From 319f2dc8d65fe0264e4eb6006aab024751bb5bd4 Mon Sep 17 00:00:00 2001 From: Kishore96in Date: Thu, 16 Jul 2020 12:53:10 +0530 Subject: Blacklist .local/share/kxmlgui5 and allow access only for applications which use it. (#3493) * blacklist .local/share/kxmlgui5 KDE programs use this to store their toolbar config. * noblacklist .local/share/kxmlgui5 in the relevant KDE applications. * Whitelist kxmlgui file for okular. * Use a glob to blacklist subfolders instead of the parent folder. noblacklisting individual subdirectories works only if we do it this way (tested by launching bash in the kate profile). * Make directory, not file. * noblacklist relevant subdirs for more KDE applications --- etc/profile-a-l/akregator.profile | 3 +++ etc/profile-a-l/ark.profile | 1 + etc/profile-a-l/calligra.profile | 2 ++ etc/profile-a-l/calligraplan.profile | 2 ++ etc/profile-a-l/calligraplanwork.profile | 2 ++ etc/profile-a-l/calligrasheets.profile | 2 ++ etc/profile-a-l/calligrastage.profile | 2 ++ etc/profile-a-l/calligrawords.profile | 2 ++ etc/profile-a-l/gwenview.profile | 1 + etc/profile-a-l/k3b.profile | 1 + etc/profile-a-l/karbon.profile | 2 ++ etc/profile-a-l/kate.profile | 7 +++++++ etc/profile-a-l/kcalc.profile | 3 +++ etc/profile-a-l/kdenlive.profile | 1 + etc/profile-a-l/kget.profile | 1 + etc/profile-a-l/kid3.profile | 1 + etc/profile-a-l/kmail.profile | 2 ++ etc/profile-a-l/knotes.profile | 1 + etc/profile-a-l/konversation.profile | 1 + etc/profile-a-l/kopete.profile | 1 + etc/profile-a-l/ktorrent.profile | 3 +++ etc/profile-a-l/kwrite.profile | 1 + 22 files changed, 42 insertions(+) (limited to 'etc/profile-a-l') diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile index 377c43804..6a4d775e7 100644 --- a/etc/profile-a-l/akregator.profile +++ b/etc/profile-a-l/akregator.profile @@ -8,6 +8,7 @@ include globals.local noblacklist ${HOME}/.config/akregatorrc noblacklist ${HOME}/.local/share/akregator +noblacklist ${HOME}/.local/share/kxmlgui5/akregator include disable-common.inc include disable-devel.inc @@ -19,9 +20,11 @@ include disable-shell.inc mkfile ${HOME}/.config/akregatorrc mkdir ${HOME}/.local/share/akregator +mkdir ${HOME}/.local/share/kxmlgui5/akregator whitelist ${HOME}/.config/akregatorrc whitelist ${HOME}/.local/share/akregator whitelist ${HOME}/.local/share/kssl +whitelist ${HOME}/.local/share/kxmlgui5/akregator include whitelist-common.inc include whitelist-var-common.inc diff --git a/etc/profile-a-l/ark.profile b/etc/profile-a-l/ark.profile index 01004d772..4b81b2717 100644 --- a/etc/profile-a-l/ark.profile +++ b/etc/profile-a-l/ark.profile @@ -7,6 +7,7 @@ include ark.local include globals.local noblacklist ${HOME}/.config/arkrc +noblacklist ${HOME}/.local/share/kxmlgui5/ark include disable-common.inc include disable-devel.inc diff --git a/etc/profile-a-l/calligra.profile b/etc/profile-a-l/calligra.profile index 489036e39..f4ce47018 100644 --- a/etc/profile-a-l/calligra.profile +++ b/etc/profile-a-l/calligra.profile @@ -6,6 +6,8 @@ include calligra.local # Persistent global definitions include globals.local +noblacklist ${HOME}/.local/share/kxmlgui5/calligra + include disable-common.inc include disable-devel.inc include disable-interpreters.inc diff --git a/etc/profile-a-l/calligraplan.profile b/etc/profile-a-l/calligraplan.profile