From a3cc09e5d96beb53dd13d48a9202bae97fb474aa Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Fri, 17 Jan 2020 17:07:19 +0100 Subject: add 'blacklist ${RUNUSER}/wayland-*' to all profi… MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit …les with 'blacklist /tmp/.X11-unix' --- etc/aria2c.profile | 1 + etc/artha.profile | 1 + etc/dnsmasq.profile | 1 + etc/elinks.profile | 1 + etc/gconf-editor.profile | 1 + etc/gist.profile | 1 + etc/git.profile | 1 + etc/gpg-agent.profile | 1 + etc/gpg.profile | 1 + etc/links.profile | 1 + etc/lynx.profile | 1 + etc/mutt.profile | 1 + etc/rsync-download_only.profile | 1 + etc/seahorse.profile | 1 + etc/server.profile | 1 + etc/signal-cli.profile | 1 + etc/ssh-agent.profile | 1 + etc/tracker.profile | 1 + etc/unbound.profile | 1 + etc/w3m.profile | 1 + etc/wget.profile | 1 + etc/whois.profile | 1 + etc/youtube-dl.profile | 1 + 23 files changed, 23 insertions(+) (limited to 'etc') diff --git a/etc/aria2c.profile b/etc/aria2c.profile index f46202ac8..7819300af 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile @@ -11,6 +11,7 @@ noblacklist ${HOME}/.config/aria2 noblacklist ${HOME}/.netrc blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-devel.inc diff --git a/etc/artha.profile b/etc/artha.profile index 31f8887c4..aaaede7ee 100644 --- a/etc/artha.profile +++ b/etc/artha.profile @@ -11,6 +11,7 @@ noblacklist ${HOME}/.config/artha.log noblacklist ${HOME}/.config/enchant blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-devel.inc diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index dfb1b61c1..6db71bd49 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile @@ -11,6 +11,7 @@ noblacklist /sbin noblacklist /usr/sbin blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-devel.inc diff --git a/etc/elinks.profile b/etc/elinks.profile index 94f4179c7..82d1ba528 100644 --- a/etc/elinks.profile +++ b/etc/elinks.profile @@ -9,6 +9,7 @@ include globals.local noblacklist ${HOME}/.elinks blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-devel.inc diff --git a/etc/gconf-editor.profile b/etc/gconf-editor.profile index a2c441a20..7325bfb4c 100644 --- a/etc/gconf-editor.profile +++ b/etc/gconf-editor.profile @@ -8,6 +8,7 @@ include gconf-editor.local #include globals.local blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* ignore net none ignore x11 none diff --git a/etc/gist.profile b/etc/gist.profile index 7413238c8..59fcb2775 100644 --- a/etc/gist.profile +++ b/etc/gist.profile @@ -8,6 +8,7 @@ include gist.local include globals.local blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* noblacklist ${HOME}/.gist diff --git a/etc/git.profile b/etc/git.profile index dbaaefcc4..da55f8744 100644 --- a/etc/git.profile +++ b/etc/git.profile @@ -20,6 +20,7 @@ noblacklist ${HOME}/.vim noblacklist ${HOME}/.viminfo blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-exec.inc diff --git a/etc/gpg-agent.profile b/etc/gpg-agent.profile index c11773147..2710ac88e 100644 --- a/etc/gpg-agent.profile +++ b/etc/gpg-agent.profile @@ -10,6 +10,7 @@ include globals.local noblacklist ${HOME}/.gnupg blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-devel.inc diff --git a/etc/gpg.profile b/etc/gpg.profile index 5eb18a0bc..a60d42cf8 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile @@ -10,6 +10,7 @@ include globals.local noblacklist ${HOME}/.gnupg blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-devel.inc diff --git a/etc/links.profile b/etc/links.profile index bd0b0cc92..a31001c87 100644 --- a/etc/links.profile +++ b/etc/links.profile @@ -9,6 +9,7 @@ include globals.local noblacklist ${HOME}/.links blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-devel.inc diff --git a/etc/lynx.profile b/etc/lynx.profile index 063285316..fb6fe94ec 100644 --- a/etc/lynx.profile +++ b/etc/lynx.profile @@ -7,6 +7,7 @@ include lynx.local include globals.local blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-devel.inc diff --git a/etc/mutt.profile b/etc/mutt.profile index 92babd50f..1fc412955 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile @@ -32,6 +32,7 @@ noblacklist ${HOME}/postponed noblacklist ${HOME}/sent blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-devel.inc diff --git a/etc/rsync-download_only.profile b/etc/rsync-download_only.profile index bda3bca92..84147f0a5 100644 --- a/etc/rsync-download_only.profile +++ b/etc/rsync-download_only.profile @@ -13,6 +13,7 @@ include globals.local # Usage: firejail --profile=rsync-download_only rsync blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-devel.inc diff --git a/etc/seahorse.profile b/etc/seahorse.profile index 5a742d05f..0470dc286 100644 --- a/etc/seahorse.profile +++ b/etc/seahorse.profile @@ -7,6 +7,7 @@ include seahorse.local include globals.local blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* noblacklist ${HOME}/.gnupg noblacklist ${HOME}/.ssh diff --git a/etc/server.profile b/etc/server.profile index 6e077ff84..ce318a828 100644 --- a/etc/server.profile +++ b/etc/server.profile @@ -14,6 +14,7 @@ noblacklist /usr/sbin # noblacklist /var/opt blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc # include disable-devel.inc diff --git a/etc/signal-cli.profile b/etc/signal-cli.profile index bb1bf732d..6a2f5c434 100644 --- a/etc/signal-cli.profile +++ b/etc/signal-cli.profile @@ -7,6 +7,7 @@ include signal-cli.local include globals.local blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* noblacklist ${HOME}/.local/share/signal-cli diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index 8e355a176..cf509852a 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile @@ -11,6 +11,7 @@ noblacklist /tmp/ssh-* noblacklist ${HOME}/.ssh blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-passwdmgr.inc diff --git a/etc/tracker.profile b/etc/tracker.profile index 6e107d99e..d47185b1d 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile @@ -9,6 +9,7 @@ include globals.local # Tracker is started by systemd on most systems. Therefore it is not firejailed by default blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-devel.inc diff --git a/etc/unbound.profile b/etc/unbound.profile index 67448d766..36533a762 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile @@ -10,6 +10,7 @@ noblacklist /sbin noblacklist /usr/sbin blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-devel.inc diff --git a/etc/w3m.profile b/etc/w3m.profile index 76531d315..97465baa1 100644 --- a/etc/w3m.profile +++ b/etc/w3m.profile @@ -9,6 +9,7 @@ include globals.local noblacklist ${HOME}/.w3m blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include allow-perl.inc diff --git a/etc/wget.profile b/etc/wget.profile index c1f7dfc3f..401926e2d 100644 --- a/etc/wget.profile +++ b/etc/wget.profile @@ -12,6 +12,7 @@ noblacklist ${HOME}/.wget-hsts noblacklist ${HOME}/.wgetrc blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-devel.inc diff --git a/etc/whois.profile b/etc/whois.profile index bd0870bea..7f48afd36 100644 --- a/etc/whois.profile +++ b/etc/whois.profile @@ -8,6 +8,7 @@ include whois.local include globals.local blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-devel.inc diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index 5fa72c9dc..19effef47 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile @@ -21,6 +21,7 @@ include allow-python2.inc include allow-python3.inc blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* include disable-common.inc include disable-devel.inc -- cgit v1.2.3-54-g00ecf