From bd6380d680bc21e0d886c78b74ac7bfb703b6cc3 Mon Sep 17 00:00:00 2001 From: SYN-cook Date: Wed, 29 Mar 2017 23:40:54 +0200 Subject: various profile fixes and enhancements (#1177) * private-dev breaks playing CDs * reenable services * blacklist kservices5 folder * blacklist nautilus scripts * blacklist ~/.kde4 files, k3b config, nautilus/nemo * sort * update noblacklisting * update blacklisting * update blacklisting/whitelisting (okular) --- etc/audacious.profile | 1 - etc/disable-common.inc | 1 + etc/disable-programs.inc | 18 ++++++++++++++++++ etc/dolphin.profile | 3 ++- etc/firefox.profile | 2 ++ etc/nautilus.profile | 1 + etc/okular.profile | 6 +++++- etc/scribus.profile | 3 +++ 8 files changed, 32 insertions(+), 3 deletions(-) (limited to 'etc') diff --git a/etc/audacious.profile b/etc/audacious.profile index d12032166..ea5eb7cb7 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile @@ -20,5 +20,4 @@ shell none tracelog private-bin audacious -private-dev private-tmp diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 27a2d8ab7..45541906a 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc @@ -62,6 +62,7 @@ blacklist ${HOME}/.config/khotkeysrc blacklist ${HOME}/.config/krunnerrc blacklist ${HOME}/.local/share/kglobalaccel blacklist ${HOME}/.local/share/konsole +blacklist ${HOME}/.local/share/kservices5 blacklist ${HOME}/.local/share/solid # VirtualBox diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index c31b92d1f..da80376d1 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -151,6 +151,21 @@ blacklist ${HOME}/.hedgewars blacklist ${HOME}/.icedove blacklist ${HOME}/.inkscape blacklist ${HOME}/.jitsi +blacklist ${HOME}/.kde4/share/apps/gwenview +blacklist ${HOME}/.kde4/share/apps/kcookiejar +blacklist ${HOME}/.kde4/share/apps/khtml +blacklist ${HOME}/.kde4/share/apps/konqsidebartng +blacklist ${HOME}/.kde4/share/apps/konqueror +blacklist ${HOME}/.kde4/share/apps/okular +blacklist ${HOME}/.kde4/share/config/gwenviewrc +blacklist ${HOME}/.kde4/share/config/k3brc +blacklist ${HOME}/.kde4/share/config/kcookiejarrc +blacklist ${HOME}/.kde4/share/config/khtmlrc +blacklist ${HOME}/.kde4/share/config/konq_history +blacklist ${HOME}/.kde4/share/config/konqsidebartngrc +blacklist ${HOME}/.kde4/share/config/konquerorrc +blacklist ${HOME}/.kde4/share/config/okularpartrc +blacklist ${HOME}/.kde4/share/config/okularrc blacklist ${HOME}/.kde/share/apps/gwenview blacklist ${HOME}/.kde/share/apps/kcookiejar blacklist ${HOME}/.kde/share/apps/khtml @@ -158,6 +173,7 @@ blacklist ${HOME}/.kde/share/apps/konqsidebartng blacklist ${HOME}/.kde/share/apps/konqueror blacklist ${HOME}/.kde/share/apps/okular blacklist ${HOME}/.kde/share/config/gwenviewrc +blacklist ${HOME}/.kde/share/config/k3brc blacklist ${HOME}/.kde/share/config/kcookiejarrc blacklist ${HOME}/.kde/share/config/khtmlrc blacklist ${HOME}/.kde/share/config/konq_history @@ -200,6 +216,8 @@ blacklist ${HOME}/.local/share/kate blacklist ${HOME}/.local/share/lollypop blacklist ${HOME}/.local/share/multimc5 blacklist ${HOME}/.local/share/mupen64plus +blacklist ${HOME}/.local/share/nautilus +blacklist ${HOME}/.local/share/nemo blacklist ${HOME}/.local/share/pix blacklist ${HOME}/.local/share/psi+ blacklist ${HOME}/.local/share/qpdfview diff --git a/etc/dolphin.profile b/etc/dolphin.profile index 2b7919083..3c9056f62 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile @@ -8,6 +8,8 @@ include /etc/firejail/dolphin.local noblacklist ~/.config/dolphinrc noblacklist ~/.local/share/dolphin +noblacklist ~/.kde4/share/kde4/services +noblacklist ~/.kde/share/kde4/services include /etc/firejail/disable-common.inc # dolphin needs to be able to start arbitrary applications so we cannot blacklist their files @@ -28,4 +30,3 @@ protocol unix # private-dev # private-tmp # private-etc - diff --git a/etc/firefox.profile b/etc/firefox.profile index 3b55d4700..5f852d4c0 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile @@ -7,6 +7,7 @@ noblacklist ~/.mozilla noblacklist ~/.cache/mozilla noblacklist ~/.config/qpdfview noblacklist ~/.local/share/qpdfview +noblacklist ~/.kde4/share/apps/okular noblacklist ~/.kde/share/apps/okular noblacklist ~/.pki noblacklist ~/.lastpass @@ -41,6 +42,7 @@ whitelist ~/.pki whitelist ~/.lastpass whitelist ~/.config/qpdfview whitelist ~/.local/share/qpdfview +whitelist ~/.kde4/share/apps/okular whitelist ~/.kde/share/apps/okular # silverlight diff --git a/etc/nautilus.profile b/etc/nautilus.profile index c7e9fb9bc..8b86efbd2 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile @@ -8,6 +8,7 @@ include /etc/firejail/nautilus.local # is already a nautilus process running on gnome desktops firejail will have no effect. noblacklist ~/.config/nautilus +noblacklist ~/.local/share/nautilus include /etc/firejail/disable-common.inc # nautilus needs to be able to start arbitrary applications so we cannot blacklist their files diff --git a/etc/okular.profile b/etc/okular.profile index 2875d2ef5..07819068e 100644 --- a/etc/okular.profile +++ b/etc/okular.profile @@ -3,6 +3,10 @@ include /etc/firejail/okular.local # KDE okular profile +noblacklist ~/.kde4/share/apps/okular +noblacklist ~/.kde4/share/config/okularrc +noblacklist ~/.kde4/share/config/okularpartrc +read-only ~/.kde4/share/config/kdeglobals noblacklist ~/.kde/share/apps/okular noblacklist ~/.kde/share/config/okularrc noblacklist ~/.kde/share/config/okularpartrc @@ -24,6 +28,6 @@ shell none tracelog # private-bin okular,kbuildsycoca4,kbuildsycoca5 -# private-etc X11 +# private-etc fonts,X11 private-dev private-tmp diff --git a/etc/scribus.profile b/etc/scribus.profile index 5d0dc5af9..d3a0dbf48 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile @@ -10,6 +10,9 @@ noblacklist ~/.local/share/scribus noblacklist ~/.gimp* # Support for PDF readers (Scribus 1.5 and higher) +noblacklist ~/.kde4/share/apps/okular +noblacklist ~/.kde4/share/config/okularrc +noblacklist ~/.kde4/share/config/okularpartrc noblacklist ~/.kde/share/apps/okular noblacklist ~/.kde/share/config/okularrc noblacklist ~/.kde/share/config/okularpartrc -- cgit v1.2.3-54-g00ecf