diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/disable-common.inc | 2 | ||||
-rw-r--r-- | etc/profile-a-l/chromium-common.profile | 3 | ||||
-rw-r--r-- | etc/profile-a-l/firefox-common.profile | 3 | ||||
-rw-r--r-- | etc/profile-a-l/highlight.profile | 3 | ||||
-rw-r--r-- | etc/profile-m-z/nextcloud.profile | 1 | ||||
-rw-r--r-- | etc/profile-m-z/teams-for-linux.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/teams.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/telegram.profile | 5 | ||||
-rw-r--r-- | etc/profile-m-z/tor-browser.profile | 3 |
9 files changed, 23 insertions, 1 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 3ec13e482..b1ec25987 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -630,3 +630,5 @@ blacklist ${RUNUSER}/inaccessible | |||
630 | blacklist ${RUNUSER}/pk-debconf-socket | 630 | blacklist ${RUNUSER}/pk-debconf-socket |
631 | blacklist ${RUNUSER}/update-notifier.pid | 631 | blacklist ${RUNUSER}/update-notifier.pid |
632 | 632 | ||
633 | # tor-browser | ||
634 | blacklist ${HOME}/.local/opt/tor-browser | ||
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile index 7bfb61688..2992a2d6f 100644 --- a/etc/profile-a-l/chromium-common.profile +++ b/etc/profile-a-l/chromium-common.profile | |||
@@ -53,6 +53,9 @@ private-cache | |||
53 | ?BROWSER_DISABLE_U2F: private-dev | 53 | ?BROWSER_DISABLE_U2F: private-dev |
54 | #private-tmp - issues when using multiple browser sessions | 54 | #private-tmp - issues when using multiple browser sessions |
55 | 55 | ||
56 | blacklist ${PATH}/curl | ||
57 | blacklist ${PATH}/wget | ||
58 | |||
56 | #dbus-user none - prevents access to passwords saved in GNOME Keyring and KWallet, also breaks Gnome connector. | 59 | #dbus-user none - prevents access to passwords saved in GNOME Keyring and KWallet, also breaks Gnome connector. |
57 | dbus-system none | 60 | dbus-system none |
58 | 61 | ||
diff --git a/etc/profile-a-l/firefox-common.profile b/etc/profile-a-l/firefox-common.profile index ef647b5a0..e7d438b46 100644 --- a/etc/profile-a-l/firefox-common.profile +++ b/etc/profile-a-l/firefox-common.profile | |||
@@ -59,6 +59,9 @@ disable-mnt | |||
59 | #private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg | 59 | #private-etc alternatives,asound.conf,ca-certificates,crypto-policies,dconf,fonts,group,gtk-2.0,gtk-3.0,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,localtime,machine-id,mailcap,mime.types,nsswitch.conf,pango,passwd,pki,pulse,resolv.conf,selinux,ssl,X11,xdg |
60 | private-tmp | 60 | private-tmp |
61 | 61 | ||
62 | blacklist ${PATH}/curl | ||
63 | blacklist ${PATH}/wget | ||
64 | |||
62 | # 'dbus-user none' breaks various desktop integration features like global menus, native notifications, | 65 | # 'dbus-user none' breaks various desktop integration features like global menus, native notifications, |
63 | # Gnome connector, KDE connect and power management on KDE Plasma. | 66 | # Gnome connector, KDE connect and power management on KDE Plasma. |
64 | dbus-user none | 67 | dbus-user none |
diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile index 0145f7ceb..97f190723 100644 --- a/etc/profile-a-l/highlight.profile +++ b/etc/profile-a-l/highlight.profile | |||
@@ -8,6 +8,9 @@ include globals.local | |||
8 | 8 | ||
9 | blacklist ${RUNUSER} | 9 | blacklist ${RUNUSER} |
10 | 10 | ||
11 | # Allow lua (blacklisted by disable-interpreters.inc) | ||
12 | include allow-lua.inc | ||
13 | |||
11 | include disable-common.inc | 14 | include disable-common.inc |
12 | include disable-devel.inc | 15 | include disable-devel.inc |
13 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
diff --git a/etc/profile-m-z/nextcloud.profile b/etc/profile-m-z/nextcloud.profile index 354d3351e..2e4a95125 100644 --- a/etc/profile-m-z/nextcloud.profile +++ b/etc/profile-m-z/nextcloud.profile | |||
@@ -29,6 +29,7 @@ mkdir ${HOME}/.local/share/Nextcloud | |||
29 | whitelist ${HOME}/Nextcloud | 29 | whitelist ${HOME}/Nextcloud |
