mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-16 14:16:16 -06:00
profiles: replace x11 socket blacklist with disable-X11.inc
Replace all occurrences of `blacklist /tmp/.X11-unix` with
`include disable-X11.inc`, which blacklists more X11-related files.
Commands used to search and replace:
$ git grep -Ilz '^blacklist /tmp/.X11-unix' -- \
etc/profile*/*.profile | xargs -0 perl -0 -pi -e '\
s/\nblacklist \/tmp\/.X11-unix\n/\n/; \
s/(\ninclude disable-xdg.inc\n)/\ninclude disable-X11.inc$1/; \
s/(\ninclude disable-[^Xx\n]+\n)(\n|# )/$1include disable-X11.inc\n$2/'
Note: The following files were also edited manually:
* etc/profile-a-l/erd.profile
* etc/profile-a-l/links-common.profile
* etc/profile-m-z/termshark.profile
* etc/profile-m-z/tmux.profile
* etc/profile-m-z/tshark.profile
Relates to #4462 #4854.
This commit is contained in:
Kelvin M. Klann
parent
5ec7c2292c
commit
04efbb2763
48 changed files with 50 additions and 49 deletions
|
|
@ -7,7 +7,6 @@ include agetpkg.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
# Allow python (blacklisted by disable-interpreters.inc)
|
||||
|
|
@ -20,6 +19,7 @@ include disable-exec.inc
|
|||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
whitelist ${DOWNLOADS}
|
||||
|
|
|
|||
|
|
@ -30,7 +30,6 @@ noblacklist ${HOME}/.pinercex
|
|||
noblacklist ${HOME}/.signature
|
||||
noblacklist ${HOME}/mail
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -39,6 +38,7 @@ include disable-exec.inc
|
|||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
#whitelist ${DOCUMENTS}
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ noblacklist ${HOME}/.cache/winetricks # XXX: See #5238
|
|||
noblacklist ${HOME}/.config/aria2
|
||||
noblacklist ${HOME}/.netrc
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -19,6 +18,7 @@ include disable-devel.inc
|
|||
include disable-exec.inc
|
||||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
|
||||
include whitelist-usr-share-common.inc
|
||||
include whitelist-var-common.inc
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ include bpftop.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist /usr/libexec
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
|
|
@ -18,6 +17,7 @@ include disable-interpreters.inc
|
|||
include disable-proc.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
include whitelist-common.inc
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ include cloneit.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist /usr/libexec
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
|
|
@ -18,6 +17,7 @@ include disable-interpreters.inc
|
|||
include disable-proc.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
include whitelist-run-common.inc
|
||||
|
|
|
|||
|
|
@ -16,7 +16,6 @@ noblacklist ${HOME}/.config/curlrc # since curl 7.73.0
|
|||
noblacklist ${HOME}/.curl-hsts
|
||||
noblacklist ${HOME}/.curlrc
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
# If you use nvm, add the below lines to your curl.local
|
||||
|
|
@ -26,6 +25,7 @@ blacklist ${RUNUSER}
|
|||
include disable-common.inc
|
||||
include disable-exec.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
# Depending on workflow you can add 'include disable-xdg.inc' to your curl.local.
|
||||
#include disable-xdg.inc
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ include dbus-send.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -17,6 +16,7 @@ include disable-interpreters.inc
|
|||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-write-mnt.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
#include whitelist-common.inc # see #903
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ include deadlink.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist /usr/libexec
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
|
|
@ -23,6 +22,7 @@ include disable-interpreters.inc
|
|||
include disable-proc.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
include whitelist-run-common.inc
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ include dexios.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist /usr/libexec
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
|
|
@ -18,6 +17,7 @@ include disable-interpreters.inc
|
|||
include disable-proc.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
whitelist ${DOWNLOADS}
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ include globals.local
|
|||
noblacklist ${HOME}/.digrc
|
||||
noblacklist ${PATH}/dig
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -18,6 +17,7 @@ include disable-common.inc
|
|||
include disable-exec.inc
|
||||
#include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
#mkfile ${HOME}/.digrc # see #903
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ include dnscrypt-proxy.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
noblacklist /sbin
|
||||
|
|
@ -18,6 +17,7 @@ include disable-devel.inc
|
|||
include disable-exec.inc
|
||||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
whitelist /usr/share/dnscrypt-proxy
|
||||
|
|
|
|||
|
|
@ -11,13 +11,13 @@ noblacklist /sbin
|
|||
noblacklist /usr/sbin
|
||||
noblacklist /var/lib/libvirt
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
include disable-common.inc
|
||||
include disable-devel.inc
|
||||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
whitelist /var/lib/libvirt/dnsmasq
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ include globals.local
|
|||
|
||||
noblacklist ${PATH}/drill
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -17,6 +16,7 @@ include disable-common.inc
|
|||
include disable-exec.inc
|
||||
#include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
#include whitelist-common.inc # see #903
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ include editorconfiger.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist /usr/libexec
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
|
|
@ -17,6 +16,7 @@ include disable-interpreters.inc
|
|||
include disable-proc.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