index 7804a3b97..23dd61175 100644 --- a/etc/profile-a-l/calligraplan.profile +++ b/etc/profile-a-l/calligraplan.profile @@ -1,5 +1,7 @@ # Firejail profile alias for calligra # This file is overwritten after every install/update +noblacklist ${HOME}/.local/share/kxmlgui5/calligraplan + # Redirect include calligra.profile diff --git a/etc/profile-a-l/calligraplanwork.profile b/etc/profile-a-l/calligraplanwork.profile index 7804a3b97..1c283a3cb 100644 --- a/etc/profile-a-l/calligraplanwork.profile +++ b/etc/profile-a-l/calligraplanwork.profile @@ -1,5 +1,7 @@ # Firejail profile alias for calligra # This file is overwritten after every install/update +noblacklist ${HOME}/.local/share/kxmlgui5/calligraplanwork + # Redirect include calligra.profile diff --git a/etc/profile-a-l/calligrasheets.profile b/etc/profile-a-l/calligrasheets.profile index 7804a3b97..8ef75be71 100644 --- a/etc/profile-a-l/calligrasheets.profile +++ b/etc/profile-a-l/calligrasheets.profile @@ -1,5 +1,7 @@ # Firejail profile alias for calligra # This file is overwritten after every install/update +noblacklist ${HOME}/.local/share/kxmlgui5/calligrasheets + # Redirect include calligra.profile diff --git a/etc/profile-a-l/calligrastage.profile b/etc/profile-a-l/calligrastage.profile index 7804a3b97..d5c960248 100644 --- a/etc/profile-a-l/calligrastage.profile +++ b/etc/profile-a-l/calligrastage.profile @@ -1,5 +1,7 @@ # Firejail profile alias for calligra # This file is overwritten after every install/update +noblacklist ${HOME}/.local/share/kxmlgui5/calligrastage + # Redirect include calligra.profile diff --git a/etc/profile-a-l/calligrawords.profile b/etc/profile-a-l/calligrawords.profile index 7804a3b97..5985b4250 100644 --- a/etc/profile-a-l/calligrawords.profile +++ b/etc/profile-a-l/calligrawords.profile @@ -1,5 +1,7 @@ # Firejail profile alias for calligra # This file is overwritten after every install/update +noblacklist ${HOME}/.local/share/kxmlgui5/calligrawords + # Redirect include calligra.profile diff --git a/etc/profile-a-l/gwenview.profile b/etc/profile-a-l/gwenview.profile index ec83a2d9f..efdc56e38 100644 --- a/etc/profile-a-l/gwenview.profile +++ b/etc/profile-a-l/gwenview.profile @@ -15,6 +15,7 @@ noblacklist ${HOME}/.kde/share/config/gwenviewrc noblacklist ${HOME}/.kde4/share/apps/gwenview noblacklist ${HOME}/.kde4/share/config/gwenviewrc noblacklist ${HOME}/.local/share/gwenview +noblacklist ${HOME}/.local/share/kxmlgui5/gwenview noblacklist ${HOME}/.local/share/org.kde.gwenview include disable-common.inc diff --git a/etc/profile-a-l/k3b.profile b/etc/profile-a-l/k3b.profile index 0c1da7ae1..86292744c 100644 --- a/etc/profile-a-l/k3b.profile +++ b/etc/profile-a-l/k3b.profile @@ -9,6 +9,7 @@ include globals.local noblacklist ${HOME}/.config/k3brc noblacklist ${HOME}/.kde/share/config/k3brc noblacklist ${HOME}/.kde4/share/config/k3brc +noblacklist ${HOME}/.local/share/kxmlgui5/k3b noblacklist ${MUSIC} include disable-common.inc diff --git a/etc/profile-a-l/karbon.profile b/etc/profile-a-l/karbon.profile index 3b2e93b0a..d54d6d3d0 100644 --- a/etc/profile-a-l/karbon.profile +++ b/etc/profile-a-l/karbon.profile @@ -1,5 +1,7 @@ # Firejail profile alias for krita # This file is overwritten after every install/update +noblacklist ${HOME}/.local/share/kxmlgui5/karbon + # Redirect include krita.profile diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile index 321c4558f..37605dfa9 100644 --- a/etc/profile-a-l/kate.profile +++ b/etc/profile-a-l/kate.profile @@ -15,6 +15,13 @@ noblacklist ${HOME}/.config/kateschemarc noblacklist ${HOME}/.config/katesyntaxhighlightingrc noblacklist ${HOME}/.config/katevirc noblacklist ${HOME}/.local/share/kate +noblacklist ${HOME}/.local/share/kxmlgui5/kate +noblacklist ${HOME}/.local/share/kxmlgui5/katefiletree +noblacklist ${HOME}/.local/share/kxmlgui5/katekonsole +noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin +noblacklist ${HOME}/.local/share/kxmlgui5/katepart +noblacklist ${HOME}/.local/share/kxmlgui5/kateproject +noblacklist ${HOME}/.local/share/kxmlgui5/katesearch include disable-common.inc # include disable-devel.inc diff --git a/etc/profile-a-l/kcalc.profile b/etc/profile-a-l/kcalc.profile index 683ee08bd..fa82e76f3 100644 --- a/etc/profile-a-l/kcalc.profile +++ b/etc/profile-a-l/kcalc.profile @@ -6,6 +6,7 @@ include kcalc.local # Persistent global definitions include globals.local +noblacklist ${HOME}/.local/share/kxmlgui5/kcalc include disable-common.inc include disable-devel.inc @@ -15,12 +16,14 @@ include disable-passwdmgr.inc include disable-programs.inc include disable-shell.inc +mkdir ${HOME}/.local/share/kxmlgui5/kcalc mkfile ${HOME}/.config/kcalcrc mkfile ${HOME}/.kde/share/config/kcalcrc mkfile ${HOME}/.kde4/share/config/kcalcrc whitelist ${HOME}/.config/kcalcrc whitelist ${HOME}/.kde/share/config/kcalcrc whitelist ${HOME}/.kde4/share/config/kcalcrc +whitelist ${HOME}/.local/share/kxmlgui5/kcalc include whitelist-common.inc include whitelist-var-common.inc diff --git a/etc/profile-a-l/kdenlive.profile b/etc/profile-a-l/kdenlive.profile index e3560cb35..9ca33b68e 100644 --- a/etc/profile-a-l/kdenlive.profile +++ b/etc/profile-a-l/kdenlive.profile @@ -11,6 +11,7 @@ ignore noexec ${HOME} noblacklist ${HOME}/.cache/kdenlive noblacklist ${HOME}/.config/kdenliverc noblacklist ${HOME}/.local/share/kdenlive +noblacklist ${HOME}/.local/share/kxmlgui5/kdenlive include disable-common.inc include disable-devel.inc diff --git a/etc/profile-a-l/kget.profile b/etc/profile-a-l/kget.profile index 485edc1a4..5990d0752 100644 --- a/etc/profile-a-l/kget.profile +++ b/etc/profile-a-l/kget.profile @@ -12,6 +12,7 @@ noblacklist ${HOME}/.kde/share/config/kgetrc noblacklist ${HOME}/.kde4/share/apps/kget noblacklist ${HOME}/.kde4/share/config/kgetrc noblacklist ${HOME}/.local/share/kget +noblacklist ${HOME}/.local/share/kxmlgui5/kget include disable-common.inc include disable-devel.inc diff --git a/etc/profile-a-l/kid3.profile b/etc/profile-a-l/kid3.profile index cce92a93f..aa2e0ad1e 100644 --- a/etc/profile-a-l/kid3.profile +++ b/etc/profile-a-l/kid3.profile @@ -8,6 +8,7 @@ include globals.local noblacklist ${MUSIC} noblacklist ${HOME}/.config/kid3rc +noblacklist ${HOME}/.local/share/kxmlgui5/kid3 include disable-common.inc include disable-devel.inc diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile index 198b05a11..ab4ff10b9 100644 --- a/etc/profile-a-l/kmail.profile +++ b/etc/profile-a-l/kmail.profile @@ -25,6 +25,8 @@ noblacklist ${HOME}/.local/share/apps/korganizer noblacklist ${HOME}/.local/share/contacts noblacklist ${HOME}/.local/share/emailidentities