| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
disable-common.inc blacklists whole .ssh, but some profiles (e.g. idea.sh)
unblacklists it to allow git over ssh with public key auth.
But this creates security hole, since firejailed app could modify
~/.ssh/authorized_keys and allow arbitrary code execution on the host with sshd
installed (e.g. ssh localhost and run any program) or even open backdoor for
remote attacker.
This commits disallows write access to ~/.ssh/authorized_keys even if .ssh was
unblacklisted.
Signed-off-by: Alexander GQ Gerasiov <gq@cs.msu.su>
|
|
|
|
|
| |
homesick is dotfiles manager. It keeps dotfiles (e.g. .bashrc) in repository
under ~/.homesick and puts symlinks into home directory.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
and whitelist kioslaverc because we don't know if kdeinit
will run outside or inside the sandbox.
|
| |
|
|
|
|
| |
attempts to handle #1599
|
| |
|
| |
|
|
|
|
|
|
|
| |
* ~/.bash_history is already included in ~/.*_history, same file
* ~/.password-store is already included in disable-passwdmgr.inc (and not
whitelisted in browsers)
* ~/.local/share/applications is in whitelist-common.inc since recently
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
pass is a password manager that keeps files under ~/.password-store by default.
See http://www.passwordstore.org/ for more info
|
| |
|
| |
|
|
|
| |
Configurations in this folder are not secret, but need to be protected from manipulation. Let's make it available to all KDE apps for legitimate use. Discussion in #1428
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
| |
#1238
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* minor reorganization
* tidy up
* tidy up
* tidy up
* tidy up
* tidy up
* tidy up
|
|
|
|
|
|
|
|
|
|
| |
* update noblacklist
* blacklist local plasma overrides, plasmoids
* add more KDE configuration (kdeglobals, plasmoids)
* kdeglobals now in disable-common.inc
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* private-dev breaks playing CDs
* reenable services
* blacklist kservices5 folder
* blacklist nautilus scripts
* blacklist ~/.kde4 files, k3b config, nautilus/nemo
* sort
* update noblacklisting
* update blacklisting
* update blacklisting/whitelisting (okular)
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* blacklist more KDE files
* undo doubling of ~/.profile
* remove ksmserverrc
* remove ksmserverrc
* blacklist kdeconnect
* blacklist KDE device actions
* blacklist kglobalaccel
|
|\
| |
| | |
profile enhancements
|
| | |
|
|\|
| |
| | |
blacklist X11 startup scripts
|
| |
| |
| | |
sorry for the mistake... ~./profile is not only sourced by some display managers but also by shells, so we should keep everything as before
|
| |
| |
| | |
reorganization, added files according to Debian documentation
|
|\|
| |
| | |
complete autostart blacklist for KDE
|
| | |
|
|/
|
|
| |
Terminix is being renamed to tilix. This adds ${PATH}/tilix to the blacklisted terminals in disable-common.inc without removing terminix (since there will still be users of terminix).
|
| |
|
| |
|
| |
|
| |
|