aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/chromium-common.profile2
-rw-r--r--etc/disable-common.inc10
-rw-r--r--etc/disable-devel.inc49
-rw-r--r--etc/disable-interpreters.inc2
-rw-r--r--etc/disable-passwdmgr.inc2
-rw-r--r--etc/disable-programs.inc8
-rw-r--r--etc/firefox-common.profile2
-rw-r--r--etc/firejail.config3
-rw-r--r--etc/whitelist-common.inc10
9 files changed, 46 insertions, 42 deletions
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile
index e7062c5b8..13ed13058 100644
--- a/etc/chromium-common.profile
+++ b/etc/chromium-common.profile
@@ -27,7 +27,7 @@ nodbus
27nodvd 27nodvd
28nogroups 28nogroups
29notv 29notv
30nou2f 30?BROWSER_DISABLE_U2F: nou2f
31shell none 31shell none
32 32
33disable-mnt 33disable-mnt
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index d220f381b..74b653385 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -3,9 +3,9 @@
3include disable-common.local 3include disable-common.local
4 4
5# The following block breaks trash functionality in file managers 5# The following block breaks trash functionality in file managers
6#read-only ${HOME}/.local 6#read-only ${HOME}/.local
7#read-write ${HOME}/.local/share 7#read-write ${HOME}/.local/share
8blacklist ${HOME}/.local/share/Trash 8blacklist ${HOME}/.local/share/Trash
9 9
10# History files in $HOME and clipboard managers 10# History files in $HOME and clipboard managers
11blacklist-nolog ${HOME}/.*_history 11blacklist-nolog ${HOME}/.*_history
@@ -122,7 +122,7 @@ read-only ${HOME}/.local/share/kssl
122blacklist /run/user/*/kdeinit5__* 122blacklist /run/user/*/kdeinit5__*
123# blacklist /run/user/*/ksocket-*/kdeinit4__* 123# blacklist /run/user/*/ksocket-*/kdeinit4__*
124# blacklist /tmp/ksocket-*/kdeinit4__* 124# blacklist /tmp/ksocket-*/kdeinit4__*
125# - causes issues when kdeinit4 gets killed; enable on KDE Plasma 4 125# causes issues when kdeinit4 gets killed; enable on KDE Plasma 4
126 126
127# gnome 127# gnome
128# contains extensions, last used times of applications, and notifications 128# contains extensions, last used times of applications, and notifications
@@ -133,7 +133,7 @@ blacklist ${HOME}/.config/systemd
133blacklist ${HOME}/.local/share/systemd 133blacklist ${HOME}/.local/share/systemd
134blacklist /var/lib/systemd 134blacklist /var/lib/systemd
135# blacklist /var/run/systemd 135# blacklist /var/run/systemd
136# - creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf 136# creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf
137 137
138# VirtualBox 138# VirtualBox
139blacklist ${HOME}/.VirtualBox 139blacklist ${HOME}/.VirtualBox
@@ -173,7 +173,7 @@ blacklist /var/lib/mysqld/mysql.sock
173blacklist /var/lib/pacman 173blacklist /var/lib/pacman
174blacklist /var/lib/upower 174blacklist /var/lib/upower
175# blacklist /var/log - a virtual /var/log directory (mostly empty) is build up by default for 175# blacklist /var/log - a virtual /var/log directory (mostly empty) is build up by default for
176# every sandbox, unless --writeble-var-log switch is activated 176# every sandbox, unless --writeble-var-log switch is activated
177blacklist /var/mail 177blacklist /var/mail
178blacklist /var/opt 178blacklist /var/opt
179blacklist /var/run/acpid.socket 179blacklist /var/run/acpid.socket
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc
index 5c41692da..43ccb358b 100644
--- a/etc/disable-devel.inc
+++ b/etc/disable-devel.inc
@@ -4,8 +4,14 @@ include disable-devel.local
4 4
5# development tools 5# development tools
6 6
7# clang/llvm
8blacklist ${PATH}/clang*
9blacklist ${PATH}/lldb*
10blacklist ${PATH}/llvm*
11# see issue #2106 - it disables hardware acceleration in Firefox on Radeon GPU
12# blacklist /usr/lib/llvm*
13
7# GCC 14# GCC
8#blacklist /usr/lib/gcc - seems to create problems on Gentoo
9blacklist ${PATH}/as 15blacklist ${PATH}/as
10blacklist ${PATH}/cc 16blacklist ${PATH}/cc
11blacklist ${PATH}/c++* 17blacklist ${PATH}/c++*
@@ -21,40 +27,35 @@ blacklist ${PATH}/*-g++*
21blacklist ${PATH}/*-gcc* 27blacklist ${PATH}/*-gcc*
22blacklist ${PATH}/*-g++* 28blacklist ${PATH}/*-g++*
23blacklist /usr/include 29blacklist /usr/include
30# seems to create problems on Gentoo
31#blacklist /usr/lib/gcc
24 32
25# clang/llvm 33#Go
26blacklist ${PATH}/clang* 34blacklist ${PATH}/gccgo
27blacklist ${PATH}/lldb* 35blacklist ${PATH}/go
28blacklist ${PATH}/llvm* 36blacklist ${PATH}/gofmt
29# see issue #2106 - it disables hardware acceleration in Firefox on Radeon GPU
30# blacklist /usr/lib/llvm*
31
32# tcc - Tiny C Compiler
33blacklist ${PATH}/tcc
34blacklist ${PATH}/x86_64-tcc
35blacklist /usr/lib/tcc
36
37# Valgrind
38blacklist ${PATH}/valgrind*
39blacklist /usr/lib/valgrind
40 37
41# Java 38# Java
42blacklist ${PATH}/java 39blacklist ${PATH}/java
43blacklist ${PATH}/javac 40blacklist ${PATH}/javac
44blacklist /usr/lib/java
45blacklist /etc/java 41blacklist /etc/java
42blacklist /usr/lib/java
46blacklist /usr/share/java 43blacklist /usr/share/java
47 44
48#Go 45#OpenSSL
49blacklist ${PATH}/gccgo 46blacklist ${PATH}/openssl
50blacklist ${PATH}/go 47blacklist ${PATH}/openssl-1.0
51blacklist ${PATH}/gofmt
52 48
53#Rust 49#Rust
54blacklist ${PATH}/rust-gdb 50blacklist ${PATH}/rust-gdb
55blacklist ${PATH}/rust-lldb 51blacklist ${PATH}/rust-lldb
56blacklist ${PATH}/rustc 52blacklist ${PATH}/rustc
57 53
58#OpenSSL 54# tcc - Tiny C Compiler
59blacklist ${PATH}/openssl 55blacklist ${PATH}/tcc
60blacklist ${PATH}/openssl-1.0 56blacklist ${PATH}/x86_64-tcc
57blacklist /usr/lib/tcc
58
59# Valgrind
60blacklist ${PATH}/valgrind*
61blacklist /usr/lib/valgrind
diff --git a/etc/disable-interpreters.inc b/etc/disable-interpreters.inc
index 0d5f5737e..22f58bb85 100644
--- a/etc/disable-interpreters.inc
+++ b/etc/disable-interpreters.inc
@@ -4,8 +4,8 @@ include disable-interpreters.local
4 4
5# Lua 5# Lua
6blacklist ${PATH}/lua* 6blacklist ${PATH}/lua*
7blacklist /usr/lib/lua
8blacklist /usr/include/lua* 7blacklist /usr/include/lua*
8blacklist /usr/lib/lua
9blacklist /usr/share/lua 9blacklist /usr/share/lua
10 10
11# Node.js 11# Node.js
diff --git a/etc/disable-passwdmgr.inc b/etc/disable-passwdmgr.inc
index 72e1a66ee..316378cb8 100644
--- a/etc/disable-passwdmgr.inc
+++ b/etc/disable-passwdmgr.inc
@@ -8,6 +8,7 @@ blacklist ${HOME}/.config/keepass
8blacklist ${HOME}/.config/keepassx 8blacklist ${HOME}/.config/keepassx
9blacklist ${HOME}/.config/keepassxc 9blacklist ${HOME}/.config/keepassxc
10blacklist ${HOME}/.config/Sinew Software Systems 10blacklist ${HOME}/.config/Sinew Software Systems
11blacklist ${HOME}/.fpm
11blacklist ${HOME}/.keepass 12blacklist ${HOME}/.keepass
12blacklist ${HOME}/.keepassx 13blacklist ${HOME}/.keepassx
13blacklist ${HOME}/.keepassxc 14blacklist ${HOME}/.keepassxc
@@ -15,4 +16,3 @@ blacklist ${HOME}/.lastpass
15blacklist ${HOME}/.local/share/KeePass 16blacklist ${HOME}/.local/share/KeePass
16blacklist ${HOME}/.local/share/keepass 17blacklist ${HOME}/.local/share/keepass
17blacklist ${HOME}/.password-store 18blacklist ${HOME}/.password-store
18blacklist ${HOME}/.fpm
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 9e94d8aa1..4ef0f2f53 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -2,10 +2,12 @@
2# Persistent customizations should go in a .local file. 2# Persistent customizations should go in a .local file.
