From b782641c73071abcbc3561a91430b773a6df3ab5 Mon Sep 17 00:00:00 2001 From: smitsohu Date: Sun, 19 Nov 2017 00:10:54 +0100 Subject: some profile improvements --- etc/disable-common.inc | 4 ++-- etc/disable-programs.inc | 3 +++ etc/gwenview.profile | 2 +- etc/konversation.profile | 3 +++ etc/skanlite.profile | 2 +- 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/etc/disable-common.inc b/etc/disable-common.inc index e23cc8906..53f449115 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc @@ -18,8 +18,7 @@ blacklist ${HOME}/.config/autostart blacklist ${HOME}/.config/autostart-scripts blacklist ${HOME}/.config/lxsession/LXDE/autostart blacklist ${HOME}/.config/openbox -blacklist ${HOME}/.config/plasma-workspace/env -blacklist ${HOME}/.config/plasma-workspace/shutdown +blacklist ${HOME}/.config/plasma-workspace blacklist ${HOME}/.config/startupconfig blacklist ${HOME}/.fluxbox/startup blacklist ${HOME}/.gnomerc @@ -256,6 +255,7 @@ blacklist ${HOME}/.netrc blacklist ${HOME}/.pki blacklist ${HOME}/.smbcredentials blacklist ${HOME}/.ssh +blacklist ${HOME}/.vaults blacklist /etc/group+ blacklist /etc/group- blacklist /etc/gshadow diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 6f982f539..d7a6d58ec 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -134,6 +134,7 @@ blacklist ${HOME}/.config/kritarc blacklist ${HOME}/.config/kwriterc blacklist ${HOME}/.config/kdeconnect blacklist ${HOME}/.config/knotesrc +blacklist ${HOME}/.config/konversationrc blacklist ${HOME}/.config/ktorrentrc blacklist ${HOME}/.config/leafpad blacklist ${HOME}/.config/libreoffice @@ -270,6 +271,7 @@ blacklist ${HOME}/.kde/share/config/khtmlrc blacklist ${HOME}/.kde/share/config/konq_history blacklist ${HOME}/.kde/share/config/konqsidebartngrc blacklist ${HOME}/.kde/share/config/konquerorrc +blacklist ${HOME}/.kde/share/config/konversationrc blacklist ${HOME}/.kde/share/config/kopeterc blacklist ${HOME}/.kde/share/config/ktorrentrc blacklist ${HOME}/.kde/share/config/okularpartrc @@ -295,6 +297,7 @@ blacklist ${HOME}/.kde4/share/config/khtmlrc blacklist ${HOME}/.kde4/share/config/konq_history blacklist ${HOME}/.kde4/share/config/konqsidebartngrc blacklist ${HOME}/.kde4/share/config/konquerorrc +blacklist ${HOME}/.kde4/share/config/konversationrc blacklist ${HOME}/.kde4/share/config/kopeterc blacklist ${HOME}/.kde4/share/config/ktorrentrc blacklist ${HOME}/.kde4/share/config/okularpartrc diff --git a/etc/gwenview.profile b/etc/gwenview.profile index efaf94f4c..8ad3ac5f3 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile @@ -37,7 +37,7 @@ seccomp shell none tracelog -private-bin gwenview,gimp*,kbuildsycoca4 +private-bin gwenview,gimp*,kbuildsycoca4,kdeinit4 private-dev # private-etc X11 diff --git a/etc/konversation.profile b/etc/konversation.profile index 7d09857ba..db91940e2 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile @@ -5,6 +5,9 @@ include /etc/firejail/konversation.local # Persistent global definitions include /etc/firejail/globals.local +noblacklist ${HOME}/.config/konversationrc +noblacklist ${HOME}/.kde/share/config/konversationrc +noblacklist ${HOME}/.kde4/share/config/konversationrc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/skanlite.profile b/etc/skanlite.profile index 61627f5d8..f1a64093a 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile @@ -27,7 +27,7 @@ protocol unix,netlink seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,chroot,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice shell none -# private-bin skanlite,kbuildsycoca4 +# private-bin skanlite,kbuildsycoca4,kdeinit4 # private-dev # private-etc # private-tmp -- cgit v1.2.3-70-g09d2