* | 23 | nodeny ${HOME}/.local/share/akonadi* |
24 | noblacklist ${HOME}/.local/share/apps/korganizer | 24 | nodeny ${HOME}/.local/share/apps/korganizer |
25 | noblacklist ${HOME}/.local/share/contacts | 25 | nodeny ${HOME}/.local/share/contacts |
26 | noblacklist ${HOME}/.local/share/emailidentities | 26 | nodeny ${HOME}/.local/share/emailidentities |
27 | noblacklist ${HOME}/.local/share/kmail2 | 27 | nodeny ${HOME}/.local/share/kmail2 |
28 | noblacklist ${HOME}/.local/share/kxmlgui5/kmail | 28 | nodeny ${HOME}/.local/share/kxmlgui5/kmail |
29 | noblacklist ${HOME}/.local/share/kxmlgui5/kmail2 | 29 | nodeny ${HOME}/.local/share/kxmlgui5/kmail2 |
30 | noblacklist ${HOME}/.local/share/local-mail | 30 | nodeny ${HOME}/.local/share/local-mail |
31 | noblacklist ${HOME}/.local/share/notes | 31 | nodeny ${HOME}/.local/share/notes |
32 | noblacklist /tmp/akonadi-* | 32 | nodeny /tmp/akonadi-* |
33 | 33 | ||
34 | include disable-common.inc | 34 | include disable-common.inc |
35 | include disable-devel.inc | 35 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kmplayer.profile b/etc/profile-a-l/kmplayer.profile index e88b53499..d2ce14ab6 100644 --- a/etc/profile-a-l/kmplayer.profile +++ b/etc/profile-a-l/kmplayer.profile | |||
@@ -6,11 +6,11 @@ include kmplayer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/kmplayerrc | 9 | nodeny ${HOME}/.config/kmplayerrc |
10 | noblacklist ${HOME}/.kde/share/config/kmplayerrc | 10 | nodeny ${HOME}/.kde/share/config/kmplayerrc |
11 | noblacklist ${HOME}/.local/share/kmplayer | 11 | nodeny ${HOME}/.local/share/kmplayer |
12 | noblacklist ${MUSIC} | 12 | nodeny ${MUSIC} |
13 | noblacklist ${VIDEOS} | 13 | nodeny ${VIDEOS} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/knotes.profile b/etc/profile-a-l/knotes.profile index f155d0ad6..5a9ac34da 100644 --- a/etc/profile-a-l/knotes.profile +++ b/etc/profile-a-l/knotes.profile | |||
@@ -10,9 +10,9 @@ include knotes.local | |||
10 | # knotes has problems launching akonadi in debian and ubuntu. | 10 | # knotes has problems launching akonadi in debian and ubuntu. |
11 | # one solution is to have akonadi already running when knotes is started | 11 | # one solution is to have akonadi already running when knotes is started |
12 | 12 | ||
13 | noblacklist ${HOME}/.config/knotesrc | 13 | nodeny ${HOME}/.config/knotesrc |
14 | noblacklist ${HOME}/.local/share/knotes | 14 | nodeny ${HOME}/.local/share/knotes |
15 | noblacklist ${HOME}/.local/share/kxmlgui5/knotes | 15 | nodeny ${HOME}/.local/share/kxmlgui5/knotes |
16 | 16 | ||
17 | # Redirect | 17 | # Redirect |
18 | include kmail.profile | 18 | include kmail.profile |
diff --git a/etc/profile-a-l/kodi.profile b/etc/profile-a-l/kodi.profile index b7091f1fc..2725c87be 100644 --- a/etc/profile-a-l/kodi.profile +++ b/etc/profile-a-l/kodi.profile | |||
@@ -13,10 +13,10 @@ ignore noexec ${HOME} | |||
13 | #ignore noroot | 13 | #ignore noroot |
14 | #ignore private-dev | 14 | #ignore private-dev |
15 | 15 | ||
16 | noblacklist ${HOME}/.kodi | 16 | nodeny ${HOME}/.kodi |
17 | noblacklist ${MUSIC} | 17 | nodeny ${MUSIC} |
18 | noblacklist ${PICTURES} | 18 | nodeny ${PICTURES} |
19 | noblacklist ${VIDEOS} | 19 | nodeny ${VIDEOS} |
20 | 20 | ||
21 | # Allow python (blacklisted by disable-interpreters.inc) | 21 | # Allow python (blacklisted by disable-interpreters.inc) |
22 | include allow-python2.inc | 22 | include allow-python2.inc |
diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile index 5b5ed6e24..d8ce33838 100644 --- a/etc/profile-a-l/konversation.profile +++ b/etc/profile-a-l/konversation.profile | |||
@@ -6,11 +6,11 @@ include konversation.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/konversationrc | 9 | nodeny ${HOME}/.config/konversationrc |
10 | noblacklist ${HOME}/.config/konversation.notifyrc | 10 | nodeny ${HOME}/.config/konversation.notifyrc |
11 | noblacklist ${HOME}/.kde/share/config/konversationrc | 11 | nodeny ${HOME}/.kde/share/config/konversationrc |
12 | noblacklist ${HOME}/.kde4/share/config/konversationrc | 12 | nodeny ${HOME}/.kde4/share/config/konversationrc |
13 | noblacklist ${HOME}/.local/share/kxmlgui5/konversation | 13 | nodeny ${HOME}/.local/share/kxmlgui5/konversation |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile index 88f47d1bf..749591f32 100644 --- a/etc/profile-a-l/kopete.profile +++ b/etc/profile-a-l/kopete.profile | |||
@@ -6,11 +6,11 @@ include kopete.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.kde/share/apps/kopete | 9 | nodeny ${HOME}/.kde/share/apps/kopete |
10 | noblacklist ${HOME}/.kde/share/config/kopeterc | 10 | nodeny ${HOME}/.kde/share/config/kopeterc |
11 | noblacklist ${HOME}/.kde4/share/apps/kopete | 11 | nodeny ${HOME}/.kde4/share/apps/kopete |
12 | noblacklist ${HOME}/.kde4/share/config/kopeterc | 12 | nodeny ${HOME}/.kde4/share/config/kopeterc |
13 | noblacklist ${HOME}/.local/share/kxmlgui5/kopete | 13 | nodeny ${HOME}/.local/share/kxmlgui5/kopete |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | whitelist /var/lib/winpopup | 22 | allow /var/lib/winpopup |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-a-l/krita.profile b/etc/profile-a-l/krita.profile index 8604e63d0..950341def 100644 --- a/etc/profile-a-l/krita.profile +++ b/etc/profile-a-l/krita.profile | |||
@@ -9,10 +9,10 @@ include globals.local | |||
9 | # noexec ${HOME} may break krita, see issue #1953 | 9 | # noexec ${HOME} may break krita, see issue #1953 |
10 | ignore noexec ${HOME} | 10 | ignore noexec ${HOME} |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/kritarc | 12 | nodeny ${HOME}/.config/kritarc |
13 | noblacklist ${HOME}/.local/share/krita | 13 | nodeny ${HOME}/.local/share/krita |
14 | noblacklist ${DOCUMENTS} | 14 | nodeny ${DOCUMENTS} |
15 | noblacklist ${PICTURES} | 15 | nodeny ${PICTURES} |
16 | 16 | ||
17 | # Allow python (blacklisted by disable-interpreters.inc) | 17 | # Allow python (blacklisted by disable-interpreters.inc) |
18 | include allow-python2.inc | 18 | include allow-python2.inc |
diff --git a/etc/profile-a-l/krunner.profile b/etc/profile-a-l/krunner.profile index 9cb5eff87..7b325d273 100644 --- a/etc/profile-a-l/krunner.profile +++ b/etc/profile-a-l/krunner.profile | |||
@@ -13,9 +13,9 @@ include globals.local | |||
13 | # noblacklist ${HOME}/.cache/krunner | 13 | # noblacklist ${HOME}/.cache/krunner |
14 | # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* | 14 | # noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* |
15 | # noblacklist ${HOME}/.config/chromium | 15 | # noblacklist ${HOME}/.config/chromium |
16 | noblacklist ${HOME}/.config/krunnerrc | 16 | nodeny ${HOME}/.config/krunnerrc |
17 | noblacklist ${HOME}/.kde/share/config/krunnerrc | 17 | nodeny ${HOME}/.kde/share/config/krunnerrc |
18 | noblacklist ${HOME}/.kde4/share/config/krunnerrc | 18 | nodeny ${HOME}/.kde4/share/config/krunnerrc |
19 | # noblacklist ${HOME}/.local/share/baloo | 19 | # noblacklist ${HOME}/.local/share/baloo |
20 | # noblacklist ${HOME}/.mozilla | 20 | # noblacklist ${HOME}/.mozilla |
21 | 21 | ||
diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile index 5a85194e0..ac9fee585 100644 --- a/etc/profile-a-l/ktorrent.profile +++ b/etc/profile-a-l/ktorrent.profile | |||
@@ -6,13 +6,13 @@ include ktorrent.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ktorrentrc | 9 | nodeny ${HOME}/.config/ktorrentrc |
10 | noblacklist ${HOME}/.kde/share/apps/ktorrent | 10 | nodeny ${HOME}/.kde/share/apps/ktorrent |
11 | noblacklist ${HOME}/.kde/share/config/ktorrentrc | 11 | nodeny ${HOME}/.kde/share/config/ktorrentrc |
12 | noblacklist ${HOME}/.kde4/share/apps/ktorrent | 12 | nodeny ${HOME}/.kde4/share/apps/ktorrent |
13 | noblacklist ${HOME}/.kde4/share/config/ktorrentrc | 13 | nodeny ${HOME}/.kde4/share/config/ktorrentrc |
14 | noblacklist ${HOME}/.local/share/ktorrent | 14 | nodeny ${HOME}/.local/share/ktorrent |
15 | noblacklist ${HOME}/.local/share/kxmlgui5/ktorrent | 15 | nodeny ${HOME}/.local/share/kxmlgui5/ktorrent |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -29,14 +29,14 @@ mkdir ${HOME}/.local/share/kxmlgui5/ktorrent | |||
29 | mkfile ${HOME}/.config/ktorrentrc | 29 | mkfile ${HOME}/.config/ktorrentrc |
30 | mkfile ${HOME}/.kde/share/config/ktorrentrc | 30 | mkfile ${HOME}/.kde/share/config/ktorrentrc |
31 | mkfile ${HOME}/.kde4/share/config/ktorrentrc | 31 | mkfile ${HOME}/.kde4/share/config/ktorrentrc |
32 | whitelist ${DOWNLOADS} | 32 | allow ${DOWNLOADS} |
33 | whitelist ${HOME}/.config/ktorrentrc | 33 | allow ${HOME}/.config/ktorrentrc |
34 | whitelist ${HOME}/.kde/share/apps/ktorrent | 34 | allow ${HOME}/.kde/share/apps/ktorrent |
35 | whitelist ${HOME}/.kde/share/config/ktorrentrc | 35 | allow ${HOME}/.kde/share/config/ktorrentrc |
36 | whitelist ${HOME}/.kde4/share/apps/ktorrent | 36 | allow ${HOME}/.kde4/share/apps/ktorrent |
37 | whitelist ${HOME}/.kde4/share/config/ktorrentrc | 37 | allow ${HOME}/.kde4/share/config/ktorrentrc |
38 | whitelist ${HOME}/.local/share/ktorrent | 38 | allow ${HOME}/.local/share/ktorrent |
39 | whitelist ${HOME}/.local/share/kxmlgui5/ktorrent | 39 | allow ${HOME}/.local/share/kxmlgui5/ktorrent |
40 | include whitelist-common.inc | 40 | include whitelist-common.inc |
41 | include whitelist-var-common.inc | 41 | include whitelist-var-common.inc |
42 | 42 | ||
diff --git a/etc/profile-a-l/ktouch.profile b/etc/profile-a-l/ktouch.profile index 4cf72b74c..71f8e4977 100644 --- a/etc/profile-a-l/ktouch.profile +++ b/etc/profile-a-l/ktouch.profile | |||
@@ -6,8 +6,8 @@ include ktouch.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ktouch2rc | 9 | nodeny ${HOME}/.config/ktouch2rc |
10 | noblacklist ${HOME}/.local/share/ktouch | 10 | nodeny ${HOME}/.local/share/ktouch |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,8 +20,8 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkfile ${HOME}/.config/ktouch2rc | 21 | mkfile ${HOME}/.config/ktouch2rc |
22 | mkdir ${HOME}/.local/share/ktouch | 22 | mkdir ${HOME}/.local/share/ktouch |
23 | whitelist ${HOME}/.config/ktouch2rc | 23 | allow ${HOME}/.config/ktouch2rc |
24 | whitelist ${HOME}/.local/share/ktouch | 24 | allow ${HOME}/.local/share/ktouch |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-a-l/kube.profile b/etc/profile-a-l/kube.profile index 4e9a12e5f..74ffd1162 100644 --- a/etc/profile-a-l/kube.profile +++ b/etc/profile-a-l/kube.profile | |||
@@ -6,13 +6,13 @@ include kube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.gnupg | 9 | nodeny ${HOME}/.gnupg |
10 | noblacklist ${HOME}/.mozilla | 10 | nodeny ${HOME}/.mozilla |
11 | noblacklist ${HOME}/.cache/kube | 11 | nodeny ${HOME}/.cache/kube |
12 | noblacklist ${HOME}/.config/kube | 12 | nodeny ${HOME}/.config/kube |
13 | noblacklist ${HOME}/.config/sink | 13 | nodeny ${HOME}/.config/sink |
14 | noblacklist ${HOME}/.local/share/kube | 14 | nodeny ${HOME}/.local/share/kube |
15 | noblacklist ${HOME}/.local/share/sink | 15 | nodeny ${HOME}/.local/share/sink |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -29,17 +29,17 @@ mkdir ${HOME}/.config/kube | |||
29 | mkdir ${HOME}/.config/sink | 29 | mkdir ${HOME}/.config/sink |
30 | mkdir ${HOME}/.local/share/kube | 30 | mkdir ${HOME}/.local/share/kube |
31 | mkdir ${HOME}/.local/share/sink | 31 | mkdir ${HOME}/.local/share/sink |
32 | whitelist ${HOME}/.gnupg | 32 | allow ${HOME}/.gnupg |
33 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 33 | allow ${HOME}/.mozilla/firefox/profiles.ini |
34 | whitelist ${HOME}/.cache/kube | 34 | allow ${HOME}/.cache/kube |
35 | whitelist ${HOME}/.config/kube | 35 | allow ${HOME}/.config/kube |
36 | whitelist ${HOME}/.config/sink | 36 | allow ${HOME}/.config/sink |
37 | whitelist ${HOME}/.local/share/kube | 37 | allow ${HOME}/.local/share/kube |
38 | whitelist ${HOME}/.local/share/sink | 38 | allow ${HOME}/.local/share/sink |
39 | whitelist ${RUNUSER}/gnupg | 39 | allow ${RUNUSER}/gnupg |
40 | whitelist /usr/share/kube | 40 | allow /usr/share/kube |
41 | whitelist /usr/share/gnupg | 41 | allow /usr/share/gnupg |
42 | whitelist /usr/share/gnupg2 | 42 | allow /usr/share/gnupg2 |
43 | include whitelist-common.inc | 43 | include whitelist-common.inc |
44 | include whitelist-runuser-common.inc | 44 | include whitelist-runuser-common.inc |
45 | include whitelist-usr-share-common.inc | 45 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile index 15e7ceb17..580f93736 100644 --- a/etc/profile-a-l/kwin_x11.profile +++ b/etc/profile-a-l/kwin_x11.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | # fix automatical kwin_x11 sandboxing: | 8 | # fix automatical kwin_x11 sandboxing: |
9 | # echo KDEWM=kwin_x11 >> ~/.pam_environment | 9 | # echo KDEWM=kwin_x11 >> ~/.pam_environment |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/kwin | 11 | nodeny ${HOME}/.cache/kwin |
12 | noblacklist ${HOME}/.config/kwinrc | 12 | nodeny ${HOME}/.config/kwinrc |
13 | noblacklist ${HOME}/.config/kwinrulesrc | 13 | nodeny ${HOME}/.config/kwinrulesrc |
14 | noblacklist ${HOME}/.local/share/kwin | 14 | nodeny ${HOME}/.local/share/kwin |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile index 804ffafeb..08b0e0224 100644 --- a/etc/profile-a-l/kwrite.profile +++ b/etc/profile-a-l/kwrite.profile | |||
@@ -6,15 +6,15 @@ include kwrite.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/katepartrc | 9 | nodeny ${HOME}/.config/katepartrc |
10 | noblacklist ${HOME}/.config/katerc | 10 | nodeny ${HOME}/.config/katerc |
11 | noblacklist ${HOME}/.config/kateschemarc | 11 | nodeny ${HOME}/.config/kateschemarc |
12 | noblacklist ${HOME}/.config/katesyntaxhighlightingrc | 12 | nodeny ${HOME}/.config/katesyntaxhighlightingrc |
13 | noblacklist ${HOME}/.config/katevirc | 13 | nodeny ${HOME}/.config/katevirc |
14 | noblacklist ${HOME}/.config/kwriterc | 14 | nodeny ${HOME}/.config/kwriterc |
15 | noblacklist ${HOME}/.local/share/kwrite | 15 | nodeny ${HOME}/.local/share/kwrite |
16 | noblacklist ${HOME}/.local/share/kxmlgui5/kwrite | 16 | nodeny ${HOME}/.local/share/kxmlgui5/kwrite |
17 | noblacklist ${DOCUMENTS} | 17 | nodeny ${DOCUMENTS} |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/profile-a-l/latex-common.profile b/etc/profile-a-l/latex-common.profile index ac1b8785d..91693bfc1 100644 --- a/etc/profile-a-l/latex-common.profile +++ b/etc/profile-a-l/latex-common.profile | |||
@@ -13,7 +13,7 @@ include disable-interpreters.inc | |||
13 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | whitelist /var/lib | 16 | allow /var/lib |
17 | include whitelist-runuser-common.inc | 17 | include whitelist-runuser-common.inc |
18 | include whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
diff --git a/etc/profile-a-l/leafpad.profile b/etc/profile-a-l/leafpad.profile index 4bbb0a86d..e154708eb 100644 --- a/etc/profile-a-l/leafpad.profile +++ b/etc/profile-a-l/leafpad.profile | |||
@@ -6,7 +6,7 @@ include leafpad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/leafpad | 9 | nodeny ${HOME}/.config/leafpad |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile index 8eb5ad0c2..abee392de 100644 --- a/etc/profile-a-l/less.profile +++ b/etc/profile-a-l/less.profile | |||
@@ -7,9 +7,9 @@ include less.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | noblacklist ${HOME}/.lesshst | 12 | nodeny ${HOME}/.lesshst |
13 | 13 | ||
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
diff --git a/etc/profile-a-l/librecad.profile b/etc/profile-a-l/librecad.profile index c57eae73d..8ec41eee3 100644 --- a/etc/profile-a-l/librecad.profile +++ b/etc/profile-a-l/librecad.profile | |||
@@ -4,8 +4,8 @@ include librecad.local | |||
4 | # Persistent global definitions | 4 | # Persistent global definitions |
5 | include globals.local | 5 | include globals.local |
6 | 6 | ||
7 | noblacklist ${HOME}/.config/LibreCAD | 7 | nodeny ${HOME}/.config/LibreCAD |
8 | noblacklist ${HOME}/.local/share/LibreCAD | 8 | nodeny ${HOME}/.local/share/LibreCAD |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist /usr/share/librecad | 19 | allow /usr/share/librecad |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-a-l/libreoffice.profile b/etc/profile-a-l/libreoffice.profile index b1a24888c..ae01d39b8 100644 --- a/etc/profile-a-l/libreoffice.profile +++ b/etc/profile-a-l/libreoffice.profile | |||
@@ -6,15 +6,15 @@ include libreoffice.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /usr/local/sbin | 9 | nodeny /usr/local/sbin |
10 | noblacklist ${HOME}/.config/libreoffice | 10 | nodeny ${HOME}/.config/libreoffice |
11 | 11 | ||
12 | # libreoffice uses java for some functionality. | 12 | # libreoffice uses java for some functionality. |
13 | # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality. | 13 | # Add 'ignore include allow-java.inc' to your libreoffice.local if you don't need that functionality. |
14 | # Allow java (blacklisted by disable-devel.inc) | 14 | # Allow java (blacklisted by disable-devel.inc) |
15 | include allow-java.inc | 15 | include allow-java.inc |
16 | 16 | ||
17 | blacklist /usr/libexec | 17 | deny /usr/libexec |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/profile-a-l/librewolf.profile b/etc/profile-a-l/librewolf.profile index da047357a..5c614ab8e 100644 --- a/etc/profile-a-l/librewolf.profile +++ b/etc/profile-a-l/librewolf.profile | |||
@@ -6,13 +6,13 @@ include librewolf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/librewolf | 9 | nodeny ${HOME}/.cache/librewolf |
10 | noblacklist ${HOME}/.librewolf | 10 | nodeny ${HOME}/.librewolf |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/librewolf | 12 | mkdir ${HOME}/.cache/librewolf |
13 | mkdir ${HOME}/.librewolf | 13 | mkdir ${HOME}/.librewolf |
14 | whitelist ${HOME}/.cache/librewolf | 14 | allow ${HOME}/.cache/librewolf |
15 | whitelist ${HOME}/.librewolf | 15 | allow ${HOME}/.librewolf |
16 | 16 | ||
17 | # Add the next lines to your librewolf.local if you want to use the migration wizard. | 17 | # Add the next lines to your librewolf.local if you want to use the migration wizard. |
18 | #noblacklist ${HOME}/.mozilla | 18 | #noblacklist ${HOME}/.mozilla |
@@ -23,10 +23,10 @@ whitelist ${HOME}/.librewolf | |||
23 | #whitelist ${RUNUSER}/kpxc_server | 23 | #whitelist ${RUNUSER}/kpxc_server |
24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer | 24 | #whitelist ${RUNUSER}/org.keepassxc.KeePassXC.BrowserServer |
25 | 25 | ||
26 | whitelist /usr/share/doc | 26 | allow /usr/share/doc |
27 | whitelist /usr/share/gtk-doc/html | 27 | allow /usr/share/gtk-doc/html |
28 | whitelist /usr/share/mozilla | 28 | allow /usr/share/mozilla |
29 | whitelist /usr/share/webext | 29 | allow /usr/share/webext |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | 31 | ||
32 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). | 32 | # Add the next line to your librewolf.local to enable private-bin (Arch Linux). |
diff --git a/etc/profile-a-l/lifeograph.profile b/etc/profile-a-l/lifeograph.profile new file mode 100644 index 000000000..b9ed0de8e --- /dev/null +++ b/etc/profile-a-l/lifeograph.profile | |||
@@ -0,0 +1,58 @@ | |||
1 | # Firejail profile for lifeograph | ||
2 | # Description: Lifeograph is a diary program to take personal notes | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include lifeograph.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | nodeny ${DOCUMENTS} | ||
10 | |||
11 | deny /usr/libexec | ||
12 | |||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | include disable-shell.inc | ||
20 | include disable-xdg.inc | ||
21 | |||
22 | allow ${DOCUMENTS} | ||
23 | allow /usr/share/lifeograph | ||
24 | include whitelist-common.inc | ||
25 | include whitelist-runuser-common.inc | ||
26 | include whitelist-usr-share-common.inc | ||
27 | include whitelist-var-common.inc | ||
28 | |||
29 | apparmor | ||
30 | caps.drop all | ||
31 | machine-id | ||
32 | net none | ||
33 | no3d | ||
34 | nodvd | ||
35 | nogroups | ||
36 | noinput | ||
37 | nonewprivs | ||
38 | noroot | ||
39 | nosound | ||
40 | notv | ||
41 | nou2f | ||
42 | novideo | ||
43 | protocol unix | ||
44 | seccomp | ||
45 | seccomp.block-secondary | ||
46 | shell none | ||
47 | tracelog | ||
48 | |||
49 | disable-mnt | ||
50 | private-bin lifeograph | ||
51 | private-cache | ||
52 | private-dev | ||
53 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | ||
54 | private-tmp | ||
55 | |||
56 | dbus-user filter | ||
57 | dbus-user.talk ca.desrt.dconf | ||
58 | dbus-system none | ||
diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile index 7afca1d5f..595ecc257 100644 --- a/etc/profile-a-l/liferea.profile +++ b/etc/profile-a-l/liferea.profile | |||
@@ -6,9 +6,9 @@ include liferea.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/liferea | 9 | nodeny ${HOME}/.cache/liferea |
10 | noblacklist ${HOME}/.config/liferea | 10 | nodeny ${HOME}/.config/liferea |
11 | noblacklist ${HOME}/.local/share/liferea | 11 | nodeny ${HOME}/.local/share/liferea |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -24,10 +24,10 @@ include disable-programs.inc | |||
24 | mkdir ${HOME}/.cache/liferea | 24 | mkdir ${HOME}/.cache/liferea |
25 | mkdir ${HOME}/.config/liferea | 25 | mkdir ${HOME}/.config/liferea |
26 | mkdir ${HOME}/.local/share/liferea | 26 | mkdir ${HOME}/.local/share/liferea |
27 | whitelist ${HOME}/.cache/liferea | 27 | allow ${HOME}/.cache/liferea |
28 | whitelist ${HOME}/.config/liferea | 28 | allow ${HOME}/.config/liferea |
29 | whitelist ${HOME}/.local/share/liferea | 29 | allow ${HOME}/.local/share/liferea |
30 | whitelist /usr/share/liferea | 30 | allow /usr/share/liferea |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/lightsoff.profile b/etc/profile-a-l/lightsoff.profile index c065c44a9..58d5bcd6d 100644 --- a/etc/profile-a-l/lightsoff.profile +++ b/etc/profile-a-l/lightsoff.profile | |||
@@ -6,7 +6,7 @@ include lightsoff.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | whitelist /usr/share/lightsoff | 9 | allow /usr/share/lightsoff |
10 | 10 | ||
11 | private-bin lightsoff | 11 | private-bin lightsoff |
12 | 12 | ||
diff --git a/etc/profile-a-l/lincity-ng.profile b/etc/profile-a-l/lincity-ng.profile index 4254b7f33..e14c50d77 100644 --- a/etc/profile-a-l/lincity-ng.profile +++ b/etc/profile-a-l/lincity-ng.profile | |||
@@ -6,7 +6,7 @@ include lincity-ng.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.lincity-ng | 9 | nodeny ${HOME}/.lincity-ng |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.lincity-ng | 20 | mkdir ${HOME}/.lincity-ng |
21 | whitelist ${HOME}/.lincity-ng | 21 | allow ${HOME}/.lincity-ng |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-a-l/links-common.profile b/etc/profile-a-l/links-common.profile index cd885b1d4..51e3d5b94 100644 --- a/etc/profile-a-l/links-common.profile +++ b/etc/profile-a-l/links-common.profile | |||
@@ -4,8 +4,8 @@ include links-common.local | |||
4 | 4 | ||
5 | # common profile for links browsers | 5 | # common profile for links browsers |
6 | 6 | ||
7 | blacklist /tmp/.X11-unix | 7 | deny /tmp/.X11-unix |
8 | blacklist ${RUNUSER}/wayland-* | 8 | deny ${RUNUSER}/wayland-* |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist ${DOWNLOADS} | 20 | allow ${DOWNLOADS} |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/links.profile b/etc/profile-a-l/links.profile index 8ce39cc7f..ae57601ca 100644 --- a/etc/profile-a-l/links.profile +++ b/etc/profile-a-l/links.profile | |||
@@ -7,10 +7,10 @@ include links.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.links | 10 | nodeny ${HOME}/.links |
11 | 11 | ||
12 | mkdir ${HOME}/.links | 12 | mkdir ${HOME}/.links |
13 | whitelist ${HOME}/.links | 13 | allow ${HOME}/.links |
14 | 14 | ||
15 | private-bin links | 15 | private-bin links |
16 | 16 | ||
diff --git a/etc/profile-a-l/links2.profile b/etc/profile-a-l/links2.profile index 5f91dfcd2..eb349c73a 100644 --- a/etc/profile-a-l/links2.profile +++ b/etc/profile-a-l/links2.profile | |||
@@ -7,10 +7,10 @@ include links2.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.links2 | 10 | nodeny ${HOME}/.links2 |
11 | 11 | ||
12 | mkdir ${HOME}/.links2 | 12 | mkdir ${HOME}/.links2 |
13 | whitelist ${HOME}/.links2 | 13 | allow ${HOME}/.links2 |
14 | 14 | ||
15 | private-bin links2 | 15 | private-bin links2 |
16 | 16 | ||
diff --git a/etc/profile-a-l/linphone.profile b/etc/profile-a-l/linphone.profile index 7ebdbef4c..dd1dac05b 100644 --- a/etc/profile-a-l/linphone.profile +++ b/etc/profile-a-l/linphone.profile | |||
@@ -6,10 +6,10 @@ include linphone.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/linphone | 9 | nodeny ${HOME}/.config/linphone |
10 | noblacklist ${HOME}/.linphone-history.db | 10 | nodeny ${HOME}/.linphone-history.db |
11 | noblacklist ${HOME}/.linphonerc | 11 | nodeny ${HOME}/.linphonerc |
12 | noblacklist ${HOME}/.local/share/linphone | 12 | nodeny ${HOME}/.local/share/linphone |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -23,11 +23,11 @@ include disable-programs.inc | |||
23 | # ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile. | 23 | # ${HOME}/.linphone-history.db and ${HOME}/.linphonerc but no longer mkfile. |
24 | mkdir ${HOME}/.config/linphone | 24 | mkdir ${HOME}/.config/linphone |
25 | mkdir ${HOME}/.local/share/linphone | 25 | mkdir ${HOME}/.local/share/linphone |
26 | whitelist ${HOME}/.config/linphone | 26 | allow ${HOME}/.config/linphone |
27 | whitelist ${HOME}/.linphone-history.db | 27 | allow ${HOME}/.linphone-history.db |
28 | whitelist ${HOME}/.linphonerc | 28 | allow ${HOME}/.linphonerc |
29 | whitelist ${HOME}/.local/share/linphone | 29 | allow ${HOME}/.local/share/linphone |
30 | whitelist ${DOWNLOADS} | 30 | allow ${DOWNLOADS} |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | 32 | ||
33 | caps.drop all | 33 | caps.drop all |
diff --git a/etc/profile-a-l/lmms.profile b/etc/profile-a-l/lmms.profile index 48b0e14dc..b22110fdc 100644 --- a/etc/profile-a-l/lmms.profile +++ b/etc/profile-a-l/lmms.profile | |||
@@ -6,9 +6,9 @@ include lmms.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.lmmsrc.xml | 9 | nodeny ${HOME}/.lmmsrc.xml |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lollypop.profile b/etc/profile-a-l/lollypop.profile index f2676fec5..0a7ce86e8 100644 --- a/etc/profile-a-l/lollypop.profile +++ b/etc/profile-a-l/lollypop.profile | |||
@@ -6,8 +6,8 @@ include lollypop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/lollypop | 9 | nodeny ${HOME}/.local/share/lollypop |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-a-l/lugaru.profile b/etc/profile-a-l/lugaru.profile index 174c65a65..30802b3b7 100644 --- a/etc/profile-a-l/lugaru.profile +++ b/etc/profile-a-l/lugaru.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | # note: crashes after entering | 9 | # note: crashes after entering |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/lugaru | 11 | nodeny ${HOME}/.config/lugaru |
12 | noblacklist ${HOME}/.local/share/lugaru | 12 | nodeny ${HOME}/.local/share/lugaru |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | mkdir ${HOME}/.config/lugaru | 23 | mkdir ${HOME}/.config/lugaru |
24 | mkdir ${HOME}/.local/share/lugaru | 24 | mkdir ${HOME}/.local/share/lugaru |
25 | whitelist ${HOME}/.config/lugaru | 25 | allow ${HOME}/.config/lugaru |
26 | whitelist ${HOME}/.local/share/lugaru | 26 | allow ${HOME}/.local/share/lugaru |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
diff --git a/etc/profile-a-l/luminance-hdr.profile b/etc/profile-a-l/luminance-hdr.profile index 31067034e..73400dbd6 100644 --- a/etc/profile-a-l/luminance-hdr.profile +++ b/etc/profile-a-l/luminance-hdr.profile | |||
@@ -6,8 +6,8 @@ include luminance-hdr.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Luminance | 9 | nodeny ${HOME}/.config/Luminance |
10 | noblacklist ${PICTURES} | 10 | nodeny ${PICTURES} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lutris.profile b/etc/profile-a-l/lutris.profile index 80a3aba86..9d5169b80 100644 --- a/etc/profile-a-l/lutris.profile +++ b/etc/profile-a-l/lutris.profile | |||
@@ -6,18 +6,18 @@ include lutris.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PATH}/llvm* | 9 | nodeny ${PATH}/llvm* |
10 | noblacklist ${HOME}/Games | 10 | nodeny ${HOME}/Games |
11 | noblacklist ${HOME}/.cache/lutris | 11 | nodeny ${HOME}/.cache/lutris |
12 | noblacklist ${HOME}/.cache/winetricks | 12 | nodeny ${HOME}/.cache/winetricks |
13 | noblacklist ${HOME}/.config/lutris | 13 | nodeny ${HOME}/.config/lutris |
14 | noblacklist ${HOME}/.local/share/lutris | 14 | nodeny ${HOME}/.local/share/lutris |
15 | # noblacklist ${HOME}/.wine | 15 | # noblacklist ${HOME}/.wine |
16 | noblacklist /tmp/.wine-* | 16 | nodeny /tmp/.wine-* |
17 | # Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise | 17 | # Don't block access to /sbin and /usr/sbin to allow using ldconfig. Otherwise |
18 | # Lutris won't even start. | 18 | # Lutris won't even start. |
19 | noblacklist /sbin | 19 | nodeny /sbin |
20 | noblacklist /usr/sbin | 20 | nodeny /usr/sbin |
21 | 21 | ||
22 | ignore noexec ${HOME} | 22 | ignore noexec ${HOME} |
23 | 23 | ||
@@ -39,15 +39,15 @@ mkdir ${HOME}/.cache/winetricks | |||
39 | mkdir ${HOME}/.config/lutris | 39 | mkdir ${HOME}/.config/lutris |
40 | mkdir ${HOME}/.local/share/lutris | 40 | mkdir ${HOME}/.local/share/lutris |
41 | # mkdir ${HOME}/.wine | 41 | # mkdir ${HOME}/.wine |
42 | whitelist ${DOWNLOADS} | 42 | allow ${DOWNLOADS} |
43 | whitelist ${HOME}/Games | 43 | allow ${HOME}/Games |
44 | whitelist ${HOME}/.cache/lutris | 44 | allow ${HOME}/.cache/lutris |
45 | whitelist ${HOME}/.cache/winetricks | 45 | allow ${HOME}/.cache/winetricks |
46 | whitelist ${HOME}/.config/lutris | 46 | allow ${HOME}/.config/lutris |
47 | whitelist ${HOME}/.local/share/lutris | 47 | allow ${HOME}/.local/share/lutris |
48 | # whitelist ${HOME}/.wine | 48 | # whitelist ${HOME}/.wine |
49 | whitelist /usr/share/lutris | 49 | allow /usr/share/lutris |
50 | whitelist /usr/share/wine | 50 | allow /usr/share/wine |
51 | include whitelist-common.inc | 51 | include whitelist-common.inc |
52 | include whitelist-usr-share-common.inc | 52 | include whitelist-usr-share-common.inc |
53 | include whitelist-runuser-common.inc | 53 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/lximage-qt.profile b/etc/profile-a-l/lximage-qt.profile index b2a56012e..43147211b 100644 --- a/etc/profile-a-l/lximage-qt.profile +++ b/etc/profile-a-l/lximage-qt.profile | |||
@@ -6,7 +6,7 @@ include lximage-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/lximage-qt | 9 | nodeny ${HOME}/.config/lximage-qt |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lxmusic.profile b/etc/profile-a-l/lxmusic.profile index cc4b95551..c849f2ad2 100644 --- a/etc/profile-a-l/lxmusic.profile +++ b/etc/profile-a-l/lxmusic.profile | |||
@@ -6,9 +6,9 @@ include lxmusic.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/xmms2 | 9 | nodeny ${HOME}/.cache/xmms2 |
10 | noblacklist ${HOME}/.config/xmms2 | 10 | nodeny ${HOME}/.config/xmms2 |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lynx.profile b/etc/profile-a-l/lynx.profile index a919e924b..15c8f1faa 100644 --- a/etc/profile-a-l/lynx.profile +++ b/etc/profile-a-l/lynx.profile | |||
@@ -7,8 +7,8 @@ include lynx.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER}/wayland-* | 11 | deny ${RUNUSER}/wayland-* |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-a-l/lyx.profile b/etc/profile-a-l/lyx.profile index fa69463d1..358dbf2f2 100644 --- a/etc/profile-a-l/lyx.profile +++ b/etc/profile-a-l/lyx.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | ignore private-tmp | 9 | ignore private-tmp |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/LyX | 11 | nodeny ${HOME}/.config/LyX |
12 | noblacklist ${HOME}/.lyx | 12 | nodeny ${HOME}/.lyx |
13 | 13 | ||
14 | # Allow lua (blacklisted by disable-interpreters.inc) | 14 | # Allow lua (blacklisted by disable-interpreters.inc) |
15 | include allow-lua.inc | 15 | include allow-lua.inc |
@@ -21,11 +21,11 @@ include allow-perl.inc | |||
21 | include allow-python2.inc | 21 | include allow-python2.inc |
22 | include allow-python3.inc | 22 | include allow-python3.inc |
23 | 23 | ||
24 | whitelist /usr/share/lyx | 24 | allow /usr/share/lyx |
25 | whitelist /usr/share/texinfo | 25 | allow /usr/share/texinfo |
26 | whitelist /usr/share/texlive | 26 | allow /usr/share/texlive |
27 | whitelist /usr/share/texmf-dist | 27 | allow /usr/share/texmf-dist |
28 | whitelist /usr/share/tlpkg | 28 | allow /usr/share/tlpkg |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
30 | 30 | ||
31 | apparmor | 31 | apparmor |
diff --git a/etc/profile-a-l/sway.profile b/etc/profile-a-l/sway.profile index 4637419bf..3a4edcf69 100644 --- a/etc/profile-a-l/sway.profile +++ b/etc/profile-a-l/sway.profile | |||
@@ -7,9 +7,9 @@ include sway.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in sway will run in this profile | 9 | # all applications started in sway will run in this profile |
10 | noblacklist ${HOME}/.config/sway | 10 | nodeny ${HOME}/.config/sway |
11 | # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway | 11 | # sway uses ~/.config/i3 as fallback if there is no ~/.config/sway |
12 | noblacklist ${HOME}/.config/i3 | 12 | nodeny ${HOME}/.config/i3 |
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
diff --git a/etc/profile-m-z/Maelstrom.profile b/etc/profile-m-z/Maelstrom.profile index 62d0a8b3a..e6c43007d 100644 --- a/etc/profile-m-z/Maelstrom.profile +++ b/etc/profile-m-z/Maelstrom.profile | |||
@@ -6,7 +6,7 @@ include Maelstrom.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /var/lib/games/Maelstrom-Scores | 9 | nodeny /var/lib/games/Maelstrom-Scores |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist /var/lib/games | 20 | allow /var/lib/games |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/Mathematica.profile b/etc/profile-m-z/Mathematica.profile index c2734b1c1..bd929d21a 100644 --- a/etc/profile-m-z/Mathematica.profile +++ b/etc/profile-m-z/Mathematica.profile | |||
@@ -5,8 +5,8 @@ include Mathematica.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.Mathematica | 8 | nodeny ${HOME}/.Mathematica |
9 | noblacklist ${HOME}/.Wolfram Research | 9 | nodeny ${HOME}/.Wolfram Research |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-programs.inc | |||
17 | mkdir ${HOME}/.Mathematica | 17 | mkdir ${HOME}/.Mathematica |
18 | mkdir ${HOME}/.Wolfram Research | 18 | mkdir ${HOME}/.Wolfram Research |
19 | mkdir ${HOME}/Documents/Wolfram Mathematica | 19 | mkdir ${HOME}/Documents/Wolfram Mathematica |
20 | whitelist ${HOME}/.Mathematica | 20 | allow ${HOME}/.Mathematica |
21 | whitelist ${HOME}/.Wolfram Research | 21 | allow ${HOME}/.Wolfram Research |
22 | whitelist ${HOME}/Documents/Wolfram Mathematica | 22 | allow ${HOME}/Documents/Wolfram Mathematica |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-m-z/PCSX2.profile b/etc/profile-m-z/PCSX2.profile index e678b7204..f833b9446 100644 --- a/etc/profile-m-z/PCSX2.profile +++ b/etc/profile-m-z/PCSX2.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # Note: you must whitelist your games folder in your PCSX2.local. | 9 | # Note: you must whitelist your games folder in your PCSX2.local. |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/PCSX2 | 11 | nodeny ${HOME}/.config/PCSX2 |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,7 +21,7 @@ include disable-write-mnt.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.config/PCSX2 | 23 | mkdir ${HOME}/.config/PCSX2 |
24 | whitelist ${HOME}/.config/PCSX2 | 24 | allow ${HOME}/.config/PCSX2 |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/QMediathekView.profile b/etc/profile-m-z/QMediathekView.profile index 86120587b..d7b01fe06 100644 --- a/etc/profile-m-z/QMediathekView.profile +++ b/etc/profile-m-z/QMediathekView.profile | |||
@@ -6,18 +6,18 @@ include QMediathekView.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/QMediathekView | 9 | nodeny ${HOME}/.config/QMediathekView |
10 | noblacklist ${HOME}/.local/share/QMediathekView | 10 | nodeny ${HOME}/.local/share/QMediathekView |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/mpv | 12 | nodeny ${HOME}/.config/mpv |
13 | noblacklist ${HOME}/.config/smplayer | 13 | nodeny ${HOME}/.config/smplayer |
14 | noblacklist ${HOME}/.config/totem | 14 | nodeny ${HOME}/.config/totem |
15 | noblacklist ${HOME}/.config/vlc | 15 | nodeny ${HOME}/.config/vlc |
16 | noblacklist ${HOME}/.config/xplayer | 16 | nodeny ${HOME}/.config/xplayer |
17 | noblacklist ${HOME}/.local/share/totem | 17 | nodeny ${HOME}/.local/share/totem |
18 | noblacklist ${HOME}/.local/share/xplayer | 18 | nodeny ${HOME}/.local/share/xplayer |
19 | noblacklist ${HOME}/.mplayer | 19 | nodeny ${HOME}/.mplayer |
20 | noblacklist ${VIDEOS} | 20 | nodeny ${VIDEOS} |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
@@ -28,7 +28,7 @@ include disable-programs.inc | |||
28 | include disable-shell.inc | 28 | include disable-shell.inc |
29 | include disable-xdg.inc | 29 | include disable-xdg.inc |
30 | 30 | ||
31 | whitelist /usr/share/qtchooser | 31 | allow /usr/share/qtchooser |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-m-z/QOwnNotes.profile b/etc/profile-m-z/QOwnNotes.profile index 660378089..4ca42730a 100644 --- a/etc/profile-m-z/QOwnNotes.profile +++ b/etc/profile-m-z/QOwnNotes.profile | |||
@@ -6,10 +6,10 @@ include QOwnNotes.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${HOME}/Nextcloud/Notes | 10 | nodeny ${HOME}/Nextcloud/Notes |
11 | noblacklist ${HOME}/.config/PBE | 11 | nodeny ${HOME}/.config/PBE |
12 | noblacklist ${HOME}/.local/share/PBE | 12 | nodeny ${HOME}/.local/share/PBE |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -23,10 +23,10 @@ include disable-xdg.inc | |||
23 | mkdir ${HOME}/Nextcloud/Notes | 23 | mkdir ${HOME}/Nextcloud/Notes |
24 | mkdir ${HOME}/.config/PBE | 24 | mkdir ${HOME}/.config/PBE |
25 | mkdir ${HOME}/.local/share/PBE | 25 | mkdir ${HOME}/.local/share/PBE |
26 | whitelist ${DOCUMENTS} | 26 | allow ${DOCUMENTS} |
27 | whitelist ${HOME}/Nextcloud/Notes | 27 | allow ${HOME}/Nextcloud/Notes |
28 | whitelist ${HOME}/.config/PBE | 28 | allow ${HOME}/.config/PBE |
29 | whitelist ${HOME}/.local/share/PBE | 29 | allow ${HOME}/.local/share/PBE |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
diff --git a/etc/profile-m-z/Viber.profile b/etc/profile-m-z/Viber.profile index 3195e39fa..b98847d3a 100644 --- a/etc/profile-m-z/Viber.profile +++ b/etc/profile-m-z/Viber.profile | |||
@@ -5,8 +5,8 @@ include Viber.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.ViberPC | 8 | nodeny ${HOME}/.ViberPC |
9 | noblacklist ${PATH}/dig | 9 | nodeny ${PATH}/dig |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.ViberPC | 18 | mkdir ${HOME}/.ViberPC |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.ViberPC | 20 | allow ${HOME}/.ViberPC |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-m-z/XMind.profile b/etc/profile-m-z/XMind.profile index d78e04595..c9cf7adf7 100644 --- a/etc/profile-m-z/XMind.profile +++ b/etc/profile-m-z/XMind.profile | |||
@@ -5,7 +5,7 @@ include XMind.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.xmind | 8 | nodeny ${HOME}/.xmind |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -15,8 +15,8 @@ include disable-passwdmgr.inc | |||
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.xmind | 17 | mkdir ${HOME}/.xmind |
18 | whitelist ${HOME}/.xmind | 18 | allow ${HOME}/.xmind |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/profile-m-z/Xephyr.profile b/etc/profile-m-z/Xephyr.profile index 5cf5161ce..7ba1cdac9 100644 --- a/etc/profile-m-z/Xephyr.profile +++ b/etc/profile-m-z/Xephyr.profile | |||
@@ -15,7 +15,7 @@ include globals.local | |||
15 | # or run "sudo firecfg" | 15 | # or run "sudo firecfg" |
16 | # | 16 | # |
17 | 17 | ||
18 | whitelist /var/lib/xkb | 18 | allow /var/lib/xkb |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
diff --git a/etc/profile-m-z/Xvfb.profile b/etc/profile-m-z/Xvfb.profile index 1acd43023..a246ccb23 100644 --- a/etc/profile-m-z/Xvfb.profile +++ b/etc/profile-m-z/Xvfb.profile | |||
@@ -18,7 +18,7 @@ include globals.local | |||
18 | # some Linux distributions. Also, older versions of Xpra use Xvfb. | 18 | # some Linux distributions. Also, older versions of Xpra use Xvfb. |
19 | # | 19 | # |
20 | 20 | ||
21 | whitelist /var/lib/xkb | 21 | allow /var/lib/xkb |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-m-z/ZeGrapher.profile b/etc/profile-m-z/ZeGrapher.profile index 7686c3442..4f65ad7d1 100644 --- a/etc/profile-m-z/ZeGrapher.profile +++ b/etc/profile-m-z/ZeGrapher.profile | |||
@@ -6,7 +6,7 @@ include ZeGrapher.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ZeGrapher Project | 9 | nodeny ${HOME}/.config/ZeGrapher Project |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | whitelist /usr/share/ZeGrapher | 19 | allow /usr/share/ZeGrapher |
20 | include whitelist-runuser-common.inc | 20 | include whitelist-runuser-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/io.github.lainsce.Notejot.profile b/etc/profile-m-z/io.github.lainsce.Notejot.profile new file mode 100644 index 000000000..a8029db72 --- /dev/null +++ b/etc/profile-m-z/io.github.lainsce.Notejot.profile | |||
@@ -0,0 +1,61 @@ | |||
1 | # Firejail profile for notejot | ||
2 | # Description: Jot your ideas | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include io.github.lainsce.Notejot.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | nodeny ${HOME}/.cache/io.github.lainsce.Notejot | ||
10 | nodeny ${HOME}/.local/share/io.github.lainsce.Notejot | ||
11 | |||
12 | include disable-common.inc | ||
13 | include disable-devel.inc | ||
14 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | ||
18 | include disable-shell.inc | ||
19 | include disable-xdg.inc | ||
20 | |||
21 | mkdir ${HOME}/.cache/io.github.lainsce.Notejot | ||
22 | mkdir ${HOME}/.local/share/io.github.lainsce.Notejot | ||
23 | allow ${HOME}/.cache/io.github.lainsce.Notejot | ||
24 | allow ${HOME}/.local/share/io.github.lainsce.Notejot | ||
25 | allow /usr/libexec/webkit2gtk-4.0 | ||
26 | include whitelist-common.inc | ||
27 | include whitelist-runuser-common.inc | ||
28 | include whitelist-usr-share-common.inc | ||
29 | include whitelist-var-common.inc | ||
30 | |||
31 | apparmor | ||
32 | caps.drop all | ||
33 | machine-id | ||
34 | net none | ||
35 | no3d | ||
36 | nodvd | ||
37 | nogroups | ||
38 | noinput | ||
39 | nonewprivs | ||
40 | noroot | ||
41 | nosound | ||
42 | notv | ||
43 | nou2f | ||
44 | novideo | ||
45 | protocol unix | ||
46 | seccomp | ||
47 | seccomp.block-secondary | ||
48 | shell none | ||
49 | tracelog | ||
50 | |||
51 | disable-mnt | ||
52 | private-bin io.github.lainsce.Notejot | ||
53 | private-cache | ||
54 | private-dev | ||
55 | private-etc alternatives,dconf,fonts,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | ||
56 | private-tmp | ||
57 | |||
58 | dbus-user filter | ||
59 | dbus-user.own io.github.lainsce.Notejot | ||
60 | dbus-user.talk ca.desrt.dconf | ||
61 | dbus-system none | ||
diff --git a/etc/profile-m-z/macrofusion.profile b/etc/profile-m-z/macrofusion.profile index d1dcb6fe0..763d475bb 100644 --- a/etc/profile-m-z/macrofusion.profile +++ b/etc/profile-m-z/macrofusion.profile | |||
@@ -5,8 +5,8 @@ include macrofusion.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/mfusion | 8 | nodeny ${HOME}/.config/mfusion |
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
diff --git a/etc/profile-m-z/magicor.profile b/etc/profile-m-z/magicor.profile index 8a27b2626..d561a5095 100644 --- a/etc/profile-m-z/magicor.profile +++ b/etc/profile-m-z/magicor.profile | |||
@@ -6,7 +6,7 @@ include magicor.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.magicor | 9 | nodeny ${HOME}/.magicor |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -21,8 +21,8 @@ include disable-shell.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.magicor | 23 | mkdir ${HOME}/.magicor |
24 | whitelist ${HOME}/.magicor | 24 | allow ${HOME}/.magicor |
25 | whitelist /usr/share/magicor | 25 | allow /usr/share/magicor |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile index 513fcae55..a7c486c9f 100644 --- a/etc/profile-m-z/makepkg.profile +++ b/etc/profile-m-z/makepkg.profile | |||
@@ -6,8 +6,8 @@ include makepkg.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | deny /tmp/.X11-unix |
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 | 12 | # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 |
13 | # for potential issues and their solutions when Firejailing makepkg | 13 | # for potential issues and their solutions when Firejailing makepkg |
@@ -17,18 +17,18 @@ blacklist ${RUNUSER}/wayland-* | |||
17 | # whitelist ${HOME}/.gnupg | 17 | # whitelist ${HOME}/.gnupg |
18 | 18 | ||
19 | # Enable severely restricted access to ${HOME}/.gnupg | 19 | # Enable severely restricted access to ${HOME}/.gnupg |
20 | noblacklist ${HOME}/.gnupg | 20 | nodeny ${HOME}/.gnupg |
21 | read-only ${HOME}/.gnupg/gpg.conf | 21 | read-only ${HOME}/.gnupg/gpg.conf |
22 | read-only ${HOME}/.gnupg/trustdb.gpg | 22 | read-only ${HOME}/.gnupg/trustdb.gpg |
23 | read-only ${HOME}/.gnupg/pubring.kbx | 23 | read-only ${HOME}/.gnupg/pubring.kbx |
24 | blacklist ${HOME}/.gnupg/random_seed | 24 | deny ${HOME}/.gnupg/random_seed |
25 | blacklist ${HOME}/.gnupg/pubring.kbx~ | 25 | deny ${HOME}/.gnupg/pubring.kbx~ |
26 | blacklist ${HOME}/.gnupg/private-keys-v1.d | 26 | deny ${HOME}/.gnupg/private-keys-v1.d |
27 | blacklist ${HOME}/.gnupg/crls.d | 27 | deny ${HOME}/.gnupg/crls.d |
28 | blacklist ${HOME}/.gnupg/openpgp-revocs.d | 28 | deny ${HOME}/.gnupg/openpgp-revocs.d |
29 | 29 | ||
30 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. | 30 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. |
31 | noblacklist /var/lib/pacman | 31 | nodeny /var/lib/pacman |
32 | 32 | ||
33 | include disable-common.inc | 33 | include disable-common.inc |
34 | include disable-exec.inc | 34 | include disable-exec.inc |
diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile index bd510fcac..383eeeeb7 100644 --- a/etc/profile-m-z/man.profile +++ b/etc/profile-m-z/man.profile | |||
@@ -7,10 +7,10 @@ include man.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | noblacklist ${HOME}/.local/share/man | 12 | nodeny ${HOME}/.local/share/man |
13 | noblacklist ${HOME}/.rustup | 13 | nodeny ${HOME}/.rustup |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -23,12 +23,12 @@ include disable-xdg.inc | |||
23 | #mkdir ${HOME}/.local/share/man | 23 | #mkdir ${HOME}/.local/share/man |
24 | #whitelist ${HOME}/.local/share/man | 24 | #whitelist ${HOME}/.local/share/man |
25 | #whitelist ${HOME}/.manpath | 25 | #whitelist ${HOME}/.manpath |
26 | whitelist /usr/share/groff | 26 | allow /usr/share/groff |
27 | whitelist /usr/share/info | 27 | allow /usr/share/info |
28 | whitelist /usr/share/lintian | 28 | allow /usr/share/lintian |
29 | whitelist /usr/share/locale | 29 | allow /usr/share/locale |
30 | whitelist /usr/share/man | 30 | allow /usr/share/man |
31 | whitelist /var/cache/man | 31 | allow /var/cache/man |
