From bcf53870f3dab1d1a813337886bd0965976875bd Mon Sep 17 00:00:00 2001 From: smitsohu Date: Fri, 12 Oct 2018 19:55:55 +0200 Subject: consolidate cloud blacklisting, alphabetize, other nitpicks --- etc/disable-common.inc | 18 ++++++++++-------- etc/disable-programs.inc | 2 -- etc/krunner.profile | 4 +++- 3 files changed, 13 insertions(+), 11 deletions(-) (limited to 'etc') diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 0f6e6bd19..ceca17826 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc @@ -317,9 +317,11 @@ blacklist /var/backup # cloud provider configuration blacklist ${HOME}/.aws blacklist ${HOME}/.boto -blacklist /etc/boto.cfg blacklist ${HOME}/.config/gcloud blacklist ${HOME}/.kube +blacklist ${HOME}/.passwd-s3fs +blacklist ${HOME}/.s3cmd +blacklist /etc/boto.cfg # system directories blacklist /sbin @@ -391,14 +393,14 @@ blacklist /vmlinuz* # snapshot files blacklist /.snapshots -# complement noexec ${HOME} and noexec /tmp -noexec /tmp/.X11-unix - # flatpak -blacklist ${HOME}/*.config/flatpak -blacklist ${HOME}/*.var -blacklist ${HOME}/*.local/share/flatpak -blacklist /var/lib/flatpak +blacklist ${HOME}/.config/flatpak +blacklist ${HOME}/.local/share/flatpak +blacklist ${HOME}/.var blacklist /usr/share/flatpak +blacklist /var/lib/flatpak # most of the time bwrap is SUID binary blacklist ${PATH}/bwrap + +# complement noexec ${HOME} and noexec /tmp +noexec /tmp/.X11-unix diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 6fa0eed26..251362b77 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -478,7 +478,6 @@ blacklist ${HOME}/.openshot blacklist ${HOME}/.openshot_qt blacklist ${HOME}/.opera blacklist ${HOME}/.opera-beta -blacklist ${HOME}/.passwd-s3fs blacklist ${HOME}/.pingus blacklist ${HOME}/.purple blacklist ${HOME}/.qemu-launcher @@ -488,7 +487,6 @@ blacklist ${HOME}/.remmina blacklist ${HOME}/.repo_.gitconfig.json blacklist ${HOME}/.repoconfig blacklist ${HOME}/.retroshare -blacklist ${HOME}/.s3cmd blacklist ${HOME}/.scribus blacklist ${HOME}/.scribusrc blacklist ${HOME}/.simutrans diff --git a/etc/krunner.profile b/etc/krunner.profile index 6b84e2c7c..0b1b9e5de 100644 --- a/etc/krunner.profile +++ b/etc/krunner.profile @@ -11,7 +11,7 @@ include /etc/firejail/globals.local # with its own profile, if it is sandboxed automatically. # noblacklist ${HOME}/.cache/krunner -# noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite +# noblacklist ${HOME}/.cache/krunnerbookmarkrunnerfirefoxdbfile.sqlite* # noblacklist ${HOME}/.config/chromium noblacklist ${HOME}/.config/krunnerrc noblacklist ${HOME}/.kde/share/config/krunnerrc @@ -34,3 +34,5 @@ nonewprivs noroot protocol unix,inet,inet6 seccomp + +# private-cache -- cgit v1.2.3-70-g09d2