diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/disable-programs.inc | 5 | ||||
-rw-r--r-- | etc/inc/whitelist-1793-workaround.inc | 29 | ||||
-rw-r--r-- | etc/profile-m-z/neochat.profile | 65 |
3 files changed, 99 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 1e1734a9e..cbc8ef6d2 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -106,6 +106,7 @@ blacklist ${HOME}/.config/Gpredict | |||
106 | blacklist ${HOME}/.config/INRIA | 106 | blacklist ${HOME}/.config/INRIA |
107 | blacklist ${HOME}/.config/InSilmaril | 107 | blacklist ${HOME}/.config/InSilmaril |
108 | blacklist ${HOME}/.config/Jitsi Meet | 108 | blacklist ${HOME}/.config/Jitsi Meet |
109 | blacklist ${HOME}/.config/KDE/neochat | ||
109 | blacklist ${HOME}/.config/Kid3 | 110 | blacklist ${HOME}/.config/Kid3 |
110 | blacklist ${HOME}/.config/Kingsoft | 111 | blacklist ${HOME}/.config/Kingsoft |
111 | blacklist ${HOME}/.config/Loop_Hero | 112 | blacklist ${HOME}/.config/Loop_Hero |
@@ -342,6 +343,8 @@ blacklist ${HOME}/.config/mypaint | |||
342 | blacklist ${HOME}/.config/nano | 343 | blacklist ${HOME}/.config/nano |
343 | blacklist ${HOME}/.config/nautilus | 344 | blacklist ${HOME}/.config/nautilus |
344 | blacklist ${HOME}/.config/nemo | 345 | blacklist ${HOME}/.config/nemo |
346 | blacklist ${HOME}/.config/neochatrc | ||
347 | blacklist ${HOME}/.config/neochat.notifyrc | ||
345 | blacklist ${HOME}/.config/neomutt | 348 | blacklist ${HOME}/.config/neomutt |
346 | blacklist ${HOME}/.config/netsurf | 349 | blacklist ${HOME}/.config/netsurf |
347 | blacklist ${HOME}/.config/newsbeuter | 350 | blacklist ${HOME}/.config/newsbeuter |
@@ -601,6 +604,7 @@ blacklist ${HOME}/.local/share/Empathy | |||
601 | blacklist ${HOME}/.local/share/Enpass | 604 | blacklist ${HOME}/.local/share/Enpass |
602 | blacklist ${HOME}/.local/share/Flavio Tordini | 605 | blacklist ${HOME}/.local/share/Flavio Tordini |
603 | blacklist ${HOME}/.local/share/JetBrains | 606 | blacklist ${HOME}/.local/share/JetBrains |
607 | blacklist ${HOME}/.local/share/KDE/neochat | ||
604 | blacklist ${HOME}/.local/share/Kingsoft | 608 | blacklist ${HOME}/.local/share/Kingsoft |
605 | blacklist ${HOME}/.local/share/Mendeley Ltd. | 609 | blacklist ${HOME}/.local/share/Mendeley Ltd. |
606 | blacklist ${HOME}/.local/share/Mumble | 610 | blacklist ${HOME}/.local/share/Mumble |
@@ -993,6 +997,7 @@ blacklist ${HOME}/.cache/inkscape | |||
993 | blacklist ${HOME}/.cache/inox | 997 | blacklist ${HOME}/.cache/inox |
994 | blacklist ${HOME}/.cache/iridium | 998 | blacklist ${HOME}/.cache/iridium |
995 | blacklist ${HOME}/.cache/kcmshell5 | 999 | blacklist ${HOME}/.cache/kcmshell5 |
1000 | blacklist ${HOME}/.cache/KDE/neochat | ||
996 | blacklist ${HOME}/.cache/kdenlive | 1001 | blacklist ${HOME}/.cache/kdenlive |
997 | blacklist ${HOME}/.cache/keepassxc | 1002 | blacklist ${HOME}/.cache/keepassxc |
998 | blacklist ${HOME}/.cache/kfind | 1003 | blacklist ${HOME}/.cache/kfind |
diff --git a/etc/inc/whitelist-1793-workaround.inc b/etc/inc/whitelist-1793-workaround.inc new file mode 100644 index 000000000..862837f12 --- /dev/null +++ b/etc/inc/whitelist-1793-workaround.inc | |||
@@ -0,0 +1,29 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include whitelist-1793-workaround.local | ||
4 | # This works around bug 1793, and allows whitelisting to be used for some KDE applications. | ||
5 | |||
6 | noblacklist ${HOME}/.config/ibus | ||
