From 49280197ccf830b708b1b7c4d6fb8b3590f44da2 Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Sat, 2 May 2020 17:58:02 +0000
Subject: various hardening (#3394)

---
 etc/inc/disable-common.inc | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'etc/inc/disable-common.inc')

diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 92c6cd2a8..3fd3cc7b2 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -149,8 +149,9 @@ read-only ${HOME}/.config/dconf
 blacklist ${HOME}/.config/systemd
 blacklist ${HOME}/.local/share/systemd
 blacklist /var/lib/systemd
-# blacklist /var/run/systemd
+blacklist ${PATH}/systemd-run
 # creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf
+#blacklist /var/run/systemd
 
 # openrc
 blacklist /etc/runlevels/
@@ -308,13 +309,17 @@ read-only ${HOME}/bin
 read-only ${HOME}/.bin
 read-only ${HOME}/.local/bin
 read-only ${HOME}/.cargo/bin
-read-only ${HOME}/.cargo/env
 
 # Write-protection for desktop entries
 read-only ${HOME}/.config/menus
 read-only ${HOME}/.gnome/apps
 read-only ${HOME}/.local/share/applications
 
+read-only ${HOME}/.config/mimeapps.list
+read-only ${HOME}/.config/user-dirs.dirs
+read-only ${HOME}/.config/user-dirs.locale
+read-only ${HOME}/.local/share/mime
+
 # Write-protection for thumbnailer dir
 read-only ${HOME}/.local/share/thumbnailers
 
@@ -451,6 +456,7 @@ blacklist /vmlinuz*
 blacklist /.snapshots
 
 # flatpak
+blacklist ${HOME}/.cache/flatpak
 blacklist ${HOME}/.config/flatpak
 blacklist ${HOME}/.local/share/flatpak/app
 blacklist ${HOME}/.local/share/flatpak/appstream
-- 
cgit v1.2.3-54-g00ecf