32 | #include whitelist-common.inc | 32 | #include whitelist-common.inc |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/manaplus.profile b/etc/profile-m-z/manaplus.profile index f59a56ac6..67ee783a6 100644 --- a/etc/profile-m-z/manaplus.profile +++ b/etc/profile-m-z/manaplus.profile | |||
@@ -6,8 +6,8 @@ include manaplus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mana | 9 | nodeny ${HOME}/.config/mana |
10 | noblacklist ${HOME}/.local/share/mana | 10 | nodeny ${HOME}/.local/share/mana |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -21,8 +21,8 @@ include disable-xdg.inc | |||
21 | mkdir ${HOME}/.config/mana | 21 | mkdir ${HOME}/.config/mana |
22 | mkdir ${HOME}/.config/mana/mana | 22 | mkdir ${HOME}/.config/mana/mana |
23 | mkdir ${HOME}/.local/share/mana | 23 | mkdir ${HOME}/.local/share/mana |
24 | whitelist ${HOME}/.config/mana | 24 | allow ${HOME}/.config/mana |
25 | whitelist ${HOME}/.local/share/mana | 25 | allow ${HOME}/.local/share/mana |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile index bd56a8221..7645ad335 100644 --- a/etc/profile-m-z/marker.profile +++ b/etc/profile-m-z/marker.profile | |||
@@ -11,8 +11,8 @@ include globals.local | |||
11 | #protocol unix,inet,inet6 | 11 | #protocol unix,inet,inet6 |
12 | #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf | 12 | #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf |
13 | 13 | ||
14 | noblacklist ${HOME}/.cache/marker | 14 | nodeny ${HOME}/.cache/marker |
15 | noblacklist ${DOCUMENTS} | 15 | nodeny ${DOCUMENTS} |
16 | 16 | ||
17 | include allow-python3.inc | 17 | include allow-python3.inc |
18 | 18 | ||
@@ -25,8 +25,8 @@ include disable-programs.inc | |||
25 | include disable-shell.inc | 25 | include disable-shell.inc |
26 | include disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | whitelist /usr/libexec/webkit2gtk-4.0 | 28 | allow /usr/libexec/webkit2gtk-4.0 |
29 | whitelist /usr/share/com.github.fabiocolacio.marker | 29 | allow /usr/share/com.github.fabiocolacio.marker |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
32 | include whitelist-var-common.inc | 32 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/masterpdfeditor.profile b/etc/profile-m-z/masterpdfeditor.profile index de1135071..d8b215b7f 100644 --- a/etc/profile-m-z/masterpdfeditor.profile +++ b/etc/profile-m-z/masterpdfeditor.profile | |||
@@ -6,8 +6,8 @@ include masterpdfeditor.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Code Industry | 9 | nodeny ${HOME}/.config/Code Industry |
10 | noblacklist ${HOME}/.masterpdfeditor | 10 | nodeny ${HOME}/.masterpdfeditor |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mate-calc.profile b/etc/profile-m-z/mate-calc.profile index 39ee7439d..92832783e 100644 --- a/etc/profile-m-z/mate-calc.profile +++ b/etc/profile-m-z/mate-calc.profile | |||
@@ -6,7 +6,7 @@ include mate-calc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mate-calc | 9 | nodeny ${HOME}/.config/mate-calc |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-programs.inc | |||
18 | mkdir ${HOME}/.cache/mate-calc | 18 | mkdir ${HOME}/.cache/mate-calc |
19 | mkdir ${HOME}/.config/caja | 19 | mkdir ${HOME}/.config/caja |
20 | mkdir ${HOME}/.config/mate-menu | 20 | mkdir ${HOME}/.config/mate-menu |
21 | whitelist ${HOME}/.cache/mate-calc | 21 | allow ${HOME}/.cache/mate-calc |
22 | whitelist ${HOME}/.config/caja | 22 | allow ${HOME}/.config/caja |
23 | whitelist ${HOME}/.config/mate-menu | 23 | allow ${HOME}/.config/mate-menu |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/mate-dictionary.profile b/etc/profile-m-z/mate-dictionary.profile index ae1fcbf62..90c9d0993 100644 --- a/etc/profile-m-z/mate-dictionary.profile +++ b/etc/profile-m-z/mate-dictionary.profile | |||
@@ -5,7 +5,7 @@ include mate-dictionary.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/mate/mate-dictionary | 8 | nodeny ${HOME}/.config/mate/mate-dictionary |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.config/mate/mate-dictionary | 18 | mkdir ${HOME}/.config/mate/mate-dictionary |
19 | whitelist ${HOME}/.config/mate/mate-dictionary | 19 | allow ${HOME}/.config/mate/mate-dictionary |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | 21 | ||
22 | apparmor | 22 | apparmor |
diff --git a/etc/profile-m-z/matrix-mirage.profile b/etc/profile-m-z/matrix-mirage.profile index b3080df88..8ee470a50 100644 --- a/etc/profile-m-z/matrix-mirage.profile +++ b/etc/profile-m-z/matrix-mirage.profile | |||
@@ -7,16 +7,16 @@ include matrix-mirage.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/matrix-mirage | 10 | nodeny ${HOME}/.cache/matrix-mirage |
11 | noblacklist ${HOME}/.config/matrix-mirage | 11 | nodeny ${HOME}/.config/matrix-mirage |
12 | noblacklist ${HOME}/.local/share/matrix-mirage | 12 | nodeny ${HOME}/.local/share/matrix-mirage |
13 | 13 | ||
14 | mkdir ${HOME}/.cache/matrix-mirage | 14 | mkdir ${HOME}/.cache/matrix-mirage |
15 | mkdir ${HOME}/.config/matrix-mirage | 15 | mkdir ${HOME}/.config/matrix-mirage |
16 | mkdir ${HOME}/.local/share/matrix-mirage | 16 | mkdir ${HOME}/.local/share/matrix-mirage |
17 | whitelist ${HOME}/.cache/matrix-mirage | 17 | allow ${HOME}/.cache/matrix-mirage |
18 | whitelist ${HOME}/.config/matrix-mirage | 18 | allow ${HOME}/.config/matrix-mirage |
19 | whitelist ${HOME}/.local/share/matrix-mirage | 19 | allow ${HOME}/.local/share/matrix-mirage |
20 | 20 | ||
21 | private-bin matrix-mirage | 21 | private-bin matrix-mirage |
22 | 22 | ||
diff --git a/etc/profile-m-z/mattermost-desktop.profile b/etc/profile-m-z/mattermost-desktop.profile index 3c2bf4fa3..01076a90a 100644 --- a/etc/profile-m-z/mattermost-desktop.profile +++ b/etc/profile-m-z/mattermost-desktop.profile | |||
@@ -10,12 +10,12 @@ ignore apparmor | |||
10 | ignore dbus-user none | 10 | ignore dbus-user none |
11 | ignore dbus-system none | 11 | ignore dbus-system none |
12 | 12 | ||
13 | noblacklist ${HOME}/.config/Mattermost | 13 | nodeny ${HOME}/.config/Mattermost |
14 | 14 | ||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.config/Mattermost | 17 | mkdir ${HOME}/.config/Mattermost |
18 | whitelist ${HOME}/.config/Mattermost | 18 | allow ${HOME}/.config/Mattermost |
19 | 19 | ||
20 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 20 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl |
21 | 21 | ||
diff --git a/etc/profile-m-z/mcabber.profile b/etc/profile-m-z/mcabber.profile index 38d2d8d63..ae749114a 100644 --- a/etc/profile-m-z/mcabber.profile +++ b/etc/profile-m-z/mcabber.profile | |||
@@ -6,8 +6,8 @@ include mcabber.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.mcabber | 9 | nodeny ${HOME}/.mcabber |
10 | noblacklist ${HOME}/.mcabberrc | 10 | nodeny ${HOME}/.mcabberrc |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mcomix.profile b/etc/profile-m-z/mcomix.profile index fcd1e24e5..d9e12fb5d 100644 --- a/etc/profile-m-z/mcomix.profile +++ b/etc/profile-m-z/mcomix.profile | |||
@@ -6,9 +6,9 @@ include mcomix.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mcomix | 9 | nodeny ${HOME}/.config/mcomix |
10 | noblacklist ${HOME}/.local/share/mcomix | 10 | nodeny ${HOME}/.local/share/mcomix |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 13 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
14 | include allow-bin-sh.inc | 14 | include allow-bin-sh.inc |
@@ -30,7 +30,7 @@ include disable-xdg.inc | |||
30 | 30 | ||
31 | mkdir ${HOME}/.config/mcomix | 31 | mkdir ${HOME}/.config/mcomix |
32 | mkdir ${HOME}/.local/share/mcomix | 32 | mkdir ${HOME}/.local/share/mcomix |
33 | whitelist /usr/share/mcomix | 33 | allow /usr/share/mcomix |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
36 | include whitelist-runuser-common.inc | 36 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/mdr.profile b/etc/profile-m-z/mdr.profile index 5d3f8dc41..9e8656290 100644 --- a/etc/profile-m-z/mdr.profile +++ b/etc/profile-m-z/mdr.profile | |||
@@ -5,7 +5,7 @@ include mdr.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | blacklist ${RUNUSER}/wayland-* | 8 | deny ${RUNUSER}/wayland-* |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-m-z/mediainfo.profile b/etc/profile-m-z/mediainfo.profile index 17363624f..ae34ea321 100644 --- a/etc/profile-m-z/mediainfo.profile +++ b/etc/profile-m-z/mediainfo.profile | |||
@@ -6,7 +6,7 @@ include mediainfo.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mediathekview.profile b/etc/profile-m-z/mediathekview.profile index 0063badd8..3459ad4cf 100644 --- a/etc/profile-m-z/mediathekview.profile +++ b/etc/profile-m-z/mediathekview.profile | |||
@@ -6,16 +6,16 @@ include mediathekview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mpv | 9 | nodeny ${HOME}/.config/mpv |
10 | noblacklist ${HOME}/.config/smplayer | 10 | nodeny ${HOME}/.config/smplayer |
11 | noblacklist ${HOME}/.config/totem | 11 | nodeny ${HOME}/.config/totem |
12 | noblacklist ${HOME}/.config/vlc | 12 | nodeny ${HOME}/.config/vlc |
13 | noblacklist ${HOME}/.config/xplayer | 13 | nodeny ${HOME}/.config/xplayer |
14 | noblacklist ${HOME}/.local/share/totem | 14 | nodeny ${HOME}/.local/share/totem |
15 | noblacklist ${HOME}/.local/share/xplayer | 15 | nodeny ${HOME}/.local/share/xplayer |
16 | noblacklist ${HOME}/.mediathek3 | 16 | nodeny ${HOME}/.mediathek3 |
17 | noblacklist ${HOME}/.mplayer | 17 | nodeny ${HOME}/.mplayer |
18 | noblacklist ${VIDEOS} | 18 | nodeny ${VIDEOS} |
19 | 19 | ||
20 | # Allow java (blacklisted by disable-devel.inc) | 20 | # Allow java (blacklisted by disable-devel.inc) |
21 | include allow-java.inc | 21 | include allow-java.inc |
diff --git a/etc/profile-m-z/megaglest.profile b/etc/profile-m-z/megaglest.profile index f07b9166a..ad9094ddf 100644 --- a/etc/profile-m-z/megaglest.profile +++ b/etc/profile-m-z/megaglest.profile | |||
@@ -6,7 +6,7 @@ include megaglest.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.megaglest | 9 | nodeny ${HOME}/.megaglest |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.megaglest | 20 | mkdir ${HOME}/.megaglest |
21 | whitelist ${HOME}/.megaglest | 21 | allow ${HOME}/.megaglest |
22 | whitelist /usr/share/megaglest | 22 | allow /usr/share/megaglest |
23 | whitelist /usr/share/games/megaglest # Debian version | 23 | allow /usr/share/games/megaglest # Debian version |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/meld.profile b/etc/profile-m-z/meld.profile index 2a8bb3acf..06ee572c9 100644 --- a/etc/profile-m-z/meld.profile +++ b/etc/profile-m-z/meld.profile | |||
@@ -13,12 +13,12 @@ include globals.local | |||
13 | # Calling it by its absolute path (example for git mergetool): | 13 | # Calling it by its absolute path (example for git mergetool): |
14 | # $ git config --global mergetool.meld.cmd /usr/bin/meld | 14 | # $ git config --global mergetool.meld.cmd /usr/bin/meld |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/meld | 16 | nodeny ${HOME}/.config/meld |
17 | noblacklist ${HOME}/.config/git | 17 | nodeny ${HOME}/.config/git |
18 | noblacklist ${HOME}/.gitconfig | 18 | nodeny ${HOME}/.gitconfig |
19 | noblacklist ${HOME}/.git-credentials | 19 | nodeny ${HOME}/.git-credentials |
20 | noblacklist ${HOME}/.local/share/meld | 20 | nodeny ${HOME}/.local/share/meld |
21 | noblacklist ${HOME}/.subversion | 21 | nodeny ${HOME}/.subversion |
22 | 22 | ||
23 | # Allow python (blacklisted by disable-interpreters.inc) | 23 | # Allow python (blacklisted by disable-interpreters.inc) |
24 | # Python 2 is EOL (see #3164). Add the next line to your meld.local if you understand the risks | 24 | # Python 2 is EOL (see #3164). Add the next line to your meld.local if you understand the risks |
@@ -29,7 +29,7 @@ include allow-python3.inc | |||
29 | # Allow ssh (blacklisted by disable-common.inc) | 29 | # Allow ssh (blacklisted by disable-common.inc) |
30 | include allow-ssh.inc | 30 | include allow-ssh.inc |
31 | 31 | ||
32 | blacklist /usr/libexec | 32 | deny /usr/libexec |
33 | 33 | ||
34 | # Add the next line to your meld.local if you don't need to compare files in disable-common.inc. | 34 | # Add the next line to your meld.local if you don't need to compare files in disable-common.inc. |
35 | #include disable-common.inc | 35 | #include disable-common.inc |
diff --git a/etc/profile-m-z/mendeleydesktop.profile b/etc/profile-m-z/mendeleydesktop.profile index c0bdbb230..e33d6c157 100644 --- a/etc/profile-m-z/mendeleydesktop.profile +++ b/etc/profile-m-z/mendeleydesktop.profile | |||
@@ -6,13 +6,13 @@ include mendeleydesktop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${HOME}/.cache/Mendeley Ltd. | 10 | nodeny ${HOME}/.cache/Mendeley Ltd. |
11 | noblacklist ${HOME}/.config/Mendeley Ltd. | 11 | nodeny ${HOME}/.config/Mendeley Ltd. |
12 | noblacklist ${HOME}/.local/share/Mendeley Ltd. | 12 | nodeny ${HOME}/.local/share/Mendeley Ltd. |
13 | noblacklist ${HOME}/.local/share/data/Mendeley Ltd. | 13 | nodeny ${HOME}/.local/share/data/Mendeley Ltd. |
14 | noblacklist ${HOME}/.pki | 14 | nodeny ${HOME}/.pki |
15 | noblacklist ${HOME}/.local/share/pki | 15 | nodeny ${HOME}/.local/share/pki |
16 | 16 | ||
17 | # Allow python (blacklisted by disable-interpreters.inc) | 17 | # Allow python (blacklisted by disable-interpreters.inc) |
18 | include allow-python2.inc | 18 | include allow-python2.inc |
diff --git a/etc/profile-m-z/menulibre.profile b/etc/profile-m-z/menulibre.profile index 2081b8c96..52808a5b5 100644 --- a/etc/profile-m-z/menulibre.profile +++ b/etc/profile-m-z/menulibre.profile | |||
@@ -19,13 +19,13 @@ include disable-passwdmgr.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | # Whitelist your system icon directory,varies by distro | 21 | # Whitelist your system icon directory,varies by distro |
22 | whitelist /usr/share/app-info | 22 | allow /usr/share/app-info |
23 | whitelist /usr/share/desktop-directories | 23 | allow /usr/share/desktop-directories |
24 | whitelist /usr/share/icons | 24 | allow /usr/share/icons |
25 | whitelist /usr/share/menulibre | 25 | allow /usr/share/menulibre |
26 | whitelist /var/lib/app-info/icons | 26 | allow /var/lib/app-info/icons |
27 | whitelist /var/lib/flatpak/exports/share/applications | 27 | allow /var/lib/flatpak/exports/share/applications |
28 | whitelist /var/lib/flatpak/exports/share/icons | 28 | allow /var/lib/flatpak/exports/share/icons |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/meteo-qt.profile b/etc/profile-m-z/meteo-qt.profile index 85ed7bc74..48f936632 100644 --- a/etc/profile-m-z/meteo-qt.profile +++ b/etc/profile-m-z/meteo-qt.profile | |||
@@ -6,8 +6,8 @@ include meteo-qt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/autostart | 9 | nodeny ${HOME}/.config/autostart |
10 | noblacklist ${HOME}/.config/meteo-qt | 10 | nodeny ${HOME}/.config/meteo-qt |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python3.inc | 13 | include allow-python3.inc |
@@ -22,8 +22,8 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.config/meteo-qt | 24 | mkdir ${HOME}/.config/meteo-qt |
25 | whitelist ${HOME}/.config/autostart | 25 | allow ${HOME}/.config/autostart |
26 | whitelist ${HOME}/.config/meteo-qt | 26 | allow ${HOME}/.config/meteo-qt |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
diff --git a/etc/profile-m-z/microsoft-edge-beta.profile b/etc/profile-m-z/microsoft-edge-beta.profile new file mode 100644 index 000000000..259d39a5f --- /dev/null +++ b/etc/profile-m-z/microsoft-edge-beta.profile | |||
@@ -0,0 +1,20 @@ | |||
1 | # Firejail profile for Microsoft Edge Beta | ||
2 | # Description: Web browser from Microsoft,beta channel | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include microsoft-edge-beta.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | nodeny ${HOME}/.cache/microsoft-edge-beta | ||
10 | nodeny ${HOME}/.config/microsoft-edge-beta | ||
11 | |||
12 | mkdir ${HOME}/.cache/microsoft-edge-beta | ||
13 | mkdir ${HOME}/.config/microsoft-edge-beta | ||
14 | allow ${HOME}/.cache/microsoft-edge-beta | ||
15 | allow ${HOME}/.config/microsoft-edge-beta | ||
16 | |||
17 | private-opt microsoft | ||
18 | |||
19 | # Redirect | ||
20 | include chromium-common.profile \ No newline at end of file | ||
diff --git a/etc/profile-m-z/microsoft-edge-dev.profile b/etc/profile-m-z/microsoft-edge-dev.profile index 039cd36a8..96465866c 100644 --- a/etc/profile-m-z/microsoft-edge-dev.profile +++ b/etc/profile-m-z/microsoft-edge-dev.profile | |||
@@ -6,13 +6,13 @@ include microsoft-edge-dev.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/microsoft-edge-dev | 9 | nodeny ${HOME}/.cache/microsoft-edge-dev |
10 | noblacklist ${HOME}/.config/microsoft-edge-dev | 10 | nodeny ${HOME}/.config/microsoft-edge-dev |
11 | 11 | ||
12 | mkdir ${HOME}/.cache/microsoft-edge-dev | 12 | mkdir ${HOME}/.cache/microsoft-edge-dev |
13 | mkdir ${HOME}/.config/microsoft-edge-dev | 13 | mkdir ${HOME}/.config/microsoft-edge-dev |
14 | whitelist ${HOME}/.cache/microsoft-edge-dev | 14 | allow ${HOME}/.cache/microsoft-edge-dev |
15 | whitelist ${HOME}/.config/microsoft-edge-dev | 15 | allow ${HOME}/.config/microsoft-edge-dev |
16 | 16 | ||
17 | private-opt microsoft | 17 | private-opt microsoft |
18 | 18 | ||
diff --git a/etc/profile-m-z/midori.profile b/etc/profile-m-z/midori.profile index e15259608..c4a444e0d 100644 --- a/etc/profile-m-z/midori.profile +++ b/etc/profile-m-z/midori.profile | |||
@@ -9,17 +9,17 @@ include globals.local | |||
9 | # noexec ${HOME} breaks DRM binaries. | 9 | # noexec ${HOME} breaks DRM binaries. |
10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 10 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
11 | 11 | ||
12 | noblacklist ${HOME}/.cache/midori | 12 | nodeny ${HOME}/.cache/midori |
13 | noblacklist ${HOME}/.config/midori | 13 | nodeny ${HOME}/.config/midori |
14 | noblacklist ${HOME}/.local/share/midori | 14 | nodeny ${HOME}/.local/share/midori |
15 | # noblacklist ${HOME}/.local/share/webkit | 15 | # noblacklist ${HOME}/.local/share/webkit |
16 | # noblacklist ${HOME}/.local/share/webkitgtk | 16 | # noblacklist ${HOME}/.local/share/webkitgtk |
17 | noblacklist ${HOME}/.pki | 17 | nodeny ${HOME}/.pki |
18 | noblacklist ${HOME}/.local/share/pki | 18 | nodeny ${HOME}/.local/share/pki |
19 | 19 | ||
20 | noblacklist ${HOME}/.cache/gnome-mplayer | 20 | nodeny ${HOME}/.cache/gnome-mplayer |
21 | noblacklist ${HOME}/.config/gnome-mplayer | 21 | nodeny ${HOME}/.config/gnome-mplayer |
22 | noblacklist ${HOME}/.lastpass | 22 | nodeny ${HOME}/.lastpass |
23 | 23 | ||
24 | include disable-common.inc | 24 | include disable-common.inc |
25 | include disable-devel.inc | 25 | include disable-devel.inc |
@@ -36,17 +36,17 @@ mkdir ${HOME}/.local/share/webkit | |||
36 | mkdir ${HOME}/.local/share/webkitgtk | 36 | mkdir ${HOME}/.local/share/webkitgtk |
37 | mkdir ${HOME}/.pki | 37 | mkdir ${HOME}/.pki |
38 | mkdir ${HOME}/.local/share/pki | 38 | mkdir ${HOME}/.local/share/pki |
39 | whitelist ${DOWNLOADS} | 39 | allow ${DOWNLOADS} |
40 | whitelist ${HOME}/.cache/gnome-mplayer/plugin | 40 | allow ${HOME}/.cache/gnome-mplayer/plugin |
41 | whitelist ${HOME}/.cache/midori | 41 | allow ${HOME}/.cache/midori |
42 | whitelist ${HOME}/.config/gnome-mplayer | 42 | allow ${HOME}/.config/gnome-mplayer |
43 | whitelist ${HOME}/.config/midori | 43 | allow ${HOME}/.config/midori |
44 | whitelist ${HOME}/.lastpass | 44 | allow ${HOME}/.lastpass |
45 | whitelist ${HOME}/.local/share/midori | 45 | allow ${HOME}/.local/share/midori |
46 | whitelist ${HOME}/.local/share/webkit | 46 | allow ${HOME}/.local/share/webkit |
47 | whitelist ${HOME}/.local/share/webkitgtk | 47 | allow ${HOME}/.local/share/webkitgtk |
48 | whitelist ${HOME}/.pki | 48 | allow ${HOME}/.pki |
49 | whitelist ${HOME}/.local/share/pki | 49 | allow ${HOME}/.local/share/pki |
50 | include whitelist-common.inc | 50 | include whitelist-common.inc |
51 | include whitelist-var-common.inc | 51 | include whitelist-var-common.inc |
52 | 52 | ||
diff --git a/etc/profile-m-z/min.profile b/etc/profile-m-z/min.profile index 7f3aeab44..214332184 100644 --- a/etc/profile-m-z/min.profile +++ b/etc/profile-m-z/min.profile | |||
@@ -6,10 +6,10 @@ include min.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Min | 9 | nodeny ${HOME}/.config/Min |
10 | 10 | ||
11 | mkdir ${HOME}/.config/Min | 11 | mkdir ${HOME}/.config/Min |
12 | whitelist ${HOME}/.config/Min | 12 | allow ${HOME}/.config/Min |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include chromium-common.profile | 15 | include chromium-common.profile |
diff --git a/etc/profile-m-z/mindless.profile b/etc/profile-m-z/mindless.profile index fbf6b58e8..ee8402b87 100644 --- a/etc/profile-m-z/mindless.profile +++ b/etc/profile-m-z/mindless.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/mindless | 18 | allow /usr/share/mindless |
19 | include whitelist-usr-share-common.inc | 19 | include whitelist-usr-share-common.inc |
20 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
diff --git a/etc/profile-m-z/minecraft-launcher.profile b/etc/profile-m-z/minecraft-launcher.profile index 1028e374a..595313851 100644 --- a/etc/profile-m-z/minecraft-launcher.profile +++ b/etc/profile-m-z/minecraft-launcher.profile | |||
@@ -11,7 +11,7 @@ include globals.local | |||
11 | 11 | ||
12 | ignore noexec ${HOME} | 12 | ignore noexec ${HOME} |
13 | 13 | ||
14 | noblacklist ${HOME}/.minecraft | 14 | nodeny ${HOME}/.minecraft |
15 | 15 | ||
16 | include allow-java.inc | 16 | include allow-java.inc |
17 | 17 | ||
@@ -25,7 +25,7 @@ include disable-shell.inc | |||
25 | include disable-xdg.inc | 25 | include disable-xdg.inc |
26 | 26 | ||
27 | mkdir ${HOME}/.minecraft | 27 | mkdir ${HOME}/.minecraft |
28 | whitelist ${HOME}/.minecraft | 28 | allow ${HOME}/.minecraft |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/minetest.profile b/etc/profile-m-z/minetest.profile index cad1adbda..11d0859b7 100644 --- a/etc/profile-m-z/minetest.profile +++ b/etc/profile-m-z/minetest.profile | |||
@@ -9,8 +9,8 @@ include globals.local | |||
9 | # In order to save in-game screenshots to a persistent location edit ~/.minetest/minetest.conf: | 9 | # In order to save in-game screenshots to a persistent location edit ~/.minetest/minetest.conf: |
10 | # screenshot_path = /home/<USER>/.minetest/screenshots | 10 | # screenshot_path = /home/<USER>/.minetest/screenshots |
11 | 11 | ||
12 | noblacklist ${HOME}/.cache/minetest | 12 | nodeny ${HOME}/.cache/minetest |
13 | noblacklist ${HOME}/.minetest | 13 | nodeny ${HOME}/.minetest |
14 | 14 | ||
15 | # Allow lua (blacklisted by disable-interpreters.inc) | 15 | # Allow lua (blacklisted by disable-interpreters.inc) |
16 | include allow-lua.inc | 16 | include allow-lua.inc |
@@ -26,10 +26,10 @@ include disable-xdg.inc | |||
26 | 26 | ||
27 | mkdir ${HOME}/.cache/minetest | 27 | mkdir ${HOME}/.cache/minetest |
28 | mkdir ${HOME}/.minetest | 28 | mkdir ${HOME}/.minetest |
29 | whitelist ${HOME}/.cache/minetest | 29 | allow ${HOME}/.cache/minetest |
30 | whitelist ${HOME}/.minetest | 30 | allow ${HOME}/.minetest |
31 | whitelist /usr/share/games/minetest | 31 | allow /usr/share/games/minetest |
32 | whitelist /usr/share/minetest | 32 | allow /usr/share/minetest |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-runuser-common.inc | 34 | include whitelist-runuser-common.inc |
35 | include whitelist-usr-share-common.inc | 35 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile index 3fe3428d0..192913dbf 100644 --- a/etc/profile-m-z/minitube.profile +++ b/etc/profile-m-z/minitube.profile | |||
@@ -6,10 +6,10 @@ include minitube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | noblacklist ${HOME}/.cache/Flavio Tordini | 10 | nodeny ${HOME}/.cache/Flavio Tordini |
11 | noblacklist ${HOME}/.config/Flavio Tordini | 11 | nodeny ${HOME}/.config/Flavio Tordini |
12 | noblacklist ${HOME}/.local/share/Flavio Tordini | 12 | nodeny ${HOME}/.local/share/Flavio Tordini |
13 | 13 | ||
14 | include allow-lua.inc | 14 | include allow-lua.inc |
15 | 15 | ||
@@ -25,11 +25,11 @@ include disable-xdg.inc | |||
25 | mkdir ${HOME}/.cache/Flavio Tordini | 25 | mkdir ${HOME}/.cache/Flavio Tordini |
26 | mkdir ${HOME}/.config/Flavio Tordini | 26 | mkdir ${HOME}/.config/Flavio Tordini |
27 | mkdir ${HOME}/.local/share/Flavio Tordini | 27 | mkdir ${HOME}/.local/share/Flavio Tordini |
28 | whitelist ${PICTURES} | 28 | allow ${PICTURES} |
29 | whitelist ${HOME}/.cache/Flavio Tordini | 29 | allow ${HOME}/.cache/Flavio Tordini |
30 | whitelist ${HOME}/.config/Flavio Tordini | 30 | allow ${HOME}/.config/Flavio Tordini |
31 | whitelist ${HOME}/.local/share/Flavio Tordini | 31 | allow ${HOME}/.local/share/Flavio Tordini |
32 | whitelist /usr/share/minitube | 32 | allow /usr/share/minitube |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-runuser-common.inc | 34 | include whitelist-runuser-common.inc |
35 | include whitelist-usr-share-common.inc | 35 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/mirage.profile b/etc/profile-m-z/mirage.profile index 505009283..b2f2cc5b1 100644 --- a/etc/profile-m-z/mirage.profile +++ b/etc/profile-m-z/mirage.profile | |||
@@ -6,10 +6,10 @@ include mirage.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/mirage | 9 | nodeny ${HOME}/.cache/mirage |
10 | noblacklist ${HOME}/.config/mirage | 10 | nodeny ${HOME}/.config/mirage |
11 | noblacklist ${HOME}/.local/share/mirage | 11 | nodeny ${HOME}/.local/share/mirage |
12 | noblacklist /sbin | 12 | nodeny /sbin |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
@@ -27,10 +27,10 @@ include disable-xdg.inc | |||
27 | mkdir ${HOME}/.cache/mirage | 27 | mkdir ${HOME}/.cache/mirage |
28 | mkdir ${HOME}/.config/mirage | 28 | mkdir ${HOME}/.config/mirage |
29 | mkdir ${HOME}/.local/share/mirage | 29 | mkdir ${HOME}/.local/share/mirage |
30 | whitelist ${HOME}/.cache/mirage | 30 | allow ${HOME}/.cache/mirage |
31 | whitelist ${HOME}/.config/mirage | 31 | allow ${HOME}/.config/mirage |
32 | whitelist ${HOME}/.local/share/mirage | 32 | allow ${HOME}/.local/share/mirage |
33 | whitelist ${DOWNLOADS} | 33 | allow ${DOWNLOADS} |
34 | include whitelist-common.inc | 34 | include whitelist-common.inc |
35 | include whitelist-runuser-common.inc | 35 | include whitelist-runuser-common.inc |
36 | include whitelist-usr-share-common.inc | 36 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/mirrormagic.profile b/etc/profile-m-z/mirrormagic.profile index 58dfd56f5..d5ebfd4b0 100644 --- a/etc/profile-m-z/mirrormagic.profile +++ b/etc/profile-m-z/mirrormagic.profile | |||
@@ -6,7 +6,7 @@ include mirrormagic.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.mirrormagic | 9 | nodeny ${HOME}/.mirrormagic |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.mirrormagic | 20 | mkdir ${HOME}/.mirrormagic |
21 | whitelist ${HOME}/.mirrormagic | 21 | allow ${HOME}/.mirrormagic |
22 | whitelist /usr/share/mirrormagic | 22 | allow /usr/share/mirrormagic |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile index e71ba4569..b734bd7c0 100644 --- a/etc/profile-m-z/mocp.profile +++ b/etc/profile-m-z/mocp.profile | |||
@@ -7,8 +7,8 @@ include mocp.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.moc | 10 | nodeny ${HOME}/.moc |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mousepad.profile b/etc/profile-m-z/mousepad.profile index 98063fa7c..a02b29b61 100644 --- a/etc/profile-m-z/mousepad.profile +++ b/etc/profile-m-z/mousepad.profile | |||
@@ -6,7 +6,7 @@ include mousepad.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Mousepad | 9 | nodeny ${HOME}/.config/Mousepad |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mp3splt-gtk.profile b/etc/profile-m-z/mp3splt-gtk.profile index 37ce60e04..f47384753 100644 --- a/etc/profile-m-z/mp3splt-gtk.profile +++ b/etc/profile-m-z/mp3splt-gtk.profile | |||
@@ -6,7 +6,7 @@ include mp3splt-gtk.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.mp3splt-gtk | 9 | nodeny ${HOME}/.mp3splt-gtk |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mp3splt.profile b/etc/profile-m-z/mp3splt.profile index 070de8451..8a2ab15bd 100644 --- a/etc/profile-m-z/mp3splt.profile +++ b/etc/profile-m-z/mp3splt.profile | |||
@@ -6,9 +6,9 @@ include mp3splt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mpDris2.profile b/etc/profile-m-z/mpDris2.profile index 55a0b5897..6994b0429 100644 --- a/etc/profile-m-z/mpDris2.profile +++ b/etc/profile-m-z/mpDris2.profile | |||
@@ -6,13 +6,13 @@ include mpDris2.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mpDris2 | 9 | nodeny ${HOME}/.config/mpDris2 |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
13 | include allow-python3.inc | 13 | include allow-python3.inc |
14 | 14 | ||
15 | noblacklist ${MUSIC} | 15 | nodeny ${MUSIC} |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -23,10 +23,10 @@ include disable-programs.inc | |||
23 | include disable-shell.inc | 23 | include disable-shell.inc |
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | whitelist ${MUSIC} | 26 | allow ${MUSIC} |
27 | 27 | ||
28 | mkdir ${HOME}/.config/mpDris2 | 28 | mkdir ${HOME}/.config/mpDris2 |
29 | whitelist ${HOME}/.config/mpDris2 | 29 | allow ${HOME}/.config/mpDris2 |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
32 | 32 | ||
diff --git a/etc/profile-m-z/mpd.profile b/etc/profile-m-z/mpd.profile index b517d4ab2..8b3350ac8 100644 --- a/etc/profile-m-z/mpd.profile +++ b/etc/profile-m-z/mpd.profile | |||
@@ -6,10 +6,10 @@ include mpd.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mpd | 9 | nodeny ${HOME}/.config/mpd |
10 | noblacklist ${HOME}/.mpd | 10 | nodeny ${HOME}/.mpd |
11 | noblacklist ${HOME}/.mpdconf | 11 | nodeny ${HOME}/.mpdconf |
12 | noblacklist ${MUSIC} | 12 | nodeny ${MUSIC} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mpg123.profile b/etc/profile-m-z/mpg123.profile index 25187e894..03bd44daa 100644 --- a/etc/profile-m-z/mpg123.profile +++ b/etc/profile-m-z/mpg123.profile | |||
@@ -7,7 +7,7 @@ include mpg123.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mplayer.profile b/etc/profile-m-z/mplayer.profile index 5d023b7f1..84754aeb2 100644 --- a/etc/profile-m-z/mplayer.profile +++ b/etc/profile-m-z/mplayer.profile | |||
@@ -6,7 +6,7 @@ include mplayer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.mplayer | 9 | nodeny ${HOME}/.mplayer |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | 17 | ||
18 | read-only ${DESKTOP} | 18 | read-only ${DESKTOP} |
19 | mkdir ${HOME}/.mplayer | 19 | mkdir ${HOME}/.mplayer |
20 | whitelist ${HOME}/.mplayer | 20 | allow ${HOME}/.mplayer |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-player-common.inc | 22 | include whitelist-player-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/mpsyt.profile b/etc/profile-m-z/mpsyt.profile index bfe57a132..d35519103 100644 --- a/etc/profile-m-z/mpsyt.profile +++ b/etc/profile-m-z/mpsyt.profile | |||
@@ -6,12 +6,12 @@ include mpsyt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mps-youtube | 9 | nodeny ${HOME}/.config/mps-youtube |
10 | noblacklist ${HOME}/.config/mpv | 10 | nodeny ${HOME}/.config/mpv |
11 | noblacklist ${HOME}/.config/youtube-dl | 11 | nodeny ${HOME}/.config/youtube-dl |
12 | noblacklist ${HOME}/.mplayer | 12 | nodeny ${HOME}/.mplayer |
13 | noblacklist ${HOME}/.netrc | 13 | nodeny ${HOME}/.netrc |
14 | noblacklist ${HOME}/mps | 14 | nodeny ${HOME}/mps |
15 | 15 | ||
16 | # Allow lua (blacklisted by disable-interpreters.inc) | 16 | # Allow lua (blacklisted by disable-interpreters.inc) |
17 | include allow-lua.inc | 17 | include allow-lua.inc |
@@ -20,8 +20,8 @@ include allow-lua.inc | |||
20 | include allow-python2.inc | 20 | include allow-python2.inc |
21 | include allow-python3.inc | 21 | include allow-python3.inc |
22 | 22 | ||
23 | noblacklist ${MUSIC} | 23 | nodeny ${MUSIC} |
24 | noblacklist ${VIDEOS} | 24 | nodeny ${VIDEOS} |
25 | 25 | ||
26 | include disable-common.inc | 26 | include disable-common.inc |
27 | include disable-devel.inc | 27 | include disable-devel.inc |
@@ -37,12 +37,12 @@ mkdir ${HOME}/.config/mpv | |||
37 | mkdir ${HOME}/.config/youtube-dl | 37 | mkdir ${HOME}/.config/youtube-dl |
38 | mkdir ${HOME}/.mplayer | 38 | mkdir ${HOME}/.mplayer |
39 | mkdir ${HOME}/mps | 39 | mkdir ${HOME}/mps |
40 | whitelist ${HOME}/.config/mps-youtube | 40 | allow ${HOME}/.config/mps-youtube |
41 | whitelist ${HOME}/.config/mpv | 41 | allow ${HOME}/.config/mpv |
42 | whitelist ${HOME}/.config/youtube-dl | 42 | allow ${HOME}/.config/youtube-dl |
43 | whitelist ${HOME}/.mplayer | 43 | allow ${HOME}/.mplayer |
44 | whitelist ${HOME}/.netrc | 44 | allow ${HOME}/.netrc |
45 | whitelist ${HOME}/mps | 45 | allow ${HOME}/mps |
46 | include whitelist-common.inc | 46 | include whitelist-common.inc |
47 | include whitelist-player-common.inc | 47 | include whitelist-player-common.inc |
48 | include whitelist-var-common.inc | 48 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile index af5c214f7..4ea2dd348 100644 --- a/etc/profile-m-z/mpv.profile +++ b/etc/profile-m-z/mpv.profile | |||
@@ -24,9 +24,9 @@ include globals.local | |||
24 | #include allow-bin-sh.inc | 24 | #include allow-bin-sh.inc |
25 | #private-bin sh | 25 | #private-bin sh |
26 | 26 | ||
27 | noblacklist ${HOME}/.config/mpv | 27 | nodeny ${HOME}/.config/mpv |
28 | noblacklist ${HOME}/.config/youtube-dl | 28 | nodeny ${HOME}/.config/youtube-dl |
29 | noblacklist ${HOME}/.netrc | 29 | nodeny ${HOME}/.netrc |
30 | 30 | ||
31 | # Allow lua (blacklisted by disable-interpreters.inc) | 31 | # Allow lua (blacklisted by disable-interpreters.inc) |
32 | include allow-lua.inc | 32 | include allow-lua.inc |
@@ -35,7 +35,7 @@ include allow-lua.inc | |||
35 | include allow-python2.inc | 35 | include allow-python2.inc |
36 | include allow-python3.inc | 36 | include allow-python3.inc |
37 | 37 | ||
38 | blacklist /usr/libexec | 38 | deny /usr/libexec |
39 | 39 | ||
40 | include disable-common.inc | 40 | include disable-common.inc |
41 | include disable-devel.inc | 41 | include disable-devel.inc |
@@ -49,14 +49,14 @@ read-only ${DESKTOP} | |||
49 | mkdir ${HOME}/.config/mpv | 49 | mkdir ${HOME}/.config/mpv |
50 | mkdir ${HOME}/.config/youtube-dl | 50 | mkdir ${HOME}/.config/youtube-dl |
51 | mkfile ${HOME}/.netrc | 51 | mkfile ${HOME}/.netrc |
52 | whitelist ${HOME}/.config/mpv | 52 | allow ${HOME}/.config/mpv |
53 | whitelist ${HOME}/.config/youtube-dl | 53 | allow ${HOME}/.config/youtube-dl |
54 | whitelist ${HOME}/.netrc | 54 | allow ${HOME}/.netrc |
55 | include whitelist-common.inc | 55 | include whitelist-common.inc |
56 | include whitelist-player-common.inc | 56 | include whitelist-player-common.inc |
57 | whitelist /usr/share/lua | 57 | allow /usr/share/lua |
58 | whitelist /usr/share/lua* | 58 | allow /usr/share/lua* |
59 | whitelist /usr/share/vulkan | 59 | allow /usr/share/vulkan |
60 | include whitelist-usr-share-common.inc | 60 | include whitelist-usr-share-common.inc |
61 | include whitelist-var-common.inc | 61 | include whitelist-var-common.inc |
62 | 62 | ||
diff --git a/etc/profile-m-z/mrrescue.profile b/etc/profile-m-z/mrrescue.profile index e3ceb3bd4..a8c49a690 100644 --- a/etc/profile-m-z/mrrescue.profile +++ b/etc/profile-m-z/mrrescue.profile | |||
@@ -6,7 +6,7 @@ include mrrescue.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/love | 9 | nodeny ${HOME}/.local/share/love |
10 | 10 | ||
11 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 11 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
12 | include allow-bin-sh.inc | 12 | include allow-bin-sh.inc |
@@ -14,7 +14,7 @@ include allow-bin-sh.inc | |||
14 | # Allow lua (blacklisted by disable-interpreters.inc) | 14 | # Allow lua (blacklisted by disable-interpreters.inc) |
15 | include allow-lua.inc | 15 | include allow-lua.inc |
16 | 16 | ||
17 | blacklist /usr/libexec | 17 | deny /usr/libexec |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
@@ -26,8 +26,8 @@ include disable-shell.inc | |||
26 | include disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | mkdir ${HOME}/.local/share/love | 28 | mkdir ${HOME}/.local/share/love |
29 | whitelist ${HOME}/.local/share/love | 29 | allow ${HOME}/.local/share/love |
30 | whitelist /usr/share/mrrescue | 30 | allow /usr/share/mrrescue |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
33 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/ms-excel.profile b/etc/profile-m-z/ms-excel.profile index db24e8f9b..5fea86ae7 100644 --- a/etc/profile-m-z/ms-excel.profile +++ b/etc/profile-m-z/ms-excel.profile | |||
@@ -6,7 +6,7 @@ include ms-excel.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/ms-excel-online | 9 | nodeny ${HOME}/.cache/ms-excel-online |
10 | private-bin ms-excel | 10 | private-bin ms-excel |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
diff --git a/etc/profile-m-z/ms-office.profile b/etc/profile-m-z/ms-office.profile index 38fc84ecc..4033627f7 100644 --- a/etc/profile-m-z/ms-office.profile +++ b/etc/profile-m-z/ms-office.profile | |||
@@ -5,8 +5,8 @@ include ms-office.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/ms-office-online | 8 | nodeny ${HOME}/.cache/ms-office-online |
9 | noblacklist ${HOME}/.jak | 9 | nodeny ${HOME}/.jak |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
diff --git a/etc/profile-m-z/ms-onenote.profile b/etc/profile-m-z/ms-onenote.profile index 9ea0637bd..805de5102 100644 --- a/etc/profile-m-z/ms-onenote.profile +++ b/etc/profile-m-z/ms-onenote.profile | |||
@@ -6,7 +6,7 @@ include ms-onenote.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/ms-onenote-online | 9 | nodeny ${HOME}/.cache/ms-onenote-online |
10 | private-bin ms-onenote | 10 | private-bin ms-onenote |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
diff --git a/etc/profile-m-z/ms-outlook.profile b/etc/profile-m-z/ms-outlook.profile index fc3e7c009..bd14fb7d3 100644 --- a/etc/profile-m-z/ms-outlook.profile +++ b/etc/profile-m-z/ms-outlook.profile | |||
@@ -6,7 +6,7 @@ include ms-outlook.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/ms-outlook-online | 9 | nodeny ${HOME}/.cache/ms-outlook-online |
10 | private-bin ms-outlook | 10 | private-bin ms-outlook |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
diff --git a/etc/profile-m-z/ms-powerpoint.profile b/etc/profile-m-z/ms-powerpoint.profile index dadcd5b1e..02a7424e2 100644 --- a/etc/profile-m-z/ms-powerpoint.profile +++ b/etc/profile-m-z/ms-powerpoint.profile | |||
@@ -6,7 +6,7 @@ include ms-powerpoint.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/ms-powerpoint-online | 9 | nodeny ${HOME}/.cache/ms-powerpoint-online |
10 | private-bin ms-powerpoint | 10 | private-bin ms-powerpoint |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
diff --git a/etc/profile-m-z/ms-skype.profile b/etc/profile-m-z/ms-skype.profile index df1618361..01729f9a2 100644 --- a/etc/profile-m-z/ms-skype.profile +++ b/etc/profile-m-z/ms-skype.profile | |||
@@ -8,7 +8,7 @@ include ms-skype.local | |||
8 | 8 | ||
9 | ignore novideo | 9 | ignore novideo |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/ms-skype-online | 11 | nodeny ${HOME}/.cache/ms-skype-online |
12 | 12 | ||
13 | private-bin ms-skype | 13 | private-bin ms-skype |
14 | 14 | ||
diff --git a/etc/profile-m-z/ms-word.profile b/etc/profile-m-z/ms-word.profile index 5a617a893..34cf02128 100644 --- a/etc/profile-m-z/ms-word.profile +++ b/etc/profile-m-z/ms-word.profile | |||
@@ -6,7 +6,7 @@ include ms-word.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/ms-word-online | 9 | nodeny ${HOME}/.cache/ms-word-online |
10 | private-bin ms-word | 10 | private-bin ms-word |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
diff --git a/etc/profile-m-z/mtpaint.profile b/etc/profile-m-z/mtpaint.profile index 85c3ee9f2..ec7cd5d04 100644 --- a/etc/profile-m-z/mtpaint.profile +++ b/etc/profile-m-z/mtpaint.profile | |||
@@ -6,7 +6,7 @@ include mtpaint.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/multimc5.profile b/etc/profile-m-z/multimc5.profile index 6df681df1..447e7753f 100644 --- a/etc/profile-m-z/multimc5.profile +++ b/etc/profile-m-z/multimc5.profile | |||
@@ -5,9 +5,9 @@ include multimc5.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.local/share/multimc | 8 | nodeny ${HOME}/.local/share/multimc |
9 | noblacklist ${HOME}/.local/share/multimc5 | 9 | nodeny ${HOME}/.local/share/multimc5 |
10 | noblacklist ${HOME}/.multimc5 | 10 | nodeny ${HOME}/.multimc5 |
11 | 11 | ||
12 | # Allow java (blacklisted by disable-devel.inc) | 12 | # Allow java (blacklisted by disable-devel.inc) |
13 | include allow-java.inc | 13 | include allow-java.inc |
@@ -22,9 +22,9 @@ include disable-programs.inc | |||
22 | mkdir ${HOME}/.local/share/multimc | 22 | mkdir ${HOME}/.local/share/multimc |
23 | mkdir ${HOME}/.local/share/multimc5 | 23 | mkdir ${HOME}/.local/share/multimc5 |
24 | mkdir ${HOME}/.multimc5 | 24 | mkdir ${HOME}/.multimc5 |
25 | whitelist ${HOME}/.local/share/multimc | 25 | allow ${HOME}/.local/share/multimc |
26 | whitelist ${HOME}/.local/share/multimc5 | 26 | allow ${HOME}/.local/share/multimc5 |
27 | whitelist ${HOME}/.multimc5 | 27 | allow ${HOME}/.multimc5 |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | 29 | ||
30 | caps.drop all | 30 | caps.drop all |
diff --git a/etc/profile-m-z/mumble.profile b/etc/profile-m-z/mumble.profile index c7f59c5ee..1d72e07b8 100644 --- a/etc/profile-m-z/mumble.profile +++ b/etc/profile-m-z/mumble.profile | |||
@@ -6,9 +6,9 @@ include mumble.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Mumble | 9 | nodeny ${HOME}/.config/Mumble |
10 | noblacklist ${HOME}/.local/share/data/Mumble | 10 | nodeny ${HOME}/.local/share/data/Mumble |
11 | noblacklist ${HOME}/.local/share/Mumble | 11 | nodeny ${HOME}/.local/share/Mumble |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,9 +21,9 @@ include disable-shell.inc | |||
21 | mkdir ${HOME}/.config/Mumble | 21 | mkdir ${HOME}/.config/Mumble |
22 | mkdir ${HOME}/.local/share/data/Mumble | 22 | mkdir ${HOME}/.local/share/data/Mumble |
23 | mkdir ${HOME}/.local/share/Mumble | 23 | mkdir ${HOME}/.local/share/Mumble |
24 | whitelist ${HOME}/.config/Mumble | 24 | allow ${HOME}/.config/Mumble |
25 | whitelist ${HOME}/.local/share/data/Mumble | 25 | allow ${HOME}/.local/share/data/Mumble |
26 | whitelist ${HOME}/.local/share/Mumble | 26 | allow ${HOME}/.local/share/Mumble |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
diff --git a/etc/profile-m-z/mupdf-gl.profile b/etc/profile-m-z/mupdf-gl.profile index be94a9083..c208a5e54 100644 --- a/etc/profile-m-z/mupdf-gl.profile +++ b/etc/profile-m-z/mupdf-gl.profile | |||
@@ -7,7 +7,7 @@ include mupdf-gl.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.mupdf.history | 10 | nodeny ${HOME}/.mupdf.history |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
13 | include mupdf.profile | 13 | include mupdf.profile |
diff --git a/etc/profile-m-z/mupdf.profile b/etc/profile-m-z/mupdf.profile index 9e4609c48..e602b1429 100644 --- a/etc/profile-m-z/mupdf.profile +++ b/etc/profile-m-z/mupdf.profile | |||
@@ -6,7 +6,7 @@ include mupdf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mupen64plus.profile b/etc/profile-m-z/mupen64plus.profile index 00983a8f3..ecc7e2957 100644 --- a/etc/profile-m-z/mupen64plus.profile +++ b/etc/profile-m-z/mupen64plus.profile | |||
@@ -6,8 +6,8 @@ include mupen64plus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/mupen64plus | 9 | nodeny ${HOME}/.config/mupen64plus |
10 | noblacklist ${HOME}/.local/share/mupen64plus | 10 | nodeny ${HOME}/.local/share/mupen64plus |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | # you'll need to manually whitelist ROM files | 18 | # you'll need to manually whitelist ROM files |
19 | mkdir ${HOME}/.config/mupen64plus | 19 | mkdir ${HOME}/.config/mupen64plus |
20 | mkdir ${HOME}/.local/share/mupen64plus | 20 | mkdir ${HOME}/.local/share/mupen64plus |
21 | whitelist ${HOME}/.config/mupen64plus | 21 | allow ${HOME}/.config/mupen64plus |
22 | whitelist ${HOME}/.local/share/mupen64plus | 22 | allow ${HOME}/.local/share/mupen64plus |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | 24 | ||
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-m-z/musescore.profile b/etc/profile-m-z/musescore.profile index 679e82ae8..aa141f9c0 100644 --- a/etc/profile-m-z/musescore.profile +++ b/etc/profile-m-z/musescore.profile | |||
@@ -6,12 +6,12 @@ include musescore.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/MusE | 9 | nodeny ${HOME}/.config/MusE |
10 | noblacklist ${HOME}/.config/MuseScore | 10 | nodeny ${HOME}/.config/MuseScore |
11 | noblacklist ${HOME}/.local/share/data/MusE | 11 | nodeny ${HOME}/.local/share/data/MusE |
12 | noblacklist ${HOME}/.local/share/data/MuseScore | 12 | nodeny ${HOME}/.local/share/data/MuseScore |
13 | noblacklist ${DOCUMENTS} | 13 | nodeny ${DOCUMENTS} |
14 | noblacklist ${MUSIC} | 14 | nodeny ${MUSIC} |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-m-z/musictube.profile b/etc/profile-m-z/musictube.profile index 04500ac6a..5ab1303a2 100644 --- a/etc/profile-m-z/musictube.profile +++ b/etc/profile-m-z/musictube.profile | |||
@@ -6,9 +6,9 @@ include musictube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Flavio Tordini | 9 | nodeny ${HOME}/.cache/Flavio Tordini |
10 | noblacklist ${HOME}/.config/Flavio Tordini | 10 | nodeny ${HOME}/.config/Flavio Tordini |
11 | noblacklist ${HOME}/.local/share/Flavio Tordini | 11 | nodeny ${HOME}/.local/share/Flavio Tordini |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,10 +22,10 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.cache/Flavio Tordini | 22 | mkdir ${HOME}/.cache/Flavio Tordini |
23 | mkdir ${HOME}/.config/Flavio Tordini | 23 | mkdir ${HOME}/.config/Flavio Tordini |
24 | mkdir ${HOME}/.local/share/Flavio Tordini | 24 | mkdir ${HOME}/.local/share/Flavio Tordini |
25 | whitelist ${HOME}/.cache/Flavio Tordini | 25 | allow ${HOME}/.cache/Flavio Tordini |
26 | whitelist ${HOME}/.config/Flavio Tordini | 26 | allow ${HOME}/.config/Flavio Tordini |
27 | whitelist ${HOME}/.local/share/Flavio Tordini | 27 | allow ${HOME}/.local/share/Flavio Tordini |
28 | whitelist /usr/share/musictube | 28 | allow /usr/share/musictube |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/musixmatch.profile b/etc/profile-m-z/musixmatch.profile index 74b3e9a5f..9390f9dcf 100644 --- a/etc/profile-m-z/musixmatch.profile +++ b/etc/profile-m-z/musixmatch.profile | |||
@@ -5,7 +5,7 @@ include musixmatch.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${MUSIC} | 8 | nodeny ${MUSIC} |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index debf81659..91606bdfa 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile | |||
@@ -7,36 +7,36 @@ include mutt.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist /var/mail | 10 | nodeny /var/mail |
11 | noblacklist /var/spool/mail | 11 | nodeny /var/spool/mail |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | noblacklist ${HOME}/.Mail | 13 | nodeny ${HOME}/.Mail |
14 | noblacklist ${HOME}/.bogofilter | 14 | nodeny ${HOME}/.bogofilter |
15 | noblacklist ${HOME}/.cache/mutt | 15 | nodeny ${HOME}/.cache/mutt |
16 | noblacklist ${HOME}/.config/mutt | 16 | nodeny ${HOME}/.config/mutt |
17 | noblacklist ${HOME}/.config/nano | 17 | nodeny ${HOME}/.config/nano |
