From 444e153aab9830247c74f20247868612b5fbce7b Mon Sep 17 00:00:00 2001 From: SYN-cook Date: Tue, 2 May 2017 16:39:13 +0200 Subject: blacklist file-manager python scripts (#1260) * blacklist python scripts in caja ~/.local/share/caja is not used by Caja, so it can be removed * blacklist python scripts in nautilus * blacklist python scripts in nemo * permit access to Trash * blacklist file-manager python bindings --- etc/caja.profile | 4 ++-- etc/disable-programs.inc | 3 +++ etc/nautilus.profile | 4 +++- etc/nemo.profile | 3 ++- 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/etc/caja.profile b/etc/caja.profile index 8994f39fd..aa8bee538 100644 --- a/etc/caja.profile +++ b/etc/caja.profile @@ -8,8 +8,8 @@ include /etc/firejail/caja.local # is already a caja process running on MATE desktops firejail will have no effect. noblacklist ~/.config/caja -noblacklist ~/.local/share/caja -noblacklist ${HOME}/.local/share/Trash +noblacklist ~/.local/share/caja-python +noblacklist ~/.local/share/Trash include /etc/firejail/disable-common.inc # caja needs to be able to start arbitrary applications so we cannot blacklist their files diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index ddbc3f1fb..0f2a9b461 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -236,6 +236,7 @@ blacklist ${HOME}/.local/share/Terraria blacklist ${HOME}/.local/share/TpLogger blacklist ${HOME}/.local/share/aspyr-media blacklist ${HOME}/.local/share/baloo +blacklist ${HOME}/.local/share/caja-python blacklist ${HOME}/.local/share/cdprojektred blacklist ${HOME}/.local/share/data/Mumble blacklist ${HOME}./local/share/dino @@ -255,7 +256,9 @@ blacklist ${HOME}/.local/share/meld blacklist ${HOME}/.local/share/multimc5 blacklist ${HOME}/.local/share/mupen64plus blacklist ${HOME}/.local/share/nautilus +blacklist ${HOME}/.local/share/nautilus-python blacklist ${HOME}/.local/share/nemo +blacklist ${HOME}/.local/share/nemo-python blacklist ${HOME}/.local/share/okular blacklist ${HOME}/.local/share/orage blacklist ${HOME}/.local/share/org.kde.gwenview diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 8b86efbd2..49b3ccffd 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile @@ -5,10 +5,12 @@ include /etc/firejail/nautilus.local # nautilus profile # Nautilus is started by systemd on most systems. Therefore it is not firejailed by default. Since there - # is already a nautilus process running on gnome desktops firejail will have no effect. +# is already a nautilus process running on gnome desktops firejail will have no effect. noblacklist ~/.config/nautilus noblacklist ~/.local/share/nautilus +noblacklist ~/.local/share/nautilus-python +noblacklist ~/.local/share/Trash include /etc/firejail/disable-common.inc # nautilus needs to be able to start arbitrary applications so we cannot blacklist their files diff --git a/etc/nemo.profile b/etc/nemo.profile index eb0e79aed..c1327faea 100644 --- a/etc/nemo.profile +++ b/etc/nemo.profile @@ -2,8 +2,9 @@ # Persistent customizations should go in a .local file. include /etc/firejail/nemo.local -noblacklist ${HOME}/.local/share/nemo noblacklist ${HOME}/.config/nemo +noblacklist ${HOME}/.local/share/nemo +noblacklist ${HOME}/.local/share/nemo-python noblacklist ${HOME}/.local/share/Trash include /etc/firejail/disable-common.inc -- cgit v1.2.3-54-g00ecf