noblacklist ${HOME}/.local/share/kmail2 +noblacklist ${HOME}/.local/share/kxmlgui5/kmail +noblacklist ${HOME}/.local/share/kxmlgui5/kmail2 noblacklist ${HOME}/.local/share/local-mail noblacklist ${HOME}/.local/share/notes noblacklist /tmp/akonadi-* diff --git a/etc/profile-a-l/knotes.profile b/etc/profile-a-l/knotes.profile index ababfcdb1..f155d0ad6 100644 --- a/etc/profile-a-l/knotes.profile +++ b/etc/profile-a-l/knotes.profile @@ -12,6 +12,7 @@ include knotes.local noblacklist ${HOME}/.config/knotesrc noblacklist ${HOME}/.local/share/knotes +noblacklist ${HOME}/.local/share/kxmlgui5/knotes # Redirect include kmail.profile diff --git a/etc/profile-a-l/konversation.profile b/etc/profile-a-l/konversation.profile index 4e17f590c..4dd929c6b 100644 --- a/etc/profile-a-l/konversation.profile +++ b/etc/profile-a-l/konversation.profile @@ -10,6 +10,7 @@ noblacklist ${HOME}/.config/konversationrc noblacklist ${HOME}/.config/konversation.notifyrc noblacklist ${HOME}/.kde/share/config/konversationrc noblacklist ${HOME}/.kde4/share/config/konversationrc +noblacklist ${HOME}/.local/share/kxmlgui5/konversation include disable-common.inc include disable-devel.inc diff --git a/etc/profile-a-l/kopete.profile b/etc/profile-a-l/kopete.profile index e0bdce059..a5269373d 100644 --- a/etc/profile-a-l/kopete.profile +++ b/etc/profile-a-l/kopete.profile @@ -10,6 +10,7 @@ noblacklist ${HOME}/.kde/share/apps/kopete noblacklist ${HOME}/.kde/share/config/kopeterc noblacklist ${HOME}/.kde4/share/apps/kopete noblacklist ${HOME}/.kde4/share/config/kopeterc +noblacklist ${HOME}/.local/share/kxmlgui5/kopete include disable-common.inc include disable-devel.inc diff --git a/etc/profile-a-l/ktorrent.profile b/etc/profile-a-l/ktorrent.profile index 1919d73bc..b55e00f22 100644 --- a/etc/profile-a-l/ktorrent.profile +++ b/etc/profile-a-l/ktorrent.profile @@ -12,6 +12,7 @@ noblacklist ${HOME}/.kde/share/config/ktorrentrc noblacklist ${HOME}/.kde4/share/apps/ktorrent noblacklist ${HOME}/.kde4/share/config/ktorrentrc noblacklist ${HOME}/.local/share/ktorrent +noblacklist ${HOME}/.local/share/kxmlgui5/ktorrent include disable-common.inc include disable-devel.inc @@ -24,6 +25,7 @@ include disable-shell.inc mkdir ${HOME}/.kde/share/apps/ktorrent mkdir ${HOME}/.kde4/share/apps/ktorrent mkdir ${HOME}/.local/share/ktorrent +mkdir ${HOME}/.local/share/kxmlgui5/ktorrent mkfile ${HOME}/.config/ktorrentrc mkfile ${HOME}/.kde/share/config/ktorrentrc mkfile ${HOME}/.kde4/share/config/ktorrentrc @@ -34,6 +36,7 @@ whitelist ${HOME}/.kde/share/config/ktorrentrc whitelist ${HOME}/.kde4/share/apps/ktorrent whitelist ${HOME}/.kde4/share/config/ktorrentrc whitelist ${HOME}/.local/share/ktorrent +whitelist ${HOME}/.local/share/kxmlgui5/ktorrent include whitelist-common.inc include whitelist-var-common.inc diff --git a/etc/profile-a-l/kwrite.profile b/etc/profile-a-l/kwrite.profile index 7d39e89ad..4ff8efa70 100644 --- a/etc/profile-a-l/kwrite.profile +++ b/etc/profile-a-l/kwrite.profile @@ -13,6 +13,7 @@ noblacklist ${HOME}/.config/katesyntaxhighlightingrc noblacklist ${HOME}/.config/katevirc noblacklist ${HOME}/.config/kwriterc noblacklist ${HOME}/.local/share/kwrite +noblacklist ${HOME}/.local/share/kxmlgui5/kwrite noblacklist ${DOCUMENTS} include disable-common.inc -- cgit v1.2.3-54-g00ecf