18 | noblacklist ${HOME}/.elinks | 18 | nodeny ${HOME}/.elinks |
19 | noblacklist ${HOME}/.emacs | 19 | nodeny ${HOME}/.emacs |
20 | noblacklist ${HOME}/.emacs.d | 20 | nodeny ${HOME}/.emacs.d |
21 | noblacklist ${HOME}/.gnupg | 21 | nodeny ${HOME}/.gnupg |
22 | noblacklist ${HOME}/.mail | 22 | nodeny ${HOME}/.mail |
23 | noblacklist ${HOME}/.mailcap | 23 | nodeny ${HOME}/.mailcap |
24 | noblacklist ${HOME}/.msmtprc | 24 | nodeny ${HOME}/.msmtprc |
25 | noblacklist ${HOME}/.mutt | 25 | nodeny ${HOME}/.mutt |
26 | noblacklist ${HOME}/.muttrc | 26 | nodeny ${HOME}/.muttrc |
27 | noblacklist ${HOME}/.nanorc | 27 | nodeny ${HOME}/.nanorc |
28 | noblacklist ${HOME}/.signature | 28 | nodeny ${HOME}/.signature |
29 | noblacklist ${HOME}/.vim | 29 | nodeny ${HOME}/.vim |
30 | noblacklist ${HOME}/.viminfo | 30 | nodeny ${HOME}/.viminfo |
31 | noblacklist ${HOME}/.vimrc | 31 | nodeny ${HOME}/.vimrc |
32 | noblacklist ${HOME}/.w3m | 32 | nodeny ${HOME}/.w3m |
33 | noblacklist ${HOME}/Mail | 33 | nodeny ${HOME}/Mail |
34 | noblacklist ${HOME}/mail | 34 | nodeny ${HOME}/mail |
35 | noblacklist ${HOME}/postponed | 35 | nodeny ${HOME}/postponed |
36 | noblacklist ${HOME}/sent | 36 | nodeny ${HOME}/sent |
37 | 37 | ||
38 | blacklist /tmp/.X11-unix | 38 | deny /tmp/.X11-unix |
39 | blacklist ${RUNUSER}/wayland-* | 39 | deny ${RUNUSER}/wayland-* |
40 | 40 | ||
41 | # Add the next lines to your mutt.local for oauth.py,S/MIME support. | 41 | # Add the next lines to your mutt.local for oauth.py,S/MIME support. |
42 | #include allow-perl.inc | 42 | #include allow-perl.inc |
@@ -75,37 +75,37 @@ mkfile ${HOME}/.nanorc | |||
75 | mkfile ${HOME}/.signature | 75 | mkfile ${HOME}/.signature |
76 | mkfile ${HOME}/.viminfo | 76 | mkfile ${HOME}/.viminfo |
77 | mkfile ${HOME}/.vimrc | 77 | mkfile ${HOME}/.vimrc |
78 | whitelist ${DOCUMENTS} | 78 | allow ${DOCUMENTS} |
79 | whitelist ${DOWNLOADS} | 79 | allow ${DOWNLOADS} |
80 | whitelist ${HOME}/.Mail | 80 | allow ${HOME}/.Mail |
81 | whitelist ${HOME}/.bogofilter | 81 | allow ${HOME}/.bogofilter |
82 | whitelist ${HOME}/.cache/mutt | 82 | allow ${HOME}/.cache/mutt |
83 | whitelist ${HOME}/.config/mutt | 83 | allow ${HOME}/.config/mutt |
84 | whitelist ${HOME}/.config/nano | 84 | allow ${HOME}/.config/nano |
85 | whitelist ${HOME}/.elinks | 85 | allow ${HOME}/.elinks |
86 | whitelist ${HOME}/.emacs | 86 | allow ${HOME}/.emacs |
87 | whitelist ${HOME}/.emacs.d | 87 | allow ${HOME}/.emacs.d |
88 | whitelist ${HOME}/.gnupg | 88 | allow ${HOME}/.gnupg |
89 | whitelist ${HOME}/.mail | 89 | allow ${HOME}/.mail |
90 | whitelist ${HOME}/.mailcap | 90 | allow ${HOME}/.mailcap |
91 | whitelist ${HOME}/.msmtprc | 91 | allow ${HOME}/.msmtprc |
92 | whitelist ${HOME}/.mutt | 92 | allow ${HOME}/.mutt |
93 | whitelist ${HOME}/.muttrc | 93 | allow ${HOME}/.muttrc |
94 | whitelist ${HOME}/.nanorc | 94 | allow ${HOME}/.nanorc |
95 | whitelist ${HOME}/.signature | 95 | allow ${HOME}/.signature |
96 | whitelist ${HOME}/.vim | 96 | allow ${HOME}/.vim |
97 | whitelist ${HOME}/.viminfo | 97 | allow ${HOME}/.viminfo |
98 | whitelist ${HOME}/.vimrc | 98 | allow ${HOME}/.vimrc |
99 | whitelist ${HOME}/.w3m | 99 | allow ${HOME}/.w3m |
100 | whitelist ${HOME}/Mail | 100 | allow ${HOME}/Mail |
101 | whitelist ${HOME}/mail | 101 | allow ${HOME}/mail |
102 | whitelist ${HOME}/postponed | 102 | allow ${HOME}/postponed |
103 | whitelist ${HOME}/sent | 103 | allow ${HOME}/sent |
104 | whitelist /usr/share/gnupg | 104 | allow /usr/share/gnupg |
105 | whitelist /usr/share/gnupg2 | 105 | allow /usr/share/gnupg2 |
106 | whitelist /usr/share/mutt | 106 | allow /usr/share/mutt |
107 | whitelist /var/mail | 107 | allow /var/mail |
108 | whitelist /var/spool/mail | 108 | allow /var/spool/mail |
109 | include whitelist-common.inc | 109 | include whitelist-common.inc |
110 | include whitelist-runuser-common.inc | 110 | include whitelist-runuser-common.inc |
111 | include whitelist-usr-share-common.inc | 111 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/mypaint.profile b/etc/profile-m-z/mypaint.profile index d8d487fe7..19af47498 100644 --- a/etc/profile-m-z/mypaint.profile +++ b/etc/profile-m-z/mypaint.profile | |||
@@ -6,10 +6,10 @@ include mypaint.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/mypaint | 9 | nodeny ${HOME}/.cache/mypaint |
10 | noblacklist ${HOME}/.config/mypaint | 10 | nodeny ${HOME}/.config/mypaint |
11 | noblacklist ${HOME}/.local/share/mypaint | 11 | nodeny ${HOME}/.local/share/mypaint |
12 | noblacklist ${PICTURES} | 12 | nodeny ${PICTURES} |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile index 4698c2287..f0553bed5 100644 --- a/etc/profile-m-z/nano.profile +++ b/etc/profile-m-z/nano.profile | |||
@@ -7,10 +7,10 @@ include nano.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/nano | 12 | nodeny ${HOME}/.config/nano |
13 | noblacklist ${HOME}/.nanorc | 13 | nodeny ${HOME}/.nanorc |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | whitelist /usr/share/nano | 22 | allow /usr/share/nano |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | 24 | ||
25 | apparmor | 25 | apparmor |
diff --git a/etc/profile-m-z/natron.profile b/etc/profile-m-z/natron.profile index 5bf152f84..35d152748 100644 --- a/etc/profile-m-z/natron.profile +++ b/etc/profile-m-z/natron.profile | |||
@@ -5,9 +5,9 @@ include natron.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.Natron | 8 | nodeny ${HOME}/.Natron |
9 | noblacklist ${HOME}/.cache/INRIA/Natron | 9 | nodeny ${HOME}/.cache/INRIA/Natron |
10 | noblacklist ${HOME}/.config/INRIA | 10 | nodeny ${HOME}/.config/INRIA |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-m-z/ncdu.profile b/etc/profile-m-z/ncdu.profile index 063e30366..38646dc90 100644 --- a/etc/profile-m-z/ncdu.profile +++ b/etc/profile-m-z/ncdu.profile | |||
@@ -6,7 +6,7 @@ include ncdu.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | include disable-exec.inc | 11 | include disable-exec.inc |
12 | 12 | ||
diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile index 9f00448c8..ceb885908 100644 --- a/etc/profile-m-z/neochat.profile +++ b/etc/profile-m-z/neochat.profile | |||
@@ -6,12 +6,12 @@ include neochat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/KDE/neochat | 9 | nodeny ${HOME}/.cache/KDE/neochat |
10 | noblacklist ${HOME}/.config/KDE | 10 | nodeny ${HOME}/.config/KDE |
11 | noblacklist ${HOME}/.config/KDE/neochat | 11 | nodeny ${HOME}/.config/KDE/neochat |
12 | noblacklist ${HOME}/.config/neochatrc | 12 | nodeny ${HOME}/.config/neochatrc |
13 | noblacklist ${HOME}/.config/neochat.notifyrc | 13 | nodeny ${HOME}/.config/neochat.notifyrc |
14 | noblacklist ${HOME}/.local/share/KDE/neochat | 14 | nodeny ${HOME}/.local/share/KDE/neochat |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -24,9 +24,9 @@ include disable-xdg.inc | |||
24 | 24 | ||
25 | mkdir ${HOME}/.cache/KDE/neochat | 25 | mkdir ${HOME}/.cache/KDE/neochat |
26 | mkdir ${HOME}/.local/share/KDE/neochat | 26 | mkdir ${HOME}/.local/share/KDE/neochat |
27 | whitelist ${HOME}/.cache/KDE/neochat | 27 | allow ${HOME}/.cache/KDE/neochat |
28 | whitelist ${HOME}/.local/share/KDE/neochat | 28 | allow ${HOME}/.local/share/KDE/neochat |
29 | whitelist ${DOWNLOADS} | 29 | allow ${DOWNLOADS} |
30 | include whitelist-1793-workaround.inc | 30 | include whitelist-1793-workaround.inc |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index fafa129e4..939d6f111 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile | |||
@@ -7,38 +7,38 @@ include neomutt.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${HOME}/.Mail | 11 | nodeny ${HOME}/.Mail |
12 | noblacklist ${HOME}/.bogofilter | 12 | nodeny ${HOME}/.bogofilter |
13 | noblacklist ${HOME}/.config/mutt | 13 | nodeny ${HOME}/.config/mutt |
14 | noblacklist ${HOME}/.config/nano | 14 | nodeny ${HOME}/.config/nano |
15 | noblacklist ${HOME}/.config/neomutt | 15 | nodeny ${HOME}/.config/neomutt |
16 | noblacklist ${HOME}/.elinks | 16 | nodeny ${HOME}/.elinks |
17 | noblacklist ${HOME}/.emacs | 17 | nodeny ${HOME}/.emacs |
18 | noblacklist ${HOME}/.emacs.d | 18 | nodeny ${HOME}/.emacs.d |
19 | noblacklist ${HOME}/.gnupg | 19 | nodeny ${HOME}/.gnupg |
20 | noblacklist ${HOME}/.mail | 20 | nodeny ${HOME}/.mail |
21 | noblacklist ${HOME}/.mailcap | 21 | nodeny ${HOME}/.mailcap |
22 | noblacklist ${HOME}/.msmtprc | 22 | nodeny ${HOME}/.msmtprc |
23 | noblacklist ${HOME}/.mutt | 23 | nodeny ${HOME}/.mutt |
24 | noblacklist ${HOME}/.muttrc | 24 | nodeny ${HOME}/.muttrc |
25 | noblacklist ${HOME}/.nanorc | 25 | nodeny ${HOME}/.nanorc |
26 | noblacklist ${HOME}/.neomutt | 26 | nodeny ${HOME}/.neomutt |
27 | noblacklist ${HOME}/.neomuttrc | 27 | nodeny ${HOME}/.neomuttrc |
28 | noblacklist ${HOME}/.signature | 28 | nodeny ${HOME}/.signature |
29 | noblacklist ${HOME}/.vim | 29 | nodeny ${HOME}/.vim |
30 | noblacklist ${HOME}/.viminfo | 30 | nodeny ${HOME}/.viminfo |
31 | noblacklist ${HOME}/.vimrc | 31 | nodeny ${HOME}/.vimrc |
32 | noblacklist ${HOME}/.w3m | 32 | nodeny ${HOME}/.w3m |
33 | noblacklist ${HOME}/Mail | 33 | nodeny ${HOME}/Mail |
34 | noblacklist ${HOME}/mail | 34 | nodeny ${HOME}/mail |
35 | noblacklist ${HOME}/postponed | 35 | nodeny ${HOME}/postponed |
36 | noblacklist ${HOME}/sent | 36 | nodeny ${HOME}/sent |
37 | noblacklist /var/mail | 37 | nodeny /var/mail |
38 | noblacklist /var/spool/mail | 38 | nodeny /var/spool/mail |
39 | 39 | ||
40 | blacklist /tmp/.X11-unix | 40 | deny /tmp/.X11-unix |
41 | blacklist ${RUNUSER}/wayland-* | 41 | deny ${RUNUSER}/wayland-* |
42 | 42 | ||
43 | include allow-lua.inc | 43 | include allow-lua.inc |
44 | 44 | ||
@@ -76,39 +76,39 @@ mkfile ${HOME}/.neomuttrc | |||
76 | mkfile ${HOME}/.signature | 76 | mkfile ${HOME}/.signature |
77 | mkfile ${HOME}/.viminfo | 77 | mkfile ${HOME}/.viminfo |
78 | mkfile ${HOME}/.vimrc | 78 | mkfile ${HOME}/.vimrc |
79 | whitelist ${DOCUMENTS} | 79 | allow ${DOCUMENTS} |
80 | whitelist ${DOWNLOADS} | 80 | allow ${DOWNLOADS} |
81 | whitelist ${HOME}/.Mail | 81 | allow ${HOME}/.Mail |
82 | whitelist ${HOME}/.bogofilter | 82 | allow ${HOME}/.bogofilter |
83 | whitelist ${HOME}/.config/mutt | 83 | allow ${HOME}/.config/mutt |
84 | whitelist ${HOME}/.config/nano | 84 | allow ${HOME}/.config/nano |
85 | whitelist ${HOME}/.config/neomutt | 85 | allow ${HOME}/.config/neomutt |
86 | whitelist ${HOME}/.elinks | 86 | allow ${HOME}/.elinks |
87 | whitelist ${HOME}/.emacs | 87 | allow ${HOME}/.emacs |
88 | whitelist ${HOME}/.emacs.d | 88 | allow ${HOME}/.emacs.d |
89 | whitelist ${HOME}/.gnupg | 89 | allow ${HOME}/.gnupg |
90 | whitelist ${HOME}/.mail | 90 | allow ${HOME}/.mail |
91 | whitelist ${HOME}/.mailcap | 91 | allow ${HOME}/.mailcap |
92 | whitelist ${HOME}/.msmtprc | 92 | allow ${HOME}/.msmtprc |
93 | whitelist ${HOME}/.mutt | 93 | allow ${HOME}/.mutt |
94 | whitelist ${HOME}/.muttrc | 94 | allow ${HOME}/.muttrc |
95 | whitelist ${HOME}/.nanorc | 95 | allow ${HOME}/.nanorc |
96 | whitelist ${HOME}/.neomutt | 96 | allow ${HOME}/.neomutt |
97 | whitelist ${HOME}/.neomuttrc | 97 | allow ${HOME}/.neomuttrc |
98 | whitelist ${HOME}/.signature | 98 | allow ${HOME}/.signature |
99 | whitelist ${HOME}/.vim | 99 | allow ${HOME}/.vim |
100 | whitelist ${HOME}/.viminfo | 100 | allow ${HOME}/.viminfo |
101 | whitelist ${HOME}/.vimrc | 101 | allow ${HOME}/.vimrc |
102 | whitelist ${HOME}/.w3m | 102 | allow ${HOME}/.w3m |
103 | whitelist ${HOME}/Mail | 103 | allow ${HOME}/Mail |
104 | whitelist ${HOME}/mail | 104 | allow ${HOME}/mail |
105 | whitelist ${HOME}/postponed | 105 | allow ${HOME}/postponed |
106 | whitelist ${HOME}/sent | 106 | allow ${HOME}/sent |
107 | whitelist /usr/share/gnupg | 107 | allow /usr/share/gnupg |
108 | whitelist /usr/share/gnupg2 | 108 | allow /usr/share/gnupg2 |
109 | whitelist /usr/share/neomutt | 109 | allow /usr/share/neomutt |
110 | whitelist /var/mail | 110 | allow /var/mail |
111 | whitelist /var/spool/mail | 111 | allow /var/spool/mail |
112 | include whitelist-common.inc | 112 | include whitelist-common.inc |
113 | include whitelist-runuser-common.inc | 113 | include whitelist-runuser-common.inc |
114 | include whitelist-usr-share-common.inc | 114 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/netactview.profile b/etc/profile-m-z/netactview.profile index 5d45dd7bc..68297c110 100644 --- a/etc/profile-m-z/netactview.profile +++ b/etc/profile-m-z/netactview.profile | |||
@@ -6,7 +6,7 @@ include netactview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.netactview | 9 | nodeny ${HOME}/.netactview |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/.netactview | 20 | mkfile ${HOME}/.netactview |
21 | whitelist ${HOME}/.netactview | 21 | allow ${HOME}/.netactview |
22 | whitelist /usr/share/netactview | 22 | allow /usr/share/netactview |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/nethack-vultures.profile b/etc/profile-m-z/nethack-vultures.profile index c9a537370..d5bf8a52a 100644 --- a/etc/profile-m-z/nethack-vultures.profile +++ b/etc/profile-m-z/nethack-vultures.profile | |||
@@ -6,7 +6,7 @@ include nethack.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.vultures | 9 | nodeny ${HOME}/.vultures |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.vultures | 18 | mkdir ${HOME}/.vultures |
19 | whitelist ${HOME}/.vultures | 19 | allow ${HOME}/.vultures |
20 | whitelist /var/log/vultures | 20 | allow /var/log/vultures |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/nethack.profile b/etc/profile-m-z/nethack.profile index b57abe260..23b57bb52 100644 --- a/etc/profile-m-z/nethack.profile +++ b/etc/profile-m-z/nethack.profile | |||
@@ -6,7 +6,7 @@ include nethack.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /var/games/nethack | 9 | nodeny /var/games/nethack |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -15,7 +15,7 @@ include disable-interpreters.inc | |||
15 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | whitelist /var/games/nethack | 18 | allow /var/games/nethack |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
diff --git a/etc/profile-m-z/netsurf.profile b/etc/profile-m-z/netsurf.profile index 0ddb7bbbe..b099d6f0c 100644 --- a/etc/profile-m-z/netsurf.profile +++ b/etc/profile-m-z/netsurf.profile | |||
@@ -6,8 +6,8 @@ include netsurf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/netsurf | 9 | nodeny ${HOME}/.cache/netsurf |
10 | noblacklist ${HOME}/.config/netsurf | 10 | nodeny ${HOME}/.config/netsurf |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-programs.inc | |||
16 | 16 | ||
17 | mkdir ${HOME}/.cache/netsurf | 17 | mkdir ${HOME}/.cache/netsurf |
18 | mkdir ${HOME}/.config/netsurf | 18 | mkdir ${HOME}/.config/netsurf |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.cache/netsurf | 20 | allow ${HOME}/.cache/netsurf |
21 | whitelist ${HOME}/.config/netsurf | 21 | allow ${HOME}/.config/netsurf |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-m-z/neverball.profile b/etc/profile-m-z/neverball.profile index ecfbb14e4..dad90a66c 100644 --- a/etc/profile-m-z/neverball.profile +++ b/etc/profile-m-z/neverball.profile | |||
@@ -6,7 +6,7 @@ include neverball.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.neverball | 9 | nodeny ${HOME}/.neverball |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.neverball | 20 | mkdir ${HOME}/.neverball |
21 | whitelist ${HOME}/.neverball | 21 | allow ${HOME}/.neverball |
22 | whitelist /usr/share/neverball | 22 | allow /usr/share/neverball |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/newsbeuter.profile b/etc/profile-m-z/newsbeuter.profile index 6efb19502..c26ba4be0 100644 --- a/etc/profile-m-z/newsbeuter.profile +++ b/etc/profile-m-z/newsbeuter.profile | |||
@@ -11,15 +11,15 @@ ignore include newsboat.local | |||
11 | ignore mkdir ${HOME}/.config/newsboat | 11 | ignore mkdir ${HOME}/.config/newsboat |
12 | ignore mkdir ${HOME}/.local/share/newsboat | 12 | ignore mkdir ${HOME}/.local/share/newsboat |
13 | ignore mkdir ${HOME}/.newsboat | 13 | ignore mkdir ${HOME}/.newsboat |
14 | blacklist ${PATH}/newsboat | 14 | deny ${PATH}/newsboat |
15 | 15 | ||
16 | blacklist ${HOME}/.config/newsboat | 16 | deny ${HOME}/.config/newsboat |
17 | blacklist ${HOME}/.local/share/newsboat | 17 | deny ${HOME}/.local/share/newsboat |
18 | blacklist ${HOME}/.newsboat | 18 | deny ${HOME}/.newsboat |
19 | 19 | ||
20 | nowhitelist ${HOME}/.config/newsboat | 20 | noallow ${HOME}/.config/newsboat |
21 | nowhitelist ${HOME}/.local/share/newsboat | 21 | noallow ${HOME}/.local/share/newsboat |
22 | nowhitelist ${HOME}/.newsboat | 22 | noallow ${HOME}/.newsboat |
23 | 23 | ||
24 | mkdir ${HOME}/.config/newsbeuter | 24 | mkdir ${HOME}/.config/newsbeuter |
25 | mkdir ${HOME}/.local/share/newsbeuter | 25 | mkdir ${HOME}/.local/share/newsbeuter |
diff --git a/etc/profile-m-z/newsboat.profile b/etc/profile-m-z/newsboat.profile index 13bc3a615..e34752b55 100644 --- a/etc/profile-m-z/newsboat.profile +++ b/etc/profile-m-z/newsboat.profile | |||
@@ -6,12 +6,12 @@ include newsboat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/newsbeuter | 9 | nodeny ${HOME}/.config/newsbeuter |
10 | noblacklist ${HOME}/.config/newsboat | 10 | nodeny ${HOME}/.config/newsboat |
11 | noblacklist ${HOME}/.local/share/newsbeuter | 11 | nodeny ${HOME}/.local/share/newsbeuter |
12 | noblacklist ${HOME}/.local/share/newsboat | 12 | nodeny ${HOME}/.local/share/newsboat |
13 | noblacklist ${HOME}/.newsbeuter | 13 | nodeny ${HOME}/.newsbeuter |
14 | noblacklist ${HOME}/.newsboat | 14 | nodeny ${HOME}/.newsboat |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -24,12 +24,12 @@ include disable-xdg.inc | |||
24 | mkdir ${HOME}/.config/newsboat | 24 | mkdir ${HOME}/.config/newsboat |
25 | mkdir ${HOME}/.local/share/newsboat | 25 | mkdir ${HOME}/.local/share/newsboat |
26 | mkdir ${HOME}/.newsboat | 26 | mkdir ${HOME}/.newsboat |
27 | whitelist ${HOME}/.config/newsbeuter | 27 | allow ${HOME}/.config/newsbeuter |
28 | whitelist ${HOME}/.config/newsboat | 28 | allow ${HOME}/.config/newsboat |
29 | whitelist ${HOME}/.local/share/newsbeuter | 29 | allow ${HOME}/.local/share/newsbeuter |
30 | whitelist ${HOME}/.local/share/newsboat | 30 | allow ${HOME}/.local/share/newsboat |
31 | whitelist ${HOME}/.newsbeuter | 31 | allow ${HOME}/.newsbeuter |
32 | whitelist ${HOME}/.newsboat | 32 | allow ${HOME}/.newsboat |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-runuser-common.inc | 34 | include whitelist-runuser-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/newsflash.profile b/etc/profile-m-z/newsflash.profile index 18d8c6ed4..273628ea2 100644 --- a/etc/profile-m-z/newsflash.profile +++ b/etc/profile-m-z/newsflash.profile | |||
@@ -6,9 +6,9 @@ include newsflash.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/NewsFlashGTK | 9 | nodeny ${HOME}/.cache/NewsFlashGTK |
10 | noblacklist ${HOME}/.config/news-flash | 10 | nodeny ${HOME}/.config/news-flash |
11 | noblacklist ${HOME}/.local/share/news-flash | 11 | nodeny ${HOME}/.local/share/news-flash |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,9 +22,9 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.cache/NewsFlashGTK | 22 | mkdir ${HOME}/.cache/NewsFlashGTK |
23 | mkdir ${HOME}/.config/news-flash | 23 | mkdir ${HOME}/.config/news-flash |
24 | mkdir ${HOME}/.local/share/news-flash | 24 | mkdir ${HOME}/.local/share/news-flash |
25 | whitelist ${HOME}/.cache/NewsFlashGTK | 25 | allow ${HOME}/.cache/NewsFlashGTK |
26 | whitelist ${HOME}/.config/news-flash | 26 | allow ${HOME}/.config/news-flash |
27 | whitelist ${HOME}/.local/share/news-flash | 27 | allow ${HOME}/.local/share/news-flash |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile index 9fd76fbe7..7ba46691d 100644 --- a/etc/profile-m-z/nextcloud.profile +++ b/etc/profile-m-z/nextcloud.profile | |||
@@ -6,9 +6,9 @@ include nextcloud.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/Nextcloud | 9 | nodeny ${HOME}/Nextcloud |
10 | noblacklist ${HOME}/.config/Nextcloud | 10 | nodeny ${HOME}/.config/Nextcloud |
11 | noblacklist ${HOME}/.local/share/Nextcloud | 11 | nodeny ${HOME}/.local/share/Nextcloud |
12 | # Add the next lines to your nextcloud.local to allow sync in more directories. | 12 | # Add the next lines to your nextcloud.local to allow sync in more directories. |
13 | #noblacklist ${DOCUMENTS} | 13 | #noblacklist ${DOCUMENTS} |
14 | #noblacklist ${MUSIC} | 14 | #noblacklist ${MUSIC} |
@@ -27,9 +27,9 @@ include disable-xdg.inc | |||
27 | mkdir ${HOME}/Nextcloud | 27 | mkdir ${HOME}/Nextcloud |
28 | mkdir ${HOME}/.config/Nextcloud | 28 | mkdir ${HOME}/.config/Nextcloud |
29 | mkdir ${HOME}/.local/share/Nextcloud | 29 | mkdir ${HOME}/.local/share/Nextcloud |
30 | whitelist ${HOME}/Nextcloud | 30 | allow ${HOME}/Nextcloud |
31 | whitelist ${HOME}/.config/Nextcloud | 31 | allow ${HOME}/.config/Nextcloud |
32 | whitelist ${HOME}/.local/share/Nextcloud | 32 | allow ${HOME}/.local/share/Nextcloud |
33 | # Add the next lines to your nextcloud.local to allow sync in more directories. | 33 | # Add the next lines to your nextcloud.local to allow sync in more directories. |
34 | #whitelist ${DOCUMENTS} | 34 | #whitelist ${DOCUMENTS} |
35 | #whitelist ${MUSIC} | 35 | #whitelist ${MUSIC} |
diff --git a/etc/profile-m-z/nheko.profile b/etc/profile-m-z/nheko.profile index f8062891c..0149e0737 100644 --- a/etc/profile-m-z/nheko.profile +++ b/etc/profile-m-z/nheko.profile | |||
@@ -6,9 +6,9 @@ include nheko.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/nheko | 9 | nodeny ${HOME}/.cache/nheko |
10 | noblacklist ${HOME}/.config/nheko | 10 | nodeny ${HOME}/.config/nheko |
11 | noblacklist ${HOME}/.local/share/nheko | 11 | nodeny ${HOME}/.local/share/nheko |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,10 +22,10 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.cache/nheko | 22 | mkdir ${HOME}/.cache/nheko |
23 | mkdir ${HOME}/.config/nheko | 23 | mkdir ${HOME}/.config/nheko |
24 | mkdir ${HOME}/.local/share/nheko | 24 | mkdir ${HOME}/.local/share/nheko |
25 | whitelist ${HOME}/.cache/nheko | 25 | allow ${HOME}/.cache/nheko |
26 | whitelist ${HOME}/.config/nheko | 26 | allow ${HOME}/.config/nheko |
27 | whitelist ${HOME}/.local/share/nheko | 27 | allow ${HOME}/.local/share/nheko |
28 | whitelist ${DOWNLOADS} | 28 | allow ${DOWNLOADS} |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/nicotine.profile b/etc/profile-m-z/nicotine.profile index 1c7dbc009..b31a7babf 100644 --- a/etc/profile-m-z/nicotine.profile +++ b/etc/profile-m-z/nicotine.profile | |||
@@ -6,7 +6,7 @@ include nicotine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.nicotine | 9 | nodeny ${HOME}/.nicotine |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -21,9 +21,9 @@ include disable-shell.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.nicotine | 23 | mkdir ${HOME}/.nicotine |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | whitelist ${HOME}/.nicotine | 25 | allow ${HOME}/.nicotine |
26 | whitelist /usr/share/GeoIP | 26 | allow /usr/share/GeoIP |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/nitroshare.profile b/etc/profile-m-z/nitroshare.profile index 8dba84f02..70fffd5d4 100644 --- a/etc/profile-m-z/nitroshare.profile +++ b/etc/profile-m-z/nitroshare.profile | |||
@@ -6,8 +6,8 @@ include nitroshare.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Nathan Osman | 9 | nodeny ${HOME}/.config/Nathan Osman |
10 | noblacklist ${HOME}/.config/NitroShare | 10 | nodeny ${HOME}/.config/NitroShare |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile index fa69f9214..7981ba6ae 100644 --- a/etc/profile-m-z/nodejs-common.profile +++ b/etc/profile-m-z/nodejs-common.profile | |||
@@ -7,22 +7,22 @@ include nodejs-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | deny ${RUNUSER} |
12 | 12 | ||
13 | ignore read-only ${HOME}/.npm-packages | 13 | ignore read-only ${HOME}/.npm-packages |
14 | ignore read-only ${HOME}/.npmrc | 14 | ignore read-only ${HOME}/.npmrc |
15 | ignore read-only ${HOME}/.nvm | 15 | ignore read-only ${HOME}/.nvm |
16 | ignore read-only ${HOME}/.yarnrc | 16 | ignore read-only ${HOME}/.yarnrc |
17 | 17 | ||
18 | noblacklist ${HOME}/.node-gyp | 18 | nodeny ${HOME}/.node-gyp |
19 | noblacklist ${HOME}/.npm | 19 | nodeny ${HOME}/.npm |
20 | noblacklist ${HOME}/.npmrc | 20 | nodeny ${HOME}/.npmrc |
21 | noblacklist ${HOME}/.nvm | 21 | nodeny ${HOME}/.nvm |
22 | noblacklist ${HOME}/.yarn | 22 | nodeny ${HOME}/.yarn |
23 | noblacklist ${HOME}/.yarn-config | 23 | nodeny ${HOME}/.yarn-config |
24 | noblacklist ${HOME}/.yarncache | 24 | nodeny ${HOME}/.yarncache |
25 | noblacklist ${HOME}/.yarnrc | 25 | nodeny ${HOME}/.yarnrc |
26 | 26 | ||
27 | ignore noexec ${HOME} | 27 | ignore noexec ${HOME} |
28 | 28 | ||
@@ -58,9 +58,9 @@ include disable-xdg.inc | |||
58 | #whitelist ${HOME}/Projects | 58 | #whitelist ${HOME}/Projects |
59 | #include whitelist-common.inc | 59 | #include whitelist-common.inc |
60 | 60 | ||
61 | whitelist /usr/share/doc/node | 61 | allow /usr/share/doc/node |
62 | whitelist /usr/share/nvm | 62 | allow /usr/share/nvm |
63 | whitelist /usr/share/systemtap/tapset/node.stp | 63 | allow /usr/share/systemtap/tapset/node.stp |
64 | include whitelist-runuser-common.inc | 64 | include whitelist-runuser-common.inc |
65 | include whitelist-usr-share-common.inc | 65 | include whitelist-usr-share-common.inc |
66 | include whitelist-var-common.inc | 66 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/nomacs.profile b/etc/profile-m-z/nomacs.profile index a36dee874..80fbd0fcb 100644 --- a/etc/profile-m-z/nomacs.profile +++ b/etc/profile-m-z/nomacs.profile | |||
@@ -6,10 +6,10 @@ include nomacs.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/nomacs | 9 | nodeny ${HOME}/.config/nomacs |
10 | noblacklist ${HOME}/.local/share/nomacs | 10 | nodeny ${HOME}/.local/share/nomacs |
11 | noblacklist ${HOME}/.local/share/data/nomacs | 11 | nodeny ${HOME}/.local/share/data/nomacs |
12 | noblacklist ${PICTURES} | 12 | nodeny ${PICTURES} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/notify-send.profile b/etc/profile-m-z/notify-send.profile index 650118c98..a3bcc040c 100644 --- a/etc/profile-m-z/notify-send.profile +++ b/etc/profile-m-z/notify-send.profile | |||
@@ -7,7 +7,7 @@ include notify-send.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile index c7a131a2c..b3002ad0e 100644 --- a/etc/profile-m-z/nslookup.profile +++ b/etc/profile-m-z/nslookup.profile | |||
@@ -7,10 +7,10 @@ include nslookup.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | deny ${RUNUSER} |
12 | 12 | ||
13 | noblacklist ${PATH}/nslookup | 13 | nodeny ${PATH}/nslookup |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -20,7 +20,7 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | whitelist ${HOME}/.nslookuprc | 23 | allow ${HOME}/.nslookuprc |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/nuclear.profile b/etc/profile-m-z/nuclear.profile index 886403b9e..67f54f9fc 100644 --- a/etc/profile-m-z/nuclear.profile +++ b/etc/profile-m-z/nuclear.profile | |||
@@ -8,12 +8,12 @@ include globals.local | |||
8 | 8 | ||
9 | ignore dbus-user | 9 | ignore dbus-user |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/nuclear | 11 | nodeny ${HOME}/.config/nuclear |
12 | 12 | ||
13 | include disable-shell.inc | 13 | include disable-shell.inc |
14 | 14 | ||
15 | mkdir ${HOME}/.config/nuclear | 15 | mkdir ${HOME}/.config/nuclear |
16 | whitelist ${HOME}/.config/nuclear | 16 | allow ${HOME}/.config/nuclear |
17 | 17 | ||
18 | no3d | 18 | no3d |
19 | 19 | ||
diff --git a/etc/profile-m-z/nylas.profile b/etc/profile-m-z/nylas.profile index fe0c2116b..ee7710b9c 100644 --- a/etc/profile-m-z/nylas.profile +++ b/etc/profile-m-z/nylas.profile | |||
@@ -5,8 +5,8 @@ include nylas.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Nylas Mail | 8 | nodeny ${HOME}/.config/Nylas Mail |
9 | noblacklist ${HOME}/.nylas-mail | 9 | nodeny ${HOME}/.nylas-mail |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,9 +16,9 @@ include disable-programs.inc | |||
16 | 16 | ||
17 | mkdir ${HOME}/.config/Nylas Mail | 17 | mkdir ${HOME}/.config/Nylas Mail |
18 | mkdir ${HOME}/.nylas-mail | 18 | mkdir ${HOME}/.nylas-mail |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.config/Nylas Mail | 20 | allow ${HOME}/.config/Nylas Mail |
21 | whitelist ${HOME}/.nylas-mail | 21 | allow ${HOME}/.nylas-mail |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-m-z/nyx.profile b/etc/profile-m-z/nyx.profile index d040d42af..1d606f70c 100644 --- a/etc/profile-m-z/nyx.profile +++ b/etc/profile-m-z/nyx.profile | |||
@@ -10,7 +10,7 @@ include globals.local | |||
10 | include allow-python2.inc | 10 | include allow-python2.inc |
11 | include allow-python3.inc | 11 | include allow-python3.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.nyx | 13 | nodeny ${HOME}/.nyx |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,7 +22,7 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.nyx | 24 | mkdir ${HOME}/.nyx |
25 | whitelist ${HOME}/.nyx | 25 | allow ${HOME}/.nyx |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-m-z/obs.profile b/etc/profile-m-z/obs.profile index 9345cee4f..f70bdc55a 100644 --- a/etc/profile-m-z/obs.profile +++ b/etc/profile-m-z/obs.profile | |||
@@ -5,10 +5,10 @@ include obs.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/obs-studio | 8 | nodeny ${HOME}/.config/obs-studio |
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | noblacklist ${PICTURES} | 10 | nodeny ${PICTURES} |
11 | noblacklist ${VIDEOS} | 11 | nodeny ${VIDEOS} |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-m-z/ocenaudio.profile b/etc/profile-m-z/ocenaudio.profile index 7be68a201..792c2ffc6 100644 --- a/etc/profile-m-z/ocenaudio.profile +++ b/etc/profile-m-z/ocenaudio.profile | |||
@@ -6,9 +6,9 @@ include ocenaudio.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/ocenaudio | 9 | nodeny ${HOME}/.local/share/ocenaudio |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/odt2txt.profile b/etc/profile-m-z/odt2txt.profile index 6163d2e22..61b71ec10 100644 --- a/etc/profile-m-z/odt2txt.profile +++ b/etc/profile-m-z/odt2txt.profile | |||
@@ -6,9 +6,9 @@ include odt2txt.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/okular.profile b/etc/profile-m-z/okular.profile index ab8ccf623..feeed86cb 100644 --- a/etc/profile-m-z/okular.profile +++ b/etc/profile-m-z/okular.profile | |||
@@ -6,18 +6,18 @@ include okular.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/okular | 9 | nodeny ${HOME}/.cache/okular |
10 | noblacklist ${HOME}/.config/okularpartrc | 10 | nodeny ${HOME}/.config/okularpartrc |
11 | noblacklist ${HOME}/.config/okularrc | 11 | nodeny ${HOME}/.config/okularrc |
12 | noblacklist ${HOME}/.kde/share/apps/okular | 12 | nodeny ${HOME}/.kde/share/apps/okular |
13 | noblacklist ${HOME}/.kde/share/config/okularpartrc | 13 | nodeny ${HOME}/.kde/share/config/okularpartrc |
14 | noblacklist ${HOME}/.kde/share/config/okularrc | 14 | nodeny ${HOME}/.kde/share/config/okularrc |
15 | noblacklist ${HOME}/.kde4/share/apps/okular | 15 | nodeny ${HOME}/.kde4/share/apps/okular |
16 | noblacklist ${HOME}/.kde4/share/config/okularpartrc | 16 | nodeny ${HOME}/.kde4/share/config/okularpartrc |
17 | noblacklist ${HOME}/.kde4/share/config/okularrc | 17 | nodeny ${HOME}/.kde4/share/config/okularrc |
18 | noblacklist ${HOME}/.local/share/kxmlgui5/okular | 18 | nodeny ${HOME}/.local/share/kxmlgui5/okular |
19 | noblacklist ${HOME}/.local/share/okular | 19 | nodeny ${HOME}/.local/share/okular |
20 | noblacklist ${DOCUMENTS} | 20 | nodeny ${DOCUMENTS} |
21 | 21 | ||
22 | include disable-common.inc | 22 | include disable-common.inc |
23 | include disable-devel.inc | 23 | include disable-devel.inc |
@@ -28,15 +28,15 @@ include disable-programs.inc | |||
28 | include disable-shell.inc | 28 | include disable-shell.inc |
29 | include disable-xdg.inc | 29 | include disable-xdg.inc |
30 | 30 | ||
31 | whitelist /usr/share/config.kcfg/gssettings.kcfg | 31 | allow /usr/share/config.kcfg/gssettings.kcfg |
32 | whitelist /usr/share/config.kcfg/pdfsettings.kcfg | 32 | allow /usr/share/config.kcfg/pdfsettings.kcfg |
33 | whitelist /usr/share/config.kcfg/okular.kcfg | 33 | allow /usr/share/config.kcfg/okular.kcfg |
34 | whitelist /usr/share/config.kcfg/okular_core.kcfg | 34 | allow /usr/share/config.kcfg/okular_core.kcfg |
35 | whitelist /usr/share/ghostscript | 35 | allow /usr/share/ghostscript |
36 | whitelist /usr/share/kconf_update/okular.upd | 36 | allow /usr/share/kconf_update/okular.upd |
37 | whitelist /usr/share/kxmlgui5/okular | 37 | allow /usr/share/kxmlgui5/okular |
38 | whitelist /usr/share/okular | 38 | allow /usr/share/okular |
39 | whitelist /usr/share/poppler | 39 | allow /usr/share/poppler |
40 | include whitelist-runuser-common.inc | 40 | include whitelist-runuser-common.inc |
41 | include whitelist-usr-share-common.inc | 41 | include whitelist-usr-share-common.inc |
42 | include whitelist-var-common.inc | 42 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/onboard.profile b/etc/profile-m-z/onboard.profile index 5b367b639..748d17995 100644 --- a/etc/profile-m-z/onboard.profile +++ b/etc/profile-m-z/onboard.profile | |||
@@ -6,7 +6,7 @@ include onboard.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/onboard | 9 | nodeny ${HOME}/.config/onboard |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,8 +22,8 @@ include disable-shell.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.config/onboard | 24 | mkdir ${HOME}/.config/onboard |
25 | whitelist ${HOME}/.config/onboard | 25 | allow ${HOME}/.config/onboard |
26 | whitelist /usr/share/onboard | 26 | allow /usr/share/onboard |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/onionshare-gui.profile b/etc/profile-m-z/onionshare-gui.profile index 960df9034..188818a7f 100644 --- a/etc/profile-m-z/onionshare-gui.profile +++ b/etc/profile-m-z/onionshare-gui.profile | |||
@@ -5,7 +5,7 @@ include onionshare-gui.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/onionshare | 8 | nodeny ${HOME}/.config/onionshare |
9 | 9 | ||
10 | # Allow python (blacklisted by disable-interpreters.inc) | 10 | # Allow python (blacklisted by disable-interpreters.inc) |
11 | include allow-python3.inc | 11 | include allow-python3.inc |
diff --git a/etc/profile-m-z/open-invaders.profile b/etc/profile-m-z/open-invaders.profile index 7a840d4a9..6e2b31def 100644 --- a/etc/profile-m-z/open-invaders.profile +++ b/etc/profile-m-z/open-invaders.profile | |||
@@ -6,7 +6,7 @@ include open-invaders.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.openinvaders | 9 | nodeny ${HOME}/.openinvaders |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.openinvaders | 19 | mkdir ${HOME}/.openinvaders |
20 | whitelist ${HOME}/.openinvaders | 20 | allow ${HOME}/.openinvaders |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/openarena.profile b/etc/profile-m-z/openarena.profile index 36ce0316f..dfc78e5a9 100644 --- a/etc/profile-m-z/openarena.profile +++ b/etc/profile-m-z/openarena.profile | |||
@@ -6,7 +6,7 @@ include openarena.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.openarena | 9 | nodeny ${HOME}/.openarena |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.openarena | 19 | mkdir ${HOME}/.openarena |
20 | whitelist ${HOME}/.openarena | 20 | allow ${HOME}/.openarena |
21 | whitelist /usr/share/openarena | 21 | allow /usr/share/openarena |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/openbox.profile b/etc/profile-m-z/openbox.profile index b49fd9932..5a6b378f0 100644 --- a/etc/profile-m-z/openbox.profile +++ b/etc/profile-m-z/openbox.profile | |||
@@ -7,7 +7,7 @@ include openbox.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # all applications started in openbox will run in this profile | 9 | # all applications started in openbox will run in this profile |
10 | noblacklist ${HOME}/.config/openbox | 10 | nodeny ${HOME}/.config/openbox |
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
diff --git a/etc/profile-m-z/opencity.profile b/etc/profile-m-z/opencity.profile index a3d371e15..268e7cee3 100644 --- a/etc/profile-m-z/opencity.profile +++ b/etc/profile-m-z/opencity.profile | |||
@@ -6,7 +6,7 @@ include opencity.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.opencity | 9 | nodeny ${HOME}/.opencity |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.opencity | 20 | mkdir ${HOME}/.opencity |
21 | whitelist ${HOME}/.opencity | 21 | allow ${HOME}/.opencity |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/openclonk.profile b/etc/profile-m-z/openclonk.profile index 32b40df42..588191cb3 100644 --- a/etc/profile-m-z/openclonk.profile +++ b/etc/profile-m-z/openclonk.profile | |||
@@ -6,7 +6,7 @@ include openclonk.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.clonk | 9 | nodeny ${HOME}/.clonk |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.clonk | 20 | mkdir ${HOME}/.clonk |
21 | whitelist ${HOME}/.clonk | 21 | allow ${HOME}/.clonk |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/openmw.profile b/etc/profile-m-z/openmw.profile index d1fe67aed..95d507c98 100644 --- a/etc/profile-m-z/openmw.profile +++ b/etc/profile-m-z/openmw.profile | |||
@@ -6,8 +6,8 @@ include openmw.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/openmw | 9 | nodeny ${HOME}/.config/openmw |
10 | noblacklist ${HOME}/.local/share/openmw | 10 | nodeny ${HOME}/.local/share/openmw |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -21,11 +21,11 @@ include disable-xdg.inc | |||
21 | 21 | ||
22 | mkdir ${HOME}/.config/openmw | 22 | mkdir ${HOME}/.config/openmw |
23 | mkdir ${HOME}/.local/share/openmw | 23 | mkdir ${HOME}/.local/share/openmw |
24 | whitelist ${HOME}/.config/openmw | 24 | allow ${HOME}/.config/openmw |
25 | # Copy Morrowind data files into ${HOME}/.local/share/openmw or load them from /mnt. | 25 | # Copy Morrowind data files into ${HOME}/.local/share/openmw or load them from /mnt. |
26 | # Alternatively you can whitelist custom paths in your openmw.local. | 26 | # Alternatively you can whitelist custom paths in your openmw.local. |
27 | whitelist ${HOME}/.local/share/openmw | 27 | allow ${HOME}/.local/share/openmw |
28 | whitelist /usr/share/openmw | 28 | allow /usr/share/openmw |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-runuser-common.inc | 30 | include whitelist-runuser-common.inc |
31 | include whitelist-usr-share-common.inc | 31 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/openshot.profile b/etc/profile-m-z/openshot.profile index 6118630c4..ebb536b3e 100644 --- a/etc/profile-m-z/openshot.profile +++ b/etc/profile-m-z/openshot.profile | |||
@@ -6,8 +6,8 @@ include openshot.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.openshot | 9 | nodeny ${HOME}/.openshot |
10 | noblacklist ${HOME}/.openshot_qt | 10 | nodeny ${HOME}/.openshot_qt |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python3.inc | 13 | include allow-python3.inc |
@@ -19,8 +19,8 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | whitelist /usr/share/blender | 22 | allow /usr/share/blender |
23 | whitelist /usr/share/inkscape | 23 | allow /usr/share/inkscape |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/openttd.profile b/etc/profile-m-z/openttd.profile index 546958bb7..79c1f8ffa 100644 --- a/etc/profile-m-z/openttd.profile +++ b/etc/profile-m-z/openttd.profile | |||
@@ -6,7 +6,7 @@ include openttd.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.openttd | 9 | nodeny ${HOME}/.openttd |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.openttd | 20 | mkdir ${HOME}/.openttd |
21 | whitelist ${HOME}/.openttd | 21 | allow ${HOME}/.openttd |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/opera-beta.profile b/etc/profile-m-z/opera-beta.profile index 551f1aba4..548afc0b4 100644 --- a/etc/profile-m-z/opera-beta.profile +++ b/etc/profile-m-z/opera-beta.profile | |||
@@ -10,13 +10,13 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/opera | 13 | nodeny ${HOME}/.cache/opera |
14 | noblacklist ${HOME}/.config/opera-beta | 14 | nodeny ${HOME}/.config/opera-beta |
15 | 15 | ||
16 | mkdir ${HOME}/.cache/opera | 16 | mkdir ${HOME}/.cache/opera |
17 | mkdir ${HOME}/.config/opera-beta | 17 | mkdir ${HOME}/.config/opera-beta |
18 | whitelist ${HOME}/.cache/opera | 18 | allow ${HOME}/.cache/opera |
19 | whitelist ${HOME}/.config/opera-beta | 19 | allow ${HOME}/.config/opera-beta |
20 | 20 | ||
21 | # Redirect | 21 | # Redirect |
22 | include chromium-common.profile | 22 | include chromium-common.profile |
diff --git a/etc/profile-m-z/opera.profile b/etc/profile-m-z/opera.profile index 2c7c5fc35..5a3fe064e 100644 --- a/etc/profile-m-z/opera.profile +++ b/etc/profile-m-z/opera.profile | |||
@@ -11,16 +11,16 @@ ignore whitelist /usr/share/chromium | |||
11 | ignore include whitelist-runuser-common.inc | 11 | ignore include whitelist-runuser-common.inc |
12 | ignore include whitelist-usr-share-common.inc | 12 | ignore include whitelist-usr-share-common.inc |
13 | 13 | ||
14 | noblacklist ${HOME}/.cache/opera | 14 | nodeny ${HOME}/.cache/opera |
15 | noblacklist ${HOME}/.config/opera | 15 | nodeny ${HOME}/.config/opera |
16 | noblacklist ${HOME}/.opera | 16 | nodeny ${HOME}/.opera |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/opera | 18 | mkdir ${HOME}/.cache/opera |
19 | mkdir ${HOME}/.config/opera | 19 | mkdir ${HOME}/.config/opera |
20 | mkdir ${HOME}/.opera | 20 | mkdir ${HOME}/.opera |
21 | whitelist ${HOME}/.cache/opera | 21 | allow ${HOME}/.cache/opera |
22 | whitelist ${HOME}/.config/opera | 22 | allow ${HOME}/.config/opera |
23 | whitelist ${HOME}/.opera | 23 | allow ${HOME}/.opera |
24 | 24 | ||
25 | # Redirect | 25 | # Redirect |
26 | include chromium-common.profile | 26 | include chromium-common.profile |
diff --git a/etc/profile-m-z/orage.profile b/etc/profile-m-z/orage.profile index 4e4d8bea5..a49cbdb91 100644 --- a/etc/profile-m-z/orage.profile +++ b/etc/profile-m-z/orage.profile | |||
@@ -6,8 +6,8 @@ include orage.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/orage | 9 | nodeny ${HOME}/.config/orage |
10 | noblacklist ${HOME}/.local/share/orage | 10 | nodeny ${HOME}/.local/share/orage |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/ostrichriders.profile b/etc/profile-m-z/ostrichriders.profile index 310b90919..ed881816e 100644 --- a/etc/profile-m-z/ostrichriders.profile +++ b/etc/profile-m-z/ostrichriders.profile | |||
@@ -6,7 +6,7 @@ include ostrichriders.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.ostrichriders | 9 | nodeny ${HOME}/.ostrichriders |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.ostrichriders | 20 | mkdir ${HOME}/.ostrichriders |
21 | whitelist ${HOME}/.ostrichriders | 21 | allow ${HOME}/.ostrichriders |
22 | whitelist /usr/share/ostrichriders | 22 | allow /usr/share/ostrichriders |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/otter-browser.profile b/etc/profile-m-z/otter-browser.profile index 20a4e25ed..bc9e730a1 100644 --- a/etc/profile-m-z/otter-browser.profile +++ b/etc/profile-m-z/otter-browser.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | 8 | ||
9 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} | 9 | ?BROWSER_ALLOW_DRM: ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/Otter | 11 | nodeny ${HOME}/.cache/Otter |
12 | noblacklist ${HOME}/.config/otter | 12 | nodeny ${HOME}/.config/otter |
13 | noblacklist ${HOME}/.pki | 13 | nodeny ${HOME}/.pki |
14 | noblacklist ${HOME}/.local/share/pki | 14 | nodeny ${HOME}/.local/share/pki |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -25,12 +25,12 @@ mkdir ${HOME}/.cache/Otter | |||
25 | mkdir ${HOME}/.config/otter | 25 | mkdir ${HOME}/.config/otter |
26 | mkdir ${HOME}/.pki | 26 | mkdir ${HOME}/.pki |
27 | mkdir ${HOME}/.local/share/pki | 27 | mkdir ${HOME}/.local/share/pki |
28 | whitelist ${DOWNLOADS} | 28 | allow ${DOWNLOADS} |
29 | whitelist ${HOME}/.cache/Otter | 29 | allow ${HOME}/.cache/Otter |
30 | whitelist ${HOME}/.config/otter | 30 | allow ${HOME}/.config/otter |
31 | whitelist ${HOME}/.pki | 31 | allow ${HOME}/.pki |
32 | whitelist ${HOME}/.local/share/pki | 32 | allow ${HOME}/.local/share/pki |
33 | whitelist /usr/share/otter-browser | 33 | allow /usr/share/otter-browser |
34 | include whitelist-common.inc | 34 | include whitelist-common.inc |
35 | include whitelist-runuser-common.inc | 35 | include whitelist-runuser-common.inc |
36 | include whitelist-usr-share-common.inc | 36 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/palemoon.profile b/etc/profile-m-z/palemoon.profile index acb2ce176..503c141d8 100644 --- a/etc/profile-m-z/palemoon.profile +++ b/etc/profile-m-z/palemoon.profile | |||
@@ -5,13 +5,13 @@ include palemoon.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/moonchild productions/pale moon | 8 | nodeny ${HOME}/.cache/moonchild productions/pale moon |
9 | noblacklist ${HOME}/.moonchild productions/pale moon | 9 | nodeny ${HOME}/.moonchild productions/pale moon |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/moonchild productions/pale moon | 11 | mkdir ${HOME}/.cache/moonchild productions/pale moon |
12 | mkdir ${HOME}/.moonchild productions | 12 | mkdir ${HOME}/.moonchild productions |
13 | whitelist ${HOME}/.cache/moonchild productions/pale moon | 13 | allow ${HOME}/.cache/moonchild productions/pale moon |
14 | whitelist ${HOME}/.moonchild productions | 14 | allow ${HOME}/.moonchild productions |
15 | 15 | ||
16 | # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60) | 16 | # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60) |
17 | seccomp | 17 | seccomp |
diff --git a/etc/profile-m-z/pandoc.profile b/etc/profile-m-z/pandoc.profile index 513b4119e..a59f53298 100644 --- a/etc/profile-m-z/pandoc.profile +++ b/etc/profile-m-z/pandoc.profile | |||
@@ -7,9 +7,9 @@ include pandoc.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/parole.profile b/etc/profile-m-z/parole.profile index 0a4422a73..a277d1cbc 100644 --- a/etc/profile-m-z/parole.profile +++ b/etc/profile-m-z/parole.profile | |||
@@ -6,8 +6,8 @@ include parole.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | noblacklist ${VIDEOS} | 10 | nodeny ${VIDEOS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/patch.profile b/etc/profile-m-z/patch.profile index 0de968185..156c3956d 100644 --- a/etc/profile-m-z/patch.profile +++ b/etc/profile-m-z/patch.profile | |||
@@ -7,9 +7,9 @@ include patch.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pavucontrol-qt.profile b/etc/profile-m-z/pavucontrol-qt.profile index f96ba14d2..dcd69cdd0 100644 --- a/etc/profile-m-z/pavucontrol-qt.profile +++ b/etc/profile-m-z/pavucontrol-qt.profile | |||
@@ -7,10 +7,10 @@ include pavucontrol-qt.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/pavucontrol-qt | 10 | nodeny ${HOME}/.config/pavucontrol-qt |
11 | 11 | ||
12 | mkdir ${HOME}/.config/pavucontrol-qt | 12 | mkdir ${HOME}/.config/pavucontrol-qt |
13 | whitelist ${HOME}/.config/pavucontrol-qt | 13 | allow ${HOME}/.config/pavucontrol-qt |
14 | 14 | ||
15 | private-bin pavucontrol-qt | 15 | private-bin pavucontrol-qt |
16 | ignore private-lib | 16 | ignore private-lib |
