From 96beb3358c430a5e470ce02fd64ffc3f7fc23706 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@protonmail.com>
Date: Tue, 22 Aug 2023 19:18:18 -0400
Subject: a second round of blacklisting in disable-common.inc

---
 etc/inc/disable-common.inc | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

(limited to 'etc/inc')

diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 010cb05b6..bcf90e9ed 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -170,7 +170,7 @@ blacklist ${RUNUSER}/gsconnect
 blacklist ${HOME}/.config/systemd
 blacklist ${HOME}/.local/share/systemd
 blacklist ${PATH}/systemctl
-blacklist ${PATH}/systemd-run
+blacklist ${PATH}/systemd*
 blacklist ${RUNUSER}/systemd
 blacklist /etc/credstore*
 blacklist /etc/systemd/network
@@ -518,7 +518,10 @@ blacklist ${PATH}/kdesudo
 blacklist ${PATH}/ksu
 blacklist ${PATH}/mount
 blacklist ${PATH}/mount.ecryptfs_private
+blacklist ${PATH}/mountpoint
 blacklist ${PATH}/nc
+blacklist ${PATH}/nc.traditional
+blacklist ${PATH}/nc.openbsd
 blacklist ${PATH}/ncat
 blacklist ${PATH}/nmap
 blacklist ${PATH}/newgidmap
@@ -572,7 +575,28 @@ blacklist ${PATH}/nmtui-hostname
 blacklist ${PATH}/networkctl
 blacklist ${PATH}/ss
 blacklist ${PATH}/traceroute
+# since firejail version 0.9.73
 blacklist ${PATH}/dpkg*
+blacklist ${PATH}/fakeroot*
+blacklist ${PATH}/apt*
+blacklist ${PATH}/dumpcap
+blacklist ${PATH}/efibootdump
+blacklist ${PATH}/efibootmgr
+blacklist ${PATH}/passmass
+blacklist ${PATH}/proxy
+blacklist ${PATH}/aa-*
+blacklist ${PATH}/airscan-discover
+blacklist ${PATH}/avahi*
+blacklist ${PATH}/dbus-*
+blacklist ${PATH}/debconf*
+blacklist ${PATH}/grub-*
+blacklist ${PATH}/kernel-install  # from systemd package
+
+# binaries installed by firejail
+blacklist ${PATH}/firemon
+blacklist ${PATH}/firecfg
+blacklist ${PATH}/jailcheck
+blacklist ${PATH}/firetools
 
 # other SUID binaries
 blacklist /opt/microsoft/msedge*/msedge-sandbox
@@ -653,10 +677,13 @@ blacklist ${HOME}/sent
 blacklist /proc/config.gz
 
 # prevent DNS malware attempting to communicate with the server using regular DNS tools
+blacklist ${PATH}/delv
 blacklist ${PATH}/dig
 blacklist ${PATH}/dlint
 blacklist ${PATH}/dns2tcp
 blacklist ${PATH}/dnssec-*
+blacklist ${PATH}/dnstap-read
+blacklist ${PATH}/mdig
 blacklist ${PATH}/dnswalk
 blacklist ${PATH}/drill
 blacklist ${PATH}/host
@@ -667,6 +694,8 @@ blacklist ${PATH}/knsupdate
 blacklist ${PATH}/ldns-*
 blacklist ${PATH}/ldnsd
 blacklist ${PATH}/nslookup
+blacklist ${PATH}/nsupdate
+blacklist ${PATH}/nstat
 blacklist ${PATH}/resolvectl
 blacklist ${PATH}/unbound-host
 
-- 
cgit v1.2.3-70-g09d2