From 4747e0ed7f1d9e39974a1c5a5900db47ab1423aa Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Tue, 31 Mar 2020 16:51:02 +0000
Subject: Whitelist runuser common (#3286)

* introduce whitelist-runuser-common.inc

 * If an applications does not need a whitelist it can/should be
   nowhitelisted. Example:

     nowhitelist ${RUNUSER}/pulse
     include whitelist-runuser-common.inc

 * ${RUNUSER}/bus is inaccessible with nodbus regardless of the
   whitelist. (as it should)

 * strange wayland setups with an second wayland-compostior need to
   whitelist ${RUNUSER}/wayland-1, ${RUNUSER}/wayland-2 and so on.

 * some display-manager store there Xauthority file in ${RUNUSER}.
   test results with fedora 31:
   - ssdm: ~/.Xauthority is used
   - lightdm: /run/lightdm/USER/Xauthority
   - gdm: /run/user/UID/gdm/Xauthority

 * IMPORTANT: ATM we can only enable this for non-graphical and GTK3
   programs because mutter (GNOMEs window-manger) stores the Xauthority
   file for Xwayland under /run/user/UID/.mutter-Xwaylandauth.XXXXXX
   where XXXXXX is random. Until we have whitelist globbing we can't
   whitelist this file. QT/KDE and other toolkits without full wayland
   support won't be able to start.

* wru update 1

- add wru to more profiles.
- blacklist ${RUNUSER} works for the most cli programs too.

* add wruc to more profiles

* fixes

* fixes

* wruc: hide pulse pid

* update

* remove wruc from all the x11 profiles

* fixes

* fix ordering

* read-only

* revert read-only

* update

*
---
 etc/shellcheck.profile | 1 +
 1 file changed, 1 insertion(+)

(limited to 'etc/shellcheck.profile')

diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile
index 7b4041222..fb43c61e4 100644
--- a/etc/shellcheck.profile
+++ b/etc/shellcheck.profile
@@ -8,6 +8,7 @@ include shellcheck.local
 include globals.local
 
 blacklist ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}
 
 noblacklist ${DOCUMENTS}
 
-- 
cgit v1.2.3-54-g00ecf