From 0d8fb3d1b41f7c403c0061efda4be35e7ad70344 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Wed, 27 Mar 2024 12:13:21 +0000 Subject: profiles: sort blacklist sections (#6289) See etc/templates/profile.template. This is a follow-up to #6286. --- etc/profile-a-l/bpftop.profile | 2 +- etc/profile-a-l/cloneit.profile | 2 +- etc/profile-a-l/deadlink.profile | 2 +- etc/profile-a-l/dexios.profile | 2 +- etc/profile-a-l/editorconfiger.profile | 2 +- etc/profile-a-l/kdiff3.profile | 2 +- etc/profile-m-z/makepkg.profile | 6 +++--- etc/profile-m-z/statusof.profile | 2 +- etc/profile-m-z/textroom.profile | 2 +- etc/profile-m-z/torbrowser.profile | 2 +- etc/profile-m-z/tvnamer.profile | 2 +- 11 files changed, 13 insertions(+), 13 deletions(-) (limited to 'etc') diff --git a/etc/profile-a-l/bpftop.profile b/etc/profile-a-l/bpftop.profile index 8c64a77c6..7670f1b4b 100644 --- a/etc/profile-a-l/bpftop.profile +++ b/etc/profile-a-l/bpftop.profile @@ -7,8 +7,8 @@ include bpftop.local # Persistent global definitions include globals.local -blacklist /usr/libexec blacklist ${RUNUSER} +blacklist /usr/libexec include disable-common.inc include disable-devel.inc diff --git a/etc/profile-a-l/cloneit.profile b/etc/profile-a-l/cloneit.profile index 445ef4890..827dd1de2 100644 --- a/etc/profile-a-l/cloneit.profile +++ b/etc/profile-a-l/cloneit.profile @@ -7,8 +7,8 @@ include cloneit.local # Persistent global definitions include globals.local -blacklist /usr/libexec blacklist ${RUNUSER} +blacklist /usr/libexec include disable-common.inc include disable-devel.inc diff --git a/etc/profile-a-l/deadlink.profile b/etc/profile-a-l/deadlink.profile index f7535c597..9b378b455 100644 --- a/etc/profile-a-l/deadlink.profile +++ b/etc/profile-a-l/deadlink.profile @@ -6,8 +6,8 @@ include deadlink.local # Persistent global definitions include globals.local -blacklist /usr/libexec blacklist ${RUNUSER} +blacklist /usr/libexec noblacklist ${HOME}/.config/deadlink diff --git a/etc/profile-a-l/dexios.profile b/etc/profile-a-l/dexios.profile index 55d6c83ce..7d549d745 100644 --- a/etc/profile-a-l/dexios.profile +++ b/etc/profile-a-l/dexios.profile @@ -7,8 +7,8 @@ include dexios.local # Persistent global definitions include globals.local -blacklist /usr/libexec blacklist ${RUNUSER} +blacklist /usr/libexec include disable-common.inc include disable-devel.inc diff --git a/etc/profile-a-l/editorconfiger.profile b/etc/profile-a-l/editorconfiger.profile index a921ae2d5..8812db35f 100644 --- a/etc/profile-a-l/editorconfiger.profile +++ b/etc/profile-a-l/editorconfiger.profile @@ -6,8 +6,8 @@ include editorconfiger.local # Persistent global definitions include globals.local -blacklist /usr/libexec blacklist ${RUNUSER} +blacklist /usr/libexec include disable-common.inc include disable-devel.inc diff --git a/etc/profile-a-l/kdiff3.profile b/etc/profile-a-l/kdiff3.profile index d9e4480f5..02b389dff 100644 --- a/etc/profile-a-l/kdiff3.profile +++ b/etc/profile-a-l/kdiff3.profile @@ -12,8 +12,8 @@ noblacklist ${HOME}/.config/kdiff3rc # Add the next line to your kdiff3.local if you don't need to compare files in disable-common.inc. # By default we deny access only to .ssh and .gnupg. #include disable-common.inc -blacklist ${HOME}/.ssh blacklist ${HOME}/.gnupg +blacklist ${HOME}/.ssh include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile index 3bda47fad..a8dd3988b 100644 --- a/etc/profile-m-z/makepkg.profile +++ b/etc/profile-m-z/makepkg.profile @@ -20,11 +20,11 @@ blacklist ${RUNUSER}/wayland-* noblacklist ${HOME}/.gnupg read-only ${HOME}/.gnupg/trustdb.gpg read-only ${HOME}/.gnupg/pubring.kbx -blacklist ${HOME}/.gnupg/random_seed -blacklist ${HOME}/.gnupg/pubring.kbx~ -blacklist ${HOME}/.gnupg/private-keys-v1.d blacklist ${HOME}/.gnupg/crls.d blacklist ${HOME}/.gnupg/openpgp-revocs.d +blacklist ${HOME}/.gnupg/private-keys-v1.d +blacklist ${HOME}/.gnupg/pubring.kbx~ +blacklist ${HOME}/.gnupg/random_seed # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. noblacklist /var/lib/pacman diff --git a/etc/profile-m-z/statusof.profile b/etc/profile-m-z/statusof.profile index 25c8df680..45da84e11 100644 --- a/etc/profile-m-z/statusof.profile +++ b/etc/profile-m-z/statusof.profile @@ -7,8 +7,8 @@ include statusof.local # Persistent global definitions include globals.local -blacklist /usr/libexec blacklist ${RUNUSER} +blacklist /usr/libexec # Allow python (blacklisted by disable-interpreters.inc) include allow-python3.inc diff --git a/etc/profile-m-z/textroom.profile b/etc/profile-m-z/textroom.profile index 6fdba7501..912fce6c1 100644 --- a/etc/profile-m-z/textroom.profile +++ b/etc/profile-m-z/textroom.profile @@ -6,8 +6,8 @@ include textroom.local # Persistent global definitions include globals.local -blacklist /usr/libexec blacklist ${RUNUSER}/wayland-* +blacklist /usr/libexec noblacklist ${HOME}/.config/textroom diff --git a/etc/profile-m-z/torbrowser.profile b/etc/profile-m-z/torbrowser.profile index 15ca5b550..669394aaf 100644 --- a/etc/profile-m-z/torbrowser.profile +++ b/etc/profile-m-z/torbrowser.profile @@ -12,8 +12,8 @@ ignore dbus-user none noblacklist ${HOME}/.cache/mozilla noblacklist ${HOME}/.mozilla -blacklist /usr/libexec blacklist /sys/class/net +blacklist /usr/libexec mkdir ${HOME}/.cache/mozilla/torbrowser mkdir ${HOME}/.mozilla diff --git a/etc/profile-m-z/tvnamer.profile b/etc/profile-m-z/tvnamer.profile index 24439672a..19c94feea 100644 --- a/etc/profile-m-z/tvnamer.profile +++ b/etc/profile-m-z/tvnamer.profile @@ -6,8 +6,8 @@ include tvnamer.local # Persistent global definitions include globals.local -blacklist /usr/libexec blacklist ${RUNUSER} +blacklist /usr/libexec noblacklist ${HOME}/.config/tvnamer noblacklist ${VIDEOS} -- cgit v1.2.3-54-g00ecf