apparmor
|
||||
|
|
|
|||
|
|
@ -7,9 +7,8 @@ include erd.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
|
||||
include disable-exec.inc
|
||||
#include disable-X11.inc # x11 none
|
||||
|
||||
apparmor
|
||||
caps.drop all
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ include globals.local
|
|||
noblacklist /sbin
|
||||
noblacklist /usr/sbin
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -16,6 +15,7 @@ include disable-devel.inc
|
|||
include disable-exec.inc
|
||||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
#include whitelist-usr-share-common.inc
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ include gget.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -16,6 +15,7 @@ include disable-exec.inc
|
|||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
whitelist ${DOWNLOADS}
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ include gist.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
noblacklist ${HOME}/.gist
|
||||
|
|
@ -20,6 +19,7 @@ include disable-devel.inc
|
|||
include disable-exec.inc
|
||||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
mkdir ${HOME}/.gist
|
||||
|
|
|
|||
|
|
@ -28,12 +28,12 @@ ignore rmenv GITHUB_ENTERPRISE_TOKEN
|
|||
# Allow ssh (blacklisted by disable-common.inc)
|
||||
include allow-ssh.inc
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
include disable-common.inc
|
||||
include disable-exec.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
|
||||
whitelist /usr/share/git
|
||||
whitelist /usr/share/git-core
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ include gnome-keyring-daemon.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -16,6 +15,7 @@ include disable-exec.inc
|
|||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
#include disable-X11.inc # x11 none
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
whitelist ${RUNUSER}/gnupg
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ include googler-common.local
|
|||
# added by caller profile
|
||||
#include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
noblacklist ${HOME}/.w3m
|
||||
|
|
@ -23,6 +22,7 @@ include disable-exec.inc
|
|||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
whitelist ${HOME}/.w3m
|
||||
|
|
|
|||
|
|
@ -9,13 +9,13 @@ include globals.local
|
|||
|
||||
noblacklist ${HOME}/.gnupg
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
include disable-common.inc
|
||||
include disable-devel.inc
|
||||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
mkdir ${HOME}/.gnupg
|
||||
|
|
|
|||
|
|
@ -9,13 +9,13 @@ include globals.local
|
|||
|
||||
noblacklist ${HOME}/.gnupg
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
include disable-common.inc
|
||||
include disable-devel.inc
|
||||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
|
||||
whitelist ${RUNUSER}/gnupg
|
||||
whitelist ${RUNUSER}/keyring
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ include links-common.local
|
|||
|
||||
# common profile for links browsers
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -14,6 +13,7 @@ include disable-interpreters.inc
|
|||
# Additional noblacklist files/directories (blacklisted in disable-programs.inc)
|
||||
# used as associated programs can be added in your links-common.local.
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
whitelist ${DOWNLOADS}
|
||||
|
|
|
|||
|
|
@ -7,13 +7,13 @@ include lynx.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
include disable-common.inc
|
||||
include disable-devel.inc
|
||||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
include whitelist-runuser-common.inc
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ include makepkg.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
# Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138
|
||||
|
|
@ -33,6 +32,7 @@ noblacklist /var/lib/pacman
|
|||
include disable-common.inc
|
||||
include disable-exec.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
|
||||
caps.drop all
|
||||
ipc-namespace
|
||||
|
|
|
|||
|
|
@ -7,11 +7,11 @@ include mimetype.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
include disable-exec.inc
|
||||
include disable-proc.inc
|
||||
include disable-X11.inc
|
||||
|
||||
apparmor
|
||||
caps.drop all
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ include globals.local
|
|||
noblacklist ${HOME}/.moc
|
||||
noblacklist ${MUSIC}
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -19,6 +18,7 @@ include disable-exec.inc
|
|||
include disable-interpreters.inc
|
||||
include disable-proc.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
mkdir ${HOME}/.moc
|
||||
|
|
|
|||
|
|
@ -38,7 +38,6 @@ noblacklist ${HOME}/postponed
|
|||
noblacklist ${HOME}/sent
|
||||
noblacklist /etc/msmtprc
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
# Add the next lines to your mutt.local for oauth.py,S/MIME support.
|
||||
|
|
@ -51,6 +50,7 @@ include disable-devel.inc
|
|||
include disable-exec.inc
|
||||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
mkdir ${HOME}/.Mail
|
||||
|
|
|
|||
|
|
@ -39,7 +39,6 @@ noblacklist /etc/msmtprc
|
|||
noblacklist /var/mail
|
||||
noblacklist /var/spool/mail
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
include allow-lua.inc
|
||||
|
|
@ -49,6 +48,7 @@ include disable-devel.inc
|
|||
include disable-exec.inc
|
||||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
mkdir ${HOME}/.Mail
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ include nslookup.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
noblacklist ${PATH}/nslookup
|
||||
|
|
@ -17,6 +16,7 @@ include disable-devel.inc
|
|||
include disable-exec.inc
|
||||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
whitelist ${HOME}/.nslookuprc
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ include globals.local
|
|||
# not as a daemon (rsync --daemon) nor to create backups.
|
||||
# Usage: firejail --profile=rsync-download_only rsync
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -20,6 +19,7 @@ include disable-exec.inc
