aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/disable-programs.inc1
-rw-r--r--etc/profile-a-l/ani-cli.profile2
-rw-r--r--etc/profile-a-l/feh.profile12
-rw-r--r--etc/profile-m-z/server.profile2
4 files changed, 15 insertions, 2 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 33bcbc51b..f95ddf2fa 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -433,6 +433,7 @@ blacklist ${HOME}/.config/equalx
433blacklist ${HOME}/.config/evince 433blacklist ${HOME}/.config/evince
434blacklist ${HOME}/.config/evolution 434blacklist ${HOME}/.config/evolution
435blacklist ${HOME}/.config/falkon 435blacklist ${HOME}/.config/falkon
436blacklist ${HOME}/.config/feh
436blacklist ${HOME}/.config/filezilla 437blacklist ${HOME}/.config/filezilla
437blacklist ${HOME}/.config/flameshot 438blacklist ${HOME}/.config/flameshot
438blacklist ${HOME}/.config/flaska.net 439blacklist ${HOME}/.config/flaska.net
diff --git a/etc/profile-a-l/ani-cli.profile b/etc/profile-a-l/ani-cli.profile
index f05653719..613f74ce5 100644
--- a/etc/profile-a-l/ani-cli.profile
+++ b/etc/profile-a-l/ani-cli.profile
@@ -30,7 +30,7 @@ noprinters
30notv 30notv
31 31
32disable-mnt 32disable-mnt
33private-bin ani-cli,aria2c,cat,cp,curl,cut,ffmpeg,fzf,grep,head,mkdir,mv,nl,nohup,patch,sed,sh,sort,tail,tput,tr,uname,wc 33private-bin ani-cli,aria2c,cat,cp,curl,cut,ffmpeg,fzf,grep,head,mkdir,mv,nl,nohup,patch,printf,rm,rofi,sed,sh,sort,tail,tput,tr,uname,wc
34#private-cache 34#private-cache
35private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg 35private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,mime.types,nsswitch.conf,pango,pki,protocols,pulse,resolv.conf,rpc,services,ssl,X11,xdg
36private-tmp 36private-tmp
diff --git a/etc/profile-a-l/feh.profile b/etc/profile-a-l/feh.profile
index 82b3f7645..2efd10ba2 100644
--- a/etc/profile-a-l/feh.profile
+++ b/etc/profile-a-l/feh.profile
@@ -7,23 +7,33 @@ include feh.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10noblacklist ${HOME}/.config/feh
11
10include disable-common.inc 12include disable-common.inc
11include disable-devel.inc 13include disable-devel.inc
12include disable-exec.inc 14include disable-exec.inc
13include disable-interpreters.inc 15include disable-interpreters.inc
16include disable-proc.inc
14include disable-programs.inc 17include disable-programs.inc
15include disable-shell.inc 18include disable-shell.inc
16 19
20include whitelist-run-common.inc
21include whitelist-runuser-common.inc
22
17# Add the next line to your feh.local to enable network access. 23# Add the next line to your feh.local to enable network access.
18#include feh-network.inc.profile 24#include feh-network.inc.profile
19 25
26apparmor
20caps.drop all 27caps.drop all
28ipc-namespace
29machine-id
21net none 30net none
22no3d 31no3d
23nodvd 32nodvd
24nogroups 33nogroups
25noinput 34noinput
26nonewprivs 35nonewprivs
36noprinters
27noroot 37noroot
28nosound 38nosound
29notv 39notv
@@ -31,6 +41,8 @@ nou2f
31novideo 41novideo
32protocol unix 42protocol unix
33seccomp 43seccomp
44seccomp.block-secondary
45tracelog
34 46
35private-bin feh,jpegexiforient,jpegtran 47private-bin feh,jpegexiforient,jpegtran
36private-cache 48private-cache
diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile
index 5b71fe6c3..05170267b 100644
--- a/etc/profile-m-z/server.profile
+++ b/etc/profile-m-z/server.profile
@@ -93,4 +93,4 @@ dbus-user none
93# deterministic-shutdown 93# deterministic-shutdown
94# memory-deny-write-execute 94# memory-deny-write-execute
95# read-only ${HOME} 95# read-only ${HOME}
96restrict-namespaces 96# restrict-namespaces
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-03 22:28:43 +0000