diff --git a/etc/profile-m-z/pavucontrol.profile b/etc/profile-m-z/pavucontrol.profile index b46fb3026..f44730c33 100644 --- a/etc/profile-m-z/pavucontrol.profile +++ b/etc/profile-m-z/pavucontrol.profile | |||
@@ -6,7 +6,7 @@ include pavucontrol.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/pavucontrol.ini | 9 | nodeny ${HOME}/.config/pavucontrol.ini |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | # whitelisting in ${HOME} is broken, see #3112 | 19 | # whitelisting in ${HOME} is broken, see #3112 |
20 | #mkfile ${HOME}/.config/pavucontrol.ini | 20 | #mkfile ${HOME}/.config/pavucontrol.ini |
21 | #whitelist ${HOME}/.config/pavucontrol.ini | 21 | #whitelist ${HOME}/.config/pavucontrol.ini |
22 | whitelist /usr/share/pavucontrol | 22 | allow /usr/share/pavucontrol |
23 | whitelist /usr/share/pavucontrol-qt | 23 | allow /usr/share/pavucontrol-qt |
24 | #include whitelist-common.inc | 24 | #include whitelist-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/pcsxr.profile b/etc/profile-m-z/pcsxr.profile index a6dab2a9a..3f920ced8 100644 --- a/etc/profile-m-z/pcsxr.profile +++ b/etc/profile-m-z/pcsxr.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # Note: you must whitelist your games folder in your pcsxr.local | 9 | # Note: you must whitelist your games folder in your pcsxr.local |
10 | 10 | ||
11 | noblacklist ${HOME}/.pcsxr | 11 | nodeny ${HOME}/.pcsxr |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,7 +21,7 @@ include disable-write-mnt.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.pcsxr | 23 | mkdir ${HOME}/.pcsxr |
24 | whitelist ${HOME}/.pcsxr | 24 | allow ${HOME}/.pcsxr |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/pdfchain.profile b/etc/profile-m-z/pdfchain.profile index d72417914..13a011072 100644 --- a/etc/profile-m-z/pdfchain.profile +++ b/etc/profile-m-z/pdfchain.profile | |||
@@ -5,7 +5,7 @@ include pdfchain.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${DOCUMENTS} | 8 | nodeny ${DOCUMENTS} |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pdfmod.profile b/etc/profile-m-z/pdfmod.profile index a19826555..e49ce8073 100644 --- a/etc/profile-m-z/pdfmod.profile +++ b/etc/profile-m-z/pdfmod.profile | |||
@@ -6,9 +6,9 @@ include pdfmod.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/pdfmod | 9 | nodeny ${HOME}/.cache/pdfmod |
10 | noblacklist ${HOME}/.config/pdfmod | 10 | nodeny ${HOME}/.config/pdfmod |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pdfsam.profile b/etc/profile-m-z/pdfsam.profile index e2808d4d2..67c14bbc3 100644 --- a/etc/profile-m-z/pdfsam.profile +++ b/etc/profile-m-z/pdfsam.profile | |||
@@ -6,7 +6,7 @@ include pdfsam.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | 10 | ||
11 | # Allow java (blacklisted by disable-devel.inc) | 11 | # Allow java (blacklisted by disable-devel.inc) |
12 | include allow-java.inc | 12 | include allow-java.inc |
diff --git a/etc/profile-m-z/pdftotext.profile b/etc/profile-m-z/pdftotext.profile index d3902a51c..1c7ebfad5 100644 --- a/etc/profile-m-z/pdftotext.profile +++ b/etc/profile-m-z/pdftotext.profile | |||
@@ -6,9 +6,9 @@ include pdftotext.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER} | 9 | deny ${RUNUSER} |
10 | 10 | ||
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-programs.inc | |||
19 | include disable-shell.inc | 19 | include disable-shell.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist ${DOCUMENTS} | 22 | allow ${DOCUMENTS} |
23 | whitelist ${DOWNLOADS} | 23 | allow ${DOWNLOADS} |
24 | whitelist /usr/share/poppler | 24 | allow /usr/share/poppler |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile index c33953687..e809625ad 100644 --- a/etc/profile-m-z/peek.profile +++ b/etc/profile-m-z/peek.profile | |||
@@ -5,9 +5,9 @@ include peek.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/peek | 8 | nodeny ${HOME}/.cache/peek |
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | noblacklist ${VIDEOS} | 10 | nodeny ${VIDEOS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/penguin-command.profile b/etc/profile-m-z/penguin-command.profile index f5ad0321d..5ebd7b462 100644 --- a/etc/profile-m-z/penguin-command.profile +++ b/etc/profile-m-z/penguin-command.profile | |||
@@ -6,7 +6,7 @@ include penguin-command.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.penguin-command | 9 | nodeny ${HOME}/.penguin-command |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | 18 | ||
19 | whitelist ${HOME}/.penguin-command | 19 | allow ${HOME}/.penguin-command |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-m-z/photoflare.profile b/etc/profile-m-z/photoflare.profile index 40068ff78..8dd506850 100644 --- a/etc/profile-m-z/photoflare.profile +++ b/etc/profile-m-z/photoflare.profile | |||
@@ -6,7 +6,7 @@ include photoflare.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include photoflare.local | 7 | include photoflare.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/picard.profile b/etc/profile-m-z/picard.profile index a5ea47088..ac178ee6c 100644 --- a/etc/profile-m-z/picard.profile +++ b/etc/profile-m-z/picard.profile | |||
@@ -6,9 +6,9 @@ include picard.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/MusicBrainz | 9 | nodeny ${HOME}/.cache/MusicBrainz |
10 | noblacklist ${HOME}/.config/MusicBrainz | 10 | nodeny ${HOME}/.config/MusicBrainz |
11 | noblacklist ${MUSIC} | 11 | nodeny ${MUSIC} |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-m-z/pidgin.profile b/etc/profile-m-z/pidgin.profile index 26872e9a1..a65abeb2e 100644 --- a/etc/profile-m-z/pidgin.profile +++ b/etc/profile-m-z/pidgin.profile | |||
@@ -9,7 +9,7 @@ include globals.local | |||
9 | ignore noexec ${RUNUSER} | 9 | ignore noexec ${RUNUSER} |
10 | ignore noexec /dev/shm | 10 | ignore noexec /dev/shm |
11 | 11 | ||
12 | noblacklist ${HOME}/.purple | 12 | nodeny ${HOME}/.purple |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-programs.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.purple | 22 | mkdir ${HOME}/.purple |
23 | whitelist ${HOME}/.purple | 23 | allow ${HOME}/.purple |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | whitelist ${PICTURES} | 25 | allow ${PICTURES} |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile index 2e17be2ce..41e4fb6c0 100644 --- a/etc/profile-m-z/pinball.profile +++ b/etc/profile-m-z/pinball.profile | |||
@@ -6,7 +6,7 @@ include pinball.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/emilia | 9 | nodeny ${HOME}/.config/emilia |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,11 +18,11 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/emilia | 20 | mkdir ${HOME}/.config/emilia |
21 | whitelist ${HOME}/.config/emilia | 21 | allow ${HOME}/.config/emilia |
22 | 22 | ||
23 | whitelist /usr/share/pinball | 23 | allow /usr/share/pinball |
24 | # on debian games are stored under /usr/share/games | 24 | # on debian games are stored under /usr/share/games |
25 | whitelist /usr/share/games/pinball | 25 | allow /usr/share/games/pinball |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile index e914007c0..65e77abfa 100644 --- a/etc/profile-m-z/ping.profile +++ b/etc/profile-m-z/ping.profile | |||
@@ -7,8 +7,8 @@ include ping.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | deny ${RUNUSER} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pingus.profile b/etc/profile-m-z/pingus.profile index f1fdfcbad..aa2cfe203 100644 --- a/etc/profile-m-z/pingus.profile +++ b/etc/profile-m-z/pingus.profile | |||
@@ -6,12 +6,12 @@ include pingus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.pingus | 9 | nodeny ${HOME}/.pingus |
10 | 10 | ||
11 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 11 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
12 | include allow-bin-sh.inc | 12 | include allow-bin-sh.inc |
13 | 13 | ||
14 | blacklist /usr/libexec | 14 | deny /usr/libexec |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -23,8 +23,8 @@ include disable-shell.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.pingus | 25 | mkdir ${HOME}/.pingus |
26 | whitelist ${HOME}/.pingus | 26 | allow ${HOME}/.pingus |
27 | whitelist /usr/share/pingus | 27 | allow /usr/share/pingus |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/pinta.profile b/etc/profile-m-z/pinta.profile index 19406c399..d0d4f1fce 100644 --- a/etc/profile-m-z/pinta.profile +++ b/etc/profile-m-z/pinta.profile | |||
@@ -6,9 +6,9 @@ include pinta.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Pinta | 9 | nodeny ${HOME}/.config/Pinta |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | noblacklist ${PICTURES} | 11 | nodeny ${PICTURES} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pioneer.profile b/etc/profile-m-z/pioneer.profile index 721b3944a..6cfea28b6 100644 --- a/etc/profile-m-z/pioneer.profile +++ b/etc/profile-m-z/pioneer.profile | |||
@@ -6,7 +6,7 @@ include pioneer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.pioneer | 9 | nodeny ${HOME}/.pioneer |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.pioneer | 20 | mkdir ${HOME}/.pioneer |
21 | whitelist ${HOME}/.pioneer | 21 | allow ${HOME}/.pioneer |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/pipe-viewer.profile b/etc/profile-m-z/pipe-viewer.profile index 3de064311..acd7eeaf2 100644 --- a/etc/profile-m-z/pipe-viewer.profile +++ b/etc/profile-m-z/pipe-viewer.profile | |||
@@ -7,13 +7,13 @@ include pipe-viewer.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/pipe-viewer | 10 | nodeny ${HOME}/.cache/pipe-viewer |
11 | noblacklist ${HOME}/.config/pipe-viewer | 11 | nodeny ${HOME}/.config/pipe-viewer |
12 | 12 | ||
13 | mkdir ${HOME}/.config/pipe-viewer | 13 | mkdir ${HOME}/.config/pipe-viewer |
14 | mkdir ${HOME}/.cache/pipe-viewer | 14 | mkdir ${HOME}/.cache/pipe-viewer |
15 | whitelist ${HOME}/.cache/pipe-viewer | 15 | allow ${HOME}/.cache/pipe-viewer |
16 | whitelist ${HOME}/.config/pipe-viewer | 16 | allow ${HOME}/.config/pipe-viewer |
17 | 17 | ||
18 | private-bin gtk-pipe-viewer,pipe-viewer | 18 | private-bin gtk-pipe-viewer,pipe-viewer |
19 | 19 | ||
diff --git a/etc/profile-m-z/pitivi.profile b/etc/profile-m-z/pitivi.profile index a2dd809c4..abce4c911 100644 --- a/etc/profile-m-z/pitivi.profile +++ b/etc/profile-m-z/pitivi.profile | |||
@@ -6,7 +6,7 @@ include pitivi.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/pitivi | 9 | nodeny ${HOME}/.config/pitivi |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
diff --git a/etc/profile-m-z/pix.profile b/etc/profile-m-z/pix.profile index 81d3e9370..63451d352 100644 --- a/etc/profile-m-z/pix.profile +++ b/etc/profile-m-z/pix.profile | |||
@@ -5,10 +5,10 @@ include pix.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/pix | 8 | nodeny ${HOME}/.config/pix |
9 | noblacklist ${HOME}/.local/share/pix | 9 | nodeny ${HOME}/.local/share/pix |
10 | noblacklist ${HOME}/.Steam | 10 | nodeny ${HOME}/.Steam |
11 | noblacklist ${HOME}/.steam | 11 | nodeny ${HOME}/.steam |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile index 4eb41b3bd..13d7db7f7 100644 --- a/etc/profile-m-z/pkglog.profile +++ b/etc/profile-m-z/pkglog.profile | |||
@@ -17,9 +17,9 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist /var/log/apt/history.log | 20 | allow /var/log/apt/history.log |
21 | whitelist /var/log/dnf.rpm.log | 21 | allow /var/log/dnf.rpm.log |
22 | whitelist /var/log/pacman.log | 22 | allow /var/log/pacman.log |
23 | 23 | ||
24 | apparmor | 24 | apparmor |
25 | caps.drop all | 25 | caps.drop all |
diff --git a/etc/profile-m-z/playonlinux.profile b/etc/profile-m-z/playonlinux.profile index 8e98905b5..9c23841e2 100644 --- a/etc/profile-m-z/playonlinux.profile +++ b/etc/profile-m-z/playonlinux.profile | |||
@@ -7,10 +7,10 @@ include playonlinux.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.PlayOnLinux | 10 | nodeny ${HOME}/.PlayOnLinux |
11 | 11 | ||
12 | # nc is needed to run playonlinux | 12 | # nc is needed to run playonlinux |
13 | noblacklist ${PATH}/nc | 13 | nodeny ${PATH}/nc |
14 | 14 | ||
15 | # Allow perl (blacklisted by disable-interpreters.inc) | 15 | # Allow perl (blacklisted by disable-interpreters.inc) |
16 | include allow-perl.inc | 16 | include allow-perl.inc |
diff --git a/etc/profile-m-z/pluma.profile b/etc/profile-m-z/pluma.profile index 10e12e5b1..ab7e0c64b 100644 --- a/etc/profile-m-z/pluma.profile +++ b/etc/profile-m-z/pluma.profile | |||
@@ -6,8 +6,8 @@ include pluma.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/enchant | 9 | nodeny ${HOME}/.config/enchant |
10 | noblacklist ${HOME}/.config/pluma | 10 | nodeny ${HOME}/.config/pluma |
11 | 11 | ||
12 | # Allows files commonly used by IDEs | 12 | # Allows files commonly used by IDEs |
13 | include allow-common-devel.inc | 13 | include allow-common-devel.inc |
diff --git a/etc/profile-m-z/plv.profile b/etc/profile-m-z/plv.profile index 5201fd853..02cb83ef6 100644 --- a/etc/profile-m-z/plv.profile +++ b/etc/profile-m-z/plv.profile | |||
@@ -6,7 +6,7 @@ include plv.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/PacmanLogViewer | 9 | nodeny ${HOME}/.config/PacmanLogViewer |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.config/PacmanLogViewer | 19 | mkdir ${HOME}/.config/PacmanLogViewer |
20 | whitelist ${HOME}/.config/PacmanLogViewer | 20 | allow ${HOME}/.config/PacmanLogViewer |
21 | whitelist /var/log/pacman.log | 21 | allow /var/log/pacman.log |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/pngquant.profile b/etc/profile-m-z/pngquant.profile index 8a181d5a8..2c4dda43e 100644 --- a/etc/profile-m-z/pngquant.profile +++ b/etc/profile-m-z/pngquant.profile | |||
@@ -7,9 +7,9 @@ include pngquant.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${PICTURES} | 10 | nodeny ${PICTURES} |
11 | 11 | ||
12 | blacklist ${RUNUSER}/wayland-* | 12 | deny ${RUNUSER}/wayland-* |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/polari.profile b/etc/profile-m-z/polari.profile index a3d4f9851..115ac36ab 100644 --- a/etc/profile-m-z/polari.profile +++ b/etc/profile-m-z/polari.profile | |||
@@ -21,12 +21,12 @@ mkdir ${HOME}/.local/share/Empathy | |||
21 | mkdir ${HOME}/.local/share/TpLogger | 21 | mkdir ${HOME}/.local/share/TpLogger |
22 | mkdir ${HOME}/.local/share/telepathy | 22 | mkdir ${HOME}/.local/share/telepathy |
23 | mkdir ${HOME}/.purple | 23 | mkdir ${HOME}/.purple |
24 | whitelist ${HOME}/.cache/telepathy | 24 | allow ${HOME}/.cache/telepathy |
25 | whitelist ${HOME}/.config/telepathy-account-widgets | 25 | allow ${HOME}/.config/telepathy-account-widgets |
26 | whitelist ${HOME}/.local/share/Empathy | 26 | allow ${HOME}/.local/share/Empathy |
27 | whitelist ${HOME}/.local/share/TpLogger | 27 | allow ${HOME}/.local/share/TpLogger |
28 | whitelist ${HOME}/.local/share/telepathy | 28 | allow ${HOME}/.local/share/telepathy |
29 | whitelist ${HOME}/.purple | 29 | allow ${HOME}/.purple |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | 32 | ||
diff --git a/etc/profile-m-z/ppsspp.profile b/etc/profile-m-z/ppsspp.profile index 1f73c1d89..10c59ea32 100644 --- a/etc/profile-m-z/ppsspp.profile +++ b/etc/profile-m-z/ppsspp.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | # Note: you must whitelist your games folder in your ppsspp.local. | 9 | # Note: you must whitelist your games folder in your ppsspp.local. |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/ppsspp | 11 | nodeny ${HOME}/.config/ppsspp |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,8 +20,8 @@ include disable-write-mnt.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.config/ppsspp | 22 | mkdir ${HOME}/.config/ppsspp |
23 | whitelist ${HOME}/.config/ppsspp | 23 | allow ${HOME}/.config/ppsspp |
24 | whitelist /usr/share/ppsspp | 24 | allow /usr/share/ppsspp |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/pragha.profile b/etc/profile-m-z/pragha.profile index f138d785e..9b03bf632 100644 --- a/etc/profile-m-z/pragha.profile +++ b/etc/profile-m-z/pragha.profile | |||
@@ -6,8 +6,8 @@ include pragha.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/pragha | 9 | nodeny ${HOME}/.config/pragha |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/profanity.profile b/etc/profile-m-z/profanity.profile index 743458725..137b4cb20 100644 --- a/etc/profile-m-z/profanity.profile +++ b/etc/profile-m-z/profanity.profile | |||
@@ -7,8 +7,8 @@ include profanity.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/profanity | 10 | nodeny ${HOME}/.config/profanity |
11 | noblacklist ${HOME}/.local/share/profanity | 11 | nodeny ${HOME}/.local/share/profanity |
12 | 12 | ||
13 | # Allow Python | 13 | # Allow Python |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-m-z/psi-plus.profile b/etc/profile-m-z/psi-plus.profile index 5ac58b0ac..b0e28baf7 100644 --- a/etc/profile-m-z/psi-plus.profile +++ b/etc/profile-m-z/psi-plus.profile | |||
@@ -6,8 +6,8 @@ include psi-plus.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/psi+ | 9 | nodeny ${HOME}/.config/psi+ |
10 | noblacklist ${HOME}/.local/share/psi+ | 10 | nodeny ${HOME}/.local/share/psi+ |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,10 +19,10 @@ include disable-programs.inc | |||
19 | mkdir ${HOME}/.cache/psi+ | 19 | mkdir ${HOME}/.cache/psi+ |
20 | mkdir ${HOME}/.config/psi+ | 20 | mkdir ${HOME}/.config/psi+ |
21 | mkdir ${HOME}/.local/share/psi+ | 21 | mkdir ${HOME}/.local/share/psi+ |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist ${HOME}/.cache/psi+ | 23 | allow ${HOME}/.cache/psi+ |
24 | whitelist ${HOME}/.config/psi+ | 24 | allow ${HOME}/.config/psi+ |
25 | whitelist ${HOME}/.local/share/psi+ | 25 | allow ${HOME}/.local/share/psi+ |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | 27 | ||
28 | caps.drop all | 28 | caps.drop all |
diff --git a/etc/profile-m-z/psi.profile b/etc/profile-m-z/psi.profile index 7e0ef99fc..2588c3b75 100644 --- a/etc/profile-m-z/psi.profile +++ b/etc/profile-m-z/psi.profile | |||
@@ -8,11 +8,11 @@ include globals.local | |||
8 | 8 | ||
9 | # Add the next line to your psi.local to enable GPG support. | 9 | # Add the next line to your psi.local to enable GPG support. |
10 | #noblacklist ${HOME}/.gnupg | 10 | #noblacklist ${HOME}/.gnupg |
11 | noblacklist ${HOME}/.cache/psi | 11 | nodeny ${HOME}/.cache/psi |
12 | noblacklist ${HOME}/.cache/Psi | 12 | nodeny ${HOME}/.cache/Psi |
13 | noblacklist ${HOME}/.config/psi | 13 | nodeny ${HOME}/.config/psi |
14 | noblacklist ${HOME}/.local/share/psi | 14 | nodeny ${HOME}/.local/share/psi |
15 | noblacklist ${HOME}/.local/share/Psi | 15 | nodeny ${HOME}/.local/share/Psi |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
@@ -32,16 +32,16 @@ mkdir ${HOME}/.local/share/psi | |||
32 | mkdir ${HOME}/.local/share/Psi | 32 | mkdir ${HOME}/.local/share/Psi |
33 | # Add the next line to your psi.local to enable GPG support. | 33 | # Add the next line to your psi.local to enable GPG support. |
34 | #whitelist ${HOME}/.gnupg | 34 | #whitelist ${HOME}/.gnupg |
35 | whitelist ${HOME}/.cache/psi | 35 | allow ${HOME}/.cache/psi |
36 | whitelist ${HOME}/.cache/Psi | 36 | allow ${HOME}/.cache/Psi |
37 | whitelist ${HOME}/.config/psi | 37 | allow ${HOME}/.config/psi |
38 | whitelist ${HOME}/.local/share/psi | 38 | allow ${HOME}/.local/share/psi |
39 | whitelist ${HOME}/.local/share/Psi | 39 | allow ${HOME}/.local/share/Psi |
40 | whitelist ${DOWNLOADS} | 40 | allow ${DOWNLOADS} |
41 | # Add the next lines to your psi.local to enable GPG support. | 41 | # Add the next lines to your psi.local to enable GPG support. |
42 | #whitelist /usr/share/gnupg | 42 | #whitelist /usr/share/gnupg |
43 | #whitelist /usr/share/gnupg2 | 43 | #whitelist /usr/share/gnupg2 |
44 | whitelist /usr/share/psi | 44 | allow /usr/share/psi |
45 | # Add the next lines to your psi.local to enable GPG support. | 45 | # Add the next lines to your psi.local to enable GPG support. |
46 | #whitelist ${RUNUSER}/gnupg | 46 | #whitelist ${RUNUSER}/gnupg |
47 | #whitelist ${RUNUSER}/keyring | 47 | #whitelist ${RUNUSER}/keyring |
diff --git a/etc/profile-m-z/pybitmessage.profile b/etc/profile-m-z/pybitmessage.profile index 60ae37930..1f0e83ab6 100644 --- a/etc/profile-m-z/pybitmessage.profile +++ b/etc/profile-m-z/pybitmessage.profile | |||
@@ -5,9 +5,9 @@ include pybitmessage.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist /sbin | 8 | nodeny /sbin |
9 | noblacklist /usr/local/sbin | 9 | nodeny /usr/local/sbin |
10 | noblacklist /usr/sbin | 10 | nodeny /usr/sbin |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-m-z/pycharm-community.profile b/etc/profile-m-z/pycharm-community.profile index 00d7239ae..b6c08290e 100644 --- a/etc/profile-m-z/pycharm-community.profile +++ b/etc/profile-m-z/pycharm-community.profile | |||
@@ -5,7 +5,7 @@ include pycharm-community.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.PyCharmCE* | 8 | nodeny ${HOME}/.PyCharmCE* |
9 | 9 | ||
10 | # Allow java (blacklisted by disable-devel.inc) | 10 | # Allow java (blacklisted by disable-devel.inc) |
11 | include allow-java.inc | 11 | include allow-java.inc |
diff --git a/etc/profile-m-z/pycharm-professional.profile b/etc/profile-m-z/pycharm-professional.profile index b754a18c9..fa0932cc0 100644 --- a/etc/profile-m-z/pycharm-professional.profile +++ b/etc/profile-m-z/pycharm-professional.profile | |||
@@ -6,7 +6,7 @@ include pyucharm-professional.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.PyCharm* | 9 | nodeny ${HOME}/.PyCharm* |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include pycharm-community.profile | 12 | include pycharm-community.profile |
diff --git a/etc/profile-m-z/qbittorrent.profile b/etc/profile-m-z/qbittorrent.profile index 506b738cc..fb8e622b0 100644 --- a/etc/profile-m-z/qbittorrent.profile +++ b/etc/profile-m-z/qbittorrent.profile | |||
@@ -6,10 +6,10 @@ include qbittorrent.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/qBittorrent | 9 | nodeny ${HOME}/.cache/qBittorrent |
10 | noblacklist ${HOME}/.config/qBittorrent | 10 | nodeny ${HOME}/.config/qBittorrent |
11 | noblacklist ${HOME}/.config/qBittorrentrc | 11 | nodeny ${HOME}/.config/qBittorrentrc |
12 | noblacklist ${HOME}/.local/share/data/qBittorrent | 12 | nodeny ${HOME}/.local/share/data/qBittorrent |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
@@ -27,11 +27,11 @@ mkdir ${HOME}/.cache/qBittorrent | |||
27 | mkdir ${HOME}/.config/qBittorrent | 27 | mkdir ${HOME}/.config/qBittorrent |
28 | mkfile ${HOME}/.config/qBittorrentrc | 28 | mkfile ${HOME}/.config/qBittorrentrc |
29 | mkdir ${HOME}/.local/share/data/qBittorrent | 29 | mkdir ${HOME}/.local/share/data/qBittorrent |
30 | whitelist ${DOWNLOADS} | 30 | allow ${DOWNLOADS} |
31 | whitelist ${HOME}/.cache/qBittorrent | 31 | allow ${HOME}/.cache/qBittorrent |
32 | whitelist ${HOME}/.config/qBittorrent | 32 | allow ${HOME}/.config/qBittorrent |
33 | whitelist ${HOME}/.config/qBittorrentrc | 33 | allow ${HOME}/.config/qBittorrentrc |
34 | whitelist ${HOME}/.local/share/data/qBittorrent | 34 | allow ${HOME}/.local/share/data/qBittorrent |
35 | include whitelist-common.inc | 35 | include whitelist-common.inc |
36 | include whitelist-var-common.inc | 36 | include whitelist-var-common.inc |
37 | 37 | ||
diff --git a/etc/profile-m-z/qcomicbook.profile b/etc/profile-m-z/qcomicbook.profile index 0e52d7fc4..7bcc4b065 100644 --- a/etc/profile-m-z/qcomicbook.profile +++ b/etc/profile-m-z/qcomicbook.profile | |||
@@ -6,10 +6,10 @@ include qcomicbook.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/PawelStolowski | 9 | nodeny ${HOME}/.cache/PawelStolowski |
10 | noblacklist ${HOME}/.config/PawelStolowski | 10 | nodeny ${HOME}/.config/PawelStolowski |
11 | noblacklist ${HOME}/.local/share/PawelStolowski | 11 | nodeny ${HOME}/.local/share/PawelStolowski |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 14 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
15 | include allow-bin-sh.inc | 15 | include allow-bin-sh.inc |
@@ -27,7 +27,7 @@ include disable-xdg.inc | |||
27 | mkdir ${HOME}/.cache/PawelStolowski | 27 | mkdir ${HOME}/.cache/PawelStolowski |
28 | mkdir ${HOME}/.config/PawelStolowski | 28 | mkdir ${HOME}/.config/PawelStolowski |
29 | mkdir ${HOME}/.local/share/PawelStolowski | 29 | mkdir ${HOME}/.local/share/PawelStolowski |
30 | whitelist /usr/share/qcomicbook | 30 | allow /usr/share/qcomicbook |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/qemu-launcher.profile b/etc/profile-m-z/qemu-launcher.profile index ac60384fd..d527a2b82 100644 --- a/etc/profile-m-z/qemu-launcher.profile +++ b/etc/profile-m-z/qemu-launcher.profile | |||
@@ -5,7 +5,7 @@ include qemu-launcher.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.qemu-launcher | 8 | nodeny ${HOME}/.qemu-launcher |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-passwdmgr.inc | 11 | include disable-passwdmgr.inc |
diff --git a/etc/profile-m-z/qgis.profile b/etc/profile-m-z/qgis.profile index 2e97daea2..e99140c22 100644 --- a/etc/profile-m-z/qgis.profile +++ b/etc/profile-m-z/qgis.profile | |||
@@ -6,10 +6,10 @@ include qgis.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/QGIS | 9 | nodeny ${HOME}/.config/QGIS |
10 | noblacklist ${HOME}/.local/share/QGIS | 10 | nodeny ${HOME}/.local/share/QGIS |
11 | noblacklist ${HOME}/.qgis2 | 11 | nodeny ${HOME}/.qgis2 |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python3.inc | 15 | include allow-python3.inc |
@@ -25,10 +25,10 @@ include disable-xdg.inc | |||
25 | mkdir ${HOME}/.local/share/QGIS | 25 | mkdir ${HOME}/.local/share/QGIS |
26 | mkdir ${HOME}/.qgis2 | 26 | mkdir ${HOME}/.qgis2 |
27 | mkdir ${HOME}/.config/QGIS | 27 | mkdir ${HOME}/.config/QGIS |
28 | whitelist ${HOME}/.local/share/QGIS | 28 | allow ${HOME}/.local/share/QGIS |
29 | whitelist ${HOME}/.qgis2 | 29 | allow ${HOME}/.qgis2 |
30 | whitelist ${HOME}/.config/QGIS | 30 | allow ${HOME}/.config/QGIS |
31 | whitelist ${DOCUMENTS} | 31 | allow ${DOCUMENTS} |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
34 | 34 | ||
diff --git a/etc/profile-m-z/qlipper.profile b/etc/profile-m-z/qlipper.profile index 6e94d5845..75dc58ae4 100644 --- a/etc/profile-m-z/qlipper.profile +++ b/etc/profile-m-z/qlipper.profile | |||
@@ -6,7 +6,7 @@ include qlipper.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Qlipper | 9 | nodeny ${HOME}/.config/Qlipper |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/qmmp.profile b/etc/profile-m-z/qmmp.profile index c3d982c17..d37fce997 100644 --- a/etc/profile-m-z/qmmp.profile +++ b/etc/profile-m-z/qmmp.profile | |||
@@ -6,8 +6,8 @@ include qmmp.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.qmmp | 9 | nodeny ${HOME}/.qmmp |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/qnapi.profile b/etc/profile-m-z/qnapi.profile index ca11df5be..f12340052 100644 --- a/etc/profile-m-z/qnapi.profile +++ b/etc/profile-m-z/qnapi.profile | |||
@@ -6,7 +6,7 @@ include qnapi.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/qnapi.ini | 9 | nodeny ${HOME}/.config/qnapi.ini |
10 | 10 | ||
11 | ignore noexec /tmp | 11 | ignore noexec /tmp |
12 | 12 | ||
@@ -20,8 +20,8 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkfile ${HOME}/.config/qnapi.ini | 22 | mkfile ${HOME}/.config/qnapi.ini |
23 | whitelist ${HOME}/.config/qnapi.ini | 23 | allow ${HOME}/.config/qnapi.ini |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/qpdfview.profile b/etc/profile-m-z/qpdfview.profile index be690ffa4..62fae324c 100644 --- a/etc/profile-m-z/qpdfview.profile +++ b/etc/profile-m-z/qpdfview.profile | |||
@@ -6,9 +6,9 @@ include qpdfview.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/qpdfview | 9 | nodeny ${HOME}/.config/qpdfview |
10 | noblacklist ${HOME}/.local/share/qpdfview | 10 | nodeny ${HOME}/.local/share/qpdfview |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/qrencode.profile b/etc/profile-m-z/qrencode.profile index 6cbf8519f..5f0aec804 100644 --- a/etc/profile-m-z/qrencode.profile +++ b/etc/profile-m-z/qrencode.profile | |||
@@ -7,7 +7,7 @@ include qrencode.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/qtox.profile b/etc/profile-m-z/qtox.profile index 8ffe24d11..1ad46814e 100644 --- a/etc/profile-m-z/qtox.profile +++ b/etc/profile-m-z/qtox.profile | |||
@@ -6,8 +6,8 @@ include qtox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Tox | 9 | nodeny ${HOME}/.cache/Tox |
10 | noblacklist ${HOME}/.config/tox | 10 | nodeny ${HOME}/.config/tox |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-shell.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.config/tox | 21 | mkdir ${HOME}/.config/tox |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist ${HOME}/.config/tox | 23 | allow ${HOME}/.config/tox |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/quadrapassel.profile b/etc/profile-m-z/quadrapassel.profile index 91e0d9d0d..aee24925c 100644 --- a/etc/profile-m-z/quadrapassel.profile +++ b/etc/profile-m-z/quadrapassel.profile | |||
@@ -6,11 +6,11 @@ include quadrapassel.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/quadrapassel | 9 | nodeny ${HOME}/.local/share/quadrapassel |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/quadrapassel | 11 | mkdir ${HOME}/.local/share/quadrapassel |
12 | whitelist ${HOME}/.local/share/quadrapassel | 12 | allow ${HOME}/.local/share/quadrapassel |
13 | whitelist /usr/share/quadrapassel | 13 | allow /usr/share/quadrapassel |
14 | 14 | ||
15 | private-bin quadrapassel | 15 | private-bin quadrapassel |
16 | 16 | ||
diff --git a/etc/profile-m-z/quaternion.profile b/etc/profile-m-z/quaternion.profile index 1d146aa39..a319e1e12 100644 --- a/etc/profile-m-z/quaternion.profile +++ b/etc/profile-m-z/quaternion.profile | |||
@@ -6,8 +6,8 @@ include quaternion.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Quotient/quaternion | 9 | nodeny ${HOME}/.cache/Quotient/quaternion |
10 | noblacklist ${HOME}/.config/Quotient | 10 | nodeny ${HOME}/.config/Quotient |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,10 +20,10 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.cache/Quotient/quaternion | 21 | mkdir ${HOME}/.cache/Quotient/quaternion |
22 | mkdir ${HOME}/.config/Quotient | 22 | mkdir ${HOME}/.config/Quotient |
23 | whitelist ${HOME}/.cache/Quotient/quaternion | 23 | allow ${HOME}/.cache/Quotient/quaternion |
24 | whitelist ${HOME}/.config/Quotient | 24 | allow ${HOME}/.config/Quotient |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | whitelist /usr/share/Quotient/quaternion | 26 | allow /usr/share/Quotient/quaternion |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/quiterss.profile b/etc/profile-m-z/quiterss.profile index 9490089b2..2693f2ed5 100644 --- a/etc/profile-m-z/quiterss.profile +++ b/etc/profile-m-z/quiterss.profile | |||
@@ -6,10 +6,10 @@ include quiterss.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/QuiteRss | 9 | nodeny ${HOME}/.cache/QuiteRss |
10 | noblacklist ${HOME}/.config/QuiteRss | 10 | nodeny ${HOME}/.config/QuiteRss |
11 | noblacklist ${HOME}/.config/QuiteRssrc | 11 | nodeny ${HOME}/.config/QuiteRssrc |
12 | noblacklist ${HOME}/.local/share/QuiteRss | 12 | nodeny ${HOME}/.local/share/QuiteRss |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -25,12 +25,12 @@ mkdir ${HOME}/.local/share/data | |||
25 | mkdir ${HOME}/.local/share/data/QuiteRss | 25 | mkdir ${HOME}/.local/share/data/QuiteRss |
26 | mkdir ${HOME}/.local/share/QuiteRss | 26 | mkdir ${HOME}/.local/share/QuiteRss |
27 | mkfile ${HOME}/quiterssfeeds.opml | 27 | mkfile ${HOME}/quiterssfeeds.opml |
28 | whitelist ${HOME}/.cache/QuiteRss | 28 | allow ${HOME}/.cache/QuiteRss |
29 | whitelist ${HOME}/.config/QuiteRss | 29 | allow ${HOME}/.config/QuiteRss |
30 | whitelist ${HOME}/.config/QuiteRssrc | 30 | allow ${HOME}/.config/QuiteRssrc |
31 | whitelist ${HOME}/.local/share/data/QuiteRss | 31 | allow ${HOME}/.local/share/data/QuiteRss |
32 | whitelist ${HOME}/.local/share/QuiteRss | 32 | allow ${HOME}/.local/share/QuiteRss |
33 | whitelist ${HOME}/quiterssfeeds.opml | 33 | allow ${HOME}/quiterssfeeds.opml |
34 | include whitelist-common.inc | 34 | include whitelist-common.inc |
35 | 35 | ||
36 | caps.drop all | 36 | caps.drop all |
diff --git a/etc/profile-m-z/quodlibet.profile b/etc/profile-m-z/quodlibet.profile index 92b02b2bf..52c120c08 100644 --- a/etc/profile-m-z/quodlibet.profile +++ b/etc/profile-m-z/quodlibet.profile | |||
@@ -6,10 +6,10 @@ include quodlibet.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/quodlibet | 9 | nodeny ${HOME}/.cache/quodlibet |
10 | noblacklist ${HOME}/.config/quodlibet | 10 | nodeny ${HOME}/.config/quodlibet |
11 | noblacklist ${HOME}/.quodlibet | 11 | nodeny ${HOME}/.quodlibet |
12 | noblacklist ${MUSIC} | 12 | nodeny ${MUSIC} |
13 | 13 | ||
14 | include allow-bin-sh.inc | 14 | include allow-bin-sh.inc |
15 | 15 | ||
@@ -30,11 +30,11 @@ mkdir ${HOME}/.cache/quodlibet | |||
30 | mkdir ${HOME}/.config/quodlibet | 30 | mkdir ${HOME}/.config/quodlibet |
31 | mkdir ${HOME}/.quodlibet | 31 | mkdir ${HOME}/.quodlibet |
32 | 32 | ||
33 | whitelist ${HOME}/.cache/quodlibet | 33 | allow ${HOME}/.cache/quodlibet |
34 | whitelist ${HOME}/.config/quodlibet | 34 | allow ${HOME}/.config/quodlibet |
35 | whitelist ${HOME}/.quodlibet | 35 | allow ${HOME}/.quodlibet |
36 | whitelist ${DOWNLOADS} | 36 | allow ${DOWNLOADS} |
37 | whitelist ${MUSIC} | 37 | allow ${MUSIC} |
38 | include whitelist-common.inc | 38 | include whitelist-common.inc |
39 | include whitelist-runuser-common.inc | 39 | include whitelist-runuser-common.inc |
40 | include whitelist-usr-share-common.inc | 40 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/qupzilla.profile b/etc/profile-m-z/qupzilla.profile index 7aa71c848..9bc91808b 100644 --- a/etc/profile-m-z/qupzilla.profile +++ b/etc/profile-m-z/qupzilla.profile | |||
@@ -6,8 +6,8 @@ include qupzilla.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/qupzilla | 9 | nodeny ${HOME}/.cache/qupzilla |
10 | noblacklist ${HOME}/.config/qupzilla | 10 | nodeny ${HOME}/.config/qupzilla |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-programs.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.cache/qupzilla | 19 | mkdir ${HOME}/.cache/qupzilla |
20 | mkdir ${HOME}/.config/qupzilla | 20 | mkdir ${HOME}/.config/qupzilla |
21 | whitelist ${HOME}/.cache/qupzilla | 21 | allow ${HOME}/.cache/qupzilla |
22 | whitelist ${HOME}/.config/qupzilla | 22 | allow ${HOME}/.config/qupzilla |
23 | 23 | ||
24 | # Redirect | 24 | # Redirect |
25 | include falkon.profile | 25 | include falkon.profile |
diff --git a/etc/profile-m-z/qutebrowser.profile b/etc/profile-m-z/qutebrowser.profile index fc910b589..a342e2acd 100644 --- a/etc/profile-m-z/qutebrowser.profile +++ b/etc/profile-m-z/qutebrowser.profile | |||
@@ -6,9 +6,9 @@ include qutebrowser.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/qutebrowser | 9 | nodeny ${HOME}/.cache/qutebrowser |
10 | noblacklist ${HOME}/.config/qutebrowser | 10 | nodeny ${HOME}/.config/qutebrowser |
11 | noblacklist ${HOME}/.local/share/qutebrowser | 11 | nodeny ${HOME}/.local/share/qutebrowser |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -22,10 +22,10 @@ include disable-programs.inc | |||
22 | mkdir ${HOME}/.cache/qutebrowser | 22 | mkdir ${HOME}/.cache/qutebrowser |
23 | mkdir ${HOME}/.config/qutebrowser | 23 | mkdir ${HOME}/.config/qutebrowser |
24 | mkdir ${HOME}/.local/share/qutebrowser | 24 | mkdir ${HOME}/.local/share/qutebrowser |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | whitelist ${HOME}/.cache/qutebrowser | 26 | allow ${HOME}/.cache/qutebrowser |
27 | whitelist ${HOME}/.config/qutebrowser | 27 | allow ${HOME}/.config/qutebrowser |
28 | whitelist ${HOME}/.local/share/qutebrowser | 28 | allow ${HOME}/.local/share/qutebrowser |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | 30 | ||
31 | caps.drop all | 31 | caps.drop all |
diff --git a/etc/profile-m-z/rambox.profile b/etc/profile-m-z/rambox.profile index ffa2022ee..b1059cee8 100644 --- a/etc/profile-m-z/rambox.profile +++ b/etc/profile-m-z/rambox.profile | |||
@@ -6,9 +6,9 @@ include rambox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Rambox | 9 | nodeny ${HOME}/.config/Rambox |
10 | noblacklist ${HOME}/.pki | 10 | nodeny ${HOME}/.pki |
11 | noblacklist ${HOME}/.local/share/pki | 11 | nodeny ${HOME}/.local/share/pki |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -18,10 +18,10 @@ include disable-programs.inc | |||
18 | mkdir ${HOME}/.config/Rambox | 18 | mkdir ${HOME}/.config/Rambox |
19 | mkdir ${HOME}/.pki | 19 | mkdir ${HOME}/.pki |
20 | mkdir ${HOME}/.local/share/pki | 20 | mkdir ${HOME}/.local/share/pki |
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | whitelist ${HOME}/.config/Rambox | 22 | allow ${HOME}/.config/Rambox |
23 | whitelist ${HOME}/.pki | 23 | allow ${HOME}/.pki |
24 | whitelist ${HOME}/.local/share/pki | 24 | allow ${HOME}/.local/share/pki |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-m-z/redeclipse.profile b/etc/profile-m-z/redeclipse.profile index 9bc196a16..3b56f651f 100644 --- a/etc/profile-m-z/redeclipse.profile +++ b/etc/profile-m-z/redeclipse.profile | |||
@@ -6,7 +6,7 @@ include redeclipse.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.redeclipse | 9 | nodeny ${HOME}/.redeclipse |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.redeclipse | 19 | mkdir ${HOME}/.redeclipse |
20 | whitelist ${HOME}/.redeclipse | 20 | allow ${HOME}/.redeclipse |
21 | whitelist /usr/share/redeclipse | 21 | allow /usr/share/redeclipse |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | 23 | include whitelist-runuser-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/rednotebook.profile b/etc/profile-m-z/rednotebook.profile new file mode 100644 index 000000000..67281c518 --- /dev/null +++ b/etc/profile-m-z/rednotebook.profile | |||
@@ -0,0 +1,67 @@ | |||
1 | # Firejail profile for rednotebook | ||
2 | # Description: Daily journal with calendar, templates and keyword searching | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include rednotebook.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | nodeny ${HOME}/.cache/rednotebook | ||
10 | nodeny ${HOME}/.rednotebook | ||
11 | |||
12 | # Allow python (blacklisted by disable-interpreters.inc) | ||
13 | include allow-python3.inc | ||
14 | |||
15 | include disable-common.inc | ||
16 | include disable-devel.inc | ||
17 | include disable-exec.inc | ||
18 | include disable-interpreters.inc | ||
19 | include disable-passwdmgr.inc | ||
20 | include disable-programs.inc | ||
21 | include disable-shell.inc | ||
22 | |||
23 | mkdir ${HOME}/.cache/rednotebook | ||
24 | mkdir ${HOME}/.rednotebook | ||
25 | allow ${HOME}/.cache/rednotebook | ||
26 | allow ${HOME}/.rednotebook | ||
27 | allow ${DESKTOP} | ||
28 | allow ${DOCUMENTS} | ||
29 | allow ${DOWNLOADS} | ||
30 | allow ${MUSIC} | ||
31 | allow ${PICTURES} | ||
32 | allow ${VIDEOS} | ||
33 | allow /usr/libexec/webkit2gtk-4.0 | ||
34 | include whitelist-common.inc | ||
35 | include whitelist-runuser-common.inc | ||
36 | include whitelist-usr-share-common.inc | ||
37 | include whitelist-var-common.inc | ||
38 | |||
39 | apparmor | ||
40 | caps.drop all | ||
41 | machine-id | ||
42 | net none | ||
43 | no3d | ||
44 | nodvd | ||
45 | nogroups | ||
46 | noinput | ||
47 | nonewprivs | ||
48 | noroot | ||
49 | nosound | ||
50 | notv | ||
51 | nou2f | ||
52 | novideo | ||
53 | protocol unix | ||
54 | seccomp | ||
55 | seccomp.block-secondary | ||
56 | shell none | ||
57 | tracelog | ||
58 | |||
59 | disable-mnt | ||
60 | private-bin python3*,rednotebook | ||
61 | private-cache | ||
62 | private-dev | ||
63 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | ||
64 | private-tmp | ||
65 | |||
66 | dbus-user none | ||
67 | dbus-system none | ||
diff --git a/etc/profile-m-z/redshift.profile b/etc/profile-m-z/redshift.profile index f87c5f67c..3035e1d74 100644 --- a/etc/profile-m-z/redshift.profile +++ b/etc/profile-m-z/redshift.profile | |||
@@ -7,8 +7,8 @@ include redshift.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/redshift | 10 | nodeny ${HOME}/.config/redshift |
11 | noblacklist ${HOME}/.config/redshift.conf | 11 | nodeny ${HOME}/.config/redshift.conf |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-programs.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.config/redshift | 21 | mkdir ${HOME}/.config/redshift |
22 | whitelist ${HOME}/.config/redshift | 22 | allow ${HOME}/.config/redshift |
23 | whitelist ${HOME}/.config/redshift.conf | 23 | allow ${HOME}/.config/redshift.conf |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
26 | apparmor | 26 | apparmor |
diff --git a/etc/profile-m-z/regextester.profile b/etc/profile-m-z/regextester.profile index f5131c5d0..82feafab9 100644 --- a/etc/profile-m-z/regextester.profile +++ b/etc/profile-m-z/regextester.profile | |||
@@ -15,7 +15,7 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/com.github.artemanufrij.regextester | 18 | allow /usr/share/com.github.artemanufrij.regextester |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/remmina.profile b/etc/profile-m-z/remmina.profile index aca22f187..3f385f602 100644 --- a/etc/profile-m-z/remmina.profile +++ b/etc/profile-m-z/remmina.profile | |||
@@ -6,9 +6,9 @@ include remmina.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.remmina | 9 | nodeny ${HOME}/.remmina |
10 | noblacklist ${HOME}/.config/remmina | 10 | nodeny ${HOME}/.config/remmina |
11 | noblacklist ${HOME}/.local/share/remmina | 11 | nodeny ${HOME}/.local/share/remmina |
12 | 12 | ||
13 | # Allow ssh (blacklisted by disable-common.inc) | 13 | # Allow ssh (blacklisted by disable-common.inc) |
14 | include allow-ssh.inc | 14 | include allow-ssh.inc |
diff --git a/etc/profile-m-z/rhythmbox.profile b/etc/profile-m-z/rhythmbox.profile index 970e8ffba..c532d3dc1 100644 --- a/etc/profile-m-z/rhythmbox.profile +++ b/etc/profile-m-z/rhythmbox.profile | |||
@@ -6,9 +6,9 @@ include rhythmbox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | noblacklist ${HOME}/.cache/rhythmbox | 10 | nodeny ${HOME}/.cache/rhythmbox |
11 | noblacklist ${HOME}/.local/share/rhythmbox | 11 | nodeny ${HOME}/.local/share/rhythmbox |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -26,10 +26,10 @@ include disable-programs.inc | |||
26 | include disable-shell.inc | 26 | include disable-shell.inc |
27 | include disable-xdg.inc | 27 | include disable-xdg.inc |
28 | 28 | ||
29 | whitelist /usr/share/rhythmbox | 29 | allow /usr/share/rhythmbox |
30 | whitelist /usr/share/lua | 30 | allow /usr/share/lua |
31 | whitelist /usr/share/libquvi-scripts | 31 | allow /usr/share/libquvi-scripts |
32 | whitelist /usr/share/tracker | 32 | allow /usr/share/tracker |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
35 | include whitelist-var-common.inc | 35 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/ricochet.profile b/etc/profile-m-z/ricochet.profile index b664a2be3..c3ee57ef3 100644 --- a/etc/profile-m-z/ricochet.profile +++ b/etc/profile-m-z/ricochet.profile | |||
@@ -5,7 +5,7 @@ include ricochet.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.local/share/Ricochet | 8 | nodeny ${HOME}/.local/share/Ricochet |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-programs.inc | |||
16 | include disable-shell.inc | 16 | include disable-shell.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.local/share/Ricochet | 18 | mkdir ${HOME}/.local/share/Ricochet |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | whitelist ${HOME}/.local/share/Ricochet | 20 | allow ${HOME}/.local/share/Ricochet |
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | 22 | ||
23 | caps.drop all | 23 | caps.drop all |
diff --git a/etc/profile-m-z/riot-web.profile b/etc/profile-m-z/riot-web.profile index 687c943b0..782396a50 100644 --- a/etc/profile-m-z/riot-web.profile +++ b/etc/profile-m-z/riot-web.profile | |||
@@ -8,11 +8,11 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec /tmp | 9 | ignore noexec /tmp |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/Riot | 11 | nodeny ${HOME}/.config/Riot |
12 | 12 | ||
13 | mkdir ${HOME}/.config/Riot | 13 | mkdir ${HOME}/.config/Riot |
14 | whitelist ${HOME}/.config/Riot | 14 | allow ${HOME}/.config/Riot |
15 | whitelist /usr/share/webapps/element | 15 | allow /usr/share/webapps/element |
16 | 16 | ||
17 | # Redirect | 17 | # Redirect |
18 | include electron.profile | 18 | include electron.profile |
diff --git a/etc/profile-m-z/ripperx.profile b/etc/profile-m-z/ripperx.profile index be815e714..c97ac8090 100644 --- a/etc/profile-m-z/ripperx.profile +++ b/etc/profile-m-z/ripperx.profile | |||
@@ -6,8 +6,8 @@ include ripperx.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.ripperXrc | 9 | nodeny ${HOME}/.ripperXrc |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/ristretto.profile b/etc/profile-m-z/ristretto.profile index 5572cab5a..109d2f8f1 100644 --- a/etc/profile-m-z/ristretto.profile +++ b/etc/profile-m-z/ristretto.profile | |||
@@ -6,9 +6,9 @@ include ristretto.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/ristretto | 9 | nodeny ${HOME}/.config/ristretto |
10 | noblacklist ${HOME}/.Steam | 10 | nodeny ${HOME}/.Steam |
11 | noblacklist ${HOME}/.steam | 11 | nodeny ${HOME}/.steam |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/rocketchat.profile b/etc/profile-m-z/rocketchat.profile index 8d3607c75..1a76c4211 100644 --- a/etc/profile-m-z/rocketchat.profile +++ b/etc/profile-m-z/rocketchat.profile | |||
@@ -21,10 +21,10 @@ ignore private-cache | |||
21 | ignore private-dev | 21 | ignore private-dev |
22 | ignore private-tmp | 22 | ignore private-tmp |
23 | 23 | ||
24 | noblacklist ${HOME}/.config/Rocket.Chat | 24 | nodeny ${HOME}/.config/Rocket.Chat |
25 | 25 | ||
26 | mkdir ${HOME}/.config/Rocket.Chat | 26 | mkdir ${HOME}/.config/Rocket.Chat |
27 | whitelist ${HOME}/.config/Rocket.Chat | 27 | allow ${HOME}/.config/Rocket.Chat |
28 | 28 | ||
29 | # Redirect | 29 | # Redirect |
30 | include electron.profile | 30 | include electron.profile |
diff --git a/etc/profile-m-z/rsync-download_only.profile b/etc/profile-m-z/rsync-download_only.profile index 690b44bb1..4807b7d36 100644 --- a/etc/profile-m-z/rsync-download_only.profile +++ b/etc/profile-m-z/rsync-download_only.profile | |||
@@ -11,8 +11,8 @@ include globals.local | |||
11 | # not as a daemon (rsync --daemon) nor to create backups. | 11 | # not as a daemon (rsync --daemon) nor to create backups. |
12 | # Usage: firejail --profile=rsync-download_only rsync | 12 | # Usage: firejail --profile=rsync-download_only rsync |
13 | 13 | ||
14 | blacklist /tmp/.X11-unix | 14 | deny /tmp/.X11-unix |
15 | blacklist ${RUNUSER} | 15 | deny ${RUNUSER} |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/profile-m-z/rtv-addons.profile b/etc/profile-m-z/rtv-addons.profile index c9da0b628..6b7d6b155 100644 --- a/etc/profile-m-z/rtv-addons.profile +++ b/etc/profile-m-z/rtv-addons.profile | |||
@@ -11,13 +11,18 @@ ignore nosound | |||
11 | ignore private-bin | 11 | ignore private-bin |
12 | ignore dbus-user none | 12 | ignore dbus-user none |
13 | 13 | ||
14 | noblacklist ${HOME}/.config/mpv | 14 | nodeny ${HOME}/.config/mpv |
15 | noblacklist ${HOME}/.mailcap | 15 | nodeny ${HOME}/.mailcap |
16 | noblacklist ${HOME}/.netrc | 16 | nodeny ${HOME}/.netrc |
17 | noblacklist ${HOME}/.w3m | 17 | nodeny ${HOME}/.w3m |
18 | 18 | ||
19 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs | 19 | allow ${HOME}/.cache/youtube-dl/youtube-sigfuncs |
20 | whitelist ${HOME}/.config/mpv | 20 | allow ${HOME}/.config/mpv |
21 | whitelist ${HOME}/.mailcap | 21 | allow ${HOME}/.mailcap |
22 | whitelist ${HOME}/.netrc | 22 | allow ${HOME}/.netrc |
23 | whitelist ${HOME}/.w3m | 23 | allow ${HOME}/.w3m |
24 | |||
25 | #private-bin w3m,mpv,youtube-dl | ||
26 | |||
27 | # tells rtv, which browser to use | ||
28 | #env RTV_BROWSER=w3m | ||
diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile index f0b8d31e9..074050792 100644 --- a/etc/profile-m-z/rtv.profile +++ b/etc/profile-m-z/rtv.profile | |||
@@ -6,11 +6,14 @@ include rtv.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | deny /tmp/.X11-unix |
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/rtv | 12 | nodeny ${HOME}/.config/rtv |
13 | noblacklist ${HOME}/.local/share/rtv | 13 | nodeny ${HOME}/.local/share/rtv |
14 | |||
15 | # Allow /bin/sh (blacklisted by disable-shell.inc) | ||
16 | include allow-bin-sh.inc | ||
14 | 17 | ||
15 | # Allow python (blacklisted by disable-interpreters.inc) | 18 | # Allow python (blacklisted by disable-interpreters.inc) |
16 | include allow-python2.inc | 19 | include allow-python2.inc |
@@ -30,8 +33,8 @@ include disable-xdg.inc | |||
30 | 33 | ||
31 | mkdir ${HOME}/.config/rtv | 34 | mkdir ${HOME}/.config/rtv |
32 | mkdir ${HOME}/.local/share/rtv | 35 | mkdir ${HOME}/.local/share/rtv |
33 | whitelist ${HOME}/.config/rtv | 36 | allow ${HOME}/.config/rtv |
34 | whitelist ${HOME}/.local/share/rtv | 37 | allow ${HOME}/.local/share/rtv |
35 | include whitelist-var-common.inc | 38 | include whitelist-var-common.inc |
36 | 39 | ||
37 | apparmor | 40 | apparmor |
@@ -54,10 +57,10 @@ shell none | |||
54 | tracelog | 57 | tracelog |
55 | 58 | ||
56 | disable-mnt | 59 | disable-mnt |
57 | private-bin python*,rtv,sh,xdg-settings | 60 | private-bin less,python*,rtv,sh,xdg-settings |
58 | private-cache | 61 | private-cache |
59 | private-dev | 62 | private-dev |
60 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg | 63 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mailcap,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg |
61 | 64 | ||
62 | dbus-user none | 65 | dbus-user none |
63 | dbus-system none | 66 | dbus-system none |
diff --git a/etc/profile-m-z/sayonara.profile b/etc/profile-m-z/sayonara.profile index de79913cc..963f5da02 100644 --- a/etc/profile-m-z/sayonara.profile +++ b/etc/profile-m-z/sayonara.profile | |||
@@ -5,8 +5,8 @@ include sayonara.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.Sayonara | 8 | nodeny ${HOME}/.Sayonara |
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/scallion.profile b/etc/profile-m-z/scallion.profile index eb8468c3b..26550b5e0 100644 --- a/etc/profile-m-z/scallion.profile +++ b/etc/profile-m-z/scallion.profile | |||
@@ -6,10 +6,10 @@ include scallion.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PATH}/llvm* | 9 | nodeny ${PATH}/llvm* |
10 | noblacklist ${PATH}/openssl | 10 | nodeny ${PATH}/openssl |
11 | noblacklist ${PATH}/openssl-1.0 | 11 | nodeny ${PATH}/openssl-1.0 |
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
diff --git a/etc/profile-m-z/scorched3d.profile b/etc/profile-m-z/scorched3d.profile index b1989e474..921efb49e 100644 --- a/etc/profile-m-z/scorched3d.profile +++ b/etc/profile-m-z/scorched3d.profile | |||
@@ -6,7 +6,7 @@ include scorched3d.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.scorched3d | 9 | nodeny ${HOME}/.scorched3d |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.scorched3d | 19 | mkdir ${HOME}/.scorched3d |
20 | whitelist ${HOME}/.scorched3d | 20 | allow ${HOME}/.scorched3d |
21 | whitelist /usr/share/scorched3d | 21 | allow /usr/share/scorched3d |
22 | whitelist /usr/share/games/scorched3d | 22 | allow /usr/share/games/scorched3d |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/scorchwentbonkers.profile b/etc/profile-m-z/scorchwentbonkers.profile index 2cb1df6b5..54a6c3a01 100644 --- a/etc/profile-m-z/scorchwentbonkers.profile +++ b/etc/profile-m-z/scorchwentbonkers.profile | |||
@@ -6,7 +6,7 @@ include scorchwentbonkers.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.swb.ini | 9 | nodeny ${HOME}/.swb.ini |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.swb.ini | 20 | mkdir ${HOME}/.swb.ini |
21 | whitelist ${HOME}/.swb.ini | 21 | allow ${HOME}/.swb.ini |
22 | whitelist /usr/share/scorchwentbonkers | 22 | allow /usr/share/scorchwentbonkers |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/scribus.profile b/etc/profile-m-z/scribus.profile index 1fdeaa145..6519f8e87 100644 --- a/etc/profile-m-z/scribus.profile +++ b/etc/profile-m-z/scribus.profile | |||
@@ -7,24 +7,24 @@ include scribus.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # Support for PDF readers comes with Scribus 1.5 and higher | 9 | # Support for PDF readers comes with Scribus 1.5 and higher |
10 | noblacklist ${HOME}/.cache/okular | 10 | nodeny ${HOME}/.cache/okular |
11 | noblacklist ${HOME}/.config/GIMP | 11 | nodeny ${HOME}/.config/GIMP |
12 | noblacklist ${HOME}/.config/okularpartrc | 12 | nodeny ${HOME}/.config/okularpartrc |
13 | noblacklist ${HOME}/.config/okularrc | 13 | nodeny ${HOME}/.config/okularrc |
14 | noblacklist ${HOME}/.config/scribus | 14 | nodeny ${HOME}/.config/scribus |
15 | noblacklist ${HOME}/.config/scribusrc | 15 | nodeny ${HOME}/.config/scribusrc |
16 | noblacklist ${HOME}/.gimp* | 16 | nodeny ${HOME}/.gimp* |
17 | noblacklist ${HOME}/.kde/share/apps/okular | 17 | nodeny ${HOME}/.kde/share/apps/okular |
18 | noblacklist ${HOME}/.kde/share/config/okularpartrc | 18 | nodeny ${HOME}/.kde/share/config/okularpartrc |
19 | noblacklist ${HOME}/.kde/share/config/okularrc | 19 | nodeny ${HOME}/.kde/share/config/okularrc |
20 | noblacklist ${HOME}/.kde4/share/apps/okular | 20 | nodeny ${HOME}/.kde4/share/apps/okular |
21 | noblacklist ${HOME}/.kde4/share/config/okularpartrc | 21 | nodeny ${HOME}/.kde4/share/config/okularpartrc |
22 | noblacklist ${HOME}/.kde4/share/config/okularrc | 22 | nodeny ${HOME}/.kde4/share/config/okularrc |
23 | noblacklist ${HOME}/.local/share/okular | 23 | nodeny ${HOME}/.local/share/okular |
24 | noblacklist ${HOME}/.local/share/scribus | 24 | nodeny ${HOME}/.local/share/scribus |
25 | noblacklist ${HOME}/.scribus | 25 | nodeny ${HOME}/.scribus |
26 | noblacklist ${DOCUMENTS} | 26 | nodeny ${DOCUMENTS} |
27 | noblacklist ${PICTURES} | 27 | nodeny ${PICTURES} |
28 | 28 | ||
29 | # Allow python (blacklisted by disable-interpreters.inc) | 29 | # Allow python (blacklisted by disable-interpreters.inc) |
30 | include allow-python2.inc | 30 | include allow-python2.inc |
diff --git a/etc/profile-m-z/seahorse-adventures.profile b/etc/profile-m-z/seahorse-adventures.profile index 7799ab7ed..95cedac3f 100644 --- a/etc/profile-m-z/seahorse-adventures.profile +++ b/etc/profile-m-z/seahorse-adventures.profile | |||
@@ -22,8 +22,8 @@ include disable-programs.inc | |||
22 | include disable-shell.inc | 22 | include disable-shell.inc |
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | whitelist /usr/share/seahorse-adventures | 25 | allow /usr/share/seahorse-adventures |
26 | whitelist /usr/share/games/seahorse-adventures | 26 | allow /usr/share/games/seahorse-adventures |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile index d3d8e453f..66605173b 100644 --- a/etc/profile-m-z/seahorse.profile +++ b/etc/profile-m-z/seahorse.profile | |||
@@ -6,9 +6,9 @@ include seahorse.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | deny /tmp/.X11-unix |
10 | 10 | ||
11 | noblacklist ${HOME}/.gnupg | 11 | nodeny ${HOME}/.gnupg |
12 | 12 | ||
13 | # Allow ssh (blacklisted by disable-common.inc) | 13 | # Allow ssh (blacklisted by disable-common.inc) |
14 | include allow-ssh.inc | 14 | include allow-ssh.inc |
@@ -27,13 +27,13 @@ include disable-xdg.inc | |||
27 | #mkdir ${HOME}/.ssh | 27 | #mkdir ${HOME}/.ssh |
28 | #whitelist ${HOME}/.gnupg | 28 | #whitelist ${HOME}/.gnupg |
29 | #whitelist ${HOME}/.ssh | 29 | #whitelist ${HOME}/.ssh |
30 | whitelist /tmp/ssh-* | 30 | allow /tmp/ssh-* |
31 | whitelist /usr/share/gnupg | 31 | allow /usr/share/gnupg |
32 | whitelist /usr/share/gnupg2 | 32 | allow /usr/share/gnupg2 |
33 | whitelist /usr/share/seahorse | 33 | allow /usr/share/seahorse |
34 | whitelist /usr/share/seahorse-nautilus | 34 | allow /usr/share/seahorse-nautilus |
35 | whitelist ${RUNUSER}/gnupg | 35 | allow ${RUNUSER}/gnupg |
36 | whitelist ${RUNUSER}/keyring | 36 | allow ${RUNUSER}/keyring |
37 | #include whitelist-common.inc | 37 | #include whitelist-common.inc |
38 | include whitelist-runuser-common.inc | 38 | include whitelist-runuser-common.inc |
39 | include whitelist-usr-share-common.inc | 39 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/seamonkey.profile b/etc/profile-m-z/seamonkey.profile index 807effbeb..c9867719a 100644 --- a/etc/profile-m-z/seamonkey.profile +++ b/etc/profile-m-z/seamonkey.profile | |||
@@ -6,10 +6,10 @@ include seamonkey.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/mozilla | 9 | nodeny ${HOME}/.cache/mozilla |
10 | noblacklist ${HOME}/.mozilla | 10 | nodeny ${HOME}/.mozilla |
11 | noblacklist ${HOME}/.pki | 11 | nodeny ${HOME}/.pki |
12 | noblacklist ${HOME}/.local/share/pki | 12 | nodeny ${HOME}/.local/share/pki |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -20,25 +20,25 @@ mkdir ${HOME}/.cache/mozilla | |||
20 | mkdir ${HOME}/.mozilla | 20 | mkdir ${HOME}/.mozilla |
21 | mkdir ${HOME}/.pki | 21 | mkdir ${HOME}/.pki |
22 | mkdir ${HOME}/.local/share/pki | 22 | mkdir ${HOME}/.local/share/pki |
23 | whitelist ${DOWNLOADS} | 23 | allow ${DOWNLOADS} |
24 | whitelist ${HOME}/.cache/gnome-mplayer/plugin | 24 | allow ${HOME}/.cache/gnome-mplayer/plugin |
25 | whitelist ${HOME}/.cache/mozilla | 25 | allow ${HOME}/.cache/mozilla |
26 | whitelist ${HOME}/.config/gnome-mplayer | 26 | allow ${HOME}/.config/gnome-mplayer |
27 | whitelist ${HOME}/.config/pipelight-silverlight5.1 | 27 | allow ${HOME}/.config/pipelight-silverlight5.1 |
28 | whitelist ${HOME}/.config/pipelight-widevine | 28 | allow ${HOME}/.config/pipelight-widevine |
29 | whitelist ${HOME}/.keysnail.js | 29 | allow ${HOME}/.keysnail.js |
30 | whitelist ${HOME}/.lastpass | 30 | allow ${HOME}/.lastpass |
31 | whitelist ${HOME}/.mozilla | 31 | allow ${HOME}/.mozilla |
32 | whitelist ${HOME}/.pentadactyl | 32 | allow ${HOME}/.pentadactyl |
33 | whitelist ${HOME}/.pentadactylrc | 33 | allow ${HOME}/.pentadactylrc |
34 | whitelist ${HOME}/.pki | 34 | allow ${HOME}/.pki |
35 | whitelist ${HOME}/.local/share/pki | 35 | allow ${HOME}/.local/share/pki |
36 | whitelist ${HOME}/.vimperator | 36 | allow ${HOME}/.vimperator |
37 | whitelist ${HOME}/.vimperatorrc | 37 | allow ${HOME}/.vimperatorrc |
38 | whitelist ${HOME}/.wine-pipelight | 38 | allow ${HOME}/.wine-pipelight |
39 | whitelist ${HOME}/.wine-pipelight64 | 39 | allow ${HOME}/.wine-pipelight64 |
40 | whitelist ${HOME}/.zotero | 40 | allow ${HOME}/.zotero |
41 | whitelist ${HOME}/dwhelper | 41 | allow ${HOME}/dwhelper |
42 | include whitelist-common.inc | 42 | include whitelist-common.inc |
43 | 43 | ||
44 | caps.drop all | 44 | caps.drop all |
diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile index 7d56684db..23f464637 100644 --- a/etc/profile-m-z/server.profile +++ b/etc/profile-m-z/server.profile | |||
@@ -32,12 +32,12 @@ include globals.local | |||
32 | # it allows /sbin and /usr/sbin directories - this is where servers are installed | 32 | # it allows /sbin and /usr/sbin directories - this is where servers are installed |
33 | # depending on your usage, you can enable some of the commands below: | 33 | # depending on your usage, you can enable some of the commands below: |
34 | 34 | ||
35 | noblacklist /sbin | 35 | nodeny /sbin |
36 | noblacklist /usr/sbin | 36 | nodeny /usr/sbin |
37 | # noblacklist /var/opt | 37 | # noblacklist /var/opt |
38 | 38 | ||
39 | blacklist /tmp/.X11-unix | 39 | deny /tmp/.X11-unix |
40 | blacklist ${RUNUSER}/wayland-* | 40 | deny ${RUNUSER}/wayland-* |
41 | 41 | ||
42 | include disable-common.inc | 42 | include disable-common.inc |
43 | # include disable-devel.inc | 43 | # include disable-devel.inc |
diff --git a/etc/profile-m-z/shellcheck.profile b/etc/profile-m-z/shellcheck.profile index b7f398f45..0cb9de45a 100644 --- a/etc/profile-m-z/shellcheck.profile +++ b/etc/profile-m-z/shellcheck.profile | |||
@@ -7,9 +7,9 @@ include shellcheck.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | noblacklist ${DOCUMENTS} | 12 | nodeny ${DOCUMENTS} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -19,7 +19,7 @@ include disable-passwdmgr.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist /usr/share/shellcheck | 22 | allow /usr/share/shellcheck |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
diff --git a/etc/profile-m-z/shortwave.profile b/etc/profile-m-z/shortwave.profile index d629240ec..a8e5f6b18 100644 --- a/etc/profile-m-z/shortwave.profile +++ b/etc/profile-m-z/shortwave.profile | |||
@@ -6,8 +6,8 @@ include shortwave.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Shortwave | 9 | nodeny ${HOME}/.cache/Shortwave |
10 | noblacklist ${HOME}/.local/share/Shortwave | 10 | nodeny ${HOME}/.local/share/Shortwave |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.cache/Shortwave | 20 | mkdir ${HOME}/.cache/Shortwave |
21 | mkdir ${HOME}/.local/share/Shortwave | 21 | mkdir ${HOME}/.local/share/Shortwave |
22 | whitelist ${HOME}/.cache/Shortwave | 22 | allow ${HOME}/.cache/Shortwave |
23 | whitelist ${HOME}/.local/share/Shortwave | 23 | allow ${HOME}/.local/share/Shortwave |
24 | whitelist /usr/share/shortwave | 24 | allow /usr/share/shortwave |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/shotcut.profile b/etc/profile-m-z/shotcut.profile index 63af4d367..1f3c39c46 100644 --- a/etc/profile-m-z/shotcut.profile +++ b/etc/profile-m-z/shotcut.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/Meltytech | 11 | nodeny ${HOME}/.config/Meltytech |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/shotwell.profile b/etc/profile-m-z/shotwell.profile index ddc8a7743..b653930c3 100644 --- a/etc/profile-m-z/shotwell.profile +++ b/etc/profile-m-z/shotwell.profile | |||
@@ -6,10 +6,10 @@ include shotwell.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/shotwell | 9 | nodeny ${HOME}/.cache/shotwell |
10 | noblacklist ${HOME}/.local/share/shotwell | 10 | nodeny ${HOME}/.local/share/shotwell |
11 | 11 | ||
12 | noblacklist ${PICTURES} | 12 | nodeny ${PICTURES} |
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | 15 | include disable-exec.inc |
@@ -21,9 +21,9 @@ include disable-xdg.inc | |||
21 | 21 | ||
22 | mkdir ${HOME}/.cache/shotwell | 22 | mkdir ${HOME}/.cache/shotwell |
23 | mkdir ${HOME}/.local/share/shotwell | 23 | mkdir ${HOME}/.local/share/shotwell |
24 | whitelist ${HOME}/.cache/shotwell | 24 | allow ${HOME}/.cache/shotwell |
25 | whitelist ${HOME}/.local/share/shotwell | 25 | allow ${HOME}/.local/share/shotwell |
26 | whitelist ${PICTURES} | 26 | allow ${PICTURES} |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile index 478377344..8a46899f1 100644 --- a/etc/profile-m-z/signal-cli.profile +++ b/etc/profile-m-z/signal-cli.profile | |||
@@ -6,10 +6,10 @@ include signal-cli.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist /tmp/.X11-unix | 9 | deny /tmp/.X11-unix |
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | noblacklist ${HOME}/.local/share/signal-cli | 12 | nodeny ${HOME}/.local/share/signal-cli |
13 | 13 | ||
14 | include allow-java.inc | 14 | include allow-java.inc |
15 | 15 | ||
@@ -22,7 +22,7 @@ include disable-programs.inc | |||
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | mkdir ${HOME}/.local/share/signal-cli | 24 | mkdir ${HOME}/.local/share/signal-cli |
25 | whitelist ${HOME}/.local/share/signal-cli | 25 | allow ${HOME}/.local/share/signal-cli |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-m-z/signal-desktop.profile b/etc/profile-m-z/signal-desktop.profile index 77a7f5b38..a12080748 100644 --- a/etc/profile-m-z/signal-desktop.profile +++ b/etc/profile-m-z/signal-desktop.profile | |||
@@ -9,15 +9,15 @@ ignore novideo | |||
9 | 9 | ||
10 | ignore noexec /tmp | 10 | ignore noexec /tmp |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/Signal | 12 | nodeny ${HOME}/.config/Signal |
13 | 13 | ||
14 | # These lines are needed to allow Firefox to open links | 14 | # These lines are needed to allow Firefox to open links |
15 | noblacklist ${HOME}/.mozilla | 15 | nodeny ${HOME}/.mozilla |
16 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 16 | allow ${HOME}/.mozilla/firefox/profiles.ini |
17 | read-only ${HOME}/.mozilla/firefox/profiles.ini | 17 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
18 | 18 | ||
19 | mkdir ${HOME}/.config/Signal | 19 | mkdir ${HOME}/.config/Signal |
20 | whitelist ${HOME}/.config/Signal | 20 | allow ${HOME}/.config/Signal |
21 | 21 | ||
22 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 22 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,nsswitch.conf,pki,resolv.conf,ssl |
23 | 23 | ||
diff --git a/etc/profile-m-z/simple-scan.profile b/etc/profile-m-z/simple-scan.profile index 17920677b..589a44ffc 100644 --- a/etc/profile-m-z/simple-scan.profile +++ b/etc/profile-m-z/simple-scan.profile | |||
@@ -6,8 +6,8 @@ include simple-scan.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/simple-scan | 9 | nodeny ${HOME}/.cache/simple-scan |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -16,8 +16,8 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | whitelist /usr/share/hplip | 19 | allow /usr/share/hplip |
20 | whitelist /usr/share/simple-scan | 20 | allow /usr/share/simple-scan |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/simplescreenrecorder.profile b/etc/profile-m-z/simplescreenrecorder.profile index d664f8bf5..83f833508 100644 --- a/etc/profile-m-z/simplescreenrecorder.profile +++ b/etc/profile-m-z/simplescreenrecorder.profile | |||
@@ -6,8 +6,8 @@ include simplescreenrecorder.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${VIDEOS} | 9 | nodeny ${VIDEOS} |
10 | noblacklist ${HOME}/.ssr | 10 | nodeny ${HOME}/.ssr |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist /usr/share/simplescreenrecorder | 20 | allow /usr/share/simplescreenrecorder |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/simutrans.profile b/etc/profile-m-z/simutrans.profile index afaa0f6d8..1d7f41579 100644 --- a/etc/profile-m-z/simutrans.profile +++ b/etc/profile-m-z/simutrans.profile | |||
@@ -6,7 +6,7 @@ include simutrans.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.simutrans | 9 | nodeny ${HOME}/.simutrans |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,7 +16,7 @@ include disable-passwdmgr.inc | |||
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | mkdir ${HOME}/.simutrans | 18 | mkdir ${HOME}/.simutrans |
19 | whitelist ${HOME}/.simutrans | 19 | allow ${HOME}/.simutrans |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
diff --git a/etc/profile-m-z/skanlite.profile b/etc/profile-m-z/skanlite.profile index 093a61398..98ed624f9 100644 --- a/etc/profile-m-z/skanlite.profile +++ b/etc/profile-m-z/skanlite.profile | |||
@@ -6,7 +6,7 @@ include skanlite.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/skypeforlinux.profile b/etc/profile-m-z/skypeforlinux.profile index ed04eda8e..e7f70eebe 100644 --- a/etc/profile-m-z/skypeforlinux.profile +++ b/etc/profile-m-z/skypeforlinux.profile | |||
@@ -21,7 +21,7 @@ ignore dbus-system none | |||
21 | ignore apparmor | 21 | ignore apparmor |
22 | ignore noexec /tmp | 22 | ignore noexec /tmp |
23 | 23 | ||
24 | noblacklist ${HOME}/.config/skypeforlinux | 24 | nodeny ${HOME}/.config/skypeforlinux |
25 | 25 | ||
26 | # private-dev - needs /dev/disk | 26 | # private-dev - needs /dev/disk |
27 | 27 | ||
diff --git a/etc/profile-m-z/slack.profile b/etc/profile-m-z/slack.profile index 51f6c8b00..b8299add3 100644 --- a/etc/profile-m-z/slack.profile +++ b/etc/profile-m-z/slack.profile | |||
@@ -16,14 +16,14 @@ ignore private-tmp | |||
16 | ignore dbus-user none | 16 | ignore dbus-user none |
17 | ignore dbus-system none | 17 | ignore dbus-system none |
18 | 18 | ||
19 | noblacklist ${HOME}/.config/Slack | 19 | nodeny ${HOME}/.config/Slack |
20 | 20 | ||
21 | include allow-bin-sh.inc | 21 | include allow-bin-sh.inc |
22 | 22 | ||
23 | include disable-shell.inc | 23 | include disable-shell.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.config/Slack | 25 | mkdir ${HOME}/.config/Slack |
26 | whitelist ${HOME}/.config/Slack | 26 | allow ${HOME}/.config/Slack |
27 | 27 | ||
28 | private-bin electron,electron[0-9],electron[0-9][0-9],locale,sh,slack | 28 | private-bin electron,electron[0-9],electron[0-9][0-9],locale,sh,slack |
29 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,debian_version,fedora-release,fonts,group,ld.so.cache,ld.so.conf,localtime,machine-id,os-release,passwd,pki,pulse,redhat-release,resolv.conf,ssl,system-release,system-release-cpe | 29 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,debian_version,fedora-release,fonts,group,ld.so.cache,ld.so.conf,localtime,machine-id,os-release,passwd,pki,pulse,redhat-release,resolv.conf,ssl,system-release,system-release-cpe |
diff --git a/etc/profile-m-z/slashem.profile b/etc/profile-m-z/slashem.profile index c5a31c237..36a0044dc 100644 --- a/etc/profile-m-z/slashem.profile +++ b/etc/profile-m-z/slashem.profile | |||
@@ -6,7 +6,7 @@ include slashem.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /var/games/slashem | 9 | nodeny /var/games/slashem |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -15,7 +15,7 @@ include disable-interpreters.inc | |||
15 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | whitelist /var/games/slashem | 18 | allow /var/games/slashem |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
diff --git a/etc/profile-m-z/smplayer.profile b/etc/profile-m-z/smplayer.profile index 01547e5c1..4e4334dc0 100644 --- a/etc/profile-m-z/smplayer.profile +++ b/etc/profile-m-z/smplayer.profile | |||
@@ -6,9 +6,9 @@ include smplayer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/smplayer | 9 | nodeny ${HOME}/.config/smplayer |
10 | noblacklist ${HOME}/.config/youtube-dl | 10 | nodeny ${HOME}/.config/youtube-dl |
11 | noblacklist ${HOME}/.mplayer | 11 | nodeny ${HOME}/.mplayer |
12 | 12 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -17,8 +17,8 @@ include allow-lua.inc | |||
17 | include allow-python2.inc | 17 | include allow-python2.inc |
18 | include allow-python3.inc | 18 | include allow-python3.inc |
19 | 19 | ||
20 | noblacklist ${MUSIC} | 20 | nodeny ${MUSIC} |
21 | noblacklist ${VIDEOS} | 21 | nodeny ${VIDEOS} |
22 | 22 | ||
23 | include disable-common.inc | 23 | include disable-common.inc |
24 | include disable-devel.inc | 24 | include disable-devel.inc |
@@ -29,9 +29,9 @@ include disable-programs.inc | |||
29 | include disable-shell.inc | 29 | include disable-shell.inc |
30 | include disable-xdg.inc | 30 | include disable-xdg.inc |
31 | 31 | ||
32 | whitelist /usr/share/lua* | 32 | allow /usr/share/lua* |
33 | whitelist /usr/share/smplayer | 33 | allow /usr/share/smplayer |
34 | whitelist /usr/share/vulkan | 34 | allow /usr/share/vulkan |
35 | include whitelist-usr-share-common.inc | 35 | include whitelist-usr-share-common.inc |
36 | include whitelist-var-common.inc | 36 | include whitelist-var-common.inc |
37 | 37 | ||
diff --git a/etc/profile-m-z/smtube.profile b/etc/profile-m-z/smtube.profile index 196950eaf..99d02ffdf 100644 --- a/etc/profile-m-z/smtube.profile +++ b/etc/profile-m-z/smtube.profile | |||
@@ -6,14 +6,14 @@ include smtube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/smplayer | 9 | nodeny ${HOME}/.config/smplayer |
10 | noblacklist ${HOME}/.config/smtube | 10 | nodeny ${HOME}/.config/smtube |
11 | noblacklist ${HOME}/.config/mpv | 11 | nodeny ${HOME}/.config/mpv |
12 | noblacklist ${HOME}/.mplayer | 12 | nodeny ${HOME}/.mplayer |
13 | noblacklist ${HOME}/.config/vlc | 13 | nodeny ${HOME}/.config/vlc |
14 | noblacklist ${HOME}/.local/share/vlc | 14 | nodeny ${HOME}/.local/share/vlc |
15 | noblacklist ${MUSIC} | 15 | nodeny ${MUSIC} |
16 | noblacklist ${VIDEOS} | 16 | nodeny ${VIDEOS} |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -23,8 +23,8 @@ include disable-passwdmgr.inc | |||
23 | include disable-programs.inc | 23 | include disable-programs.inc |
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | whitelist /usr/share/smplayer | 26 | allow /usr/share/smplayer |
27 | whitelist /usr/share/smtube | 27 | allow /usr/share/smtube |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
30 | 30 | ||
diff --git a/etc/profile-m-z/smuxi-frontend-gnome.profile b/etc/profile-m-z/smuxi-frontend-gnome.profile index c3a9bb858..3a79890cc 100644 --- a/etc/profile-m-z/smuxi-frontend-gnome.profile +++ b/etc/profile-m-z/smuxi-frontend-gnome.profile | |||
@@ -6,9 +6,9 @@ include smuxi-frontend-gnome.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/smuxi | 9 | nodeny ${HOME}/.cache/smuxi |
10 | noblacklist ${HOME}/.config/smuxi | 10 | nodeny ${HOME}/.config/smuxi |
11 | noblacklist ${HOME}/.local/share/smuxi | 11 | nodeny ${HOME}/.local/share/smuxi |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -21,10 +21,10 @@ include disable-xdg.inc | |||
21 | mkdir ${HOME}/.cache/smuxi | 21 | mkdir ${HOME}/.cache/smuxi |
22 | mkdir ${HOME}/.config/smuxi | 22 | mkdir ${HOME}/.config/smuxi |
23 | mkdir ${HOME}/.local/share/smuxi | 23 | mkdir ${HOME}/.local/share/smuxi |
24 | whitelist ${HOME}/.cache/smuxi | 24 | allow ${HOME}/.cache/smuxi |
25 | whitelist ${HOME}/.config/smuxi | 25 | allow ${HOME}/.config/smuxi |
26 | whitelist ${HOME}/.local/share/smuxi | 26 | allow ${HOME}/.local/share/smuxi |
27 | whitelist ${DOWNLOADS} | 27 | allow ${DOWNLOADS} |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/snox.profile b/etc/profile-m-z/snox.profile index 83493652c..1d315404e 100644 --- a/etc/profile-m-z/snox.profile +++ b/etc/profile-m-z/snox.profile | |||
@@ -10,15 +10,15 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/snox | 13 | nodeny ${HOME}/.cache/snox |
14 | noblacklist ${HOME}/.config/snox | 14 | nodeny ${HOME}/.config/snox |
15 | 15 | ||
16 | #mkdir ${HOME}/.cache/dnox | 16 | #mkdir ${HOME}/.cache/dnox |
17 | #mkdir ${HOME}/.config/dnox | 17 | #mkdir ${HOME}/.config/dnox |
18 | mkdir ${HOME}/.cache/snox | 18 | mkdir ${HOME}/.cache/snox |
19 | mkdir ${HOME}/.config/snox | 19 | mkdir ${HOME}/.config/snox |
20 | whitelist ${HOME}/.cache/snox | 20 | allow ${HOME}/.cache/snox |
21 | whitelist ${HOME}/.config/snox | 21 | allow ${HOME}/.config/snox |
22 | 22 | ||
23 | # Redirect | 23 | # Redirect |
24 | include chromium-common.profile | 24 | include chromium-common.profile |
diff --git a/etc/profile-m-z/softmaker-common.profile b/etc/profile-m-z/softmaker-common.profile index 83315231f..bd4991e81 100644 --- a/etc/profile-m-z/softmaker-common.profile +++ b/etc/profile-m-z/softmaker-common.profile | |||
@@ -10,7 +10,7 @@ include softmaker-common.local | |||
10 | # with an absolute Exec line. These files are NOT handelt by firecfg, | 10 | # with an absolute Exec line. These files are NOT handelt by firecfg, |
11 | # therefore you must manualy copy them in you home and remove '/usr/bin/'. | 11 | # therefore you must manualy copy them in you home and remove '/usr/bin/'. |
12 | 12 | ||
13 | noblacklist ${HOME}/SoftMaker | 13 | nodeny ${HOME}/SoftMaker |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-interpreters.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | whitelist /usr/share/office2018 | 22 | allow /usr/share/office2018 |
23 | whitelist /usr/share/freeoffice2018 | 23 | allow /usr/share/freeoffice2018 |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/sound-juicer.profile b/etc/profile-m-z/sound-juicer.profile index ef00fdfff..16ee39e09 100644 --- a/etc/profile-m-z/sound-juicer.profile +++ b/etc/profile-m-z/sound-juicer.profile | |||
@@ -6,8 +6,8 @@ include sound-juicer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/sound-juicer | 9 | nodeny ${HOME}/.config/sound-juicer |
10 | noblacklist ${MUSIC} | 10 | nodeny ${MUSIC} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/soundconverter.profile b/etc/profile-m-z/soundconverter.profile index 4dbf34100..46da7a453 100644 --- a/etc/profile-m-z/soundconverter.profile +++ b/etc/profile-m-z/soundconverter.profile | |||
@@ -10,7 +10,7 @@ include globals.local | |||
10 | include allow-python2.inc | 10 | include allow-python2.inc |
11 | include allow-python3.inc | 11 | include allow-python3.inc |
12 | 12 | ||
13 | noblacklist ${MUSIC} | 13 | nodeny ${MUSIC} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-passwdmgr.inc | |||
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | whitelist ${DOWNLOADS} | 23 | allow ${DOWNLOADS} |
24 | whitelist ${MUSIC} | 24 | allow ${MUSIC} |
25 | whitelist /usr/share/soundconverter | 25 | allow /usr/share/soundconverter |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/spectacle.profile b/etc/profile-m-z/spectacle.profile index 4468f21e7..08adb5861 100644 --- a/etc/profile-m-z/spectacle.profile +++ b/etc/profile-m-z/spectacle.profile | |||
@@ -12,8 +12,8 @@ include globals.local | |||
12 | #private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl | 12 | #private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl |
13 | #protocol unix,inet,inet6 | 13 | #protocol unix,inet,inet6 |
14 | 14 | ||
15 | noblacklist ${HOME}/.config/spectaclerc | 15 | nodeny ${HOME}/.config/spectaclerc |
16 | noblacklist ${PICTURES} | 16 | nodeny ${PICTURES} |
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -24,10 +24,10 @@ include disable-programs.inc | |||
24 | include disable-xdg.inc | 24 | include disable-xdg.inc |
25 | 25 | ||
26 | mkfile ${HOME}/.config/spectaclerc | 26 | mkfile ${HOME}/.config/spectaclerc |
27 | whitelist ${HOME}/.config/spectaclerc | 27 | allow ${HOME}/.config/spectaclerc |
28 | whitelist ${PICTURES} | 28 | allow ${PICTURES} |
29 | whitelist /usr/share/kconf_update/spectacle_newConfig.upd | 29 | allow /usr/share/kconf_update/spectacle_newConfig.upd |
30 | whitelist /usr/share/kconf_update/spectacle_shortcuts.upd | 30 | allow /usr/share/kconf_update/spectacle_shortcuts.upd |
31 | include whitelist-common.inc | 31 | include whitelist-common.inc |
32 | include whitelist-runuser-common.inc | 32 | include whitelist-runuser-common.inc |
33 | include whitelist-usr-share-common.inc | 33 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/spectral.profile b/etc/profile-m-z/spectral.profile index 283674517..4c1b2d3e1 100644 --- a/etc/profile-m-z/spectral.profile +++ b/etc/profile-m-z/spectral.profile | |||
@@ -6,8 +6,8 @@ include spectral.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/ENCOM/Spectral | 9 | nodeny ${HOME}/.cache/ENCOM/Spectral |
10 | noblacklist ${HOME}/.config/ENCOM | 10 | nodeny ${HOME}/.config/ENCOM |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -20,9 +20,9 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.cache/ENCOM/Spectral | 21 | mkdir ${HOME}/.cache/ENCOM/Spectral |
22 | mkdir ${HOME}/.config/ENCOM | 22 | mkdir ${HOME}/.config/ENCOM |
23 | whitelist ${HOME}/.cache/ENCOM/Spectral | 23 | allow ${HOME}/.cache/ENCOM/Spectral |
24 | whitelist ${HOME}/.config/ENCOM | 24 | allow ${HOME}/.config/ENCOM |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/spectre-meltdown-checker.profile b/etc/profile-m-z/spectre-meltdown-checker.profile index 984461f90..3a3fd838d 100644 --- a/etc/profile-m-z/spectre-meltdown-checker.profile +++ b/etc/profile-m-z/spectre-meltdown-checker.profile | |||
@@ -6,10 +6,10 @@ include spectre-meltdown-checker.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | blacklist ${RUNUSER}/wayland-* | 9 | deny ${RUNUSER}/wayland-* |
10 | 10 | ||
11 | noblacklist ${PATH}/mount | 11 | nodeny ${PATH}/mount |
12 | noblacklist ${PATH}/umount | 12 | nodeny ${PATH}/umount |
13 | 13 | ||
14 | # Allow perl (blacklisted by disable-interpreters.inc) | 14 | # Allow perl (blacklisted by disable-interpreters.inc) |
15 | include allow-perl.inc | 15 | include allow-perl.inc |
diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile index 01bc2bc05..e1c830268 100644 --- a/etc/profile-m-z/spotify.profile +++ b/etc/profile-m-z/spotify.profile | |||
@@ -5,11 +5,11 @@ include spotify.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/spotify | 8 | nodeny ${HOME}/.cache/spotify |
9 | noblacklist ${HOME}/.config/spotify | 9 | nodeny ${HOME}/.config/spotify |
10 | noblacklist ${HOME}/.local/share/spotify | 10 | nodeny ${HOME}/.local/share/spotify |
11 | 11 | ||
12 | blacklist ${HOME}/.bashrc | 12 | deny ${HOME}/.bashrc |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -21,9 +21,9 @@ include disable-programs.inc | |||
21 | mkdir ${HOME}/.cache/spotify | 21 | mkdir ${HOME}/.cache/spotify |
22 | mkdir ${HOME}/.config/spotify | 22 | mkdir ${HOME}/.config/spotify |
23 | mkdir ${HOME}/.local/share/spotify | 23 | mkdir ${HOME}/.local/share/spotify |
24 | whitelist ${HOME}/.cache/spotify | 24 | allow ${HOME}/.cache/spotify |
25 | whitelist ${HOME}/.config/spotify | 25 | allow ${HOME}/.config/spotify |
26 | whitelist ${HOME}/.local/share/spotify | 26 | allow ${HOME}/.local/share/spotify |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
29 | 29 | ||
diff --git a/etc/profile-m-z/sqlitebrowser.profile b/etc/profile-m-z/sqlitebrowser.profile index 4dd2c7262..aa577b63a 100644 --- a/etc/profile-m-z/sqlitebrowser.profile +++ b/etc/profile-m-z/sqlitebrowser.profile | |||
@@ -6,8 +6,8 @@ include sqlitebrowser.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/sqlitebrowser | 9 | nodeny ${HOME}/.config/sqlitebrowser |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/ssh-agent.profile b/etc/profile-m-z/ssh-agent.profile index 5802299a3..e456ebe07 100644 --- a/etc/profile-m-z/ssh-agent.profile +++ b/etc/profile-m-z/ssh-agent.profile | |||
@@ -9,8 +9,8 @@ include globals.local | |||
9 | # Allow ssh (blacklisted by disable-common.inc) | 9 | # Allow ssh (blacklisted by disable-common.inc) |
10 | include allow-ssh.inc | 10 | include allow-ssh.inc |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | deny /tmp/.X11-unix |
13 | blacklist ${RUNUSER}/wayland-* | 13 | deny ${RUNUSER}/wayland-* |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index a58642192..8a0d86150 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile | |||
@@ -8,8 +8,8 @@ include ssh.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # nc can be used as ProxyCommand, e.g. when using tor | 10 | # nc can be used as ProxyCommand, e.g. when using tor |
11 | noblacklist ${PATH}/nc | 11 | nodeny ${PATH}/nc |
12 | noblacklist ${PATH}/ncat | 12 | nodeny ${PATH}/ncat |
13 | 13 | ||
14 | # Allow ssh (blacklisted by disable-common.inc) | 14 | # Allow ssh (blacklisted by disable-common.inc) |
15 | include allow-ssh.inc | 15 | include allow-ssh.inc |
@@ -19,8 +19,8 @@ include disable-exec.inc | |||
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 20 | include disable-programs.inc |
21 | 21 | ||
22 | whitelist ${RUNUSER}/gnupg/S.gpg-agent.ssh | 22 | allow ${RUNUSER}/gnupg/S.gpg-agent.ssh |
23 | whitelist ${RUNUSER}/keyring/ssh | 23 | allow ${RUNUSER}/keyring/ssh |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/standardnotes-desktop.profile b/etc/profile-m-z/standardnotes-desktop.profile index 48a532876..75de118ab 100644 --- a/etc/profile-m-z/standardnotes-desktop.profile +++ b/etc/profile-m-z/standardnotes-desktop.profile | |||
@@ -5,8 +5,8 @@ include standardnotes-desktop.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/Standard Notes Backups | 8 | nodeny ${HOME}/Standard Notes Backups |
9 | noblacklist ${HOME}/.config/Standard Notes | 9 | nodeny ${HOME}/.config/Standard Notes |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | 17 | ||
18 | mkdir ${HOME}/Standard Notes Backups | 18 | mkdir ${HOME}/Standard Notes Backups |
19 | mkdir ${HOME}/.config/Standard Notes | 19 | mkdir ${HOME}/.config/Standard Notes |
20 | whitelist ${HOME}/Standard Notes Backups | 20 | allow ${HOME}/Standard Notes Backups |
21 | whitelist ${HOME}/.config/Standard Notes | 21 | allow ${HOME}/.config/Standard Notes |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | apparmor | 24 | apparmor |
diff --git a/etc/profile-m-z/start-tor-browser.desktop.profile b/etc/profile-m-z/start-tor-browser.desktop.profile index 2f73c9fee..8f75365e8 100644 --- a/etc/profile-m-z/start-tor-browser.desktop.profile +++ b/etc/profile-m-z/start-tor-browser.desktop.profile | |||
@@ -6,71 +6,71 @@ include start-tor-browser.desktop.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser* | 9 | nodeny ${HOME}/.tor-browser* |
10 | 10 | ||
11 | whitelist ${HOME}/.tor-browser-ar | 11 | allow ${HOME}/.tor-browser-ar |
12 | whitelist ${HOME}/.tor-browser-ca | 12 | allow ${HOME}/.tor-browser-ca |
13 | whitelist ${HOME}/.tor-browser-cs | 13 | allow ${HOME}/.tor-browser-cs |
14 | whitelist ${HOME}/.tor-browser-da | 14 | allow ${HOME}/.tor-browser-da |
15 | whitelist ${HOME}/.tor-browser-de | 15 | allow ${HOME}/.tor-browser-de |
16 | whitelist ${HOME}/.tor-browser-el | 16 | allow ${HOME}/.tor-browser-el |
17 | whitelist ${HOME}/.tor-browser-en | 17 | allow ${HOME}/.tor-browser-en |
18 | whitelist ${HOME}/.tor-browser-en-us | 18 | allow ${HOME}/.tor-browser-en-us |
19 | whitelist ${HOME}/.tor-browser-es | 19 | allow ${HOME}/.tor-browser-es |
20 | whitelist ${HOME}/.tor-browser-es-es | 20 | allow ${HOME}/.tor-browser-es-es |
21 | whitelist ${HOME}/.tor-browser-fa | 21 | allow ${HOME}/.tor-browser-fa |
22 | whitelist ${HOME}/.tor-browser-fr | 22 | allow ${HOME}/.tor-browser-fr |
23 | whitelist ${HOME}/.tor-browser-ga-ie | 23 | allow ${HOME}/.tor-browser-ga-ie |
24 | whitelist ${HOME}/.tor-browser-he | 24 | allow ${HOME}/.tor-browser-he |
25 | whitelist ${HOME}/.tor-browser-hu | 25 | allow ${HOME}/.tor-browser-hu |
26 | whitelist ${HOME}/.tor-browser-id | 26 | allow ${HOME}/.tor-browser-id |
27 | whitelist ${HOME}/.tor-browser-is | 27 | allow ${HOME}/.tor-browser-is |
28 | whitelist ${HOME}/.tor-browser-it | 28 | allow ${HOME}/.tor-browser-it |
29 | whitelist ${HOME}/.tor-browser-ja | 29 | allow ${HOME}/.tor-browser-ja |
30 | whitelist ${HOME}/.tor-browser-ka | 30 | allow ${HOME}/.tor-browser-ka |
31 | whitelist ${HOME}/.tor-browser-ko | 31 | allow ${HOME}/.tor-browser-ko |
32 | whitelist ${HOME}/.tor-browser-nb | 32 | allow ${HOME}/.tor-browser-nb |
33 | whitelist ${HOME}/.tor-browser-nl | 33 | allow ${HOME}/.tor-browser-nl |
34 | whitelist ${HOME}/.tor-browser-pl | 34 | allow ${HOME}/.tor-browser-pl |
35 | whitelist ${HOME}/.tor-browser-pt-br | 35 | allow ${HOME}/.tor-browser-pt-br |
36 | whitelist ${HOME}/.tor-browser-ru | 36 | allow ${HOME}/.tor-browser-ru |
37 | whitelist ${HOME}/.tor-browser-sv-se | 37 | allow ${HOME}/.tor-browser-sv-se |
38 | whitelist ${HOME}/.tor-browser-tr | 38 | allow ${HOME}/.tor-browser-tr |
39 | whitelist ${HOME}/.tor-browser-vi | 39 | allow ${HOME}/.tor-browser-vi |
40 | whitelist ${HOME}/.tor-browser-zh-cn | 40 | allow ${HOME}/.tor-browser-zh-cn |
41 | whitelist ${HOME}/.tor-browser-zh-tw | 41 | allow ${HOME}/.tor-browser-zh-tw |
42 | 42 | ||
43 | whitelist ${HOME}/.tor-browser_ar | 43 | allow ${HOME}/.tor-browser_ar |
44 | whitelist ${HOME}/.tor-browser_ca | 44 | allow ${HOME}/.tor-browser_ca |
45 | whitelist ${HOME}/.tor-browser_cs | 45 | allow ${HOME}/.tor-browser_cs |
46 | whitelist ${HOME}/.tor-browser_da | 46 | allow ${HOME}/.tor-browser_da |
47 | whitelist ${HOME}/.tor-browser_de | 47 | allow ${HOME}/.tor-browser_de |
48 | whitelist ${HOME}/.tor-browser_el | 48 | allow ${HOME}/.tor-browser_el |
49 | whitelist ${HOME}/.tor-browser_en | 49 | allow ${HOME}/.tor-browser_en |
50 | whitelist ${HOME}/.tor-browser_en_US | 50 | allow ${HOME}/.tor-browser_en_US |
51 | whitelist ${HOME}/.tor-browser_es | 51 | allow ${HOME}/.tor-browser_es |
52 | whitelist ${HOME}/.tor-browser_es-ES | 52 | allow ${HOME}/.tor-browser_es-ES |
53 | whitelist ${HOME}/.tor-browser_fa | 53 | allow ${HOME}/.tor-browser_fa |
54 | whitelist ${HOME}/.tor-browser_fr | 54 | allow ${HOME}/.tor-browser_fr |
55 | whitelist ${HOME}/.tor-browser_ga-IE | 55 | allow ${HOME}/.tor-browser_ga-IE |
56 | whitelist ${HOME}/.tor-browser_he | 56 | allow ${HOME}/.tor-browser_he |
57 | whitelist ${HOME}/.tor-browser_hu | 57 | allow ${HOME}/.tor-browser_hu |
58 | whitelist ${HOME}/.tor-browser_id | 58 | allow ${HOME}/.tor-browser_id |
59 | whitelist ${HOME}/.tor-browser_is | 59 | allow ${HOME}/.tor-browser_is |
60 | whitelist ${HOME}/.tor-browser_it | 60 | allow ${HOME}/.tor-browser_it |
61 | whitelist ${HOME}/.tor-browser_ja | 61 | allow ${HOME}/.tor-browser_ja |
62 | whitelist ${HOME}/.tor-browser_ka | 62 | allow ${HOME}/.tor-browser_ka |
63 | whitelist ${HOME}/.tor-browser_ko | 63 | allow ${HOME}/.tor-browser_ko |
64 | whitelist ${HOME}/.tor-browser_nb | 64 | allow ${HOME}/.tor-browser_nb |
65 | whitelist ${HOME}/.tor-browser_nl | 65 | allow ${HOME}/.tor-browser_nl |
66 | whitelist ${HOME}/.tor-browser_pl | 66 | allow ${HOME}/.tor-browser_pl |
67 | whitelist ${HOME}/.tor-browser_pt-BR | 67 | allow ${HOME}/.tor-browser_pt-BR |
68 | whitelist ${HOME}/.tor-browser_ru | 68 | allow ${HOME}/.tor-browser_ru |
69 | whitelist ${HOME}/.tor-browser_sv-SE | 69 | allow ${HOME}/.tor-browser_sv-SE |
70 | whitelist ${HOME}/.tor-browser_tr | 70 | allow ${HOME}/.tor-browser_tr |
71 | whitelist ${HOME}/.tor-browser_vi | 71 | allow ${HOME}/.tor-browser_vi |
72 | whitelist ${HOME}/.tor-browser_zh-CN | 72 | allow ${HOME}/.tor-browser_zh-CN |
73 | whitelist ${HOME}/.tor-browser_zh-TW | 73 | allow ${HOME}/.tor-browser_zh-TW |
74 | 74 | ||
75 | # Redirect | 75 | # Redirect |
76 | include torbrowser-launcher.profile | 76 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index 06d08f3a2..09e29373d 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile | |||
@@ -6,40 +6,40 @@ include steam.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Epic | 9 | nodeny ${HOME}/.config/Epic |
10 | noblacklist ${HOME}/.config/Loop_Hero | 10 | nodeny ${HOME}/.config/Loop_Hero |
11 | noblacklist ${HOME}/.config/ModTheSpire | 11 | nodeny ${HOME}/.config/ModTheSpire |
12 | noblacklist ${HOME}/.config/RogueLegacy | 12 | nodeny ${HOME}/.config/RogueLegacy |
13 | noblacklist ${HOME}/.config/RogueLegacyStorageContainer | 13 | nodeny ${HOME}/.config/RogueLegacyStorageContainer |
14 | noblacklist ${HOME}/.killingfloor | 14 | nodeny ${HOME}/.killingfloor |
15 | noblacklist ${HOME}/.klei | 15 | nodeny ${HOME}/.klei |
16 | noblacklist ${HOME}/.local/share/3909/PapersPlease | 16 | nodeny ${HOME}/.local/share/3909/PapersPlease |
17 | noblacklist ${HOME}/.local/share/aspyr-media | 17 | nodeny ${HOME}/.local/share/aspyr-media |
18 | noblacklist ${HOME}/.local/share/bohemiainteractive | 18 | nodeny ${HOME}/.local/share/bohemiainteractive |
19 | noblacklist ${HOME}/.local/share/cdprojektred | 19 | nodeny ${HOME}/.local/share/cdprojektred |
20 | noblacklist ${HOME}/.local/share/Dredmor | 20 | nodeny ${HOME}/.local/share/Dredmor |
21 | noblacklist ${HOME}/.local/share/FasterThanLight | 21 | nodeny ${HOME}/.local/share/FasterThanLight |
22 | noblacklist ${HOME}/.local/share/feral-interactive | 22 | nodeny ${HOME}/.local/share/feral-interactive |
23 | noblacklist ${HOME}/.local/share/IntoTheBreach | 23 | nodeny ${HOME}/.local/share/IntoTheBreach |
24 | noblacklist ${HOME}/.local/share/Paradox Interactive | 24 | nodeny ${HOME}/.local/share/Paradox Interactive |
25 | noblacklist ${HOME}/.local/share/PillarsOfEternity | 25 | nodeny ${HOME}/.local/share/PillarsOfEternity |
26 | noblacklist ${HOME}/.local/share/RogueLegacy | 26 | nodeny ${HOME}/.local/share/RogueLegacy |
27 | noblacklist ${HOME}/.local/share/RogueLegacyStorageContainer | 27 | nodeny ${HOME}/.local/share/RogueLegacyStorageContainer |
28 | noblacklist ${HOME}/.local/share/Steam | 28 | nodeny ${HOME}/.local/share/Steam |
29 | noblacklist ${HOME}/.local/share/SteamWorldDig | 29 | nodeny ${HOME}/.local/share/SteamWorldDig |
30 | noblacklist ${HOME}/.local/share/SteamWorld Dig 2 | 30 | nodeny ${HOME}/.local/share/SteamWorld Dig 2 |
31 | noblacklist ${HOME}/.local/share/SuperHexagon | 31 | nodeny ${HOME}/.local/share/SuperHexagon |
32 | noblacklist ${HOME}/.local/share/Terraria | 32 | nodeny ${HOME}/.local/share/Terraria |
33 | noblacklist ${HOME}/.local/share/vpltd | 33 | nodeny ${HOME}/.local/share/vpltd |
34 | noblacklist ${HOME}/.local/share/vulkan | 34 | nodeny ${HOME}/.local/share/vulkan |
35 | noblacklist ${HOME}/.mbwarband | 35 | nodeny ${HOME}/.mbwarband |
36 | noblacklist ${HOME}/.paradoxinteractive | 36 | nodeny ${HOME}/.paradoxinteractive |
37 | noblacklist ${HOME}/.steam | 37 | nodeny ${HOME}/.steam |
38 | noblacklist ${HOME}/.steampath | 38 | nodeny ${HOME}/.steampath |
39 | noblacklist ${HOME}/.steampid | 39 | nodeny ${HOME}/.steampid |
40 | # needed for STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 to work | 40 | # needed for STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 to work |
41 | noblacklist /sbin | 41 | nodeny /sbin |
42 | noblacklist /usr/sbin | 42 | nodeny /usr/sbin |
43 | 43 | ||
44 | # Allow java (blacklisted by disable-devel.inc) | 44 | # Allow java (blacklisted by disable-devel.inc) |
45 | include allow-java.inc | 45 | include allow-java.inc |
@@ -84,38 +84,38 @@ mkdir ${HOME}/.paradoxinteractive | |||
84 | mkdir ${HOME}/.steam | 84 | mkdir ${HOME}/.steam |
85 | mkfile ${HOME}/.steampath | 85 | mkfile ${HOME}/.steampath |
86 | mkfile ${HOME}/.steampid | 86 | mkfile ${HOME}/.steampid |
87 | whitelist ${HOME}/.config/Epic | 87 | allow ${HOME}/.config/Epic |
88 | whitelist ${HOME}/.config/Loop_Hero | 88 | allow ${HOME}/.config/Loop_Hero |
89 | whitelist ${HOME}/.config/ModTheSpire | 89 | allow ${HOME}/.config/ModTheSpire |
90 | whitelist ${HOME}/.config/RogueLegacy | 90 | allow ${HOME}/.config/RogueLegacy |
91 | whitelist ${HOME}/.config/RogueLegacyStorageContainer | 91 | allow ${HOME}/.config/RogueLegacyStorageContainer |
92 | whitelist ${HOME}/.config/unity3d | 92 | allow ${HOME}/.config/unity3d |
93 | whitelist ${HOME}/.killingfloor | 93 | allow ${HOME}/.killingfloor |
94 | whitelist ${HOME}/.klei | 94 | allow ${HOME}/.klei |
95 | whitelist ${HOME}/.local/share/3909/PapersPlease | 95 | allow ${HOME}/.local/share/3909/PapersPlease |
96 | whitelist ${HOME}/.local/share/aspyr-media | 96 | allow ${HOME}/.local/share/aspyr-media |
97 | whitelist ${HOME}/.local/share/bohemiainteractive | 97 | allow ${HOME}/.local/share/bohemiainteractive |
98 | whitelist ${HOME}/.local/share/cdprojektred | 98 | allow ${HOME}/.local/share/cdprojektred |
99 | whitelist ${HOME}/.local/share/Dredmor | 99 | allow ${HOME}/.local/share/Dredmor |
100 | whitelist ${HOME}/.local/share/FasterThanLight | 100 | allow ${HOME}/.local/share/FasterThanLight |
101 | whitelist ${HOME}/.local/share/feral-interactive | 101 | allow ${HOME}/.local/share/feral-interactive |
102 | whitelist ${HOME}/.local/share/IntoTheBreach | 102 | allow ${HOME}/.local/share/IntoTheBreach |
103 | whitelist ${HOME}/.local/share/Paradox Interactive | 103 | allow ${HOME}/.local/share/Paradox Interactive |
104 | whitelist ${HOME}/.local/share/PillarsOfEternity | 104 | allow ${HOME}/.local/share/PillarsOfEternity |
105 | whitelist ${HOME}/.local/share/RogueLegacy | 105 | allow ${HOME}/.local/share/RogueLegacy |
106 | whitelist ${HOME}/.local/share/RogueLegacyStorageContainer | 106 | allow ${HOME}/.local/share/RogueLegacyStorageContainer |
107 | whitelist ${HOME}/.local/share/Steam | 107 | allow ${HOME}/.local/share/Steam |
108 | whitelist ${HOME}/.local/share/SteamWorldDig | 108 | allow ${HOME}/.local/share/SteamWorldDig |
109 | whitelist ${HOME}/.local/share/SteamWorld Dig 2 | 109 | allow ${HOME}/.local/share/SteamWorld Dig 2 |
110 | whitelist ${HOME}/.local/share/SuperHexagon | 110 | allow ${HOME}/.local/share/SuperHexagon |
111 | whitelist ${HOME}/.local/share/Terraria | 111 | allow ${HOME}/.local/share/Terraria |
112 | whitelist ${HOME}/.local/share/vpltd | 112 | allow ${HOME}/.local/share/vpltd |
113 | whitelist ${HOME}/.local/share/vulkan | 113 | allow ${HOME}/.local/share/vulkan |
114 | whitelist ${HOME}/.mbwarband | 114 | allow ${HOME}/.mbwarband |
115 | whitelist ${HOME}/.paradoxinteractive | 115 | allow ${HOME}/.paradoxinteractive |
116 | whitelist ${HOME}/.steam | 116 | allow ${HOME}/.steam |
117 | whitelist ${HOME}/.steampath | 117 | allow ${HOME}/.steampath |
118 | whitelist ${HOME}/.steampid | 118 | allow ${HOME}/.steampid |
119 | include whitelist-common.inc | 119 | include whitelist-common.inc |
120 | include whitelist-var-common.inc | 120 | include whitelist-var-common.inc |
121 | 121 | ||
diff --git a/etc/profile-m-z/stellarium.profile b/etc/profile-m-z/stellarium.profile index a752ab53c..003d3a079 100644 --- a/etc/profile-m-z/stellarium.profile +++ b/etc/profile-m-z/stellarium.profile | |||
@@ -6,8 +6,8 @@ include stellarium.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/stellarium | 9 | nodeny ${HOME}/.config/stellarium |
10 | noblacklist ${HOME}/.stellarium | 10 | nodeny ${HOME}/.stellarium |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-shell.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.config/stellarium | 20 | mkdir ${HOME}/.config/stellarium |
21 | mkdir ${HOME}/.stellarium | 21 | mkdir ${HOME}/.stellarium |
22 | whitelist ${HOME}/.config/stellarium | 22 | allow ${HOME}/.config/stellarium |
23 | whitelist ${HOME}/.stellarium | 23 | allow ${HOME}/.stellarium |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/straw-viewer.profile b/etc/profile-m-z/straw-viewer.profile index d73927f2a..dd643bc20 100644 --- a/etc/profile-m-z/straw-viewer.profile +++ b/etc/profile-m-z/straw-viewer.profile | |||
@@ -7,13 +7,13 @@ include straw-viewer.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/straw-viewer | 10 | nodeny ${HOME}/.cache/straw-viewer |
11 | noblacklist ${HOME}/.config/straw-viewer | 11 | nodeny ${HOME}/.config/straw-viewer |
12 | 12 | ||
13 | mkdir ${HOME}/.config/straw-viewer | 13 | mkdir ${HOME}/.config/straw-viewer |
14 | mkdir ${HOME}/.cache/straw-viewer | 14 | mkdir ${HOME}/.cache/straw-viewer |
15 | whitelist ${HOME}/.cache/straw-viewer | 15 | allow ${HOME}/.cache/straw-viewer |
16 | whitelist ${HOME}/.config/straw-viewer | 16 | allow ${HOME}/.config/straw-viewer |
17 | 17 | ||
18 | private-bin gtk-straw-viewer,straw-viewer | 18 | private-bin gtk-straw-viewer,straw-viewer |
19 | 19 | ||
diff --git a/etc/profile-m-z/strawberry.profile b/etc/profile-m-z/strawberry.profile index b87906f55..aed0b7910 100644 --- a/etc/profile-m-z/strawberry.profile +++ b/etc/profile-m-z/strawberry.profile | |||
@@ -6,10 +6,10 @@ include strawberry.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/strawberry | 9 | nodeny ${HOME}/.cache/strawberry |
10 | noblacklist ${HOME}/.config/strawberry | 10 | nodeny ${HOME}/.config/strawberry |
11 | noblacklist ${HOME}/.local/share/strawberry | 11 | nodeny ${HOME}/.local/share/strawberry |
12 | noblacklist ${MUSIC} | 12 | nodeny ${MUSIC} |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/strings.profile b/etc/profile-m-z/strings.profile index 1ebcded7f..5c820ef81 100644 --- a/etc/profile-m-z/strings.profile +++ b/etc/profile-m-z/strings.profile | |||
@@ -7,7 +7,7 @@ include strings.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER} | 10 | deny ${RUNUSER} |
11 | 11 | ||
12 | #include disable-common.inc | 12 | #include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/subdownloader.profile b/etc/profile-m-z/subdownloader.profile index bbe92fd38..0d07b5ea7 100644 --- a/etc/profile-m-z/subdownloader.profile +++ b/etc/profile-m-z/subdownloader.profile | |||
@@ -6,8 +6,8 @@ include subdownloader.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/SubDownloader | 9 | nodeny ${HOME}/.config/SubDownloader |
10 | noblacklist ${VIDEOS} | 10 | nodeny ${VIDEOS} |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
diff --git a/etc/profile-m-z/supertux2.profile b/etc/profile-m-z/supertux2.profile index cfd7a63ea..8cc547805 100644 --- a/etc/profile-m-z/supertux2.profile +++ b/etc/profile-m-z/supertux2.profile | |||
@@ -6,7 +6,7 @@ include supertux2.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/supertux2 | 9 | nodeny ${HOME}/.local/share/supertux2 |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.local/share/supertux2 | 20 | mkdir ${HOME}/.local/share/supertux2 |
21 | whitelist ${HOME}/.local/share/supertux2 | 21 | allow ${HOME}/.local/share/supertux2 |
22 | whitelist /usr/share/supertux2 | 22 | allow /usr/share/supertux2 |
23 | whitelist /usr/share/games/supertux2 # Debian version | 23 | allow /usr/share/games/supertux2 # Debian version |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/supertuxkart.profile b/etc/profile-m-z/supertuxkart.profile index 4eb8f921c..44dc1524f 100644 --- a/etc/profile-m-z/supertuxkart.profile +++ b/etc/profile-m-z/supertuxkart.profile | |||
@@ -6,11 +6,11 @@ include supertuxkart.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/supertuxkart | 9 | nodeny ${HOME}/.config/supertuxkart |
10 | noblacklist ${HOME}/.cache/supertuxkart | 10 | nodeny ${HOME}/.cache/supertuxkart |
11 | noblacklist ${HOME}/.local/share/supertuxkart | 11 | nodeny ${HOME}/.local/share/supertuxkart |
12 | 12 | ||
13 | blacklist /usr/libexec | 13 | deny /usr/libexec |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -24,11 +24,11 @@ include disable-xdg.inc | |||
24 | mkdir ${HOME}/.config/supertuxkart | 24 | mkdir ${HOME}/.config/supertuxkart |
25 | mkdir ${HOME}/.cache/supertuxkart | 25 | mkdir ${HOME}/.cache/supertuxkart |
26 | mkdir ${HOME}/.local/share/supertuxkart | 26 | mkdir ${HOME}/.local/share/supertuxkart |
27 | whitelist ${HOME}/.config/supertuxkart | 27 | allow ${HOME}/.config/supertuxkart |
28 | whitelist ${HOME}/.cache/supertuxkart | 28 | allow ${HOME}/.cache/supertuxkart |
29 | whitelist ${HOME}/.local/share/supertuxkart | 29 | allow ${HOME}/.local/share/supertuxkart |
30 | whitelist /usr/share/supertuxkart | 30 | allow /usr/share/supertuxkart |
31 | whitelist /usr/share/games/supertuxkart # Debian version | 31 | allow /usr/share/games/supertuxkart # Debian version |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/surf.profile b/etc/profile-m-z/surf.profile index 8db7d2433..fd1e7f9e9 100644 --- a/etc/profile-m-z/surf.profile +++ b/etc/profile-m-z/surf.profile | |||
@@ -6,7 +6,7 @@ include surf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.surf | 9 | nodeny ${HOME}/.surf |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -15,8 +15,8 @@ include disable-passwdmgr.inc | |||
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.surf | 17 | mkdir ${HOME}/.surf |
18 | whitelist ${HOME}/.surf | 18 | allow ${HOME}/.surf |
19 | whitelist ${DOWNLOADS} | 19 | allow ${DOWNLOADS} |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
diff --git a/etc/profile-m-z/swell-foop.profile b/etc/profile-m-z/swell-foop.profile index 9efae815d..55cd0965a 100644 --- a/etc/profile-m-z/swell-foop.profile +++ b/etc/profile-m-z/swell-foop.profile | |||
@@ -6,12 +6,12 @@ include swell-foop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/swell-foop | 9 | nodeny ${HOME}/.local/share/swell-foop |
10 | 10 | ||
11 | mkdir ${HOME}/.local/share/swell-foop | 11 | mkdir ${HOME}/.local/share/swell-foop |
12 | whitelist ${HOME}/.local/share/swell-foop | 12 | allow ${HOME}/.local/share/swell-foop |
13 | 13 | ||
14 | whitelist /usr/share/swell-foop | 14 | allow /usr/share/swell-foop |
15 | 15 | ||
16 | private-bin swell-foop | 16 | private-bin swell-foop |
17 | 17 | ||
diff --git a/etc/profile-m-z/sylpheed.profile b/etc/profile-m-z/sylpheed.profile index 328812b04..447cdc99e 100644 --- a/etc/profile-m-z/sylpheed.profile +++ b/etc/profile-m-z/sylpheed.profile | |||
@@ -6,12 +6,12 @@ include sylpheed.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.sylpheed-2.0 | 9 | nodeny ${HOME}/.sylpheed-2.0 |
10 | 10 | ||
11 | mkdir ${HOME}/.sylpheed-2.0 | 11 | mkdir ${HOME}/.sylpheed-2.0 |
12 | whitelist ${HOME}/.sylpheed-2.0 | 12 | allow ${HOME}/.sylpheed-2.0 |
13 | 13 | ||
14 | whitelist /usr/share/sylpheed | 14 | allow /usr/share/sylpheed |
15 | 15 | ||
16 | # private-bin curl,gpg,gpg2,gpg-agent,gpgsm,pinentry,pinentry-gtk-2,sylpheed | 16 | # private-bin curl,gpg,gpg2,gpg-agent,gpgsm,pinentry,pinentry-gtk-2,sylpheed |
17 | 17 | ||
diff --git a/etc/profile-m-z/synfigstudio.profile b/etc/profile-m-z/synfigstudio.profile index c60186c42..7cbbafd54 100644 --- a/etc/profile-m-z/synfigstudio.profile +++ b/etc/profile-m-z/synfigstudio.profile | |||
@@ -6,8 +6,8 @@ include synfigstudio.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/synfig | 9 | nodeny ${HOME}/.config/synfig |
10 | noblacklist ${HOME}/.synfig | 10 | nodeny ${HOME}/.synfig |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/sysprof.profile b/etc/profile-m-z/sysprof.profile index b52b25b96..f20f88791 100644 --- a/etc/profile-m-z/sysprof.profile +++ b/etc/profile-m-z/sysprof.profile | |||
@@ -6,7 +6,7 @@ include sysprof.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | 12 | include disable-exec.inc |
@@ -24,15 +24,15 @@ include disable-xdg.inc | |||
24 | #nowhitelist /usr/share/yelp-tools | 24 | #nowhitelist /usr/share/yelp-tools |
25 | #nowhitelist /usr/share/yelp-xsl | 25 | #nowhitelist /usr/share/yelp-xsl |
26 | 26 | ||
27 | noblacklist ${HOME}/.config/yelp | 27 | nodeny ${HOME}/.config/yelp |
28 | mkdir ${HOME}/.config/yelp | 28 | mkdir ${HOME}/.config/yelp |
29 | whitelist ${HOME}/.config/yelp | 29 | allow ${HOME}/.config/yelp |
30 | whitelist /usr/share/help/C/sysprof | 30 | allow /usr/share/help/C/sysprof |
31 | whitelist /usr/share/yelp | 31 | allow /usr/share/yelp |
32 | whitelist /usr/share/yelp-tools | 32 | allow /usr/share/yelp-tools |
33 | whitelist /usr/share/yelp-xsl | 33 | allow /usr/share/yelp-xsl |
34 | 34 | ||
35 | whitelist ${DOCUMENTS} | 35 | allow ${DOCUMENTS} |
36 | include whitelist-common.inc | 36 | include whitelist-common.inc |
37 | include whitelist-runuser-common.inc | 37 | include whitelist-runuser-common.inc |
38 | include whitelist-usr-share-common.inc | 38 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/tar.profile b/etc/profile-m-z/tar.profile index 0d3a900e9..74c8a0849 100644 --- a/etc/profile-m-z/tar.profile +++ b/etc/profile-m-z/tar.profile | |||
@@ -12,7 +12,7 @@ ignore include disable-shell.inc | |||
12 | 12 | ||
13 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop | 13 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop |
14 | # all capabilities this is automatically read-only. | 14 | # all capabilities this is automatically read-only. |
15 | noblacklist /var/lib/pacman | 15 | nodeny /var/lib/pacman |
16 | 16 | ||
17 | private-etc alternatives,group,localtime,login.defs,passwd | 17 | private-etc alternatives,group,localtime,login.defs,passwd |
18 | #private-lib libfakeroot,liblzma.so.*,libreadline.so.* | 18 | #private-lib libfakeroot,liblzma.so.*,libreadline.so.* |
diff --git a/etc/profile-m-z/tb-starter-wrapper.profile b/etc/profile-m-z/tb-starter-wrapper.profile index ffe9605b6..691c33191 100644 --- a/etc/profile-m-z/tb-starter-wrapper.profile +++ b/etc/profile-m-z/tb-starter-wrapper.profile | |||
@@ -8,10 +8,10 @@ include tb-starter-wrapper.local | |||
8 | # added by included profile | 8 | # added by included profile |
9 | #include globals.local | 9 | #include globals.local |
10 | 10 | ||
11 | noblacklist ${HOME}/.tb | 11 | nodeny ${HOME}/.tb |
12 | 12 | ||
13 | mkdir ${HOME}/.tb | 13 | mkdir ${HOME}/.tb |
14 | whitelist ${HOME}/.tb | 14 | allow ${HOME}/.tb |
15 | 15 | ||
16 | private-bin tb-starter-wrapper | 16 | private-bin tb-starter-wrapper |
17 | 17 | ||
diff --git a/etc/profile-m-z/tcpdump.profile b/etc/profile-m-z/tcpdump.profile index e2ba5893c..b4c4873b3 100644 --- a/etc/profile-m-z/tcpdump.profile +++ b/etc/profile-m-z/tcpdump.profile | |||
@@ -6,9 +6,9 @@ include tcpdump.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /sbin | 9 | nodeny /sbin |
10 | noblacklist /usr/sbin | 10 | nodeny /usr/sbin |
11 | noblacklist ${PATH}/tcpdump | 11 | nodeny ${PATH}/tcpdump |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/teams-for-linux.profile b/etc/profile-m-z/teams-for-linux.profile index eee083332..24cbb42da 100644 --- a/etc/profile-m-z/teams-for-linux.profile +++ b/etc/profile-m-z/teams-for-linux.profile | |||
@@ -14,10 +14,10 @@ ignore include whitelist-usr-share-common.inc | |||
14 | ignore dbus-user none | 14 | ignore dbus-user none |
15 | ignore dbus-system none | 15 | ignore dbus-system none |
16 | 16 | ||
17 | noblacklist ${HOME}/.config/teams-for-linux | 17 | nodeny ${HOME}/.config/teams-for-linux |
18 | 18 | ||
19 | mkdir ${HOME}/.config/teams-for-linux | 19 | mkdir ${HOME}/.config/teams-for-linux |
20 | whitelist ${HOME}/.config/teams-for-linux | 20 | allow ${HOME}/.config/teams-for-linux |
21 | 21 | ||
22 | private-bin bash,cut,echo,egrep,grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh | 22 | private-bin bash,cut,echo,egrep,grep,head,sed,sh,teams-for-linux,tr,xdg-mime,xdg-open,zsh |
23 | private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl | 23 | private-etc ca-certificates,crypto-policies,fonts,ld.so.cache,localtime,machine-id,pki,resolv.conf,ssl |
diff --git a/etc/profile-m-z/teams.profile b/etc/profile-m-z/teams.profile index c8d98cbaa..8639edbc8 100644 --- a/etc/profile-m-z/teams.profile +++ b/etc/profile-m-z/teams.profile | |||
@@ -18,13 +18,13 @@ ignore apparmor | |||
18 | ignore dbus-user none | 18 | ignore dbus-user none |
19 | ignore dbus-system none | 19 | ignore dbus-system none |
20 | 20 | ||
21 | noblacklist ${HOME}/.config/teams | 21 | nodeny ${HOME}/.config/teams |
22 | noblacklist ${HOME}/.config/Microsoft | 22 | nodeny ${HOME}/.config/Microsoft |
23 | 23 | ||
24 | mkdir ${HOME}/.config/teams | 24 | mkdir ${HOME}/.config/teams |
25 | mkdir ${HOME}/.config/Microsoft | 25 | mkdir ${HOME}/.config/Microsoft |
26 | whitelist ${HOME}/.config/teams | 26 | allow ${HOME}/.config/teams |
27 | whitelist ${HOME}/.config/Microsoft | 27 | allow ${HOME}/.config/Microsoft |
28 | 28 | ||
29 | # Redirect | 29 | # Redirect |
30 | include electron.profile | 30 | include electron.profile |
diff --git a/etc/profile-m-z/teamspeak3.profile b/etc/profile-m-z/teamspeak3.profile index 02a2c8ae4..781a5f4eb 100644 --- a/etc/profile-m-z/teamspeak3.profile +++ b/etc/profile-m-z/teamspeak3.profile | |||
@@ -6,8 +6,8 @@ include teamspeak3.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.ts3client | 9 | nodeny ${HOME}/.ts3client |
10 | noblacklist ${PATH}/openssl | 10 | nodeny ${PATH}/openssl |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.ts3client | 19 | mkdir ${HOME}/.ts3client |
20 | whitelist ${DOWNLOADS} | 20 | allow ${DOWNLOADS} |
21 | whitelist ${HOME}/.ts3client | 21 | allow ${HOME}/.ts3client |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-m-z/teeworlds.profile b/etc/profile-m-z/teeworlds.profile index be01aee12..c9c444ffc 100644 --- a/etc/profile-m-z/teeworlds.profile +++ b/etc/profile-m-z/teeworlds.profile | |||
@@ -6,7 +6,7 @@ include teeworlds.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.teeworlds | 9 | nodeny ${HOME}/.teeworlds |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.teeworlds | 20 | mkdir ${HOME}/.teeworlds |
21 | whitelist ${HOME}/.teeworlds | 21 | allow ${HOME}/.teeworlds |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile index 05c621fb2..92689a461 100644 --- a/etc/profile-m-z/telegram.profile +++ b/etc/profile-m-z/telegram.profile | |||
@@ -5,8 +5,8 @@ include telegram.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.TelegramDesktop | 8 | nodeny ${HOME}/.TelegramDesktop |
9 | noblacklist ${HOME}/.local/share/TelegramDesktop | 9 | nodeny ${HOME}/.local/share/TelegramDesktop |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.TelegramDesktop | 20 | mkdir ${HOME}/.TelegramDesktop |
21 | mkdir ${HOME}/.local/share/TelegramDesktop | 21 | mkdir ${HOME}/.local/share/TelegramDesktop |
22 | whitelist ${HOME}/.TelegramDesktop | 22 | allow ${HOME}/.TelegramDesktop |
23 | whitelist ${HOME}/.local/share/TelegramDesktop | 23 | allow ${HOME}/.local/share/TelegramDesktop |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
@@ -39,7 +39,6 @@ protocol unix,inet,inet6,netlink | |||
39 | seccomp | 39 | seccomp |
40 | seccomp.block-secondary | 40 | seccomp.block-secondary |
41 | shell none | 41 | shell none |
42 | tracelog | ||
43 | 42 | ||
44 | disable-mnt | 43 | disable-mnt |
45 | #private-bin telegram,Telegram,telegram-desktop | 44 | #private-bin telegram,Telegram,telegram-desktop |
diff --git a/etc/profile-m-z/terasology.profile b/etc/profile-m-z/terasology.profile index ce2ca1d17..b2f98fbac 100644 --- a/etc/profile-m-z/terasology.profile +++ b/etc/profile-m-z/terasology.profile | |||
@@ -7,7 +7,7 @@ include globals.local | |||
7 | 7 | ||
8 | ignore noexec /tmp | 8 | ignore noexec /tmp |
9 | 9 | ||
10 | noblacklist ${HOME}/.local/share/terasology | 10 | nodeny ${HOME}/.local/share/terasology |
11 | 11 | ||
12 | # Allow java (blacklisted by disable-devel.inc) | 12 | # Allow java (blacklisted by disable-devel.inc) |
13 | include allow-java.inc | 13 | include allow-java.inc |
@@ -21,8 +21,8 @@ include disable-programs.inc | |||
21 | 21 | ||
22 | mkdir ${HOME}/.java | 22 | mkdir ${HOME}/.java |
23 | mkdir ${HOME}/.local/share/terasology | 23 | mkdir ${HOME}/.local/share/terasology |
24 | whitelist ${HOME}/.java | 24 | allow ${HOME}/.java |
25 | whitelist ${HOME}/.local/share/terasology | 25 | allow ${HOME}/.local/share/terasology |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | 27 | ||
28 | caps.drop all | 28 | caps.drop all |
diff --git a/etc/profile-m-z/thunderbird.profile b/etc/profile-m-z/thunderbird.profile index b478fbe1e..a539cadf8 100644 --- a/etc/profile-m-z/thunderbird.profile +++ b/etc/profile-m-z/thunderbird.profile | |||
@@ -22,14 +22,14 @@ writable-run-user | |||
22 | #writable-var | 22 | #writable-var |
23 | 23 | ||
24 | # These lines are needed to allow Firefox to load your profile when clicking a link in an email | 24 | # These lines are needed to allow Firefox to load your profile when clicking a link in an email |
25 | noblacklist ${HOME}/.mozilla | 25 | nodeny ${HOME}/.mozilla |
26 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 26 | allow ${HOME}/.mozilla/firefox/profiles.ini |
27 | read-only ${HOME}/.mozilla/firefox/profiles.ini | 27 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
28 | 28 | ||
29 | noblacklist ${HOME}/.cache/thunderbird | 29 | nodeny ${HOME}/.cache/thunderbird |
30 | noblacklist ${HOME}/.gnupg | 30 | nodeny ${HOME}/.gnupg |
31 | # noblacklist ${HOME}/.icedove | 31 | # noblacklist ${HOME}/.icedove |
32 | noblacklist ${HOME}/.thunderbird | 32 | nodeny ${HOME}/.thunderbird |
33 | 33 | ||
34 | include disable-passwdmgr.inc | 34 | include disable-passwdmgr.inc |
35 | include disable-xdg.inc | 35 | include disable-xdg.inc |
@@ -42,15 +42,15 @@ mkdir ${HOME}/.cache/thunderbird | |||
42 | mkdir ${HOME}/.gnupg | 42 | mkdir ${HOME}/.gnupg |
43 | # mkdir ${HOME}/.icedove | 43 | # mkdir ${HOME}/.icedove |
44 | mkdir ${HOME}/.thunderbird | 44 | mkdir ${HOME}/.thunderbird |
45 | whitelist ${HOME}/.cache/thunderbird | 45 | allow ${HOME}/.cache/thunderbird |
46 | whitelist ${HOME}/.gnupg | 46 | allow ${HOME}/.gnupg |
47 | # whitelist ${HOME}/.icedove | 47 | # whitelist ${HOME}/.icedove |
48 | whitelist ${HOME}/.thunderbird | 48 | allow ${HOME}/.thunderbird |
49 | 49 | ||
50 | whitelist /usr/share/gnupg | 50 | allow /usr/share/gnupg |
51 | whitelist /usr/share/mozilla | 51 | allow /usr/share/mozilla |
52 | whitelist /usr/share/thunderbird | 52 | allow /usr/share/thunderbird |
53 | whitelist /usr/share/webext | 53 | allow /usr/share/webext |
54 | include whitelist-usr-share-common.inc | 54 | include whitelist-usr-share-common.inc |
55 | 55 | ||
56 | # machine-id breaks audio in browsers; enable or put it in your thunderbird.local when sound is not required | 56 | # machine-id breaks audio in browsers; enable or put it in your thunderbird.local when sound is not required |
diff --git a/etc/profile-m-z/tilp.profile b/etc/profile-m-z/tilp.profile index dd4a372c4..b0fa54f08 100644 --- a/etc/profile-m-z/tilp.profile +++ b/etc/profile-m-z/tilp.profile | |||
@@ -5,7 +5,7 @@ include tilp.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.tilp | 8 | nodeny ${HOME}/.tilp |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-m-z/tin.profile b/etc/profile-m-z/tin.profile index e0ed3090a..3ee696b8b 100644 --- a/etc/profile-m-z/tin.profile +++ b/etc/profile-m-z/tin.profile | |||
@@ -6,12 +6,12 @@ include tin.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.newsrc | 9 | nodeny ${HOME}/.newsrc |
10 | noblacklist ${HOME}/.tin | 10 | nodeny ${HOME}/.tin |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | deny /tmp/.X11-unix |
13 | blacklist ${RUNUSER} | 13 | deny ${RUNUSER} |
14 | blacklist /usr/libexec | 14 | deny /usr/libexec |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-m-z/tmux.profile b/etc/profile-m-z/tmux.profile index 0139d7515..d2e90e356 100644 --- a/etc/profile-m-z/tmux.profile +++ b/etc/profile-m-z/tmux.profile | |||
@@ -7,10 +7,10 @@ include tmux.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | deny ${RUNUSER} |
12 | 12 | ||
13 | noblacklist /tmp/tmux-* | 13 | nodeny /tmp/tmux-* |
14 | 14 | ||
15 | # include disable-common.inc | 15 | # include disable-common.inc |
16 | # include disable-devel.inc | 16 | # include disable-devel.inc |
diff --git a/etc/profile-m-z/tor-browser-ar.profile b/etc/profile-m-z/tor-browser-ar.profile index 59f1bc3b1..49158b93e 100644 --- a/etc/profile-m-z/tor-browser-ar.profile +++ b/etc/profile-m-z/tor-browser-ar.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ar.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-ar | 9 | nodeny ${HOME}/.tor-browser-ar |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ar | 11 | mkdir ${HOME}/.tor-browser-ar |
12 | whitelist ${HOME}/.tor-browser-ar | 12 | allow ${HOME}/.tor-browser-ar |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ca.profile b/etc/profile-m-z/tor-browser-ca.profile index 68577e352..612f8bd7c 100644 --- a/etc/profile-m-z/tor-browser-ca.profile +++ b/etc/profile-m-z/tor-browser-ca.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ca.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-ca | 9 | nodeny ${HOME}/.tor-browser-ca |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ca | 11 | mkdir ${HOME}/.tor-browser-ca |
12 | whitelist ${HOME}/.tor-browser-ca | 12 | allow ${HOME}/.tor-browser-ca |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-cs.profile b/etc/profile-m-z/tor-browser-cs.profile index 33e51fcd0..a400fde05 100644 --- a/etc/profile-m-z/tor-browser-cs.profile +++ b/etc/profile-m-z/tor-browser-cs.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-cs.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-cs | 9 | nodeny ${HOME}/.tor-browser-cs |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-cs | 11 | mkdir ${HOME}/.tor-browser-cs |
12 | whitelist ${HOME}/.tor-browser-cs | 12 | allow ${HOME}/.tor-browser-cs |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-da.profile b/etc/profile-m-z/tor-browser-da.profile index 440bb7fc3..9010025e3 100644 --- a/etc/profile-m-z/tor-browser-da.profile +++ b/etc/profile-m-z/tor-browser-da.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-da.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-da | 9 | nodeny ${HOME}/.tor-browser-da |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-da | 11 | mkdir ${HOME}/.tor-browser-da |
12 | whitelist ${HOME}/.tor-browser-da | 12 | allow ${HOME}/.tor-browser-da |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-de.profile b/etc/profile-m-z/tor-browser-de.profile index b2b98cf82..cd556c32b 100644 --- a/etc/profile-m-z/tor-browser-de.profile +++ b/etc/profile-m-z/tor-browser-de.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-de.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-de | 9 | nodeny ${HOME}/.tor-browser-de |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-de | 11 | mkdir ${HOME}/.tor-browser-de |
12 | whitelist ${HOME}/.tor-browser-de | 12 | allow ${HOME}/.tor-browser-de |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-el.profile b/etc/profile-m-z/tor-browser-el.profile index 626757dd5..ee2b0fea7 100644 --- a/etc/profile-m-z/tor-browser-el.profile +++ b/etc/profile-m-z/tor-browser-el.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-el.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-el | 9 | nodeny ${HOME}/.tor-browser-el |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-el | 11 | mkdir ${HOME}/.tor-browser-el |
12 | whitelist ${HOME}/.tor-browser-el | 12 | allow ${HOME}/.tor-browser-el |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-en-us.profile b/etc/profile-m-z/tor-browser-en-us.profile index 15e690748..2be71a5aa 100644 --- a/etc/profile-m-z/tor-browser-en-us.profile +++ b/etc/profile-m-z/tor-browser-en-us.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-en-us.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-en-us | 9 | nodeny ${HOME}/.tor-browser-en-us |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-en-us | 11 | mkdir ${HOME}/.tor-browser-en-us |
12 | whitelist ${HOME}/.tor-browser-en-us | 12 | allow ${HOME}/.tor-browser-en-us |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-en.profile b/etc/profile-m-z/tor-browser-en.profile index ef8c1eb8b..633c2f4f9 100644 --- a/etc/profile-m-z/tor-browser-en.profile +++ b/etc/profile-m-z/tor-browser-en.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-en.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-en | 9 | nodeny ${HOME}/.tor-browser-en |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-en | 11 | mkdir ${HOME}/.tor-browser-en |
12 | whitelist ${HOME}/.tor-browser-en | 12 | allow ${HOME}/.tor-browser-en |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-es-es.profile b/etc/profile-m-z/tor-browser-es-es.profile index ad734662e..f7c2302a7 100644 --- a/etc/profile-m-z/tor-browser-es-es.profile +++ b/etc/profile-m-z/tor-browser-es-es.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-es-es.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-es-es | 9 | nodeny ${HOME}/.tor-browser-es-es |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-es-es | 11 | mkdir ${HOME}/.tor-browser-es-es |
12 | whitelist ${HOME}/.tor-browser-es-es | 12 | allow ${HOME}/.tor-browser-es-es |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-es.profile b/etc/profile-m-z/tor-browser-es.profile index 97d8d8577..d88dcdec1 100644 --- a/etc/profile-m-z/tor-browser-es.profile +++ b/etc/profile-m-z/tor-browser-es.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-es.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-es | 9 | nodeny ${HOME}/.tor-browser-es |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-es | 11 | mkdir ${HOME}/.tor-browser-es |
12 | whitelist ${HOME}/.tor-browser-es | 12 | allow ${HOME}/.tor-browser-es |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-fa.profile b/etc/profile-m-z/tor-browser-fa.profile index 095be69e4..3f7074fdb 100644 --- a/etc/profile-m-z/tor-browser-fa.profile +++ b/etc/profile-m-z/tor-browser-fa.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-fa.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-fa | 9 | nodeny ${HOME}/.tor-browser-fa |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-fa | 11 | mkdir ${HOME}/.tor-browser-fa |
12 | whitelist ${HOME}/.tor-browser-fa | 12 | allow ${HOME}/.tor-browser-fa |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-fr.profile b/etc/profile-m-z/tor-browser-fr.profile index 37f61fc3a..ef14f44a2 100644 --- a/etc/profile-m-z/tor-browser-fr.profile +++ b/etc/profile-m-z/tor-browser-fr.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-fr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-fr | 9 | nodeny ${HOME}/.tor-browser-fr |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-fr | 11 | mkdir ${HOME}/.tor-browser-fr |
12 | whitelist ${HOME}/.tor-browser-fr | 12 | allow ${HOME}/.tor-browser-fr |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ga-ie.profile b/etc/profile-m-z/tor-browser-ga-ie.profile index ab7141fc4..06baaf34f 100644 --- a/etc/profile-m-z/tor-browser-ga-ie.profile +++ b/etc/profile-m-z/tor-browser-ga-ie.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ga-ie.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-ga-ie | 9 | nodeny ${HOME}/.tor-browser-ga-ie |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ga-ie | 11 | mkdir ${HOME}/.tor-browser-ga-ie |
12 | whitelist ${HOME}/.tor-browser-ga-ie | 12 | allow ${HOME}/.tor-browser-ga-ie |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-he.profile b/etc/profile-m-z/tor-browser-he.profile index ae56f3b7f..57588ffc7 100644 --- a/etc/profile-m-z/tor-browser-he.profile +++ b/etc/profile-m-z/tor-browser-he.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-he.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-he | 9 | nodeny ${HOME}/.tor-browser-he |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-he | 11 | mkdir ${HOME}/.tor-browser-he |
12 | whitelist ${HOME}/.tor-browser-he | 12 | allow ${HOME}/.tor-browser-he |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-hu.profile b/etc/profile-m-z/tor-browser-hu.profile index 65cd18ac8..a10b66a24 100644 --- a/etc/profile-m-z/tor-browser-hu.profile +++ b/etc/profile-m-z/tor-browser-hu.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-hu.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-hu | 9 | nodeny ${HOME}/.tor-browser-hu |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-hu | 11 | mkdir ${HOME}/.tor-browser-hu |
12 | whitelist ${HOME}/.tor-browser-hu | 12 | allow ${HOME}/.tor-browser-hu |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-id.profile b/etc/profile-m-z/tor-browser-id.profile index 57fe09f47..fcdb822cd 100644 --- a/etc/profile-m-z/tor-browser-id.profile +++ b/etc/profile-m-z/tor-browser-id.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-id.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-id | 9 | nodeny ${HOME}/.tor-browser-id |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-id | 11 | mkdir ${HOME}/.tor-browser-id |
12 | whitelist ${HOME}/.tor-browser-id | 12 | allow ${HOME}/.tor-browser-id |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-is.profile b/etc/profile-m-z/tor-browser-is.profile index 54f1df42d..45b47c108 100644 --- a/etc/profile-m-z/tor-browser-is.profile +++ b/etc/profile-m-z/tor-browser-is.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-is.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-is | 9 | nodeny ${HOME}/.tor-browser-is |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-is | 11 | mkdir ${HOME}/.tor-browser-is |
12 | whitelist ${HOME}/.tor-browser-is | 12 | allow ${HOME}/.tor-browser-is |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-it.profile b/etc/profile-m-z/tor-browser-it.profile index a7d46e875..b5a2f7c13 100644 --- a/etc/profile-m-z/tor-browser-it.profile +++ b/etc/profile-m-z/tor-browser-it.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-it.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-it | 9 | nodeny ${HOME}/.tor-browser-it |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-it | 11 | mkdir ${HOME}/.tor-browser-it |
12 | whitelist ${HOME}/.tor-browser-it | 12 | allow ${HOME}/.tor-browser-it |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ja.profile b/etc/profile-m-z/tor-browser-ja.profile index b89016141..e1f023bd4 100644 --- a/etc/profile-m-z/tor-browser-ja.profile +++ b/etc/profile-m-z/tor-browser-ja.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ja.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-ja | 9 | nodeny ${HOME}/.tor-browser-ja |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ja | 11 | mkdir ${HOME}/.tor-browser-ja |
12 | whitelist ${HOME}/.tor-browser-ja | 12 | allow ${HOME}/.tor-browser-ja |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ka.profile b/etc/profile-m-z/tor-browser-ka.profile index b57cf10de..17930b58e 100644 --- a/etc/profile-m-z/tor-browser-ka.profile +++ b/etc/profile-m-z/tor-browser-ka.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ka.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-ka | 9 | nodeny ${HOME}/.tor-browser-ka |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ka | 11 | mkdir ${HOME}/.tor-browser-ka |
12 | whitelist ${HOME}/.tor-browser-ka | 12 | allow ${HOME}/.tor-browser-ka |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ko.profile b/etc/profile-m-z/tor-browser-ko.profile index a9bedb6fd..b33d1edb4 100644 --- a/etc/profile-m-z/tor-browser-ko.profile +++ b/etc/profile-m-z/tor-browser-ko.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ko.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-ko | 9 | nodeny ${HOME}/.tor-browser-ko |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ko | 11 | mkdir ${HOME}/.tor-browser-ko |
12 | whitelist ${HOME}/.tor-browser-ko | 12 | allow ${HOME}/.tor-browser-ko |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-nb.profile b/etc/profile-m-z/tor-browser-nb.profile index fbe9f92bd..b462eb9ac 100644 --- a/etc/profile-m-z/tor-browser-nb.profile +++ b/etc/profile-m-z/tor-browser-nb.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-nb.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-nb | 9 | nodeny ${HOME}/.tor-browser-nb |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-nb | 11 | mkdir ${HOME}/.tor-browser-nb |
12 | whitelist ${HOME}/.tor-browser-nb | 12 | allow ${HOME}/.tor-browser-nb |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-nl.profile b/etc/profile-m-z/tor-browser-nl.profile index 678ac1713..0225eb6fd 100644 --- a/etc/profile-m-z/tor-browser-nl.profile +++ b/etc/profile-m-z/tor-browser-nl.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-nl.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-nl | 9 | nodeny ${HOME}/.tor-browser-nl |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-nl | 11 | mkdir ${HOME}/.tor-browser-nl |
12 | whitelist ${HOME}/.tor-browser-nl | 12 | allow ${HOME}/.tor-browser-nl |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-pl.profile b/etc/profile-m-z/tor-browser-pl.profile index 25d473b1a..75604b458 100644 --- a/etc/profile-m-z/tor-browser-pl.profile +++ b/etc/profile-m-z/tor-browser-pl.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-pl.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-pl | 9 | nodeny ${HOME}/.tor-browser-pl |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-pl | 11 | mkdir ${HOME}/.tor-browser-pl |
12 | whitelist ${HOME}/.tor-browser-pl | 12 | allow ${HOME}/.tor-browser-pl |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-pt-br.profile b/etc/profile-m-z/tor-browser-pt-br.profile index 55adbd5ea..4d50d8034 100644 --- a/etc/profile-m-z/tor-browser-pt-br.profile +++ b/etc/profile-m-z/tor-browser-pt-br.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-pt-br.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-pt-br | 9 | nodeny ${HOME}/.tor-browser-pt-br |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-pt-br | 11 | mkdir ${HOME}/.tor-browser-pt-br |
12 | whitelist ${HOME}/.tor-browser-pt-br | 12 | allow ${HOME}/.tor-browser-pt-br |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-ru.profile b/etc/profile-m-z/tor-browser-ru.profile index aea13be9d..4bca3c46f 100644 --- a/etc/profile-m-z/tor-browser-ru.profile +++ b/etc/profile-m-z/tor-browser-ru.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-ru.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-ru | 9 | nodeny ${HOME}/.tor-browser-ru |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-ru | 11 | mkdir ${HOME}/.tor-browser-ru |
12 | whitelist ${HOME}/.tor-browser-ru | 12 | allow ${HOME}/.tor-browser-ru |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-sv-se.profile b/etc/profile-m-z/tor-browser-sv-se.profile index b7882bd04..1b319dc43 100644 --- a/etc/profile-m-z/tor-browser-sv-se.profile +++ b/etc/profile-m-z/tor-browser-sv-se.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-sv-se.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-sv-se | 9 | nodeny ${HOME}/.tor-browser-sv-se |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-sv-se | 11 | mkdir ${HOME}/.tor-browser-sv-se |
12 | whitelist ${HOME}/.tor-browser-sv-se | 12 | allow ${HOME}/.tor-browser-sv-se |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-tr.profile b/etc/profile-m-z/tor-browser-tr.profile index c52e8c4c4..0775a0c08 100644 --- a/etc/profile-m-z/tor-browser-tr.profile +++ b/etc/profile-m-z/tor-browser-tr.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-tr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-tr | 9 | nodeny ${HOME}/.tor-browser-tr |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-tr | 11 | mkdir ${HOME}/.tor-browser-tr |
12 | whitelist ${HOME}/.tor-browser-tr | 12 | allow ${HOME}/.tor-browser-tr |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-vi.profile b/etc/profile-m-z/tor-browser-vi.profile index d5bf76655..c4d5a7a76 100644 --- a/etc/profile-m-z/tor-browser-vi.profile +++ b/etc/profile-m-z/tor-browser-vi.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-vi.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-vi | 9 | nodeny ${HOME}/.tor-browser-vi |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-vi | 11 | mkdir ${HOME}/.tor-browser-vi |
12 | whitelist ${HOME}/.tor-browser-vi | 12 | allow ${HOME}/.tor-browser-vi |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-zh-cn.profile b/etc/profile-m-z/tor-browser-zh-cn.profile index 6c8925a4a..4cd287e5d 100644 --- a/etc/profile-m-z/tor-browser-zh-cn.profile +++ b/etc/profile-m-z/tor-browser-zh-cn.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-zh-cn.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-zh-cn | 9 | nodeny ${HOME}/.tor-browser-zh-cn |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-zh-cn | 11 | mkdir ${HOME}/.tor-browser-zh-cn |
12 | whitelist ${HOME}/.tor-browser-zh-cn | 12 | allow ${HOME}/.tor-browser-zh-cn |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser-zh-tw.profile b/etc/profile-m-z/tor-browser-zh-tw.profile index 141a6701e..c75baf522 100644 --- a/etc/profile-m-z/tor-browser-zh-tw.profile +++ b/etc/profile-m-z/tor-browser-zh-tw.profile | |||
@@ -6,10 +6,10 @@ include tor-browser-zh-tw.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser-zh-tw | 9 | nodeny ${HOME}/.tor-browser-zh-tw |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser-zh-tw | 11 | mkdir ${HOME}/.tor-browser-zh-tw |
12 | whitelist ${HOME}/.tor-browser-zh-tw | 12 | allow ${HOME}/.tor-browser-zh-tw |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser.profile b/etc/profile-m-z/tor-browser.profile index 76a0e1fa5..8a2dbda53 100644 --- a/etc/profile-m-z/tor-browser.profile +++ b/etc/profile-m-z/tor-browser.profile | |||
@@ -6,10 +6,10 @@ include tor-browser.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser | 9 | nodeny ${HOME}/.tor-browser |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser | 11 | mkdir ${HOME}/.tor-browser |
12 | whitelist ${HOME}/.tor-browser | 12 | allow ${HOME}/.tor-browser |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ar.profile b/etc/profile-m-z/tor-browser_ar.profile index d811b7549..90b5a0960 100644 --- a/etc/profile-m-z/tor-browser_ar.profile +++ b/etc/profile-m-z/tor-browser_ar.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ar.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_ar | 9 | nodeny ${HOME}/.tor-browser_ar |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ar | 11 | mkdir ${HOME}/.tor-browser_ar |
12 | whitelist ${HOME}/.tor-browser_ar | 12 | allow ${HOME}/.tor-browser_ar |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ca.profile b/etc/profile-m-z/tor-browser_ca.profile index 8bf1f7cd4..a04207ccd 100644 --- a/etc/profile-m-z/tor-browser_ca.profile +++ b/etc/profile-m-z/tor-browser_ca.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ca.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_ca | 9 | nodeny ${HOME}/.tor-browser_ca |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ca | 11 | mkdir ${HOME}/.tor-browser_ca |
12 | whitelist ${HOME}/.tor-browser_ca | 12 | allow ${HOME}/.tor-browser_ca |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_cs.profile b/etc/profile-m-z/tor-browser_cs.profile index b41107bf1..b99ad14a8 100644 --- a/etc/profile-m-z/tor-browser_cs.profile +++ b/etc/profile-m-z/tor-browser_cs.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_cs.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_cs | 9 | nodeny ${HOME}/.tor-browser_cs |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_cs | 11 | mkdir ${HOME}/.tor-browser_cs |
12 | whitelist ${HOME}/.tor-browser_cs | 12 | allow ${HOME}/.tor-browser_cs |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_da.profile b/etc/profile-m-z/tor-browser_da.profile index cbec4ee2e..545e53b7e 100644 --- a/etc/profile-m-z/tor-browser_da.profile +++ b/etc/profile-m-z/tor-browser_da.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_da.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_da | 9 | nodeny ${HOME}/.tor-browser_da |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_da | 11 | mkdir ${HOME}/.tor-browser_da |
12 | whitelist ${HOME}/.tor-browser_da | 12 | allow ${HOME}/.tor-browser_da |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_de.profile b/etc/profile-m-z/tor-browser_de.profile index ea26765d3..545f82f72 100644 --- a/etc/profile-m-z/tor-browser_de.profile +++ b/etc/profile-m-z/tor-browser_de.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_de.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_de | 9 | nodeny ${HOME}/.tor-browser_de |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_de | 11 | mkdir ${HOME}/.tor-browser_de |
12 | whitelist ${HOME}/.tor-browser_de | 12 | allow ${HOME}/.tor-browser_de |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_el.profile b/etc/profile-m-z/tor-browser_el.profile index ff57a8722..3120b1701 100644 --- a/etc/profile-m-z/tor-browser_el.profile +++ b/etc/profile-m-z/tor-browser_el.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_el.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_el | 9 | nodeny ${HOME}/.tor-browser_el |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_el | 11 | mkdir ${HOME}/.tor-browser_el |
12 | whitelist ${HOME}/.tor-browser_el | 12 | allow ${HOME}/.tor-browser_el |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_en-US.profile b/etc/profile-m-z/tor-browser_en-US.profile index 18c92b638..6719ac057 100644 --- a/etc/profile-m-z/tor-browser_en-US.profile +++ b/etc/profile-m-z/tor-browser_en-US.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_en-US.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_en-US | 9 | nodeny ${HOME}/.tor-browser_en-US |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_en-US | 11 | mkdir ${HOME}/.tor-browser_en-US |
12 | whitelist ${HOME}/.tor-browser_en-US | 12 | allow ${HOME}/.tor-browser_en-US |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_en.profile b/etc/profile-m-z/tor-browser_en.profile index ebba83cc4..4cbd37109 100644 --- a/etc/profile-m-z/tor-browser_en.profile +++ b/etc/profile-m-z/tor-browser_en.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_en.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_en | 9 | nodeny ${HOME}/.tor-browser_en |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_en | 11 | mkdir ${HOME}/.tor-browser_en |
12 | whitelist ${HOME}/.tor-browser_en | 12 | allow ${HOME}/.tor-browser_en |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_es-ES.profile b/etc/profile-m-z/tor-browser_es-ES.profile index aecab38d5..6c8a5987c 100644 --- a/etc/profile-m-z/tor-browser_es-ES.profile +++ b/etc/profile-m-z/tor-browser_es-ES.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_es-ES.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_es-ES | 9 | nodeny ${HOME}/.tor-browser_es-ES |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_es-ES | 11 | mkdir ${HOME}/.tor-browser_es-ES |
12 | whitelist ${HOME}/.tor-browser_es-ES | 12 | allow ${HOME}/.tor-browser_es-ES |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_es.profile b/etc/profile-m-z/tor-browser_es.profile index e19e9b5e6..7d358b7ca 100644 --- a/etc/profile-m-z/tor-browser_es.profile +++ b/etc/profile-m-z/tor-browser_es.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_es.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_es | 9 | nodeny ${HOME}/.tor-browser_es |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_es | 11 | mkdir ${HOME}/.tor-browser_es |
12 | whitelist ${HOME}/.tor-browser_es | 12 | allow ${HOME}/.tor-browser_es |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_fa.profile b/etc/profile-m-z/tor-browser_fa.profile index 68414c277..fc4285c5d 100644 --- a/etc/profile-m-z/tor-browser_fa.profile +++ b/etc/profile-m-z/tor-browser_fa.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_fa.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_fa | 9 | nodeny ${HOME}/.tor-browser_fa |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_fa | 11 | mkdir ${HOME}/.tor-browser_fa |
12 | whitelist ${HOME}/.tor-browser_fa | 12 | allow ${HOME}/.tor-browser_fa |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_fr.profile b/etc/profile-m-z/tor-browser_fr.profile index 0a8bb30b7..2d0c0ff1f 100644 --- a/etc/profile-m-z/tor-browser_fr.profile +++ b/etc/profile-m-z/tor-browser_fr.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_fr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_fr | 9 | nodeny ${HOME}/.tor-browser_fr |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_fr | 11 | mkdir ${HOME}/.tor-browser_fr |
12 | whitelist ${HOME}/.tor-browser_fr | 12 | allow ${HOME}/.tor-browser_fr |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ga-IE.profile b/etc/profile-m-z/tor-browser_ga-IE.profile index 12354b900..2880e1e2a 100644 --- a/etc/profile-m-z/tor-browser_ga-IE.profile +++ b/etc/profile-m-z/tor-browser_ga-IE.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ga-IE.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_ga-IE | 9 | nodeny ${HOME}/.tor-browser_ga-IE |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ga-IE | 11 | mkdir ${HOME}/.tor-browser_ga-IE |
12 | whitelist ${HOME}/.tor-browser_ga-IE | 12 | allow ${HOME}/.tor-browser_ga-IE |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_he.profile b/etc/profile-m-z/tor-browser_he.profile index 19cbb0809..ac6993019 100644 --- a/etc/profile-m-z/tor-browser_he.profile +++ b/etc/profile-m-z/tor-browser_he.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_he.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_he | 9 | nodeny ${HOME}/.tor-browser_he |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_he | 11 | mkdir ${HOME}/.tor-browser_he |
12 | whitelist ${HOME}/.tor-browser_he | 12 | allow ${HOME}/.tor-browser_he |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_hu.profile b/etc/profile-m-z/tor-browser_hu.profile index 62b55e170..6877a6be4 100644 --- a/etc/profile-m-z/tor-browser_hu.profile +++ b/etc/profile-m-z/tor-browser_hu.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_hu.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_hu | 9 | nodeny ${HOME}/.tor-browser_hu |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_hu | 11 | mkdir ${HOME}/.tor-browser_hu |
12 | whitelist ${HOME}/.tor-browser_hu | 12 | allow ${HOME}/.tor-browser_hu |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_id.profile b/etc/profile-m-z/tor-browser_id.profile index 2970a7747..5f5601f74 100644 --- a/etc/profile-m-z/tor-browser_id.profile +++ b/etc/profile-m-z/tor-browser_id.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_id.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_id | 9 | nodeny ${HOME}/.tor-browser_id |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_id | 11 | mkdir ${HOME}/.tor-browser_id |
12 | whitelist ${HOME}/.tor-browser_id | 12 | allow ${HOME}/.tor-browser_id |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_is.profile b/etc/profile-m-z/tor-browser_is.profile index f922c7644..f0814d16e 100644 --- a/etc/profile-m-z/tor-browser_is.profile +++ b/etc/profile-m-z/tor-browser_is.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_is.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_is | 9 | nodeny ${HOME}/.tor-browser_is |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_is | 11 | mkdir ${HOME}/.tor-browser_is |
12 | whitelist ${HOME}/.tor-browser_is | 12 | allow ${HOME}/.tor-browser_is |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_it.profile b/etc/profile-m-z/tor-browser_it.profile index 406901759..fa01f6bca 100644 --- a/etc/profile-m-z/tor-browser_it.profile +++ b/etc/profile-m-z/tor-browser_it.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_it.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_it | 9 | nodeny ${HOME}/.tor-browser_it |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_it | 11 | mkdir ${HOME}/.tor-browser_it |
12 | whitelist ${HOME}/.tor-browser_it | 12 | allow ${HOME}/.tor-browser_it |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ja.profile b/etc/profile-m-z/tor-browser_ja.profile index 8f9d8d751..dde107dd3 100644 --- a/etc/profile-m-z/tor-browser_ja.profile +++ b/etc/profile-m-z/tor-browser_ja.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ja.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_ja | 9 | nodeny ${HOME}/.tor-browser_ja |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ja | 11 | mkdir ${HOME}/.tor-browser_ja |
12 | whitelist ${HOME}/.tor-browser_ja | 12 | allow ${HOME}/.tor-browser_ja |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ka.profile b/etc/profile-m-z/tor-browser_ka.profile index 4de4135e1..7de4dff65 100644 --- a/etc/profile-m-z/tor-browser_ka.profile +++ b/etc/profile-m-z/tor-browser_ka.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ka.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_ka | 9 | nodeny ${HOME}/.tor-browser_ka |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ka | 11 | mkdir ${HOME}/.tor-browser_ka |
12 | whitelist ${HOME}/.tor-browser_ka | 12 | allow ${HOME}/.tor-browser_ka |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ko.profile b/etc/profile-m-z/tor-browser_ko.profile index 125c733ce..7e3ceb4d9 100644 --- a/etc/profile-m-z/tor-browser_ko.profile +++ b/etc/profile-m-z/tor-browser_ko.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ko.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_ko | 9 | nodeny ${HOME}/.tor-browser_ko |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ko | 11 | mkdir ${HOME}/.tor-browser_ko |
12 | whitelist ${HOME}/.tor-browser_ko | 12 | allow ${HOME}/.tor-browser_ko |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_nb.profile b/etc/profile-m-z/tor-browser_nb.profile index dc6ac876b..c11001960 100644 --- a/etc/profile-m-z/tor-browser_nb.profile +++ b/etc/profile-m-z/tor-browser_nb.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_nb.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_nb | 9 | nodeny ${HOME}/.tor-browser_nb |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_nb | 11 | mkdir ${HOME}/.tor-browser_nb |
12 | whitelist ${HOME}/.tor-browser_nb | 12 | allow ${HOME}/.tor-browser_nb |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_nl.profile b/etc/profile-m-z/tor-browser_nl.profile index 2a3a5b519..2d1044f9d 100644 --- a/etc/profile-m-z/tor-browser_nl.profile +++ b/etc/profile-m-z/tor-browser_nl.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_nl.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_nl | 9 | nodeny ${HOME}/.tor-browser_nl |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_nl | 11 | mkdir ${HOME}/.tor-browser_nl |
12 | whitelist ${HOME}/.tor-browser_nl | 12 | allow ${HOME}/.tor-browser_nl |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_pl.profile b/etc/profile-m-z/tor-browser_pl.profile index b7dec32db..2818320a0 100644 --- a/etc/profile-m-z/tor-browser_pl.profile +++ b/etc/profile-m-z/tor-browser_pl.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_pl.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_pl | 9 | nodeny ${HOME}/.tor-browser_pl |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_pl | 11 | mkdir ${HOME}/.tor-browser_pl |
12 | whitelist ${HOME}/.tor-browser_pl | 12 | allow ${HOME}/.tor-browser_pl |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_pt-BR.profile b/etc/profile-m-z/tor-browser_pt-BR.profile index 7a7d4726c..8c33e2545 100644 --- a/etc/profile-m-z/tor-browser_pt-BR.profile +++ b/etc/profile-m-z/tor-browser_pt-BR.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_pt-BR.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_pt-BR | 9 | nodeny ${HOME}/.tor-browser_pt-BR |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_pt-BR | 11 | mkdir ${HOME}/.tor-browser_pt-BR |
12 | whitelist ${HOME}/.tor-browser_pt-BR | 12 | allow ${HOME}/.tor-browser_pt-BR |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_ru.profile b/etc/profile-m-z/tor-browser_ru.profile index 7d2e6bc97..2553bb031 100644 --- a/etc/profile-m-z/tor-browser_ru.profile +++ b/etc/profile-m-z/tor-browser_ru.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_ru.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_ru | 9 | nodeny ${HOME}/.tor-browser_ru |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_ru | 11 | mkdir ${HOME}/.tor-browser_ru |
12 | whitelist ${HOME}/.tor-browser_ru | 12 | allow ${HOME}/.tor-browser_ru |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_sv-SE.profile b/etc/profile-m-z/tor-browser_sv-SE.profile index 585925e81..3152cb658 100644 --- a/etc/profile-m-z/tor-browser_sv-SE.profile +++ b/etc/profile-m-z/tor-browser_sv-SE.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_sv-SE.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_sv-SE | 9 | nodeny ${HOME}/.tor-browser_sv-SE |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_sv-SE | 11 | mkdir ${HOME}/.tor-browser_sv-SE |
12 | whitelist ${HOME}/.tor-browser_sv-SE | 12 | allow ${HOME}/.tor-browser_sv-SE |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_tr.profile b/etc/profile-m-z/tor-browser_tr.profile index 4b0cc3821..9808d4725 100644 --- a/etc/profile-m-z/tor-browser_tr.profile +++ b/etc/profile-m-z/tor-browser_tr.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_tr.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_tr | 9 | nodeny ${HOME}/.tor-browser_tr |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_tr | 11 | mkdir ${HOME}/.tor-browser_tr |
12 | whitelist ${HOME}/.tor-browser_tr | 12 | allow ${HOME}/.tor-browser_tr |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_vi.profile b/etc/profile-m-z/tor-browser_vi.profile index 4dcfbf56d..364fca40b 100644 --- a/etc/profile-m-z/tor-browser_vi.profile +++ b/etc/profile-m-z/tor-browser_vi.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_vi.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_vi | 9 | nodeny ${HOME}/.tor-browser_vi |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_vi | 11 | mkdir ${HOME}/.tor-browser_vi |
12 | whitelist ${HOME}/.tor-browser_vi | 12 | allow ${HOME}/.tor-browser_vi |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_zh-CN.profile b/etc/profile-m-z/tor-browser_zh-CN.profile index 1e03b8d6b..193e8a399 100644 --- a/etc/profile-m-z/tor-browser_zh-CN.profile +++ b/etc/profile-m-z/tor-browser_zh-CN.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_zh-CN.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_zh-CN | 9 | nodeny ${HOME}/.tor-browser_zh-CN |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_zh-CN | 11 | mkdir ${HOME}/.tor-browser_zh-CN |
12 | whitelist ${HOME}/.tor-browser_zh-CN | 12 | allow ${HOME}/.tor-browser_zh-CN |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/tor-browser_zh-TW.profile b/etc/profile-m-z/tor-browser_zh-TW.profile index a2dcf5cf1..047be9b8e 100644 --- a/etc/profile-m-z/tor-browser_zh-TW.profile +++ b/etc/profile-m-z/tor-browser_zh-TW.profile | |||
@@ -6,10 +6,10 @@ include tor-browser_zh-TW.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser_zh-TW | 9 | nodeny ${HOME}/.tor-browser_zh-TW |
10 | 10 | ||
11 | mkdir ${HOME}/.tor-browser_zh-TW | 11 | mkdir ${HOME}/.tor-browser_zh-TW |
12 | whitelist ${HOME}/.tor-browser_zh-TW | 12 | allow ${HOME}/.tor-browser_zh-TW |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include torbrowser-launcher.profile | 15 | include torbrowser-launcher.profile |
diff --git a/etc/profile-m-z/torbrowser-launcher.profile b/etc/profile-m-z/torbrowser-launcher.profile index 7659ed1e9..65a37db5f 100644 --- a/etc/profile-m-z/torbrowser-launcher.profile +++ b/etc/profile-m-z/torbrowser-launcher.profile | |||
@@ -8,15 +8,15 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/torbrowser | 11 | nodeny ${HOME}/.config/torbrowser |
12 | noblacklist ${HOME}/.local/share/torbrowser | 12 | nodeny ${HOME}/.local/share/torbrowser |
13 | 13 | ||
14 | # Allow python (blacklisted by disable-interpreters.inc) | 14 | # Allow python (blacklisted by disable-interpreters.inc) |
15 | include allow-python2.inc | 15 | include allow-python2.inc |
16 | include allow-python3.inc | 16 | include allow-python3.inc |
17 | 17 | ||
18 | blacklist /opt | 18 | deny /opt |
19 | blacklist /srv | 19 | deny /srv |
20 | 20 | ||
21 | include disable-common.inc | 21 | include disable-common.inc |
22 | include disable-devel.inc | 22 | include disable-devel.inc |
@@ -28,10 +28,10 @@ include disable-xdg.inc | |||
28 | 28 | ||
29 | mkdir ${HOME}/.config/torbrowser | 29 | mkdir ${HOME}/.config/torbrowser |
30 | mkdir ${HOME}/.local/share/torbrowser | 30 | mkdir ${HOME}/.local/share/torbrowser |
31 | whitelist ${DOWNLOADS} | 31 | allow ${DOWNLOADS} |
32 | whitelist ${HOME}/.config/torbrowser | 32 | allow ${HOME}/.config/torbrowser |
33 | whitelist ${HOME}/.local/share/torbrowser | 33 | allow ${HOME}/.local/share/torbrowser |
34 | whitelist /usr/share/torbrowser-launcher | 34 | allow /usr/share/torbrowser-launcher |
35 | include whitelist-common.inc | 35 | include whitelist-common.inc |
36 | include whitelist-var-common.inc | 36 | include whitelist-var-common.inc |
37 | include whitelist-runuser-common.inc | 37 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/torcs.profile b/etc/profile-m-z/torcs.profile index 0f98a8f64..c5d89c3e3 100644 --- a/etc/profile-m-z/torcs.profile +++ b/etc/profile-m-z/torcs.profile | |||
@@ -6,7 +6,7 @@ include torcs.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.torcs | 9 | nodeny ${HOME}/.torcs |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,9 +17,9 @@ include disable-programs.inc | |||
17 | include disable-xdg.inc | 17 | include disable-xdg.inc |
18 | 18 | ||
19 | mkdir ${HOME}/.torcs | 19 | mkdir ${HOME}/.torcs |
20 | whitelist ${HOME}/.torcs | 20 | allow ${HOME}/.torcs |
21 | whitelist /usr/share/games/torcs | 21 | allow /usr/share/games/torcs |
22 | whitelist /var/games/torcs | 22 | allow /var/games/torcs |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/totem.profile b/etc/profile-m-z/totem.profile index 70d9e0aee..77d3c55f8 100644 --- a/etc/profile-m-z/totem.profile +++ b/etc/profile-m-z/totem.profile | |||
@@ -13,8 +13,8 @@ include allow-lua.inc | |||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python3.inc | 14 | include allow-python3.inc |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/totem | 16 | nodeny ${HOME}/.config/totem |
17 | noblacklist ${HOME}/.local/share/totem | 17 | nodeny ${HOME}/.local/share/totem |
18 | 18 | ||
19 | include disable-common.inc | 19 | include disable-common.inc |
20 | include disable-devel.inc | 20 | include disable-devel.inc |
@@ -27,9 +27,9 @@ include disable-shell.inc | |||
27 | read-only ${DESKTOP} | 27 | read-only ${DESKTOP} |
28 | mkdir ${HOME}/.config/totem | 28 | mkdir ${HOME}/.config/totem |
29 | mkdir ${HOME}/.local/share/totem | 29 | mkdir ${HOME}/.local/share/totem |
30 | whitelist ${HOME}/.config/totem | 30 | allow ${HOME}/.config/totem |
31 | whitelist ${HOME}/.local/share/totem | 31 | allow ${HOME}/.local/share/totem |
32 | whitelist /usr/share/totem | 32 | allow /usr/share/totem |
33 | include whitelist-common.inc | 33 | include whitelist-common.inc |
34 | include whitelist-player-common.inc | 34 | include whitelist-player-common.inc |
35 | include whitelist-runuser-common.inc | 35 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-m-z/tracker.profile b/etc/profile-m-z/tracker.profile index 87c5de076..26f4abd0b 100644 --- a/etc/profile-m-z/tracker.profile +++ b/etc/profile-m-z/tracker.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | # Tracker is started by systemd on most systems. Therefore it is not firejailed by default | 9 | # Tracker is started by systemd on most systems. Therefore it is not firejailed by default |
10 | 10 | ||
11 | blacklist /tmp/.X11-unix | 11 | deny /tmp/.X11-unix |
12 | blacklist ${RUNUSER}/wayland-* | 12 | deny ${RUNUSER}/wayland-* |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
diff --git a/etc/profile-m-z/transgui.profile b/etc/profile-m-z/transgui.profile index ea118a9f0..d5920e2a2 100644 --- a/etc/profile-m-z/transgui.profile +++ b/etc/profile-m-z/transgui.profile | |||
@@ -6,7 +6,7 @@ include transgui.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/transgui | 9 | nodeny ${HOME}/.config/transgui |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/transgui | 20 | mkdir ${HOME}/.config/transgui |
21 | whitelist ${HOME}/.config/transgui | 21 | allow ${HOME}/.config/transgui |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/transmission-common.profile b/etc/profile-m-z/transmission-common.profile index 82671b709..5c2cf9d9a 100644 --- a/etc/profile-m-z/transmission-common.profile +++ b/etc/profile-m-z/transmission-common.profile | |||
@@ -7,8 +7,8 @@ include transmission-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/transmission | 10 | nodeny ${HOME}/.cache/transmission |
11 | noblacklist ${HOME}/.config/transmission | 11 | nodeny ${HOME}/.config/transmission |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-programs.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.cache/transmission | 20 | mkdir ${HOME}/.cache/transmission |
21 | mkdir ${HOME}/.config/transmission | 21 | mkdir ${HOME}/.config/transmission |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist ${HOME}/.cache/transmission | 23 | allow ${HOME}/.cache/transmission |
24 | whitelist ${HOME}/.config/transmission | 24 | allow ${HOME}/.config/transmission |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/transmission-daemon.profile b/etc/profile-m-z/transmission-daemon.profile index 348d3cb80..9f0c464fc 100644 --- a/etc/profile-m-z/transmission-daemon.profile +++ b/etc/profile-m-z/transmission-daemon.profile | |||
@@ -10,8 +10,8 @@ include globals.local | |||
10 | ignore caps.drop all | 10 | ignore caps.drop all |
11 | 11 | ||
12 | mkdir ${HOME}/.config/transmission-daemon | 12 | mkdir ${HOME}/.config/transmission-daemon |
13 | whitelist ${HOME}/.config/transmission-daemon | 13 | allow ${HOME}/.config/transmission-daemon |
14 | whitelist /var/lib/transmission | 14 | allow /var/lib/transmission |
15 | 15 | ||
16 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot | 16 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot |
17 | protocol packet | 17 | protocol packet |
diff --git a/etc/profile-m-z/transmission-remote-gtk.profile b/etc/profile-m-z/transmission-remote-gtk.profile index a6400e2c0..7c8eddcbc 100644 --- a/etc/profile-m-z/transmission-remote-gtk.profile +++ b/etc/profile-m-z/transmission-remote-gtk.profile | |||
@@ -7,10 +7,10 @@ include transmission-remote-gtk.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.config/transmission-remote-gtk | 10 | nodeny ${HOME}/.config/transmission-remote-gtk |
11 | 11 | ||
12 | mkdir ${HOME}/.config/transmission-remote-gtk | 12 | mkdir ${HOME}/.config/transmission-remote-gtk |
13 | whitelist ${HOME}/.config/transmission-remote-gtk | 13 | allow ${HOME}/.config/transmission-remote-gtk |
14 | 14 | ||
15 | private-etc fonts,hostname,hosts,resolv.conf | 15 | private-etc fonts,hostname,hosts,resolv.conf |
16 | # Problems with private-lib (see issue #2889) | 16 | # Problems with private-lib (see issue #2889) |
diff --git a/etc/profile-m-z/tremulous.profile b/etc/profile-m-z/tremulous.profile index aba563fac..c2797ddaa 100644 --- a/etc/profile-m-z/tremulous.profile +++ b/etc/profile-m-z/tremulous.profile | |||
@@ -6,7 +6,7 @@ include tremulous.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tremulous | 9 | nodeny ${HOME}/.tremulous |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.tremulous | 20 | mkdir ${HOME}/.tremulous |
21 | whitelist ${HOME}/.tremulous | 21 | allow ${HOME}/.tremulous |
22 | whitelist /usr/share/tremulous | 22 | allow /usr/share/tremulous |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 24 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/trojita.profile b/etc/profile-m-z/trojita.profile index 2d95081f6..95f39b35d 100644 --- a/etc/profile-m-z/trojita.profile +++ b/etc/profile-m-z/trojita.profile | |||
@@ -6,10 +6,10 @@ include trojita.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.abook | 9 | nodeny ${HOME}/.abook |
10 | noblacklist ${HOME}/.mozilla | 10 | nodeny ${HOME}/.mozilla |
11 | noblacklist ${HOME}/.cache/flaska.net/trojita | 11 | nodeny ${HOME}/.cache/flaska.net/trojita |
12 | noblacklist ${HOME}/.config/flaska.net | 12 | nodeny ${HOME}/.config/flaska.net |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -23,10 +23,10 @@ include disable-xdg.inc | |||
23 | mkdir ${HOME}/.abook | 23 | mkdir ${HOME}/.abook |
24 | mkdir ${HOME}/.cache/flaska.net/trojita | 24 | mkdir ${HOME}/.cache/flaska.net/trojita |
25 | mkdir ${HOME}/.config/flaska.net | 25 | mkdir ${HOME}/.config/flaska.net |
26 | whitelist ${HOME}/.abook | 26 | allow ${HOME}/.abook |
27 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 27 | allow ${HOME}/.mozilla/firefox/profiles.ini |
28 | whitelist ${HOME}/.cache/flaska.net/trojita | 28 | allow ${HOME}/.cache/flaska.net/trojita |
29 | whitelist ${HOME}/.config/flaska.net | 29 | allow ${HOME}/.config/flaska.net |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/truecraft.profile b/etc/profile-m-z/truecraft.profile index 749626475..76f289a27 100644 --- a/etc/profile-m-z/truecraft.profile +++ b/etc/profile-m-z/truecraft.profile | |||
@@ -5,8 +5,8 @@ include truecraft.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/mono | 8 | nodeny ${HOME}/.config/mono |
9 | noblacklist ${HOME}/.config/truecraft | 9 | nodeny ${HOME}/.config/truecraft |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | 17 | ||
18 | mkdir ${HOME}/.config/mono | 18 | mkdir ${HOME}/.config/mono |
19 | mkdir ${HOME}/.config/truecraft | 19 | mkdir ${HOME}/.config/truecraft |
20 | whitelist ${HOME}/.config/mono | 20 | allow ${HOME}/.config/mono |
21 | whitelist ${HOME}/.config/truecraft | 21 | allow ${HOME}/.config/truecraft |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
diff --git a/etc/profile-m-z/ts3client_runscript.sh.profile b/etc/profile-m-z/ts3client_runscript.sh.profile index 8d4675454..cd6ae96df 100644 --- a/etc/profile-m-z/ts3client_runscript.sh.profile +++ b/etc/profile-m-z/ts3client_runscript.sh.profile | |||
@@ -9,11 +9,11 @@ include ts3client_runscript.sh.local | |||
9 | 9 | ||
10 | ignore noexec ${HOME} | 10 | ignore noexec ${HOME} |
11 | 11 | ||
12 | noblacklist ${HOME}/TeamSpeak3-Client-linux_x86 | 12 | nodeny ${HOME}/TeamSpeak3-Client-linux_x86 |
13 | noblacklist ${HOME}/TeamSpeak3-Client-linux_amd64 | 13 | nodeny ${HOME}/TeamSpeak3-Client-linux_amd64 |
14 | 14 | ||
15 | whitelist ${HOME}/TeamSpeak3-Client-linux_x86 | 15 | allow ${HOME}/TeamSpeak3-Client-linux_x86 |
16 | whitelist ${HOME}/TeamSpeak3-Client-linux_amd64 | 16 | allow ${HOME}/TeamSpeak3-Client-linux_amd64 |
17 | 17 | ||
18 | # Redirect | 18 | # Redirect |
19 | include teamspeak3.profile | 19 | include teamspeak3.profile |
diff --git a/etc/profile-m-z/tutanota-desktop.profile b/etc/profile-m-z/tutanota-desktop.profile index d2cb0cc8a..e59a86ce6 100644 --- a/etc/profile-m-z/tutanota-desktop.profile +++ b/etc/profile-m-z/tutanota-desktop.profile | |||
@@ -6,8 +6,8 @@ include tutanota-desktop.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/tuta_integration | 9 | nodeny ${HOME}/.config/tuta_integration |
10 | noblacklist ${HOME}/.config/tutanota-desktop | 10 | nodeny ${HOME}/.config/tutanota-desktop |
11 | 11 | ||
12 | ignore noexec /tmp | 12 | ignore noexec /tmp |
13 | 13 | ||
@@ -15,12 +15,12 @@ include disable-shell.inc | |||
15 | 15 | ||
16 | mkdir ${HOME}/.config/tuta_integration | 16 | mkdir ${HOME}/.config/tuta_integration |
17 | mkdir ${HOME}/.config/tutanota-desktop | 17 | mkdir ${HOME}/.config/tutanota-desktop |
18 | whitelist ${HOME}/.config/tuta_integration | 18 | allow ${HOME}/.config/tuta_integration |
19 | whitelist ${HOME}/.config/tutanota-desktop | 19 | allow ${HOME}/.config/tutanota-desktop |
20 | 20 | ||
21 | # These lines are needed to allow Firefox to open links | 21 | # These lines are needed to allow Firefox to open links |
22 | noblacklist ${HOME}/.mozilla | 22 | nodeny ${HOME}/.mozilla |
23 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | 23 | allow ${HOME}/.mozilla/firefox/profiles.ini |
24 | read-only ${HOME}/.mozilla/firefox/profiles.ini | 24 | read-only ${HOME}/.mozilla/firefox/profiles.ini |
25 | 25 | ||
26 | ?HAS_APPIMAGE: ignore private-dev | 26 | ?HAS_APPIMAGE: ignore private-dev |
diff --git a/etc/profile-m-z/tuxguitar.profile b/etc/profile-m-z/tuxguitar.profile index 3cd496412..5bb97e161 100644 --- a/etc/profile-m-z/tuxguitar.profile +++ b/etc/profile-m-z/tuxguitar.profile | |||
@@ -9,9 +9,9 @@ include globals.local | |||
9 | # tuxguitar fails to launch | 9 | # tuxguitar fails to launch |
10 | ignore noexec ${HOME} | 10 | ignore noexec ${HOME} |
11 | 11 | ||
12 | noblacklist ${HOME}/.tuxguitar* | 12 | nodeny ${HOME}/.tuxguitar* |
13 | noblacklist ${DOCUMENTS} | 13 | nodeny ${DOCUMENTS} |
14 | noblacklist ${MUSIC} | 14 | nodeny ${MUSIC} |
15 | 15 | ||
16 | # Allow java (blacklisted by disable-devel.inc) | 16 | # Allow java (blacklisted by disable-devel.inc) |
17 | include allow-java.inc | 17 | include allow-java.inc |
diff --git a/etc/profile-m-z/tvbrowser.profile b/etc/profile-m-z/tvbrowser.profile index dae7d86da..8febcd337 100644 --- a/etc/profile-m-z/tvbrowser.profile +++ b/etc/profile-m-z/tvbrowser.profile | |||
@@ -6,8 +6,8 @@ include tvbrowser.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/tvbrowser | 9 | nodeny ${HOME}/.config/tvbrowser |
10 | noblacklist ${HOME}/.tvbrowser | 10 | nodeny ${HOME}/.tvbrowser |
11 | 11 | ||
12 | # Allow java (blacklisted by disable-devel.inc) | 12 | # Allow java (blacklisted by disable-devel.inc) |
13 | include allow-java.inc | 13 | include allow-java.inc |
@@ -22,9 +22,9 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | mkdir ${HOME}/.config/tvbrowser | 23 | mkdir ${HOME}/.config/tvbrowser |
24 | mkdir ${HOME}/.tvbrowser | 24 | mkdir ${HOME}/.tvbrowser |
25 | whitelist ${HOME}/.config/tvbrowser | 25 | allow ${HOME}/.config/tvbrowser |
26 | whitelist ${HOME}/.tvbrowser | 26 | allow ${HOME}/.tvbrowser |
27 | whitelist /usr/share/tvbrowser | 27 | allow /usr/share/tvbrowser |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
30 | include whitelist-var-common.inc | 30 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile index 2f573c872..abcc885e6 100644 --- a/etc/profile-m-z/twitch.profile +++ b/etc/profile-m-z/twitch.profile | |||
@@ -10,12 +10,12 @@ include globals.local | |||
10 | ignore nou2f | 10 | ignore nou2f |
11 | ignore novideo | 11 | ignore novideo |
12 | 12 | ||
13 | noblacklist ${HOME}/.config/Twitch | 13 | nodeny ${HOME}/.config/Twitch |
14 | 14 | ||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | 16 | ||
17 | mkdir ${HOME}/.config/Twitch | 17 | mkdir ${HOME}/.config/Twitch |
18 | whitelist ${HOME}/.config/Twitch | 18 | allow ${HOME}/.config/Twitch |
19 | 19 | ||
20 | private-bin twitch | 20 | private-bin twitch |
21 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 21 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
diff --git a/etc/profile-m-z/uefitool.profile b/etc/profile-m-z/uefitool.profile index 3e4fdbb03..8c705c95f 100644 --- a/etc/profile-m-z/uefitool.profile +++ b/etc/profile-m-z/uefitool.profile | |||
@@ -5,7 +5,7 @@ include uefitool.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${DOCUMENTS} | 8 | nodeny ${DOCUMENTS} |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-m-z/uget-gtk.profile b/etc/profile-m-z/uget-gtk.profile index 4420099ff..eed2db541 100644 --- a/etc/profile-m-z/uget-gtk.profile +++ b/etc/profile-m-z/uget-gtk.profile | |||
@@ -5,7 +5,7 @@ include uget-gtk.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/uGet | 8 | nodeny ${HOME}/.config/uGet |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
@@ -14,8 +14,8 @@ include disable-programs.inc | |||
14 | include disable-shell.inc | 14 | include disable-shell.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.config/uGet | 16 | mkdir ${HOME}/.config/uGet |
17 | whitelist ${DOWNLOADS} | 17 | allow ${DOWNLOADS} |
18 | whitelist ${HOME}/.config/uGet | 18 | allow ${HOME}/.config/uGet |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/unbound.profile b/etc/profile-m-z/unbound.profile index 0c077babf..7e7b3fbec 100644 --- a/etc/profile-m-z/unbound.profile +++ b/etc/profile-m-z/unbound.profile | |||
@@ -6,11 +6,11 @@ include unbound.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /sbin | 9 | nodeny /sbin |
10 | noblacklist /usr/sbin | 10 | nodeny /usr/sbin |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | deny /tmp/.X11-unix |
13 | blacklist ${RUNUSER}/wayland-* | 13 | deny ${RUNUSER}/wayland-* |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | 24 | ||
25 | whitelist /var/lib/unbound | 25 | allow /var/lib/unbound |
26 | whitelist /var/run | 26 | allow /var/run |
27 | 27 | ||
28 | caps.keep net_admin,net_bind_service,setgid,setuid,sys_chroot,sys_resource | 28 | caps.keep net_admin,net_bind_service,setgid,setuid,sys_chroot,sys_resource |
29 | ipc-namespace | 29 | ipc-namespace |
diff --git a/etc/profile-m-z/unf.profile b/etc/profile-m-z/unf.profile index 6db7ba362..846271971 100644 --- a/etc/profile-m-z/unf.profile +++ b/etc/profile-m-z/unf.profile | |||
@@ -7,7 +7,7 @@ include unf.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-programs.inc | |||
18 | include disable-shell.inc | 18 | include disable-shell.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | whitelist ${DOWNLOADS} | 21 | allow ${DOWNLOADS} |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/unknown-horizons.profile b/etc/profile-m-z/unknown-horizons.profile index 956492f52..3e1c6264d 100644 --- a/etc/profile-m-z/unknown-horizons.profile +++ b/etc/profile-m-z/unknown-horizons.profile | |||
@@ -6,7 +6,7 @@ include unknown-horizons.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.unknown-horizons | 9 | nodeny ${HOME}/.unknown-horizons |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-exec.inc | 12 | include disable-exec.inc |
@@ -14,10 +14,10 @@ include disable-passwdmgr.inc | |||
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.unknown-horizons | 16 | mkdir ${HOME}/.unknown-horizons |
17 | whitelist ${HOME}/.unknown-horizons | 17 | allow ${HOME}/.unknown-horizons |
18 | include whitelist-common.inc | 18 | include whitelist-common.inc |
19 | include whitelist-runuser-common.inc | 19 | include whitelist-runuser-common.inc |
20 | whitelist /usr/share/unknown-horizons | 20 | allow /usr/share/unknown-horizons |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile index 0231e3dba..99d2415ca 100644 --- a/etc/profile-m-z/unzip.profile +++ b/etc/profile-m-z/unzip.profile | |||
@@ -8,7 +8,7 @@ include unzip.local | |||
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # GNOME Shell integration (chrome-gnome-shell) | 10 | # GNOME Shell integration (chrome-gnome-shell) |
11 | noblacklist ${HOME}/.local/share/gnome-shell | 11 | nodeny ${HOME}/.local/share/gnome-shell |
12 | 12 | ||
13 | private-etc alternatives,group,localtime,passwd | 13 | private-etc alternatives,group,localtime,passwd |
14 | 14 | ||
diff --git a/etc/profile-m-z/utox.profile b/etc/profile-m-z/utox.profile index dd881f091..3b0f7c646 100644 --- a/etc/profile-m-z/utox.profile +++ b/etc/profile-m-z/utox.profile | |||
@@ -6,8 +6,8 @@ include utox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/Tox | 9 | nodeny ${HOME}/.cache/Tox |
10 | noblacklist ${HOME}/.config/tox | 10 | nodeny ${HOME}/.config/tox |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-shell.inc | |||
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.config/tox | 21 | mkdir ${HOME}/.config/tox |
22 | whitelist ${DOWNLOADS} | 22 | allow ${DOWNLOADS} |
23 | whitelist ${HOME}/.config/tox | 23 | allow ${HOME}/.config/tox |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
26 | 26 | ||
diff --git a/etc/profile-m-z/uudeview.profile b/etc/profile-m-z/uudeview.profile index 2adc044e5..3bda71666 100644 --- a/etc/profile-m-z/uudeview.profile +++ b/etc/profile-m-z/uudeview.profile | |||
@@ -7,7 +7,7 @@ include uudeview.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist ${RUNUSER}/wayland-* | 10 | deny ${RUNUSER}/wayland-* |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/uzbl-browser.profile b/etc/profile-m-z/uzbl-browser.profile index 41487a8f2..6899f4bf7 100644 --- a/etc/profile-m-z/uzbl-browser.profile +++ b/etc/profile-m-z/uzbl-browser.profile | |||
@@ -5,9 +5,9 @@ include uzbl-browser.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/uzbl | 8 | nodeny ${HOME}/.config/uzbl |
9 | noblacklist ${HOME}/.gnupg | 9 | nodeny ${HOME}/.gnupg |
10 | noblacklist ${HOME}/.local/share/uzbl | 10 | nodeny ${HOME}/.local/share/uzbl |
11 | 11 | ||
12 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
13 | include allow-python2.inc | 13 | include allow-python2.inc |
@@ -22,11 +22,11 @@ mkdir ${HOME}/.config/uzbl | |||
22 | mkdir ${HOME}/.gnupg | 22 | mkdir ${HOME}/.gnupg |
23 | mkdir ${HOME}/.local/share/uzbl | 23 | mkdir ${HOME}/.local/share/uzbl |
24 | mkdir ${HOME}/.password-store | 24 | mkdir ${HOME}/.password-store |
25 | whitelist ${DOWNLOADS} | 25 | allow ${DOWNLOADS} |
26 | whitelist ${HOME}/.config/uzbl | 26 | allow ${HOME}/.config/uzbl |
27 | whitelist ${HOME}/.gnupg | 27 | allow ${HOME}/.gnupg |
28 | whitelist ${HOME}/.local/share/uzbl | 28 | allow ${HOME}/.local/share/uzbl |
29 | whitelist ${HOME}/.password-store | 29 | allow ${HOME}/.password-store |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | 31 | ||
32 | caps.drop all | 32 | caps.drop all |
diff --git a/etc/profile-m-z/viewnior.profile b/etc/profile-m-z/viewnior.profile index a9ba344dd..e0bf02706 100644 --- a/etc/profile-m-z/viewnior.profile +++ b/etc/profile-m-z/viewnior.profile | |||
@@ -6,11 +6,11 @@ include viewnior.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.Steam | 9 | nodeny ${HOME}/.Steam |
10 | noblacklist ${HOME}/.config/viewnior | 10 | nodeny ${HOME}/.config/viewnior |
11 | noblacklist ${HOME}/.steam | 11 | nodeny ${HOME}/.steam |
12 | 12 | ||
13 | blacklist ${HOME}/.bashrc | 13 | deny ${HOME}/.bashrc |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
diff --git a/etc/profile-m-z/viking.profile b/etc/profile-m-z/viking.profile index 8f8ef5939..b16f691d6 100644 --- a/etc/profile-m-z/viking.profile +++ b/etc/profile-m-z/viking.profile | |||
@@ -6,9 +6,9 @@ include viking.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.viking | 9 | nodeny ${HOME}/.viking |
10 | noblacklist ${HOME}/.viking-maps | 10 | nodeny ${HOME}/.viking-maps |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/vim.profile b/etc/profile-m-z/vim.profile index c3cfe5980..b535225dd 100644 --- a/etc/profile-m-z/vim.profile +++ b/etc/profile-m-z/vim.profile | |||
@@ -6,9 +6,9 @@ include vim.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.vim | 9 | nodeny ${HOME}/.vim |
10 | noblacklist ${HOME}/.viminfo | 10 | nodeny ${HOME}/.viminfo |
11 | noblacklist ${HOME}/.vimrc | 11 | nodeny ${HOME}/.vimrc |
12 | 12 | ||
13 | # Allows files commonly used by IDEs | 13 | # Allows files commonly used by IDEs |
14 | include allow-common-devel.inc | 14 | include allow-common-devel.inc |
diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile index c22fb0ff9..f28828338 100644 --- a/etc/profile-m-z/virtualbox.profile +++ b/etc/profile-m-z/virtualbox.profile | |||
@@ -6,12 +6,12 @@ include virtualbox.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.VirtualBox | 9 | nodeny ${HOME}/.VirtualBox |
10 | noblacklist ${HOME}/.config/VirtualBox | 10 | nodeny ${HOME}/.config/VirtualBox |
11 | noblacklist ${HOME}/VirtualBox VMs | 11 | nodeny ${HOME}/VirtualBox VMs |
12 | # noblacklist /usr/bin/virtualbox | 12 | # noblacklist /usr/bin/virtualbox |
13 | noblacklist /usr/lib/virtualbox | 13 | nodeny /usr/lib/virtualbox |
14 | noblacklist /usr/lib64/virtualbox | 14 | nodeny /usr/lib64/virtualbox |
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -23,10 +23,10 @@ include disable-xdg.inc | |||
23 | 23 | ||
24 | mkdir ${HOME}/.config/VirtualBox | 24 | mkdir ${HOME}/.config/VirtualBox |
25 | mkdir ${HOME}/VirtualBox VMs | 25 | mkdir ${HOME}/VirtualBox VMs |
26 | whitelist ${HOME}/.config/VirtualBox | 26 | allow ${HOME}/.config/VirtualBox |
27 | whitelist ${HOME}/VirtualBox VMs | 27 | allow ${HOME}/VirtualBox VMs |
28 | whitelist ${DOWNLOADS} | 28 | allow ${DOWNLOADS} |
29 | whitelist /usr/share/virtualbox | 29 | allow /usr/share/virtualbox |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/vivaldi.profile b/etc/profile-m-z/vivaldi.profile index fdeb0307f..3858405db 100644 --- a/etc/profile-m-z/vivaldi.profile +++ b/etc/profile-m-z/vivaldi.profile | |||
@@ -8,26 +8,26 @@ include globals.local | |||
8 | # Allow HTML5 Proprietary Media & DRM/EME (Widevine) | 8 | # Allow HTML5 Proprietary Media & DRM/EME (Widevine) |
9 | ignore apparmor | 9 | ignore apparmor |
10 | ignore noexec /var | 10 | ignore noexec /var |
11 | noblacklist /var/opt | 11 | nodeny /var/opt |
12 | whitelist /var/opt/vivaldi | 12 | allow /var/opt/vivaldi |
13 | writable-var | 13 | writable-var |
14 | 14 | ||
15 | noblacklist ${HOME}/.cache/vivaldi | 15 | nodeny ${HOME}/.cache/vivaldi |
16 | noblacklist ${HOME}/.cache/vivaldi-snapshot | 16 | nodeny ${HOME}/.cache/vivaldi-snapshot |
17 | noblacklist ${HOME}/.config/vivaldi | 17 | nodeny ${HOME}/.config/vivaldi |
18 | noblacklist ${HOME}/.config/vivaldi-snapshot | 18 | nodeny ${HOME}/.config/vivaldi-snapshot |
19 | noblacklist ${HOME}/.local/lib/vivaldi | 19 | nodeny ${HOME}/.local/lib/vivaldi |
20 | 20 | ||
21 | mkdir ${HOME}/.cache/vivaldi | 21 | mkdir ${HOME}/.cache/vivaldi |
22 | mkdir ${HOME}/.cache/vivaldi-snapshot | 22 | mkdir ${HOME}/.cache/vivaldi-snapshot |
23 | mkdir ${HOME}/.config/vivaldi | 23 | mkdir ${HOME}/.config/vivaldi |
24 | mkdir ${HOME}/.config/vivaldi-snapshot | 24 | mkdir ${HOME}/.config/vivaldi-snapshot |
25 | mkdir ${HOME}/.local/lib/vivaldi | 25 | mkdir ${HOME}/.local/lib/vivaldi |
26 | whitelist ${HOME}/.cache/vivaldi | 26 | allow ${HOME}/.cache/vivaldi |
27 | whitelist ${HOME}/.cache/vivaldi-snapshot | 27 | allow ${HOME}/.cache/vivaldi-snapshot |
28 | whitelist ${HOME}/.config/vivaldi | 28 | allow ${HOME}/.config/vivaldi |
29 | whitelist ${HOME}/.config/vivaldi-snapshot | 29 | allow ${HOME}/.config/vivaldi-snapshot |
30 | whitelist ${HOME}/.local/lib/vivaldi | 30 | allow ${HOME}/.local/lib/vivaldi |
31 | 31 | ||
32 | #private-bin bash,cat,dirname,readlink,rm,vivaldi,vivaldi-stable,vivaldi-snapshot | 32 | #private-bin bash,cat,dirname,readlink,rm,vivaldi,vivaldi-stable,vivaldi-snapshot |
33 | 33 | ||
diff --git a/etc/profile-m-z/vlc.profile b/etc/profile-m-z/vlc.profile index cd7dccd8a..ede2d4525 100644 --- a/etc/profile-m-z/vlc.profile +++ b/etc/profile-m-z/vlc.profile | |||
@@ -6,10 +6,10 @@ include vlc.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/vlc | 9 | nodeny ${HOME}/.cache/vlc |
10 | noblacklist ${HOME}/.config/vlc | 10 | nodeny ${HOME}/.config/vlc |
11 | noblacklist ${HOME}/.config/aacs | 11 | nodeny ${HOME}/.config/aacs |
12 | noblacklist ${HOME}/.local/share/vlc | 12 | nodeny ${HOME}/.local/share/vlc |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -22,10 +22,10 @@ read-only ${DESKTOP} | |||
22 | mkdir ${HOME}/.cache/vlc | 22 | mkdir ${HOME}/.cache/vlc |
23 | mkdir ${HOME}/.config/vlc | 23 | mkdir ${HOME}/.config/vlc |
24 | mkdir ${HOME}/.local/share/vlc | 24 | mkdir ${HOME}/.local/share/vlc |
25 | whitelist ${HOME}/.cache/vlc | 25 | allow ${HOME}/.cache/vlc |
26 | whitelist ${HOME}/.config/vlc | 26 | allow ${HOME}/.config/vlc |
27 | whitelist ${HOME}/.config/aacs | 27 | allow ${HOME}/.config/aacs |
28 | whitelist ${HOME}/.local/share/vlc | 28 | allow ${HOME}/.local/share/vlc |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-player-common.inc | 30 | include whitelist-player-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/vmware-view.profile b/etc/profile-m-z/vmware-view.profile index f07c31b68..f23e90e84 100644 --- a/etc/profile-m-z/vmware-view.profile +++ b/etc/profile-m-z/vmware-view.profile | |||
@@ -6,10 +6,10 @@ include vmware-view.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.vmware | 9 | nodeny ${HOME}/.vmware |
10 | 10 | ||
11 | noblacklist /sbin | 11 | nodeny /sbin |
12 | noblacklist /usr/sbin | 12 | nodeny /usr/sbin |
13 | 13 | ||
14 | include allow-bin-sh.inc | 14 | include allow-bin-sh.inc |
15 | 15 | ||
@@ -23,7 +23,7 @@ include disable-shell.inc | |||
23 | include disable-xdg.inc | 23 | include disable-xdg.inc |
24 | 24 | ||
25 | mkdir ${HOME}/.vmware | 25 | mkdir ${HOME}/.vmware |
26 | whitelist ${HOME}/.vmware | 26 | allow ${HOME}/.vmware |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | 28 | include whitelist-runuser-common.inc |
29 | include whitelist-usr-share-common.inc | 29 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/vmware.profile b/etc/profile-m-z/vmware.profile index 5241e27b3..3a535588f 100644 --- a/etc/profile-m-z/vmware.profile +++ b/etc/profile-m-z/vmware.profile | |||
@@ -6,8 +6,8 @@ include vmware.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/vmware | 9 | nodeny ${HOME}/.cache/vmware |
10 | noblacklist ${HOME}/.vmware | 10 | nodeny ${HOME}/.vmware |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -19,8 +19,8 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.cache/vmware | 20 | mkdir ${HOME}/.cache/vmware |
21 | mkdir ${HOME}/.vmware | 21 | mkdir ${HOME}/.vmware |
22 | whitelist ${HOME}/.cache/vmware | 22 | allow ${HOME}/.cache/vmware |
23 | whitelist ${HOME}/.vmware | 23 | allow ${HOME}/.vmware |
24 | # Add the next lines to your vmware.local if you need to use "shared VM". | 24 | # Add the next lines to your vmware.local if you need to use "shared VM". |
25 | #whitelist /var/lib/vmware | 25 | #whitelist /var/lib/vmware |
26 | #writable-var | 26 | #writable-var |
diff --git a/etc/profile-m-z/vscodium.profile b/etc/profile-m-z/vscodium.profile index a4a4fb7d8..7996113f5 100644 --- a/etc/profile-m-z/vscodium.profile +++ b/etc/profile-m-z/vscodium.profile | |||
@@ -6,7 +6,7 @@ include vscodium.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.VSCodium | 9 | nodeny ${HOME}/.VSCodium |
10 | 10 | ||
11 | # Redirect | 11 | # Redirect |
12 | include code.profile | 12 | include code.profile |
diff --git a/etc/profile-m-z/vulturesclaw.profile b/etc/profile-m-z/vulturesclaw.profile index fa6ddf1fb..a6c38c1f1 100644 --- a/etc/profile-m-z/vulturesclaw.profile +++ b/etc/profile-m-z/vulturesclaw.profile | |||
@@ -6,8 +6,8 @@ include vulturesclaw.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist /var/games/vulturesclaw | 9 | nodeny /var/games/vulturesclaw |
10 | whitelist /var/games/vulturesclaw | 10 | allow /var/games/vulturesclaw |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
13 | include nethack-vultures.profile | 13 | include nethack-vultures.profile |
diff --git a/etc/profile-m-z/vultureseye.profile b/etc/profile-m-z/vultureseye.profile index 49d3fa94f..763c50bf6 100644 --- a/etc/profile-m-z/vultureseye.profile +++ b/etc/profile-m-z/vultureseye.profile | |||
@@ -6,8 +6,8 @@ include vultureseye.local | |||
6 | # added by included profile | 6 | # added by included profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist /var/games/vultureseye | 9 | nodeny /var/games/vultureseye |
10 | whitelist /var/games/vultureseye | 10 | allow /var/games/vultureseye |
11 | 11 | ||
12 | # Redirect | 12 | # Redirect |
13 | include nethack-vultures.profile | 13 | include nethack-vultures.profile |
diff --git a/etc/profile-m-z/vym.profile b/etc/profile-m-z/vym.profile index 5421c4e4b..1f2462c32 100644 --- a/etc/profile-m-z/vym.profile +++ b/etc/profile-m-z/vym.profile | |||
@@ -6,7 +6,7 @@ include vym.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/InSilmaril | 9 | nodeny ${HOME}/.config/InSilmaril |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile index 69b2c6c59..6b38bbf13 100644 --- a/etc/profile-m-z/w3m.profile +++ b/etc/profile-m-z/w3m.profile | |||
@@ -12,10 +12,10 @@ include globals.local | |||
12 | #ignore private-dev | 12 | #ignore private-dev |
13 | #ignore private-etc | 13 | #ignore private-etc |
14 | 14 | ||
15 | noblacklist ${HOME}/.w3m | 15 | nodeny ${HOME}/.w3m |
16 | 16 | ||
17 | blacklist /tmp/.X11-unix | 17 | deny /tmp/.X11-unix |
18 | blacklist ${RUNUSER}/wayland-* | 18 | deny ${RUNUSER}/wayland-* |
19 | 19 | ||
20 | # Allow /bin/sh (blacklisted by disable-shell.inc) | 20 | # Allow /bin/sh (blacklisted by disable-shell.inc) |
21 | include allow-bin-sh.inc | 21 | include allow-bin-sh.inc |
@@ -33,9 +33,9 @@ include disable-shell.inc | |||
33 | include disable-xdg.inc | 33 | include disable-xdg.inc |
34 | 34 | ||
35 | mkdir ${HOME}/.w3m | 35 | mkdir ${HOME}/.w3m |
36 | whitelist /usr/share/w3m | 36 | allow /usr/share/w3m |
37 | whitelist ${DOWNLOADS} | 37 | allow ${DOWNLOADS} |
38 | whitelist ${HOME}/.w3m | 38 | allow ${HOME}/.w3m |
39 | include whitelist-runuser-common.inc | 39 | include whitelist-runuser-common.inc |
40 | include whitelist-usr-share-common.inc | 40 | include whitelist-usr-share-common.inc |
41 | include whitelist-var-common.inc | 41 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/warmux.profile b/etc/profile-m-z/warmux.profile index 1227a202c..6658ac5db 100644 --- a/etc/profile-m-z/warmux.profile +++ b/etc/profile-m-z/warmux.profile | |||
@@ -6,9 +6,9 @@ include warmux.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/wormux | 9 | nodeny ${HOME}/.config/wormux |
10 | noblacklist ${HOME}/.local/share/wormux | 10 | nodeny ${HOME}/.local/share/wormux |
11 | noblacklist ${HOME}/.wormux | 11 | nodeny ${HOME}/.wormux |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,10 +22,10 @@ include disable-xdg.inc | |||
22 | mkdir ${HOME}/.config/wormux | 22 | mkdir ${HOME}/.config/wormux |
23 | mkdir ${HOME}/.local/share/wormux | 23 | mkdir ${HOME}/.local/share/wormux |
24 | mkdir ${HOME}/.wormux | 24 | mkdir ${HOME}/.wormux |
25 | whitelist ${HOME}/.config/wormux | 25 | allow ${HOME}/.config/wormux |
26 | whitelist ${HOME}/.local/share/wormux | 26 | allow ${HOME}/.local/share/wormux |
27 | whitelist ${HOME}/.wormux | 27 | allow ${HOME}/.wormux |
28 | whitelist /usr/share/warmux | 28 | allow /usr/share/warmux |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
31 | include whitelist-var-common.inc | 31 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/warsow.profile b/etc/profile-m-z/warsow.profile index e0cd3daad..fac4d0555 100644 --- a/etc/profile-m-z/warsow.profile +++ b/etc/profile-m-z/warsow.profile | |||
@@ -8,8 +8,8 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec ${HOME} | 9 | ignore noexec ${HOME} |
10 | 10 | ||
11 | noblacklist ${HOME}/.cache/warsow-2.1 | 11 | nodeny ${HOME}/.cache/warsow-2.1 |
12 | noblacklist ${HOME}/.local/share/warsow-2.1 | 12 | nodeny ${HOME}/.local/share/warsow-2.1 |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -22,9 +22,9 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | mkdir ${HOME}/.cache/warsow-2.1 | 23 | mkdir ${HOME}/.cache/warsow-2.1 |
24 | mkdir ${HOME}/.local/share/warsow-2.1 | 24 | mkdir ${HOME}/.local/share/warsow-2.1 |
25 | whitelist ${HOME}/.cache/warsow-2.1 | 25 | allow ${HOME}/.cache/warsow-2.1 |
26 | whitelist ${HOME}/.local/share/warsow-2.1 | 26 | allow ${HOME}/.local/share/warsow-2.1 |
27 | whitelist /usr/share/warsow | 27 | allow /usr/share/warsow |
28 | include whitelist-common.inc | 28 | include whitelist-common.inc |
29 | include whitelist-runuser-common.inc | 29 | include whitelist-runuser-common.inc |
30 | include whitelist-usr-share-common.inc | 30 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/warzone2100.profile b/etc/profile-m-z/warzone2100.profile index 420e8927e..081ae349b 100644 --- a/etc/profile-m-z/warzone2100.profile +++ b/etc/profile-m-z/warzone2100.profile | |||