|
|||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
# Add the next line to your rsync-download_only.local to enable extra hardening.
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ include rtv.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
noblacklist ${HOME}/.config/rtv
|
||||
|
|
@ -28,6 +27,7 @@ include disable-devel.inc
|
|||
include disable-exec.inc
|
||||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
mkdir ${HOME}/.config/rtv
|
||||
|
|
|
|||
|
|
@ -36,7 +36,6 @@ noblacklist /usr/sbin
|
|||
noblacklist /etc/init.d
|
||||
#noblacklist /var/opt
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -45,6 +44,7 @@ include disable-common.inc
|
|||
#include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-write-mnt.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
#include whitelist-runuser-common.inc
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ include signal-cli.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
noblacklist ${HOME}/.local/share/signal-cli
|
||||
|
|
@ -18,6 +17,7 @@ include disable-devel.inc
|
|||
include disable-exec.inc
|
||||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
mkdir ${HOME}/.local/share/signal-cli
|
||||
|
|
|
|||
|
|
@ -9,11 +9,11 @@ include globals.local
|
|||
# Allow ssh (blacklisted by disable-common.inc)
|
||||
include allow-ssh.inc
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
include disable-common.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
|
||||
include whitelist-usr-share-common.inc
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ include statusof.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist /usr/libexec
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
|
|
@ -21,6 +20,7 @@ include disable-interpreters.inc
|
|||
include disable-proc.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
include whitelist-common.inc
|
||||
|
|
|
|||
|
|
@ -8,8 +8,9 @@ include termshark.local
|
|||
# added by included profile
|
||||
#include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
include disable-X11.inc
|
||||
|
||||
# Redirect
|
||||
include wireshark.profile
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ include globals.local
|
|||
noblacklist ${HOME}/.newsrc
|
||||
noblacklist ${HOME}/.tin
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}
|
||||
blacklist /usr/libexec
|
||||
|
||||
|
|
@ -19,6 +18,7 @@ include disable-exec.inc
|
|||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
mkdir ${HOME}/.tin
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ include tmux.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
noblacklist /tmp/tmux-*
|
||||
|
|
@ -16,6 +15,7 @@ noblacklist /tmp/tmux-*
|
|||
#include disable-devel.inc
|
||||
#include disable-exec.inc
|
||||
#include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
|
||||
caps.drop all
|
||||
ipc-namespace
|
||||
|
|
|
|||
|
|
@ -8,7 +8,6 @@ include globals.local
|
|||
|
||||
# Tracker is started by systemd on most systems. Therefore it is not firejailed by default
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -16,6 +15,7 @@ include disable-devel.inc
|
|||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
|
||||
include whitelist-runuser-common.inc
|
||||
|
||||
|
|
|
|||
|
|
@ -7,8 +7,9 @@ include tshark.local
|
|||
# added by included profile
|
||||
#include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
include disable-X11.inc
|
||||
|
||||
# Redirect
|
||||
include wireshark.profile
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ include tvnamer.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist /usr/libexec
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
|
|
@ -24,6 +23,7 @@ include disable-interpreters.inc
|
|||
include disable-programs.inc
|
||||
include disable-proc.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
mkdir ${HOME}/.config/tvnamer
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ include globals.local
|
|||
noblacklist /sbin
|
||||
noblacklist /usr/sbin
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -17,6 +16,7 @@ include disable-devel.inc
|
|||
include disable-exec.inc
|
||||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
whitelist /usr/share/dns
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ include globals.local
|
|||
|
||||
noblacklist ${HOME}/.w3m
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}/wayland-*
|
||||
|
||||
# Allow /bin/sh (blacklisted by disable-shell.inc)
|
||||
|
|
@ -29,6 +28,7 @@ include disable-exec.inc
|
|||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
mkdir ${HOME}/.w3m
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@ noblacklist ${HOME}/.wgetrc
|
|||
#ignore read-only ${HOME}/.nvm
|
||||
#noblacklist ${HOME}/.nvm
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -24,6 +23,7 @@ include disable-exec.inc
|
|||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
# Depending on workflow you can add the next line to your wget.local.
|
||||
#include disable-xdg.inc
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ include whois.local
|
|||
# Persistent global definitions
|
||||
include globals.local
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -15,6 +14,7 @@ include disable-devel.inc
|
|||
include disable-exec.inc
|
||||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
include whitelist-usr-share-common.inc
|
||||
|
|
|
|||
|
|
@ -29,7 +29,6 @@ noblacklist ${VIDEOS}
|
|||
# Allow python (blacklisted by disable-interpreters.inc)
|
||||
include allow-python3.inc
|
||||
|
||||
blacklist /tmp/.X11-unix
|
||||
blacklist ${RUNUSER}
|
||||
|
||||
include disable-common.inc
|
||||
|
|
@ -38,6 +37,7 @@ include disable-exec.inc
|
|||
include disable-interpreters.inc
|
||||
include disable-programs.inc
|
||||
include disable-shell.inc
|
||||
include disable-X11.inc
|
||||
include disable-xdg.inc
|
||||
|
||||
include whitelist-usr-share-common.inc
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue