many profile cleanups (3)

2026-05-15 14:16:14 -06:00 · 2019-06-02 21:01:08 +02:00 · 2019-06-02 21:01:08 +02:00 · 109b186566
commit 109b186566
parent f413040c5e
42 changed files with 76 additions and 53 deletions
--- a/etc/JDownloader.profile
+++ b/etc/JDownloader.profile
@ -5,7 +5,6 @@ include JDownloader.local
 # Persistent global definitions
 include globals.local

-
 noblacklist ${HOME}/.jd

 # Allow java (blacklisted by disable-devel.inc)
--- a/etc/Mathematica.profile
+++ b/etc/Mathematica.profile
@ -16,6 +16,7 @@ include disable-programs.inc

 mkdir ${HOME}/.Mathematica
 mkdir ${HOME}/.Wolfram Research
+mkdir ${HOME}/Documents/Wolfram Mathematica
 whitelist ${HOME}/.Mathematica
 whitelist ${HOME}/.Wolfram Research
 whitelist ${HOME}/Documents/Wolfram Mathematica
--- a/etc/Viber.profile
+++ b/etc/Viber.profile
@ -5,7 +5,6 @@ include Viber.local
 # Persistent global definitions
 include globals.local

-
 noblacklist ${HOME}/.ViberPC

 include disable-common.inc
@ -15,6 +14,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc

+mkdir ${HOME}/.ViberPC
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.ViberPC
 include whitelist-common.inc
@ -36,5 +36,4 @@ private-bin sh,bash,dig,awk,Viber
 private-etc hosts,fonts,mailcap,resolv.conf,X11,pulse,alternatives,localtime,nsswitch.conf,ssl,proxychains.conf,pki,ca-certificates,crypto-policies,machine-id,asound.conf
 private-tmp

-
 env QTWEBENGINE_DISABLE_SANDBOX=1
--- a/etc/amule.profile
+++ b/etc/amule.profile
@ -6,7 +6,6 @@ include amule.local
 # Persistent global definitions
 include globals.local

-
 noblacklist ${HOME}/.aMule

 include disable-common.inc
@ -16,6 +15,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc

+mkdir ${HOME}/.aMule
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.aMule
 include whitelist-common.inc
--- a/etc/anki.profile
+++ b/etc/anki.profile
@ -21,6 +21,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc

+mkdir ${HOME}/.local/share/Anki2
 whitelist ${DOCUMENTS}
 whitelist ${HOME}/.local/share/Anki2
 include whitelist-common.inc
--- a/etc/assogiate.profile
+++ b/etc/assogiate.profile
@ -7,7 +7,6 @@ include assogiate.local
 include globals.local

 noblacklist ${PICTURES}
-whitelist ${PICTURES}

 include disable-common.inc
 include disable-devel.inc
@ -16,6 +15,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+
+whitelist ${PICTURES}
 include whitelist-common.inc
 include whitelist-var-common.inc

--- a/etc/basilisk.profile
+++ b/etc/basilisk.profile
@ -10,7 +10,6 @@ noblacklist ${HOME}/.moonchild productions/basilisk

 mkdir ${HOME}/.cache/moonchild productions/basilisk
 mkdir ${HOME}/.moonchild productions
-whitelist ${DOWNLOADS}
 whitelist ${HOME}/.cache/moonchild productions/basilisk
 whitelist ${HOME}/.moonchild productions

--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@ -12,6 +12,7 @@ noblacklist ${HOME}/.config/chromium-flags.conf

 mkdir ${HOME}/.cache/chromium
 mkdir ${HOME}/.config/chromium
+mkfile ${HOME}/.config/chromium-flags.conf
 whitelist ${HOME}/.cache/chromium
 whitelist ${HOME}/.config/chromium
 whitelist ${HOME}/.config/chromium-flags.conf
--- a/etc/conkeror.profile
+++ b/etc/conkeror.profile
@ -10,9 +10,10 @@ noblacklist ${HOME}/.conkeror.mozdev.org
 include disable-common.inc
 include disable-programs.inc

+mkdir ${HOME}/.conkeror.mozdev.org
+mkfile ${HOME}/.conkerorrc
 whitelist ${HOME}/.conkeror.mozdev.org
 whitelist ${HOME}/.conkerorrc
-whitelist ${HOME}/.gtkrc-2.0
 whitelist ${HOME}/.lastpass
 whitelist ${HOME}/.pentadactyl
 whitelist ${HOME}/.pentadactylrc
--- a/etc/cower.profile
+++ b/etc/cower.profile
@ -1,20 +1,13 @@
 # Firejail profile for cower
+# Description: a simple AUR agent with a pretentious name
 # This file is overwritten after every install/update
-
-# This profile could be significantly strengthened by adding the following to cower.local
-# whitelist ${HOME}/<Your Build Folder>
-# whitelist ${HOME}/.config/cower/
-
 quiet
-
 # Persistent local customizations
 include cower.local
 # Persistent global definitions
 include globals.local

-noblacklist ${HOME}/.config/cower/config
-read-only ${HOME}/.config/cower/config
-
+noblacklist ${HOME}/.config/cower
 noblacklist /var/lib/pacman

 include disable-common.inc
@ -23,6 +16,11 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
+
+# This profile could be significantly strengthened by adding the following to cower.local
+# whitelist ${HOME}/<Your Build Folder>
+# whitelist ${HOME}/.config/cower

 caps.drop all
 ipc-namespace
@ -42,7 +40,9 @@ shell none

 disable-mnt
 private-bin cower
+private-cache
 private-dev
 private-tmp

 memory-deny-write-execute
+read-only ${HOME}/.config/cower/config
--- a/etc/dconf-editor.profile
+++ b/etc/dconf-editor.profile
@ -6,8 +6,6 @@ include dconf-editor.local
 # Persistent global definitions
 include globals.local

-whitelist ${HOME}/.local/share/glib-2.0
-
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@ -16,6 +14,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc

+whitelist ${HOME}/.local/share/glib-2.0
 include whitelist-common.inc

 apparmor
@ -39,7 +38,7 @@ disable-mnt
 private-bin dconf-editor
 private-cache
 private-dev
-private-etc alternatives,fonts,machine-id
+private-etc alternatives,dconf,fonts,gtk-3.0,machine-id
 private-lib
 private-tmp

--- a/etc/dconf.profile
+++ b/etc/dconf.profile
@ -6,8 +6,6 @@ include dconf.local
 # Persistent global definitions
 include globals.local

-whitelist ${HOME}/.local/share/glib-2.0
-
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@ -16,6 +14,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc

+whitelist ${HOME}/.local/share/glib-2.0
 # dconf paths are whitelisted by the following
 include whitelist-common.inc

--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@ -242,6 +242,7 @@ read-only ${HOME}/.ssh/authorized_keys

 # Initialization files that allow arbitrary command execution
 read-only ${HOME}/.caffrc
+read-only ${HOME}/.cargo/env
 read-only ${HOME}/.dotfiles
 read-only ${HOME}/.emacs
 read-only ${HOME}/.emacs.d
@ -275,7 +276,6 @@ read-only ${HOME}/bin
 read-only ${HOME}/.bin
 read-only ${HOME}/.local/bin
 read-only ${HOME}/.cargo/bin
-read-only ${HOME}/.cargo/env
 blacklist ${HOME}/.cargo/registry
 blacklist ${HOME}/.cargo/config