3include disable-programs.local 3include disable-programs.local
4 4
5blacklist ${HOME}/Arduino
5blacklist ${HOME}/Monero/wallets 6blacklist ${HOME}/Monero/wallets
6blacklist ${HOME}/Nextcloud/Notes 7blacklist ${HOME}/Nextcloud/Notes
7blacklist ${HOME}/Standard Notes Backups 8blacklist ${HOME}/Standard Notes Backups
8blacklist ${HOME}/snap 9blacklist ${HOME}/snap
10blacklist ${HOME}/wallet.dat
9blacklist ${HOME}/.*coin 11blacklist ${HOME}/.*coin
10blacklist ${HOME}/.8pecxstudios 12blacklist ${HOME}/.8pecxstudios
11blacklist ${HOME}/.AndroidStudio* 13blacklist ${HOME}/.AndroidStudio*
@@ -35,9 +37,9 @@ blacklist ${HOME}/.anydesk
35blacklist ${HOME}/.arduino15 37blacklist ${HOME}/.arduino15
36blacklist ${HOME}/.aria2 38blacklist ${HOME}/.aria2
37blacklist ${HOME}/.arm 39blacklist ${HOME}/.arm
40blacklist ${HOME}/.asunder_album_artist
38blacklist ${HOME}/.asunder_album_genre 41blacklist ${HOME}/.asunder_album_genre
39blacklist ${HOME}/.asunder_album_title 42blacklist ${HOME}/.asunder_album_title
40blacklist ${HOME}/.asunder_album_artist
41blacklist ${HOME}/.atom 43blacklist ${HOME}/.atom
42blacklist ${HOME}/.attic 44blacklist ${HOME}/.attic
43blacklist ${HOME}/.audacity-data 45blacklist ${HOME}/.audacity-data
@@ -315,9 +317,9 @@ blacklist ${HOME}/.kde/share/apps/khtml
315blacklist ${HOME}/.kde/share/apps/konqsidebartng 317blacklist ${HOME}/.kde/share/apps/konqsidebartng
316blacklist ${HOME}/.kde/share/apps/konqueror 318blacklist ${HOME}/.kde/share/apps/konqueror
317blacklist ${HOME}/.kde/share/apps/kopete 319blacklist ${HOME}/.kde/share/apps/kopete
318blacklist ${HOME}/.kde/share/apps/okular
319blacklist ${HOME}/.kde/share/apps/khtml 320blacklist ${HOME}/.kde/share/apps/khtml
320blacklist ${HOME}/.kde/share/apps/ktorrent 321blacklist ${HOME}/.kde/share/apps/ktorrent
322blacklist ${HOME}/.kde/share/apps/okular
321blacklist ${HOME}/.kde/share/config/baloofilerc 323blacklist ${HOME}/.kde/share/config/baloofilerc
322blacklist ${HOME}/.kde/share/config/baloorc 324blacklist ${HOME}/.kde/share/config/baloorc
323blacklist ${HOME}/.kde/share/config/digikam 325blacklist ${HOME}/.kde/share/config/digikam
@@ -540,8 +542,6 @@ blacklist ${HOME}/.xmr-stak
540blacklist ${HOME}/.xonotic 542blacklist ${HOME}/.xonotic
541blacklist ${HOME}/.xpdfrc 543blacklist ${HOME}/.xpdfrc
542blacklist ${HOME}/.zoom 544blacklist ${HOME}/.zoom
543blacklist ${HOME}/Arduino
544blacklist ${HOME}/wallet.dat
545blacklist /tmp/akonadi-* 545blacklist /tmp/akonadi-*
546blacklist /tmp/ssh-* 546blacklist /tmp/ssh-*
547 547
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile
index 31b071fe1..722a398cb 100644
--- a/etc/firefox-common.profile
+++ b/etc/firefox-common.profile
@@ -37,7 +37,7 @@ nogroups
37nonewprivs 37nonewprivs
38noroot 38noroot
39notv 39notv
40nou2f 40?BROWSER_DISABLE_U2F: nou2f
41protocol unix,inet,inet6,netlink 41protocol unix,inet,inet6,netlink
42seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice 42seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
43shell none 43shell none
diff --git a/etc/firejail.config b/etc/firejail.config
index d7106e76c..00f2c1b5d 100644
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -5,6 +5,9 @@
5# Enable AppArmor functionality, default enabled. 5# Enable AppArmor functionality, default enabled.
6# apparmor yes 6# apparmor yes
7 7
8# Disable U2F in browsers, default enabled.
9# browser-disable-u2f yes
10
8# Number of ARP probes sent when assigning an IP address for --net option, 11# Number of ARP probes sent when assigning an IP address for --net option,
9# default 2. This is a partial implementation of RFC 5227. A 0.5 seconds 12# default 2. This is a partial implementation of RFC 5227. A 0.5 seconds
10# timeout is implemented for each probe. Increase this number to 4 if your 13# timeout is implemented for each probe. Increase this number to 4 if your
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc
index 38ec5d85d..9c1b7b92c 100644
--- a/etc/whitelist-common.inc
+++ b/etc/whitelist-common.inc
@@ -20,6 +20,10 @@ whitelist ${HOME}/.local/share/icons
20whitelist ${HOME}/.local/share/mime 20whitelist ${HOME}/.local/share/mime
21whitelist ${HOME}/.mime.types 21whitelist ${HOME}/.mime.types
22 22
23# dconf
24mkdir ${HOME}/.config/dconf
25whitelist ${HOME}/.config/dconf
26
23# fonts 27# fonts
24whitelist ${HOME}/.cache/fontconfig 28whitelist ${HOME}/.cache/fontconfig
25whitelist ${HOME}/.config/fontconfig 29whitelist ${HOME}/.config/fontconfig
@@ -48,11 +52,8 @@ whitelist ${HOME}/.kde4/share/config/gtkrc-2.0
48whitelist ${HOME}/.local/share/themes 52whitelist ${HOME}/.local/share/themes
49whitelist ${HOME}/.themes 53whitelist ${HOME}/.themes
50 54
51# dconf
52mkdir ${HOME}/.config/dconf
53whitelist ${HOME}/.config/dconf
54
55# qt/kde 55# qt/kde
56whitelist ${HOME}/.cache/kioexec/krun
56whitelist ${HOME}/.config/Kvantum 57whitelist ${HOME}/.config/Kvantum
57whitelist ${HOME}/.config/Trolltech.conf 58whitelist ${HOME}/.config/Trolltech.conf
58whitelist ${HOME}/.config/kdeglobals 59whitelist ${HOME}/.config/kdeglobals
@@ -73,4 +74,3 @@ whitelist ${HOME}/.kde4/share/config/ksslcablacklist
73whitelist ${HOME}/.kde4/share/config/oxygenrc 74whitelist ${HOME}/.kde4/share/config/oxygenrc
74whitelist ${HOME}/.kde4/share/icons 75whitelist ${HOME}/.kde4/share/icons
75whitelist ${HOME}/.local/share/qt5ct 76whitelist ${HOME}/.local/share/qt5ct
76whitelist ${HOME}/.cache/kioexec/krun
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 16:05:44 +0000