30 | whitelist ${HOME}/.config/Nextcloud | 30 | whitelist ${HOME}/.config/Nextcloud |
31 | whitelist ${HOME}/.local/share/Nextcloud | 31 | whitelist ${HOME}/.local/share/Nextcloud |
32 | whitelist /usr/share/nextcloud | ||
32 | # Add the next lines to your nextcloud.local to allow sync in more directories. | 33 | # Add the next lines to your nextcloud.local to allow sync in more directories. |
33 | #whitelist ${DOCUMENTS} | 34 | #whitelist ${DOCUMENTS} |
34 | #whitelist ${MUSIC} | 35 | #whitelist ${MUSIC} |
diff --git a/etc/profile-m-z/teams-for-linux.profile b/etc/profile-m-z/teams-for-linux.profile index ee19bcd00..5711c1b36 100644 --- a/etc/profile-m-z/teams-for-linux.profile +++ b/etc/profile-m-z/teams-for-linux.profile | |||
@@ -11,6 +11,8 @@ ignore include disable-xdg.inc | |||
11 | ignore include whitelist-runuser-common.inc | 11 | ignore include whitelist-runuser-common.inc |
12 | ignore include whitelist-usr-share-common.inc | 12 | ignore include whitelist-usr-share-common.inc |
13 | 13 | ||
14 | ignore noinput | ||
15 | |||
14 | ignore dbus-user none | 16 | ignore dbus-user none |
15 | ignore dbus-system none | 17 | ignore dbus-system none |
16 | 18 | ||
diff --git a/etc/profile-m-z/teams.profile b/etc/profile-m-z/teams.profile index c8d98cbaa..ad52ca45f 100644 --- a/etc/profile-m-z/teams.profile +++ b/etc/profile-m-z/teams.profile | |||
@@ -13,6 +13,8 @@ ignore include whitelist-usr-share-common.inc | |||
13 | ignore novideo | 13 | ignore novideo |
14 | ignore private-tmp | 14 | ignore private-tmp |
15 | 15 | ||
16 | ignore novideo | ||
17 | |||
16 | # see #3404 | 18 | # see #3404 |
17 | ignore apparmor | 19 | ignore apparmor |
18 | ignore dbus-user none | 20 | ignore dbus-user none |
diff --git a/etc/profile-m-z/telegram.profile b/etc/profile-m-z/telegram.profile index dc1f77664..ce0119078 100644 --- a/etc/profile-m-z/telegram.profile +++ b/etc/profile-m-z/telegram.profile | |||
@@ -8,6 +8,9 @@ include globals.local | |||
8 | noblacklist ${HOME}/.TelegramDesktop | 8 | noblacklist ${HOME}/.TelegramDesktop |
9 | noblacklist ${HOME}/.local/share/TelegramDesktop | 9 | noblacklist ${HOME}/.local/share/TelegramDesktop |
10 | 10 | ||
11 | # Allow opening hyperlinks | ||
12 | include allow-bin-sh.inc | ||
13 | |||
11 | include disable-common.inc | 14 | include disable-common.inc |
12 | include disable-devel.inc | 15 | include disable-devel.inc |
13 | include disable-exec.inc | 16 | include disable-exec.inc |
@@ -41,7 +44,7 @@ seccomp.block-secondary | |||
41 | shell none | 44 | shell none |
42 | 45 | ||
43 | disable-mnt | 46 | disable-mnt |
44 | private-bin telegram,Telegram,telegram-desktop | 47 | private-bin bash,sh,telegram,Telegram,telegram-desktop,xdg-open |
45 | private-cache | 48 | private-cache |
46 | private-dev | 49 | private-dev |
47 | private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,localtime,machine-id,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg | 50 | private-etc alsa,alternatives,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,localtime,machine-id,os-release,passwd,pki,pulse,resolv.conf,ssl,xdg |
diff --git a/etc/profile-m-z/tor-browser.profile b/etc/profile-m-z/tor-browser.profile index 76a0e1fa5..13f422b0a 100644 --- a/etc/profile-m-z/tor-browser.profile +++ b/etc/profile-m-z/tor-browser.profile | |||
@@ -7,9 +7,12 @@ include tor-browser.local | |||
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.tor-browser | 9 | noblacklist ${HOME}/.tor-browser |
10 | noblacklist ${HOME}/.local/opt/tor-browser | ||
10 | 11 | ||
11 | mkdir ${HOME}/.tor-browser | 12 | mkdir ${HOME}/.tor-browser |
12 | whitelist ${HOME}/.tor-browser | 13 | whitelist ${HOME}/.tor-browser |
14 | mkdir ${HOME}/.local/opt/tor-browser | ||
15 | whitelist ${HOME}/.local/opt/tor-browser | ||
13 | 16 | ||
14 | # Redirect | 17 | # Redirect |
15 | include torbrowser-launcher.profile | 18 | include torbrowser-launcher.profile |