7 | noblacklist ${HOME}/.config/mimeapps.list | ||
8 | noblacklist ${HOME}/.config/pkcs11 | ||
9 | noblacklist ${HOME}/.config/user-dirs.dirs | ||
10 | noblacklist ${HOME}/.config/user-dirs.locale | ||
11 | noblacklist ${HOME}/.config/dconf | ||
12 | noblacklist ${HOME}/.config/fontconfig | ||
13 | noblacklist ${HOME}/.config/gtk-2.0 | ||
14 | noblacklist ${HOME}/.config/gtk-3.0 | ||
15 | noblacklist ${HOME}/.config/gtk-4.0 | ||
16 | noblacklist ${HOME}/.config/gtkrc | ||
17 | noblacklist ${HOME}/.config/gtkrc-2.0 | ||
18 | noblacklist ${HOME}/.config/Kvantum | ||
19 | noblacklist ${HOME}/.config/Trolltech.conf | ||
20 | noblacklist ${HOME}/.config/QtProject.conf | ||
21 | noblacklist ${HOME}/.config/kdeglobals | ||
22 | noblacklist ${HOME}/.config/kio_httprc | ||
23 | noblacklist ${HOME}/.config/kioslaverc | ||
24 | noblacklist ${HOME}/.config/ksslcablacklist | ||
25 | noblacklist ${HOME}/.config/qt5ct | ||
26 | noblacklist ${HOME}/.config/qtcurve | ||
27 | |||
28 | blacklist ${HOME}/.config/* | ||
29 | whitelist ${HOME}/.config | ||
diff --git a/etc/profile-m-z/neochat.profile b/etc/profile-m-z/neochat.profile new file mode 100644 index 000000000..9185574b7 --- /dev/null +++ b/etc/profile-m-z/neochat.profile | |||
@@ -0,0 +1,65 @@ | |||
1 | # Firejail profile for neochat | ||
2 | # Description: Matrix Client | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include neochat.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | noblacklist ${HOME}/.cache/KDE/neochat | ||
10 | noblacklist ${HOME}/.config/KDE | ||
11 | noblacklist ${HOME}/.config/KDE/neochat | ||
12 | noblacklist ${HOME}/.config/neochatrc | ||
13 | noblacklist ${HOME}/.config/neochat.notifyrc | ||
14 | noblacklist ${HOME}/.local/share/KDE/neochat | ||
15 | |||
16 | include disable-common.inc | ||
17 | include disable-devel.inc | ||
18 | include disable-exec.inc | ||
19 | include disable-interpreters.inc | ||
20 | include disable-passwdmgr.inc | ||
21 | include disable-programs.inc | ||
22 | include disable-shell.inc | ||
23 | include disable-xdg.inc | ||
24 | |||
25 | mkdir ${HOME}/.cache/KDE/neochat | ||
26 | mkdir ${HOME}/.local/share/KDE/neochat | ||
27 | whitelist ${HOME}/.cache/KDE/neochat | ||
28 | whitelist ${HOME}/.local/share/KDE/neochat | ||
29 | whitelist ${DOWNLOADS} | ||
30 | include whitelist-1793-workaround.inc | ||
31 | include whitelist-common.inc | ||
32 | include whitelist-runuser-common.inc | ||
33 | include whitelist-usr-share-common.inc | ||
34 | include whitelist-var-common.inc | ||
35 | |||
36 | apparmor | ||
37 | caps.drop all | ||
38 | machine-id | ||
39 | netfilter | ||
40 | nodvd | ||
41 | nogroups | ||
42 | nonewprivs | ||
43 | noroot | ||
44 | nosound | ||
45 | notv | ||
46 | nou2f | ||
47 | novideo | ||
48 | protocol unix,inet,inet6 | ||
49 | seccomp | ||
50 | seccomp.block-secondary | ||
51 | shell none | ||
52 | tracelog | ||
53 | |||
54 | disable-mnt | ||
55 | private-bin neochat | ||
56 | private-dev | ||
57 | private-etc alternatives,ca-certificates,crypto-policies,dbus-1,fonts,host.conf,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,pki,protocols,resolv.conf,rpc,services,ssl,Trolltech.conf,X11,xdg | ||
58 | private-tmp | ||
59 | |||
60 | dbus-user filter | ||
61 | dbus-user.own org.kde.neochat | ||
62 | dbus-user.talk org.freedesktop.Notifications | ||
63 | dbus-user.talk org.kde.StatusNotifierWatcher | ||
64 | dbus-user.talk org.kde.kwalletd5 | ||
65 | dbus-system none | ||