@ -414,3 +414,12 @@ blacklist /usr/share/flatpak
 blacklist /var/lib/flatpak
 # most of the time bwrap is SUID binary
 blacklist ${PATH}/bwrap
+
+# mail directories used by mutt
+blacklist ${HOME}/.Mail
+blacklist ${HOME}/.mail
+blacklist ${HOME}/.signature
+blacklist ${HOME}/Mail
+blacklist ${HOME}/mail
+blacklist ${HOME}/postponed
+blacklist ${HOME}/sent
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@ -7,6 +7,7 @@ blacklist ${HOME}/Monero/wallets
 blacklist ${HOME}/Nextcloud/Notes
 blacklist ${HOME}/SoftMaker
 blacklist ${HOME}/Standard Notes Backups
+blacklist ${HOME}/mps
 blacklist ${HOME}/wallet.dat
 blacklist ${HOME}/.*coin
 blacklist ${HOME}/.8pecxstudios
@ -118,6 +119,7 @@ blacklist ${HOME}/.config/artha.conf
 blacklist ${HOME}/.config/asunder
 blacklist ${HOME}/.config/atril
 blacklist ${HOME}/.config/audacious
+blacklist ${HOME}/.config/autokey
 blacklist ${HOME}/.config/aweather
 blacklist ${HOME}/.config/baloofilerc
 blacklist ${HOME}/.config/baloorc
@ -140,6 +142,7 @@ blacklist ${HOME}/.config/clipit
 blacklist ${HOME}/.config/cliqz
 blacklist ${HOME}/.config/cmus
 blacklist ${HOME}/.config/corebird
+blacklist ${HOME}/.config/cower
 blacklist ${HOME}/.config/darktable
 blacklist ${HOME}/.config/deadbeef
 blacklist ${HOME}/.config/deluge
@ -267,6 +270,7 @@ blacklist ${HOME}/.config/redshift.conf
 blacklist ${HOME}/.config/remmina
 blacklist ${HOME}/.config/ristretto
 blacklist ${HOME}/.config/scribus
+blacklist ${HOME}/.config/scribusrc
 blacklist ${HOME}/.config/sinew.in
 blacklist ${HOME}/.config/skypeforlinux
 blacklist ${HOME}/.config/slimjet
@ -455,6 +459,7 @@ blacklist ${HOME}/.local/share/akonadi*
 blacklist ${HOME}/.local/share/akregator
 blacklist ${HOME}/.local/share/apps/korganizer
 blacklist ${HOME}/.local/share/aspyr-media
+blacklist ${HOME}/.local/share/autokey
 blacklist ${HOME}/.local/share/baloo
 blacklist ${HOME}/.local/share/bibletime
 blacklist ${HOME}/.local/share/caja-python
--- a/etc/dooble.profile
+++ b/etc/dooble.profile
@ -1,11 +1,12 @@
 # Firejail profile for dooble
 # This file is overwritten after every install/update
 # Persistent local customizations
+include dooble.local
+# Backward compatibility
 include dooble-qt4.local
 # Persistent global definitions
 include globals.local

-
 noblacklist ${HOME}/.dooble

 include disable-common.inc
--- a/etc/enpass.profile
+++ b/etc/enpass.profile
@ -20,12 +20,16 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc

+mkdir ${HOME}/.cache/Enpass
+mkfile ${HOME}/.config/sinew.in
+mkdir ${HOME}/.config/Sinew Software Systems
+mkdir ${HOME}/.local/share/Enpass
 whitelist ${HOME}/.cache/Enpass
 whitelist ${HOME}/.config/sinew.in
 whitelist ${HOME}/.config/Sinew Software Systems
 whitelist ${HOME}/.local/share/Enpass
 whitelist ${DOCUMENTS}
-
+include whitelist-common.inc
 include whitelist-var-common.inc

 # machine-id and nosound break audio notification functionality
--- a/etc/falkon.profile
+++ b/etc/falkon.profile
@ -16,6 +16,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc

+mkdir ${HOME}/.cache/falkon
+mkdir ${HOME}/.config/falkon
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.cache/falkon
 whitelist ${HOME}/.config/falkon
--- a/etc/gpredict.profile
+++ b/etc/gpredict.profile
@ -15,6 +15,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc

+mkdir ${HOME}/.config/Gpredict
 whitelist ${HOME}/.config/Gpredict
 include whitelist-common.inc

--- a/etc/mate-calc.profile
+++ b/etc/mate-calc.profile
@ -15,12 +15,13 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc

+mkdir ${HOME}/.cache/mate-calc
+mkdir ${HOME}/.config/caja
+mkdir ${HOME}/.config/mate-menu
 whitelist ${HOME}/.cache/mate-calc
 whitelist ${HOME}/.config/caja
-whitelist ${HOME}/.config/gtk-3.0
-whitelist ${HOME}/.config/dconf
 whitelist ${HOME}/.config/mate-menu
-whitelist ${HOME}/.themes
+include whitelist-common.inc

 caps.drop all
 net none
@ -40,7 +41,7 @@ shell none

 disable-mnt
 private-bin mate-calc,mate-calculator
-private-etc alternatives,fonts
+private-etc alternatives,dconf,fonts,gtk-3.0
 private-dev
 private-opt none
 private-tmp
--- a/etc/mate-color-select.profile
+++ b/etc/mate-color-select.profile
@ -5,7 +5,6 @@ include mate-color-select.local
 # Persistent global definitions
 include globals.local

-
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@ -13,10 +12,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc

-whitelist ${HOME}/.config/gtk-3.0
-whitelist ${HOME}/.fonts
-whitelist ${HOME}/.icons
-whitelist ${HOME}/.themes
+include whitelist-common.inc

 caps.drop all
 netfilter
--- a/etc/mate-dictionary.profile
+++ b/etc/mate-dictionary.profile
@ -14,11 +14,9 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc

+mkdir ${HOME}/.config/mate/mate-dictionary
 whitelist ${HOME}/.config/mate/mate-dictionary
-whitelist ${HOME}/.config/gtk-3.0
-whitelist ${HOME}/.fonts
-whitelist ${HOME}/.icons
-whitelist ${HOME}/.themes
+include whitelist-common.inc

 caps.drop all
 netfilter
--- a/etc/meteo-qt.profile
+++ b/etc/meteo-qt.profile
@ -20,8 +20,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc

-whitelist ${HOME}/.config/autostart
 mkdir ${HOME}/.config/meteo-qt
+whitelist ${HOME}/.config/autostart
 whitelist ${HOME}/.config/meteo-qt
 include whitelist-common.inc
 include whitelist-var-common.inc
--- a/etc/mpsyt.profile
+++ b/etc/mpsyt.profile
@ -6,10 +6,6 @@ include mpsyt.local
 # Persistent global definitions
 include globals.local

-# Allow python (blacklisted by disable-interpreters.inc)
-include allow-python2.inc
-include allow-python3.inc
-
 noblacklist ${HOME}/.config/mpv
 noblacklist ${HOME}/.mplayer
 noblacklist ${HOME}/.config/mps-youtube
@ -18,6 +14,10 @@ noblacklist ${HOME}/mps
 noblacklist ${MUSIC}
 noblacklist ${VIDEOS}

+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python2.inc
+include allow-python3.inc
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
--- a/etc/multimc5.profile
+++ b/etc/multimc5.profile
@ -21,6 +21,8 @@ include disable-passwdmgr.inc
 include disable-programs.inc

 mkdir ${HOME}/.local/share/multimc
+mkdir ${HOME}/.local/share/multimc5
+mkdir ${HOME}/.multimc5
 whitelist ${HOME}/.local/share/multimc
 whitelist ${HOME}/.local/share/multimc5
 whitelist ${HOME}/.multimc5
--- a/etc/nethack-vultures.profile
+++ b/etc/nethack-vultures.profile
@ -6,7 +6,6 @@ include nethack.local
 # Persistent global definitions
 include globals.local

-
 noblacklist ${HOME}/.vultures
 noblacklist /var/log

@ -43,4 +42,3 @@ private-cache
 private-dev
 private-tmp
 writable-var
-
--- a/etc/nethack.profile
+++ b/etc/nethack.profile
@ -6,7 +6,6 @@ include nethack.local
 # Persistent global definitions
 include globals.local

-
 noblacklist /var/games/nethack

 include disable-common.inc
--- a/etc/nheko.profile
+++ b/etc/nheko.profile
@ -18,11 +18,9 @@ include disable-programs.inc

 mkdir ${HOME}/.config/nheko
 mkdir ${HOME}/.cache/nheko/nheko
-
 whitelist ${HOME}/.config/nheko
 whitelist ${HOME}/.cache/nheko/nheko
 whitelist ${DOWNLOADS}
-
 include whitelist-common.inc

 caps.drop all
--- a/etc/nylas.profile
+++ b/etc/nylas.profile
@ -14,6 +14,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc

+mkdir ${HOME}/.config/Nylas Mail
+mkdir ${HOME}/.nylas-mail
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.config/Nylas Mail
 whitelist ${HOME}/.nylas-mail
--- a/etc/qgis.profile
+++ b/etc/qgis.profile
@ -6,7 +6,6 @@ include qgis.local
 # Persistent global definitions
 include globals.local

-noblacklist ${HOME}/.config/QtProject.conf
 noblacklist ${HOME}/.config/QGIS
 noblacklist ${HOME}/.local/share/QGIS
 noblacklist ${HOME}/.qgis2
--- a/etc/quiterss.profile
+++ b/etc/quiterss.profile
@ -22,6 +22,8 @@ mkdir ${HOME}/.cache/QuiteRss
 mkdir ${HOME}/.config/QuiteRss
 mkdir ${HOME}/.local/share/data
 mkdir ${HOME}/.local/share/data/QuiteRss
+mkdir ${HOME}/.local/share/QuiteRss
+mkfile ${HOME}/quiterssfeeds.opml
 whitelist ${HOME}/.cache/QuiteRss
 whitelist ${HOME}/.config/QuiteRss/
 whitelist ${HOME}/.config/QuiteRssrc
--- a/etc/qupzilla.profile
+++ b/etc/qupzilla.profile
@ -15,6 +15,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc

+mkdir ${HOME}/.cache/qupzilla
+mkdir ${HOME}/.config/qupzilla
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.cache/qupzilla
 whitelist ${HOME}/.config/qupzilla
--- a/etc/ricochet.profile
+++ b/etc/ricochet.profile
@ -5,7 +5,6 @@ include ricochet.local
 # Persistent global definitions
 include globals.local

-
 noblacklist ${HOME}/.local/share/Ricochet

 include disable-common.inc
@ -15,6 +14,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc

+mkdir ${HOME}/.local/share/Ricochet
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.local/share/Ricochet
 include whitelist-common.inc
--- a/etc/rocketchat.profile
+++ b/etc/rocketchat.profile
@ -7,6 +7,7 @@ include globals.local

 noblacklist ${HOME}/.config/Rocket.Chat

+mkdir ${HOME}/.config/Rocket.Chat
 whitelist ${HOME}/.config/Rocket.Chat
 include whitelist-common.inc

--- a/etc/seahorse.profile
+++ b/etc/seahorse.profile
@ -32,6 +32,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+
 include whitelist-common.inc
 include whitelist-var-common.inc

--- a/etc/seamonkey.profile
+++ b/etc/seamonkey.profile
@ -18,6 +18,8 @@ include disable-programs.inc

 mkdir ${HOME}/.cache/mozilla
 mkdir ${HOME}/.mozilla
+mkdir ${HOME}/.pki
+mkdir ${HOME}/.local/share/pki
 whitelist ${DOWNLOADS}
 whitelist ${HOME}/.cache/gnome-mplayer/plugin
 whitelist ${HOME}/.cache/mozilla
--- a/etc/slack.profile
+++ b/etc/slack.profile
@ -13,7 +13,6 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc

-mkdir ${HOME}/.config
 mkdir ${HOME}/.config/Slack
 whitelist ${HOME}/.config/Slack
 whitelist ${DOWNLOADS}
--- a/etc/slashem.profile
+++ b/etc/slashem.profile
@ -6,7 +6,6 @@ include slashem.local
 # Persistent global definitions
 include globals.local

-
 noblacklist /var/games/slashem

 include disable-common.inc
--- a/etc/start-tor-browser.desktop.profile
+++ b/etc/start-tor-browser.desktop.profile
@ -3,7 +3,6 @@
 # Persistent local customizations
 include start-tor-browser.desktop.local

-
 noblacklist ${HOME}/.tor-browser-*
 noblacklist ${HOME}/.tor-browser_*

--- a/etc/surf.profile
+++ b/etc/surf.profile
@ -15,6 +15,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc

 mkdir ${HOME}/.surf
+whitelist ${HOME}/.surf
 whitelist ${DOWNLOADS}
 include whitelist-common.inc

--- a/etc/wire-desktop.profile
+++ b/etc/wire-desktop.profile
@ -16,7 +16,6 @@ include disable-programs.inc
 mkdir ${HOME}/.config/Wire
 whitelist ${HOME}/.config/Wire
 whitelist ${DOWNLOADS}
-
 include whitelist-common.inc

 caps.drop all
--- a/etc/zaproxy.profile
+++ b/etc/zaproxy.profile
@ -19,6 +19,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc

+mkdir ${HOME}/.java
 mkdir ${HOME}/.ZAP
 whitelist ${HOME}/.java
 whitelist ${HOME}/.ZAP
--- a/etc/zoom.profile
+++ b/etc/zoom.profile
@ -13,6 +13,8 @@ include disable-devel.inc
 include disable-interpreters.inc
 include disable-programs.inc

+mkdir ${HOME}/.cache/zoom
+mkfile ${HOME}/.config/zoomus.conf
 mkdir ${HOME}/.zoom
 whitelist ${HOME}/.cache/zoom
 whitelist ${HOME}/.config/zoomus.conf