@@ -6,7 +6,7 @@ include warzone2100.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.warzone2100-3.* | 9 | nodeny ${HOME}/.warzone2100-3.* |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,9 +18,9 @@ include disable-shell.inc | |||
18 | 18 | ||
19 | mkdir ${HOME}/.warzone2100-3.1 | 19 | mkdir ${HOME}/.warzone2100-3.1 |
20 | mkdir ${HOME}/.warzone2100-3.2 | 20 | mkdir ${HOME}/.warzone2100-3.2 |
21 | whitelist ${HOME}/.warzone2100-3.1 | 21 | allow ${HOME}/.warzone2100-3.1 |
22 | whitelist ${HOME}/.warzone2100-3.2 | 22 | allow ${HOME}/.warzone2100-3.2 |
23 | whitelist /usr/share/games | 23 | allow /usr/share/games |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-runuser-common.inc | 25 | include whitelist-runuser-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/waterfox.profile b/etc/profile-m-z/waterfox.profile index 18f1ca79a..4081b29b9 100644 --- a/etc/profile-m-z/waterfox.profile +++ b/etc/profile-m-z/waterfox.profile | |||
@@ -5,13 +5,13 @@ include waterfox.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.cache/waterfox | 8 | nodeny ${HOME}/.cache/waterfox |
9 | noblacklist ${HOME}/.waterfox | 9 | nodeny ${HOME}/.waterfox |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/waterfox | 11 | mkdir ${HOME}/.cache/waterfox |
12 | mkdir ${HOME}/.waterfox | 12 | mkdir ${HOME}/.waterfox |
13 | whitelist ${HOME}/.cache/waterfox | 13 | allow ${HOME}/.cache/waterfox |
14 | whitelist ${HOME}/.waterfox | 14 | allow ${HOME}/.waterfox |
15 | 15 | ||
16 | # Add the next lines to your watefox.local if you want to use the migration wizard. | 16 | # Add the next lines to your watefox.local if you want to use the migration wizard. |
17 | #noblacklist ${HOME}/.mozilla | 17 | #noblacklist ${HOME}/.mozilla |
diff --git a/etc/profile-m-z/webstorm.profile b/etc/profile-m-z/webstorm.profile index 69e96d0cd..1f42dae2c 100644 --- a/etc/profile-m-z/webstorm.profile +++ b/etc/profile-m-z/webstorm.profile | |||
@@ -5,12 +5,12 @@ include webstorm.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.WebStorm* | 8 | nodeny ${HOME}/.WebStorm* |
9 | noblacklist ${HOME}/.android | 9 | nodeny ${HOME}/.android |
10 | noblacklist ${HOME}/.local/share/JetBrains | 10 | nodeny ${HOME}/.local/share/JetBrains |
11 | noblacklist ${HOME}/.tooling | 11 | nodeny ${HOME}/.tooling |
12 | # Allow KDE file manager to open with log directories (blacklisted by disable-programs.inc) | 12 | # Allow KDE file manager to open with log directories (blacklisted by disable-programs.inc) |
13 | noblacklist ${HOME}/.config/dolphinrc | 13 | nodeny ${HOME}/.config/dolphinrc |
14 | 14 | ||
15 | # Allows files commonly used by IDEs | 15 | # Allows files commonly used by IDEs |
16 | include allow-common-devel.inc | 16 | include allow-common-devel.inc |
@@ -18,8 +18,8 @@ include allow-common-devel.inc | |||
18 | # Allow ssh (blacklisted by disable-common.inc) | 18 | # Allow ssh (blacklisted by disable-common.inc) |
19 | include allow-ssh.inc | 19 | include allow-ssh.inc |
20 | 20 | ||
21 | noblacklist ${PATH}/node | 21 | nodeny ${PATH}/node |
22 | noblacklist ${HOME}/.nvm | 22 | nodeny ${HOME}/.nvm |
23 | 23 | ||
24 | include disable-common.inc | 24 | include disable-common.inc |
25 | include disable-devel.inc | 25 | include disable-devel.inc |
diff --git a/etc/profile-m-z/webui-aria2.profile b/etc/profile-m-z/webui-aria2.profile index d5a998f35..d1bbcfb67 100644 --- a/etc/profile-m-z/webui-aria2.profile +++ b/etc/profile-m-z/webui-aria2.profile | |||
@@ -6,7 +6,7 @@ include webui-aria2.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PATH}/node | 9 | nodeny ${PATH}/node |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/weechat.profile b/etc/profile-m-z/weechat.profile index 76935212f..99941a590 100644 --- a/etc/profile-m-z/weechat.profile +++ b/etc/profile-m-z/weechat.profile | |||
@@ -6,12 +6,12 @@ include weechat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.weechat | 9 | nodeny ${HOME}/.weechat |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-programs.inc | 12 | include disable-programs.inc |
13 | 13 | ||
14 | whitelist /usr/share/weechat | 14 | allow /usr/share/weechat |
15 | include whitelist-usr-share-common.inc | 15 | include whitelist-usr-share-common.inc |
16 | include whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
17 | 17 | ||
diff --git a/etc/profile-m-z/wesnoth.profile b/etc/profile-m-z/wesnoth.profile index 199b3c6f0..47b923e6a 100644 --- a/etc/profile-m-z/wesnoth.profile +++ b/etc/profile-m-z/wesnoth.profile | |||
@@ -6,9 +6,9 @@ include wesnoth.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/wesnoth | 9 | nodeny ${HOME}/.cache/wesnoth |
10 | noblacklist ${HOME}/.config/wesnoth | 10 | nodeny ${HOME}/.config/wesnoth |
11 | noblacklist ${HOME}/.local/share/wesnoth | 11 | nodeny ${HOME}/.local/share/wesnoth |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -19,9 +19,9 @@ include disable-programs.inc | |||
19 | mkdir ${HOME}/.cache/wesnoth | 19 | mkdir ${HOME}/.cache/wesnoth |
20 | mkdir ${HOME}/.config/wesnoth | 20 | mkdir ${HOME}/.config/wesnoth |
21 | mkdir ${HOME}/.local/share/wesnoth | 21 | mkdir ${HOME}/.local/share/wesnoth |
22 | whitelist ${HOME}/.cache/wesnoth | 22 | allow ${HOME}/.cache/wesnoth |
23 | whitelist ${HOME}/.config/wesnoth | 23 | allow ${HOME}/.config/wesnoth |
24 | whitelist ${HOME}/.local/share/wesnoth | 24 | allow ${HOME}/.local/share/wesnoth |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | 26 | ||
27 | caps.drop all | 27 | caps.drop all |
diff --git a/etc/profile-m-z/wget.profile b/etc/profile-m-z/wget.profile index 53c4711bd..3c4a4eb63 100644 --- a/etc/profile-m-z/wget.profile +++ b/etc/profile-m-z/wget.profile | |||
@@ -7,12 +7,12 @@ include wget.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.netrc | 10 | nodeny ${HOME}/.netrc |
11 | noblacklist ${HOME}/.wget-hsts | 11 | nodeny ${HOME}/.wget-hsts |
12 | noblacklist ${HOME}/.wgetrc | 12 | nodeny ${HOME}/.wgetrc |
13 | 13 | ||
14 | blacklist /tmp/.X11-unix | 14 | deny /tmp/.X11-unix |
15 | blacklist ${RUNUSER} | 15 | deny ${RUNUSER} |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/profile-m-z/whalebird.profile b/etc/profile-m-z/whalebird.profile index 22a84274d..fdbd406c2 100644 --- a/etc/profile-m-z/whalebird.profile +++ b/etc/profile-m-z/whalebird.profile | |||
@@ -13,10 +13,10 @@ ignore include whitelist-usr-share-common.inc | |||
13 | ignore dbus-user none | 13 | ignore dbus-user none |
14 | ignore dbus-system none | 14 | ignore dbus-system none |
15 | 15 | ||
16 | noblacklist ${HOME}/.config/Whalebird | 16 | nodeny ${HOME}/.config/Whalebird |
17 | 17 | ||
18 | mkdir ${HOME}/.config/Whalebird | 18 | mkdir ${HOME}/.config/Whalebird |
19 | whitelist ${HOME}/.config/Whalebird | 19 | allow ${HOME}/.config/Whalebird |
20 | 20 | ||
21 | no3d | 21 | no3d |
22 | 22 | ||
diff --git a/etc/profile-m-z/whois.profile b/etc/profile-m-z/whois.profile index 93871a5a4..35d7fe9cb 100644 --- a/etc/profile-m-z/whois.profile +++ b/etc/profile-m-z/whois.profile | |||
@@ -7,8 +7,8 @@ include whois.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | deny /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | deny ${RUNUSER} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/widelands.profile b/etc/profile-m-z/widelands.profile index 0dc26b11d..8f5adb0fc 100644 --- a/etc/profile-m-z/widelands.profile +++ b/etc/profile-m-z/widelands.profile | |||
@@ -6,7 +6,7 @@ include widelands.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.widelands | 9 | nodeny ${HOME}/.widelands |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,7 +18,7 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.widelands | 20 | mkdir ${HOME}/.widelands |
21 | whitelist ${HOME}/.widelands | 21 | allow ${HOME}/.widelands |
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/wine.profile b/etc/profile-m-z/wine.profile index 0ea24aafd..6bc68c829 100644 --- a/etc/profile-m-z/wine.profile +++ b/etc/profile-m-z/wine.profile | |||
@@ -6,13 +6,13 @@ include wine.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/winetricks | 9 | nodeny ${HOME}/.cache/winetricks |
10 | noblacklist ${HOME}/.Steam | 10 | nodeny ${HOME}/.Steam |
11 | noblacklist ${HOME}/.local/share/Steam | 11 | nodeny ${HOME}/.local/share/Steam |
12 | noblacklist ${HOME}/.local/share/steam | 12 | nodeny ${HOME}/.local/share/steam |
13 | noblacklist ${HOME}/.steam | 13 | nodeny ${HOME}/.steam |
14 | noblacklist ${HOME}/.wine | 14 | nodeny ${HOME}/.wine |
15 | noblacklist /tmp/.wine-* | 15 | nodeny /tmp/.wine-* |
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/profile-m-z/wire-desktop.profile b/etc/profile-m-z/wire-desktop.profile index 151cd2adb..5f40bbd48 100644 --- a/etc/profile-m-z/wire-desktop.profile +++ b/etc/profile-m-z/wire-desktop.profile | |||
@@ -20,10 +20,10 @@ ignore private-cache | |||
20 | ignore dbus-user none | 20 | ignore dbus-user none |
21 | ignore dbus-system none | 21 | ignore dbus-system none |
22 | 22 | ||
23 | noblacklist ${HOME}/.config/Wire | 23 | nodeny ${HOME}/.config/Wire |
24 | 24 | ||
25 | mkdir ${HOME}/.config/Wire | 25 | mkdir ${HOME}/.config/Wire |
26 | whitelist ${HOME}/.config/Wire | 26 | allow ${HOME}/.config/Wire |
27 | 27 | ||
28 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop | 28 | private-bin bash,electron,electron[0-9],electron[0-9][0-9],env,sh,wire-desktop |
29 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl | 29 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,resolv.conf,ssl |
diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile index 1824026a8..f3f347283 100644 --- a/etc/profile-m-z/wireshark.profile +++ b/etc/profile-m-z/wireshark.profile | |||
@@ -6,9 +6,9 @@ include wireshark.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/wireshark | 9 | nodeny ${HOME}/.config/wireshark |
10 | noblacklist ${HOME}/.wireshark | 10 | nodeny ${HOME}/.wireshark |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | # Allow lua (blacklisted by disable-interpreters.inc) | 13 | # Allow lua (blacklisted by disable-interpreters.inc) |
14 | include allow-lua.inc | 14 | include allow-lua.inc |
@@ -21,7 +21,7 @@ include disable-passwdmgr.inc | |||
21 | include disable-programs.inc | 21 | include disable-programs.inc |
22 | include disable-xdg.inc | 22 | include disable-xdg.inc |
23 | 23 | ||
24 | whitelist /usr/share/wireshark | 24 | allow /usr/share/wireshark |
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-m-z/wordwarvi.profile b/etc/profile-m-z/wordwarvi.profile index 9c724a5d2..1f1541a20 100644 --- a/etc/profile-m-z/wordwarvi.profile +++ b/etc/profile-m-z/wordwarvi.profile | |||
@@ -6,7 +6,7 @@ include wordwarvi.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.wordwarvi | 9 | nodeny ${HOME}/.wordwarvi |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,8 +18,8 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.wordwarvi | 20 | mkdir ${HOME}/.wordwarvi |
21 | whitelist ${HOME}/.wordwarvi | 21 | allow ${HOME}/.wordwarvi |
22 | whitelist /usr/share/wordwarvi | 22 | allow /usr/share/wordwarvi |
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/wps.profile b/etc/profile-m-z/wps.profile index a44b6490e..6d16dfb04 100644 --- a/etc/profile-m-z/wps.profile +++ b/etc/profile-m-z/wps.profile | |||
@@ -6,9 +6,9 @@ include wps.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.kingsoft | 9 | nodeny ${HOME}/.kingsoft |
10 | noblacklist ${HOME}/.config/Kingsoft | 10 | nodeny ${HOME}/.config/Kingsoft |
11 | noblacklist ${HOME}/.local/share/Kingsoft | 11 | nodeny ${HOME}/.local/share/Kingsoft |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/x2goclient.profile b/etc/profile-m-z/x2goclient.profile index 557f07cd9..311746cd9 100644 --- a/etc/profile-m-z/x2goclient.profile +++ b/etc/profile-m-z/x2goclient.profile | |||
@@ -6,8 +6,8 @@ include x2goclient.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.x2go | 9 | nodeny ${HOME}/.x2go |
10 | noblacklist ${HOME}/.x2goclient | 10 | nodeny ${HOME}/.x2goclient |
11 | 11 | ||
12 | # Allow ssh (blacklisted by disable-common.inc) | 12 | # Allow ssh (blacklisted by disable-common.inc) |
13 | include allow-ssh.inc | 13 | include allow-ssh.inc |
diff --git a/etc/profile-m-z/xbill.profile b/etc/profile-m-z/xbill.profile index 384f76acc..e545aa3a0 100644 --- a/etc/profile-m-z/xbill.profile +++ b/etc/profile-m-z/xbill.profile | |||
@@ -15,8 +15,8 @@ include disable-programs.inc | |||
15 | include disable-shell.inc | 15 | include disable-shell.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | whitelist /usr/share/xbill | 18 | allow /usr/share/xbill |
19 | whitelist /var/games/xbill/scores | 19 | allow /var/games/xbill/scores |
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/xchat.profile b/etc/profile-m-z/xchat.profile index a94444aab..7d0adbcc2 100644 --- a/etc/profile-m-z/xchat.profile +++ b/etc/profile-m-z/xchat.profile | |||
@@ -6,7 +6,7 @@ include xchat.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/xchat | 9 | nodeny ${HOME}/.config/xchat |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xed.profile b/etc/profile-m-z/xed.profile index 4a3022e83..5db709bd1 100644 --- a/etc/profile-m-z/xed.profile +++ b/etc/profile-m-z/xed.profile | |||
@@ -5,10 +5,10 @@ include xed.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/xed | 8 | nodeny ${HOME}/.config/xed |
9 | noblacklist ${HOME}/.python-history | 9 | nodeny ${HOME}/.python-history |
10 | noblacklist ${HOME}/.python_history | 10 | nodeny ${HOME}/.python_history |
11 | noblacklist ${HOME}/.pythonhist | 11 | nodeny ${HOME}/.pythonhist |
12 | 12 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 14 | include allow-python2.inc |
diff --git a/etc/profile-m-z/xfburn.profile b/etc/profile-m-z/xfburn.profile index cd9561e74..297ff6164 100644 --- a/etc/profile-m-z/xfburn.profile +++ b/etc/profile-m-z/xfburn.profile | |||
@@ -6,7 +6,7 @@ include xfburn.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/xfburn | 9 | nodeny ${HOME}/.config/xfburn |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xfce4-dict.profile b/etc/profile-m-z/xfce4-dict.profile index ecd321c7e..8ecd84116 100644 --- a/etc/profile-m-z/xfce4-dict.profile +++ b/etc/profile-m-z/xfce4-dict.profile | |||
@@ -6,7 +6,7 @@ include xfce4-dict.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/xfce4-dict | 9 | nodeny ${HOME}/.config/xfce4-dict |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xfce4-mixer.profile b/etc/profile-m-z/xfce4-mixer.profile index bb38dbebd..8a6f9e921 100644 --- a/etc/profile-m-z/xfce4-mixer.profile +++ b/etc/profile-m-z/xfce4-mixer.profile | |||
@@ -6,7 +6,7 @@ include xfce4-mixer.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml | 9 | nodeny ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,10 +18,10 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkfile ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml | 20 | mkfile ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml |
21 | whitelist ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml | 21 | allow ${HOME}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-mixer.xml |
22 | whitelist /usr/share/gstreamer-* | 22 | allow /usr/share/gstreamer-* |
23 | whitelist /usr/share/xfce4 | 23 | allow /usr/share/xfce4 |
24 | whitelist /usr/share/xfce4-mixer | 24 | allow /usr/share/xfce4-mixer |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/xfce4-notes.profile b/etc/profile-m-z/xfce4-notes.profile index ebfb4333c..fe88f9b27 100644 --- a/etc/profile-m-z/xfce4-notes.profile +++ b/etc/profile-m-z/xfce4-notes.profile | |||
@@ -6,9 +6,9 @@ include xfce4-notes.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.gtkrc | 9 | nodeny ${HOME}/.config/xfce4/xfce4-notes.gtkrc |
10 | noblacklist ${HOME}/.config/xfce4/xfce4-notes.rc | 10 | nodeny ${HOME}/.config/xfce4/xfce4-notes.rc |
11 | noblacklist ${HOME}/.local/share/notes | 11 | nodeny ${HOME}/.local/share/notes |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xfce4-screenshooter.profile b/etc/profile-m-z/xfce4-screenshooter.profile index b1e5bafbf..baf222354 100644 --- a/etc/profile-m-z/xfce4-screenshooter.profile +++ b/etc/profile-m-z/xfce4-screenshooter.profile | |||
@@ -6,7 +6,7 @@ include xfce4-screenshooter.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${PICTURES} | 9 | nodeny ${PICTURES} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,7 +17,7 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist /usr/share/xfce4 | 20 | allow /usr/share/xfce4 |
21 | include whitelist-runuser-common.inc | 21 | include whitelist-runuser-common.inc |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/xiphos.profile b/etc/profile-m-z/xiphos.profile index 81d98db7a..5c11cbd66 100644 --- a/etc/profile-m-z/xiphos.profile +++ b/etc/profile-m-z/xiphos.profile | |||
@@ -6,10 +6,10 @@ include xiphos.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.sword | 9 | nodeny ${HOME}/.sword |
10 | noblacklist ${HOME}/.xiphos | 10 | nodeny ${HOME}/.xiphos |
11 | 11 | ||
12 | blacklist ${HOME}/.bashrc | 12 | deny ${HOME}/.bashrc |
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -21,8 +21,8 @@ include disable-shell.inc | |||
21 | 21 | ||
22 | mkdir ${HOME}/.sword | 22 | mkdir ${HOME}/.sword |
23 | mkdir ${HOME}/.xiphos | 23 | mkdir ${HOME}/.xiphos |
24 | whitelist ${HOME}/.sword | 24 | allow ${HOME}/.sword |
25 | whitelist ${HOME}/.xiphos | 25 | allow ${HOME}/.xiphos |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
diff --git a/etc/profile-m-z/xlinks.profile b/etc/profile-m-z/xlinks.profile index d5e25cfe7..da4801101 100644 --- a/etc/profile-m-z/xlinks.profile +++ b/etc/profile-m-z/xlinks.profile | |||
@@ -7,7 +7,7 @@ include xlinks.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist /tmp/.X11-unix | 10 | nodeny /tmp/.X11-unix |
11 | 11 | ||
12 | include whitelist-common.inc | 12 | include whitelist-common.inc |
13 | 13 | ||
diff --git a/etc/profile-m-z/xlinks2 b/etc/profile-m-z/xlinks2 index 1ae6a60ca..a7612cb2a 100644 --- a/etc/profile-m-z/xlinks2 +++ b/etc/profile-m-z/xlinks2 | |||
@@ -7,7 +7,7 @@ include xlinks2.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist /tmp/.X11-unix | 10 | nodeny /tmp/.X11-unix |
11 | 11 | ||
12 | include whitelist-common.inc | 12 | include whitelist-common.inc |
13 | 13 | ||
diff --git a/etc/profile-m-z/xmms.profile b/etc/profile-m-z/xmms.profile index 25261d925..1ed35f29a 100644 --- a/etc/profile-m-z/xmms.profile +++ b/etc/profile-m-z/xmms.profile | |||
@@ -5,8 +5,8 @@ include xmms.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.xmms | 8 | nodeny ${HOME}/.xmms |
9 | noblacklist ${MUSIC} | 9 | nodeny ${MUSIC} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xmr-stak.profile b/etc/profile-m-z/xmr-stak.profile index e7020f36b..c97c12f56 100644 --- a/etc/profile-m-z/xmr-stak.profile +++ b/etc/profile-m-z/xmr-stak.profile | |||
@@ -5,7 +5,7 @@ include xmr-stak.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.xmr-stak | 8 | nodeny ${HOME}/.xmr-stak |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-devel.inc | 11 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile index 53c9a0a08..94a09198c 100644 --- a/etc/profile-m-z/xonotic.profile +++ b/etc/profile-m-z/xonotic.profile | |||
@@ -6,7 +6,7 @@ include xonotic.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.xonotic | 9 | nodeny ${HOME}/.xonotic |
10 | 10 | ||
11 | include allow-bin-sh.inc | 11 | include allow-bin-sh.inc |
12 | include allow-opengl-game.inc | 12 | include allow-opengl-game.inc |
@@ -21,8 +21,8 @@ include disable-shell.inc | |||
21 | include disable-xdg.inc | 21 | include disable-xdg.inc |
22 | 22 | ||
23 | mkdir ${HOME}/.xonotic | 23 | mkdir ${HOME}/.xonotic |
24 | whitelist ${HOME}/.xonotic | 24 | allow ${HOME}/.xonotic |
25 | whitelist /usr/share/xonotic | 25 | allow /usr/share/xonotic |
26 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/xournal.profile b/etc/profile-m-z/xournal.profile index c4f092d50..34a188a4e 100644 --- a/etc/profile-m-z/xournal.profile +++ b/etc/profile-m-z/xournal.profile | |||
@@ -6,7 +6,7 @@ include xournal.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -17,8 +17,8 @@ include disable-programs.inc | |||
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | whitelist /usr/share/xournal | 20 | allow /usr/share/xournal |
21 | whitelist /usr/share/poppler | 21 | allow /usr/share/poppler |
22 | include whitelist-usr-share-common.inc | 22 | include whitelist-usr-share-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
diff --git a/etc/profile-m-z/xournalpp.profile b/etc/profile-m-z/xournalpp.profile index 988b878b9..f82d2a5d3 100644 --- a/etc/profile-m-z/xournalpp.profile +++ b/etc/profile-m-z/xournalpp.profile | |||
@@ -7,13 +7,13 @@ include xournalpp.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.xournalpp | 10 | nodeny ${HOME}/.xournalpp |
11 | 11 | ||
12 | include allow-lua.inc | 12 | include allow-lua.inc |
13 | 13 | ||
14 | whitelist /usr/share/texlive | 14 | allow /usr/share/texlive |
15 | whitelist /usr/share/xournalpp | 15 | allow /usr/share/xournalpp |
16 | whitelist /var/lib/texmf | 16 | allow /var/lib/texmf |
17 | include whitelist-runuser-common.inc | 17 | include whitelist-runuser-common.inc |
18 | 18 | ||
19 | #mkdir ${HOME}/.xournalpp | 19 | #mkdir ${HOME}/.xournalpp |
diff --git a/etc/profile-m-z/xpdf.profile b/etc/profile-m-z/xpdf.profile index 1447ec9a7..9da63b52a 100644 --- a/etc/profile-m-z/xpdf.profile +++ b/etc/profile-m-z/xpdf.profile | |||
@@ -6,8 +6,8 @@ include xpdf.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.xpdfrc | 9 | nodeny ${HOME}/.xpdfrc |
10 | noblacklist ${DOCUMENTS} | 10 | nodeny ${DOCUMENTS} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xplayer.profile b/etc/profile-m-z/xplayer.profile index c3bb3292c..4af4586e3 100644 --- a/etc/profile-m-z/xplayer.profile +++ b/etc/profile-m-z/xplayer.profile | |||
@@ -5,8 +5,8 @@ include xplayer.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/xplayer | 8 | nodeny ${HOME}/.config/xplayer |
9 | noblacklist ${HOME}/.local/share/xplayer | 9 | nodeny ${HOME}/.local/share/xplayer |
10 | 10 | ||
11 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
12 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -22,8 +22,8 @@ include disable-programs.inc | |||
22 | read-only ${DESKTOP} | 22 | read-only ${DESKTOP} |
23 | mkdir ${HOME}/.config/xplayer | 23 | mkdir ${HOME}/.config/xplayer |
24 | mkdir ${HOME}/.local/share/xplayer | 24 | mkdir ${HOME}/.local/share/xplayer |
25 | whitelist ${HOME}/.config/xplayer | 25 | allow ${HOME}/.config/xplayer |
26 | whitelist ${HOME}/.local/share/xplayer | 26 | allow ${HOME}/.local/share/xplayer |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-player-common.inc | 28 | include whitelist-player-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/xpra.profile b/etc/profile-m-z/xpra.profile index 6e409e1aa..28fbc94dd 100644 --- a/etc/profile-m-z/xpra.profile +++ b/etc/profile-m-z/xpra.profile | |||
@@ -25,7 +25,7 @@ include disable-interpreters.inc | |||
25 | include disable-passwdmgr.inc | 25 | include disable-passwdmgr.inc |
26 | include disable-programs.inc | 26 | include disable-programs.inc |
27 | 27 | ||
28 | whitelist /var/lib/xkb | 28 | allow /var/lib/xkb |
29 | # whitelisting home directory, or including whitelist-common.inc | 29 | # whitelisting home directory, or including whitelist-common.inc |
30 | # will crash xpra on some platforms | 30 | # will crash xpra on some platforms |
31 | 31 | ||
diff --git a/etc/profile-m-z/xreader.profile b/etc/profile-m-z/xreader.profile index 3ab35edfc..440f26af2 100644 --- a/etc/profile-m-z/xreader.profile +++ b/etc/profile-m-z/xreader.profile | |||
@@ -6,9 +6,9 @@ include xreader.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.cache/xreader | 9 | nodeny ${HOME}/.cache/xreader |
10 | noblacklist ${HOME}/.config/xreader | 10 | nodeny ${HOME}/.config/xreader |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/xviewer.profile b/etc/profile-m-z/xviewer.profile index 4d454f81c..671e0cf5b 100644 --- a/etc/profile-m-z/xviewer.profile +++ b/etc/profile-m-z/xviewer.profile | |||
@@ -5,10 +5,10 @@ include xviewer.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.Steam | 8 | nodeny ${HOME}/.Steam |
9 | noblacklist ${HOME}/.config/xviewer | 9 | nodeny ${HOME}/.config/xviewer |
10 | noblacklist ${HOME}/.local/share/Trash | 10 | nodeny ${HOME}/.local/share/Trash |
11 | noblacklist ${HOME}/.steam | 11 | nodeny ${HOME}/.steam |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
diff --git a/etc/profile-m-z/yandex-browser.profile b/etc/profile-m-z/yandex-browser.profile index 81cd021f7..27d0eb411 100644 --- a/etc/profile-m-z/yandex-browser.profile +++ b/etc/profile-m-z/yandex-browser.profile | |||
@@ -10,19 +10,19 @@ ignore whitelist /usr/share/chromium | |||
10 | ignore include whitelist-runuser-common.inc | 10 | ignore include whitelist-runuser-common.inc |
11 | ignore include whitelist-usr-share-common.inc | 11 | ignore include whitelist-usr-share-common.inc |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/yandex-browser | 13 | nodeny ${HOME}/.cache/yandex-browser |
14 | noblacklist ${HOME}/.cache/yandex-browser-beta | 14 | nodeny ${HOME}/.cache/yandex-browser-beta |
15 | noblacklist ${HOME}/.config/yandex-browser | 15 | nodeny ${HOME}/.config/yandex-browser |
16 | noblacklist ${HOME}/.config/yandex-browser-beta | 16 | nodeny ${HOME}/.config/yandex-browser-beta |
17 | 17 | ||
18 | mkdir ${HOME}/.cache/yandex-browser | 18 | mkdir ${HOME}/.cache/yandex-browser |
19 | mkdir ${HOME}/.cache/yandex-browser-beta | 19 | mkdir ${HOME}/.cache/yandex-browser-beta |
20 | mkdir ${HOME}/.config/yandex-browser | 20 | mkdir ${HOME}/.config/yandex-browser |
21 | mkdir ${HOME}/.config/yandex-browser-beta | 21 | mkdir ${HOME}/.config/yandex-browser-beta |
22 | whitelist ${HOME}/.cache/yandex-browser | 22 | allow ${HOME}/.cache/yandex-browser |
23 | whitelist ${HOME}/.cache/yandex-browser-beta | 23 | allow ${HOME}/.cache/yandex-browser-beta |
24 | whitelist ${HOME}/.config/yandex-browser | 24 | allow ${HOME}/.config/yandex-browser |
25 | whitelist ${HOME}/.config/yandex-browser-beta | 25 | allow ${HOME}/.config/yandex-browser-beta |
26 | 26 | ||
27 | # Redirect | 27 | # Redirect |
28 | include chromium-common.profile | 28 | include chromium-common.profile |
diff --git a/etc/profile-m-z/yelp.profile b/etc/profile-m-z/yelp.profile index dee154409..b288993f2 100644 --- a/etc/profile-m-z/yelp.profile +++ b/etc/profile-m-z/yelp.profile | |||
@@ -6,7 +6,7 @@ include yelp.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/yelp | 9 | nodeny ${HOME}/.config/yelp |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -18,15 +18,15 @@ include disable-shell.inc | |||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | mkdir ${HOME}/.config/yelp | 20 | mkdir ${HOME}/.config/yelp |
21 | whitelist ${HOME}/.config/yelp | 21 | allow ${HOME}/.config/yelp |
22 | whitelist /usr/libexec/webkit2gtk-4.0 | 22 | allow /usr/libexec/webkit2gtk-4.0 |
23 | whitelist /usr/share/doc | 23 | allow /usr/share/doc |
24 | whitelist /usr/share/groff | 24 | allow /usr/share/groff |
25 | whitelist /usr/share/help | 25 | allow /usr/share/help |
26 | whitelist /usr/share/man | 26 | allow /usr/share/man |
27 | whitelist /usr/share/yelp | 27 | allow /usr/share/yelp |
28 | whitelist /usr/share/yelp-tools | 28 | allow /usr/share/yelp-tools |
29 | whitelist /usr/share/yelp-xsl | 29 | allow /usr/share/yelp-xsl |
30 | include whitelist-common.inc | 30 | include whitelist-common.inc |
31 | include whitelist-runuser-common.inc | 31 | include whitelist-runuser-common.inc |
32 | include whitelist-usr-share-common.inc | 32 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/youtube-dl-gui.profile b/etc/profile-m-z/youtube-dl-gui.profile index b52271a2c..26ea3acaa 100644 --- a/etc/profile-m-z/youtube-dl-gui.profile +++ b/etc/profile-m-z/youtube-dl-gui.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | include allow-python2.inc | 8 | include allow-python2.inc |
9 | include allow-python3.inc | 9 | include allow-python3.inc |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/youtube-dlg | 11 | nodeny ${HOME}/.config/youtube-dlg |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,8 +20,8 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.config/youtube-dlg | 22 | mkdir ${HOME}/.config/youtube-dlg |
23 | whitelist ${HOME}/.config/youtube-dlg | 23 | allow ${HOME}/.config/youtube-dlg |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
27 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/youtube-dl.profile b/etc/profile-m-z/youtube-dl.profile index 24c4d6db3..37f87d0b5 100644 --- a/etc/profile-m-z/youtube-dl.profile +++ b/etc/profile-m-z/youtube-dl.profile | |||
@@ -10,18 +10,18 @@ include globals.local | |||
10 | # breaks when installed under ${HOME} via `pip install --user` (see #2833) | 10 | # breaks when installed under ${HOME} via `pip install --user` (see #2833) |
11 | ignore noexec ${HOME} | 11 | ignore noexec ${HOME} |
12 | 12 | ||
13 | noblacklist ${HOME}/.cache/youtube-dl | 13 | nodeny ${HOME}/.cache/youtube-dl |
14 | noblacklist ${HOME}/.config/youtube-dl | 14 | nodeny ${HOME}/.config/youtube-dl |
15 | noblacklist ${HOME}/.netrc | 15 | nodeny ${HOME}/.netrc |
16 | noblacklist ${MUSIC} | 16 | nodeny ${MUSIC} |
17 | noblacklist ${VIDEOS} | 17 | nodeny ${VIDEOS} |
18 | 18 | ||
19 | # Allow python (blacklisted by disable-interpreters.inc) | 19 | # Allow python (blacklisted by disable-interpreters.inc) |
20 | include allow-python2.inc | 20 | include allow-python2.inc |
21 | include allow-python3.inc | 21 | include allow-python3.inc |
22 | 22 | ||
23 | blacklist /tmp/.X11-unix | 23 | deny /tmp/.X11-unix |
24 | blacklist ${RUNUSER} | 24 | deny ${RUNUSER} |
25 | 25 | ||
26 | include disable-common.inc | 26 | include disable-common.inc |
27 | include disable-devel.inc | 27 | include disable-devel.inc |
diff --git a/etc/profile-m-z/youtube-viewer.profile b/etc/profile-m-z/youtube-viewer.profile index b54dd37ad..84b8bbc6a 100644 --- a/etc/profile-m-z/youtube-viewer.profile +++ b/etc/profile-m-z/youtube-viewer.profile | |||
@@ -7,13 +7,13 @@ include youtube-viewer.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/youtube-viewer | 10 | nodeny ${HOME}/.cache/youtube-viewer |
11 | noblacklist ${HOME}/.config/youtube-viewer | 11 | nodeny ${HOME}/.config/youtube-viewer |
12 | 12 | ||
13 | mkdir ${HOME}/.cache/youtube-viewer | 13 | mkdir ${HOME}/.cache/youtube-viewer |
14 | mkdir ${HOME}/.config/youtube-viewer | 14 | mkdir ${HOME}/.config/youtube-viewer |
15 | whitelist ${HOME}/.cache/youtube-viewer | 15 | allow ${HOME}/.cache/youtube-viewer |
16 | whitelist ${HOME}/.config/youtube-viewer | 16 | allow ${HOME}/.config/youtube-viewer |
17 | 17 | ||
18 | private-bin gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,youtube-viewer | 18 | private-bin gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,youtube-viewer |
19 | 19 | ||
diff --git a/etc/profile-m-z/youtube-viewers-common.profile b/etc/profile-m-z/youtube-viewers-common.profile index 25a073d4a..f531f815e 100644 --- a/etc/profile-m-z/youtube-viewers-common.profile +++ b/etc/profile-m-z/youtube-viewers-common.profile | |||
@@ -7,7 +7,7 @@ include youtube-viewers-common.local | |||
7 | # added by caller profile | 7 | # added by caller profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | noblacklist ${HOME}/.cache/youtube-dl | 10 | nodeny ${HOME}/.cache/youtube-dl |
11 | 11 | ||
12 | # Allow lua (blacklisted by disable-interpreters.inc) | 12 | # Allow lua (blacklisted by disable-interpreters.inc) |
13 | include allow-lua.inc | 13 | include allow-lua.inc |
@@ -27,8 +27,8 @@ include disable-passwdmgr.inc | |||
27 | include disable-programs.inc | 27 | include disable-programs.inc |
28 | include disable-xdg.inc | 28 | include disable-xdg.inc |
29 | 29 | ||
30 | whitelist ${DOWNLOADS} | 30 | allow ${DOWNLOADS} |
31 | whitelist ${HOME}/.cache/youtube-dl/youtube-sigfuncs | 31 | allow ${HOME}/.cache/youtube-dl/youtube-sigfuncs |
32 | include whitelist-common.inc | 32 | include whitelist-common.inc |
33 | include whitelist-runuser-common.inc | 33 | include whitelist-runuser-common.inc |
34 | include whitelist-usr-share-common.inc | 34 | include whitelist-usr-share-common.inc |
diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile index ad7ceaee4..b015fb013 100644 --- a/etc/profile-m-z/youtube.profile +++ b/etc/profile-m-z/youtube.profile | |||
@@ -9,12 +9,12 @@ include globals.local | |||
9 | # Disabled until someone reported positive feedback | 9 | # Disabled until someone reported positive feedback |
10 | ignore nou2f | 10 | ignore nou2f |
11 | 11 | ||
12 | noblacklist ${HOME}/.config/Youtube | 12 | nodeny ${HOME}/.config/Youtube |
13 | 13 | ||
14 | include disable-shell.inc | 14 | include disable-shell.inc |
15 | 15 | ||
16 | mkdir ${HOME}/.config/Youtube | 16 | mkdir ${HOME}/.config/Youtube |
17 | whitelist ${HOME}/.config/Youtube | 17 | allow ${HOME}/.config/Youtube |
18 | 18 | ||
19 | private-bin youtube | 19 | private-bin youtube |
20 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 20 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile index 74b0e38b9..d594a3d0f 100644 --- a/etc/profile-m-z/youtubemusic-nativefier.profile +++ b/etc/profile-m-z/youtubemusic-nativefier.profile | |||
@@ -6,12 +6,12 @@ include youtube.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/youtubemusic-nativefier-040164 | 9 | nodeny ${HOME}/.config/youtubemusic-nativefier-040164 |
10 | 10 | ||
11 | include disable-shell.inc | 11 | include disable-shell.inc |
12 | 12 | ||
13 | mkdir ${HOME}/.config/youtubemusic-nativefier-040164 | 13 | mkdir ${HOME}/.config/youtubemusic-nativefier-040164 |
14 | whitelist ${HOME}/.config/youtubemusic-nativefier-040164 | 14 | allow ${HOME}/.config/youtubemusic-nativefier-040164 |
15 | 15 | ||
16 | private-bin youtubemusic-nativefier | 16 | private-bin youtubemusic-nativefier |
17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
diff --git a/etc/profile-m-z/ytmdesktop.profile b/etc/profile-m-z/ytmdesktop.profile index ab46fccc2..9987c953e 100644 --- a/etc/profile-m-z/ytmdesktop.profile +++ b/etc/profile-m-z/ytmdesktop.profile | |||
@@ -8,10 +8,10 @@ include globals.local | |||
8 | 8 | ||
9 | ignore dbus-user none | 9 | ignore dbus-user none |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/youtube-music-desktop-app | 11 | nodeny ${HOME}/.config/youtube-music-desktop-app |
12 | 12 | ||
13 | mkdir ${HOME}/.config/youtube-music-desktop-app | 13 | mkdir ${HOME}/.config/youtube-music-desktop-app |
14 | whitelist ${HOME}/.config/youtube-music-desktop-app | 14 | allow ${HOME}/.config/youtube-music-desktop-app |
15 | 15 | ||
16 | # private-bin env,ytmdesktop | 16 | # private-bin env,ytmdesktop |
17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 17 | private-etc alsa,alternatives,asound.conf,ati,bumblebee,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,mime.types,nsswitch.conf,nvidia,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
diff --git a/etc/profile-m-z/zaproxy.profile b/etc/profile-m-z/zaproxy.profile index 5a168feb6..2f18a8c45 100644 --- a/etc/profile-m-z/zaproxy.profile +++ b/etc/profile-m-z/zaproxy.profile | |||
@@ -6,7 +6,7 @@ include zaproxy.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.ZAP | 9 | nodeny ${HOME}/.ZAP |
10 | 10 | ||
11 | # Allow java (blacklisted by disable-devel.inc) | 11 | # Allow java (blacklisted by disable-devel.inc) |
12 | include allow-java.inc | 12 | include allow-java.inc |
@@ -20,8 +20,8 @@ include disable-programs.inc | |||
20 | 20 | ||
21 | mkdir ${HOME}/.java | 21 | mkdir ${HOME}/.java |
22 | mkdir ${HOME}/.ZAP | 22 | mkdir ${HOME}/.ZAP |
23 | whitelist ${HOME}/.java | 23 | allow ${HOME}/.java |
24 | whitelist ${HOME}/.ZAP | 24 | allow ${HOME}/.ZAP |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/profile-m-z/zart.profile b/etc/profile-m-z/zart.profile index 10f83aa30..32ff4f8ed 100644 --- a/etc/profile-m-z/zart.profile +++ b/etc/profile-m-z/zart.profile | |||
@@ -6,8 +6,8 @@ include zart.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${DOCUMENTS} | 9 | nodeny ${DOCUMENTS} |
10 | noblacklist ${PICTURES} | 10 | nodeny ${PICTURES} |
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
diff --git a/etc/profile-m-z/zathura.profile b/etc/profile-m-z/zathura.profile index d0e68c980..4bc841f63 100644 --- a/etc/profile-m-z/zathura.profile +++ b/etc/profile-m-z/zathura.profile | |||
@@ -6,9 +6,9 @@ include zathura.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/zathura | 9 | nodeny ${HOME}/.config/zathura |
10 | noblacklist ${HOME}/.local/share/zathura | 10 | nodeny ${HOME}/.local/share/zathura |
11 | noblacklist ${DOCUMENTS} | 11 | nodeny ${DOCUMENTS} |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -22,8 +22,8 @@ include disable-xdg.inc | |||
22 | 22 | ||
23 | mkdir ${HOME}/.config/zathura | 23 | mkdir ${HOME}/.config/zathura |
24 | mkdir ${HOME}/.local/share/zathura | 24 | mkdir ${HOME}/.local/share/zathura |
25 | whitelist /usr/share/doc | 25 | allow /usr/share/doc |
26 | whitelist /usr/share/zathura | 26 | allow /usr/share/zathura |
27 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
diff --git a/etc/profile-m-z/zcat.profile b/etc/profile-m-z/zcat.profile index 5de13ab90..904ea9f05 100644 --- a/etc/profile-m-z/zcat.profile +++ b/etc/profile-m-z/zcat.profile | |||
@@ -9,7 +9,7 @@ include zcat.local | |||
9 | 9 | ||
10 | # Allow running kernel config check | 10 | # Allow running kernel config check |
11 | ignore include disable-shell.inc | 11 | ignore include disable-shell.inc |
12 | noblacklist /proc/config.gz | 12 | nodeny /proc/config.gz |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include gzip.profile | 15 | include gzip.profile |
diff --git a/etc/profile-m-z/zeal.profile b/etc/profile-m-z/zeal.profile index 2c6f6910f..458df2a46 100644 --- a/etc/profile-m-z/zeal.profile +++ b/etc/profile-m-z/zeal.profile | |||
@@ -6,9 +6,9 @@ include zeal.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Zeal | 9 | nodeny ${HOME}/.config/Zeal |
10 | noblacklist ${HOME}/.cache/Zeal | 10 | nodeny ${HOME}/.cache/Zeal |
11 | noblacklist ${HOME}/.local/share/Zeal | 11 | nodeny ${HOME}/.local/share/Zeal |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -23,9 +23,9 @@ mkdir ${HOME}/.cache/Zeal | |||
23 | mkdir ${HOME}/.config/qt5ct | 23 | mkdir ${HOME}/.config/qt5ct |
24 | mkdir ${HOME}/.config/Zeal | 24 | mkdir ${HOME}/.config/Zeal |
25 | mkdir ${HOME}/.local/share/Zeal | 25 | mkdir ${HOME}/.local/share/Zeal |
26 | whitelist ${HOME}/.cache/Zeal | 26 | allow ${HOME}/.cache/Zeal |
27 | whitelist ${HOME}/.config/Zeal | 27 | allow ${HOME}/.config/Zeal |
28 | whitelist ${HOME}/.local/share/Zeal | 28 | allow ${HOME}/.local/share/Zeal |
29 | include whitelist-common.inc | 29 | include whitelist-common.inc |
30 | include whitelist-var-common.inc | 30 | include whitelist-var-common.inc |
31 | 31 | ||
diff --git a/etc/profile-m-z/zgrep.profile b/etc/profile-m-z/zgrep.profile index f63dc871f..e2dfbd105 100644 --- a/etc/profile-m-z/zgrep.profile +++ b/etc/profile-m-z/zgrep.profile | |||
@@ -9,7 +9,7 @@ include zgrep.local | |||
9 | 9 | ||
10 | # Allow running kernel config check | 10 | # Allow running kernel config check |
11 | ignore include disable-shell.inc | 11 | ignore include disable-shell.inc |
12 | noblacklist /proc/config.gz | 12 | nodeny /proc/config.gz |
13 | 13 | ||
14 | # Redirect | 14 | # Redirect |
15 | include gzip.profile | 15 | include gzip.profile |
diff --git a/etc/profile-m-z/zim.profile b/etc/profile-m-z/zim.profile new file mode 100644 index 000000000..5ae9cddb3 --- /dev/null +++ b/etc/profile-m-z/zim.profile | |||
@@ -0,0 +1,72 @@ | |||
1 | # Firejail profile for Zim | ||
2 | # Description: Desktop wiki & notekeeper | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include zim.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | nodeny ${HOME}/.cache/zim | ||
10 | nodeny ${HOME}/.config/zim | ||
11 | |||
12 | # Allow python (blacklisted by disable-interpreters.inc) | ||
13 | include allow-python2.inc | ||
14 | include allow-python3.inc | ||
15 | |||
16 | deny /usr/libexec | ||
17 | |||
18 | include disable-common.inc | ||
19 | include disable-devel.inc | ||
20 | include disable-exec.inc | ||
21 | include disable-interpreters.inc | ||
22 | include disable-passwdmgr.inc | ||
23 | include disable-programs.inc | ||
24 | include disable-shell.inc | ||
25 | |||
26 | mkdir ${HOME}/.cache/zim | ||
27 | mkdir ${HOME}/.config/zim | ||
28 | mkdir ${HOME}/Notebooks | ||
29 | allow ${HOME}/.cache/zim | ||
30 | allow ${HOME}/.config/zim | ||
31 | allow ${HOME}/Notebooks | ||
32 | allow ${DESKTOP} | ||
33 | allow ${DOCUMENTS} | ||
34 | allow ${DOWNLOADS} | ||
35 | allow ${MUSIC} | ||
36 | allow ${PICTURES} | ||
37 | allow ${VIDEOS} | ||
38 | allow /usr/share/zim | ||
39 | include whitelist-common.inc | ||
40 | include whitelist-runuser-common.inc | ||
41 | include whitelist-usr-share-common.inc | ||
42 | include whitelist-var-common.inc | ||
43 | |||
44 | apparmor | ||
45 | caps.drop all | ||
46 | machine-id | ||
47 | net none | ||
48 | no3d | ||
49 | nodvd | ||
50 | nogroups | ||
51 | noinput | ||
52 | nonewprivs | ||
53 | noroot | ||
54 | nosound | ||
55 | notv | ||
56 | nou2f | ||
57 | novideo | ||
58 | protocol unix | ||
59 | seccomp | ||
60 | seccomp.block-secondary | ||
61 | shell none | ||
62 | tracelog | ||
63 | |||
64 | disable-mnt | ||
65 | private-bin python*,zim | ||
66 | private-cache | ||
67 | private-dev | ||
68 | private-etc alternatives,dconf,fonts,gconf,gtk-2.0,gtk-3.0,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,pango,X11 | ||
69 | private-tmp | ||
70 | |||
71 | dbus-user none | ||
72 | dbus-system none | ||
diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile index ac615d861..6b0417b56 100644 --- a/etc/profile-m-z/zoom.profile +++ b/etc/profile-m-z/zoom.profile | |||
@@ -16,17 +16,17 @@ ignore dbus-system none | |||
16 | # If you use such a system, add 'ignore nogroups' to your zoom.local. | 16 | # If you use such a system, add 'ignore nogroups' to your zoom.local. |
17 | #ignore nogroups | 17 | #ignore nogroups |
18 | 18 | ||
19 | noblacklist ${HOME}/.config/zoomus.conf | 19 | nodeny ${HOME}/.config/zoomus.conf |
20 | noblacklist ${HOME}/.zoom | 20 | nodeny ${HOME}/.zoom |
21 | 21 | ||
22 | nowhitelist ${DOWNLOADS} | 22 | noallow ${DOWNLOADS} |
23 | 23 | ||
24 | mkdir ${HOME}/.cache/zoom | 24 | mkdir ${HOME}/.cache/zoom |
25 | mkfile ${HOME}/.config/zoomus.conf | 25 | mkfile ${HOME}/.config/zoomus.conf |
26 | mkdir ${HOME}/.zoom | 26 | mkdir ${HOME}/.zoom |
27 | whitelist ${HOME}/.cache/zoom | 27 | allow ${HOME}/.cache/zoom |
28 | whitelist ${HOME}/.config/zoomus.conf | 28 | allow ${HOME}/.config/zoomus.conf |
29 | whitelist ${HOME}/.zoom | 29 | allow ${HOME}/.zoom |
30 | 30 | ||
31 | # Disable for now, see https://github.com/netblue30/firejail/issues/3726 | 31 | # Disable for now, see https://github.com/netblue30/firejail/issues/3726 |
32 | #private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl | 32 | #private-etc alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl |
diff --git a/etc/profile-m-z/zulip.profile b/etc/profile-m-z/zulip.profile index 093da5212..cdbbdccf1 100644 --- a/etc/profile-m-z/zulip.profile +++ b/etc/profile-m-z/zulip.profile | |||
@@ -8,7 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | ignore noexec /tmp | 9 | ignore noexec /tmp |
10 | 10 | ||
11 | noblacklist ${HOME}/.config/Zulip | 11 | nodeny ${HOME}/.config/Zulip |
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -20,8 +20,8 @@ include disable-shell.inc | |||
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | mkdir ${HOME}/.config/Zulip | 22 | mkdir ${HOME}/.config/Zulip |
23 | whitelist ${HOME}/.config/Zulip | 23 | allow ${HOME}/.config/Zulip |
24 | whitelist ${DOWNLOADS} | 24 | allow ${DOWNLOADS} |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
diff --git a/etc/templates/syscalls.txt b/etc/templates/syscalls.txt index 0775f60ff..3992c984a 100644 --- a/etc/templates/syscalls.txt +++ b/etc/templates/syscalls.txt | |||
@@ -33,7 +33,7 @@ Definition of groups | |||
33 | @clock=adjtimex,clock_adjtime,clock_settime,settimeofday,stime | 33 | @clock=adjtimex,clock_adjtime,clock_settime,settimeofday,stime |
34 | @cpu-emulation=modify_ldt,subpage_prot,switch_endian,vm86,vm86old | 34 | @cpu-emulation=modify_ldt,subpage_prot,switch_endian,vm86,vm86old |
35 | @debug=lookup_dcookie,perf_event_open,process_vm_writev,rtas,s390_runtime_instr,sys_debug_setcontext | 35 | @debug=lookup_dcookie,perf_event_open,process_vm_writev,rtas,s390_runtime_instr,sys_debug_setcontext |
36 | @default=@clock,@cpu-emulation,@debug,@module,@mount,@obsolete,@raw-io,@reboot,@swap,open_by_handle_at,name_to_handle_at,ioprio_set,ni_syscall,syslog,fanotify_init,kcmp,add_key,request_key,mbind,migrate_pages,move_pages,keyctl,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,set_mempolicyvmsplice,userfaultfd,acct,bpf,nfsservctl,setdomainname,sethostname,vhangup | 36 | @default=@clock,@cpu-emulation,@debug,@module,@mount,@obsolete,@raw-io,@reboot,@swap,open_by_handle_at,name_to_handle_at,ioprio_set,ni_syscall,syslog,fanotify_init,add_key,request_key,mbind,migrate_pages,move_pages,keyctl,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,set_mempolicyvmsplice,userfaultfd,acct,bpf,nfsservctl,setdomainname,sethostname,vhangup |
37 | @default-nodebuggers=@default,ptrace,personality,process_vm_readv | 37 | @default-nodebuggers=@default,ptrace,personality,process_vm_readv |
38 | @default-keep=execveat,execve,prctl | 38 | @default-keep=execveat,execve,prctl |
39 | @file-system=access,chdir,chmod,close,creat,faccessat,faccessat2,fallocate,fchdir,fchmod,fchmodat,fcntl,fcntl64,fgetxattr,flistxattr,fremovexattr,fsetxattr,fstat,fstat64,fstatat64,fstatfs,fstatfs64,ftruncate,ftruncate64,futimesat,getcwd,getdents,getdents64,getxattr,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,lgetxattr,link,linkat,listxattr,llistxattr,lremovexattr,lsetxattr,lstat,lstat64,mkdir,mkdirat,mknod,mknodat,mmap,mmap2,munmap,newfstatat,oldfstat,oldlstat,oldstat,open,openat,readlink,readlinkat,removexattr,rename,renameat,renameat2,rmdir,setxattr,stat,stat64,statfs,statfs64,statx,symlink,symlinkat,truncate,truncate64,unlink,unlinkat,utime,utimensat,utimes | 39 | @file-system=access,chdir,chmod,close,creat,faccessat,faccessat2,fallocate,fchdir,fchmod,fchmodat,fcntl,fcntl64,fgetxattr,flistxattr,fremovexattr,fsetxattr,fstat,fstat64,fstatat64,fstatfs,fstatfs64,ftruncate,ftruncate64,futimesat,getcwd,getdents,getdents64,getxattr,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,lgetxattr,link,linkat,listxattr,llistxattr,lremovexattr,lsetxattr,lstat,lstat64,mkdir,mkdirat,mknod,mknodat,mmap,mmap2,munmap,newfstatat,oldfstat,oldlstat,oldstat,open,openat,readlink,readlinkat,removexattr,rename,renameat,renameat2,rmdir,setxattr,stat,stat64,statfs,statfs64,statx,symlink,symlinkat,truncate,truncate64,unlink,unlinkat,utime,utimensat,utimes |