From 872b0551f9fc811e222e2a8d1e70fa0129fc8bae Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 30 Aug 2025 07:38:58 -0300 Subject: [PATCH 1/3] profiles: rtv: move rtv-addons comment to the top Optional/commented entries usually go there. See also the top comments on firefox-common.profile. Relates to #4016. --- etc/profile-m-z/rtv.profile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile index 5219f73f6..9ef0da5f6 100644 --- a/etc/profile-m-z/rtv.profile +++ b/etc/profile-m-z/rtv.profile @@ -6,6 +6,11 @@ include rtv.local # Persistent global definitions include globals.local +# You can configure rtv to open different type of links in external applications. +# Configuration: https://github.com/michael-lazar/rtv#viewing-media-links. +# Add the next line to your rtv.local to enable external application support. +#include rtv-addons.profile + blacklist ${RUNUSER}/wayland-* noblacklist ${HOME}/.config/rtv @@ -18,10 +23,6 @@ include allow-bin-sh.inc include allow-python2.inc include allow-python3.inc -# You can configure rtv to open different type of links in external applications. -# Configuration: https://github.com/michael-lazar/rtv#viewing-media-links. -# Add the next line to your rtv.local to enable external application support. -#include rtv-addons.profile include disable-common.inc include disable-devel.inc include disable-exec.inc From a45e2016fe7678ef02c0b2a3cfbc2e9f8f04a475 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 30 Aug 2025 10:38:23 -0300 Subject: [PATCH 2/3] profiles: curl/wget: move nvm comments to the top Optional/commented entries usually go there. See also the top comments on firefox-common.profile. Relates to #5058. --- etc/profile-a-l/curl.profile | 8 ++++---- etc/profile-m-z/wget.profile | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile index a96369d4d..b0a95bede 100644 --- a/etc/profile-a-l/curl.profile +++ b/etc/profile-a-l/curl.profile @@ -7,6 +7,10 @@ include curl.local # Persistent global definitions include globals.local +# If you use nvm, add the below lines to your curl.local +#ignore read-only ${HOME}/.nvm +#noblacklist ${HOME}/.nvm + noblacklist ${HOME}/.config/curlrc # since curl 7.73.0 # curl 7.74.0 introduces experimental support for HSTS cache # https://daniel.haxx.se/blog/2020/11/03/hsts-your-curl/ @@ -19,10 +23,6 @@ noblacklist ${HOME}/.netrc blacklist ${RUNUSER} -# If you use nvm, add the below lines to your curl.local -#ignore read-only ${HOME}/.nvm -#noblacklist ${HOME}/.nvm - include disable-common.inc include disable-exec.inc include disable-programs.inc diff --git a/etc/profile-m-z/wget.profile b/etc/profile-m-z/wget.profile index 2810bdf31..460898448 100644 --- a/etc/profile-m-z/wget.profile +++ b/etc/profile-m-z/wget.profile @@ -7,16 +7,16 @@ include wget.local # Persistent global definitions include globals.local +# If you use nvm, add the below lines to your wget.local +#ignore read-only ${HOME}/.nvm +#noblacklist ${HOME}/.nvm + noblacklist ${HOME}/.config/wget noblacklist ${HOME}/.local/share/wget noblacklist ${HOME}/.netrc noblacklist ${HOME}/.wget-hsts noblacklist ${HOME}/.wgetrc -# If you use nvm, add the below lines to your wget.local -#ignore read-only ${HOME}/.nvm -#noblacklist ${HOME}/.nvm - blacklist ${RUNUSER} include disable-common.inc From da5dd4bc0c151695037d513d0a0f01fc2d4c77f8 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 30 Aug 2025 07:35:37 -0300 Subject: [PATCH 3/3] profiles: organize blacklist sections as per profile.template On each profile, ensure that the `blacklist` section is right above the `include disable` section. See etc/templates/profile.template. Misc: This appears to affect about a third of the profiles that contain `blacklist` entries: $ git grep -El '^#?blacklist ' -- etc/profile* | wc -l 158 $ git diff --name-only f1381b342 | wc -l 49 Kind of relates to commit 04efbb276 ("profiles: replace x11 socket blacklist with disable-X11.inc", 2024-03-22) / PR #6286. --- etc/profile-a-l/agetpkg.profile | 4 ++-- etc/profile-a-l/checkbashisms.profile | 4 ++-- etc/profile-a-l/deadlink.profile | 6 +++--- etc/profile-a-l/devilspie.profile | 4 ++-- etc/profile-a-l/enchant.profile | 4 ++-- etc/profile-a-l/evince.profile | 3 ++- etc/profile-a-l/exiftool.profile | 4 ++-- etc/profile-a-l/gconf.profile | 4 ++-- etc/profile-a-l/gist.profile | 4 ++-- etc/profile-a-l/gnome-boxes.profile | 4 ++-- etc/profile-a-l/googler-common.profile | 4 ++-- etc/profile-a-l/green-recoder.profile | 4 ++-- etc/profile-a-l/hashcat.profile | 4 ++-- etc/profile-a-l/highlight.profile | 4 ++-- etc/profile-a-l/host.profile | 3 ++- etc/profile-a-l/img2txt.profile | 4 ++-- etc/profile-a-l/koreader.profile | 4 ++-- etc/profile-a-l/less.profile | 4 ++-- etc/profile-a-l/localsend_app.profile | 4 ++-- etc/profile-m-z/makepkg.profile | 4 ++-- etc/profile-m-z/man.profile | 4 ++-- etc/profile-m-z/mp3splt.profile | 4 ++-- etc/profile-m-z/mutt.profile | 4 ++-- etc/profile-m-z/nano.profile | 4 ++-- etc/profile-m-z/neomutt.profile | 4 ++-- etc/profile-m-z/nodejs-common.profile | 4 ++-- etc/profile-m-z/nslookup.profile | 4 ++-- etc/profile-m-z/nvim.profile | 4 ++-- etc/profile-m-z/odt2txt.profile | 4 ++-- etc/profile-m-z/pandoc.profile | 4 ++-- etc/profile-m-z/patch.profile | 4 ++-- etc/profile-m-z/pdftotext.profile | 4 ++-- etc/profile-m-z/pkglog.profile | 4 ++-- etc/profile-m-z/qpdf.profile | 4 ++-- etc/profile-m-z/rtv.profile | 4 ++-- etc/profile-m-z/session-desktop.profile | 4 ++-- etc/profile-m-z/shellcheck.profile | 4 ++-- etc/profile-m-z/signal-cli.profile | 4 ++-- etc/profile-m-z/spectre-meltdown-checker.profile | 4 ++-- etc/profile-m-z/ssmtp.profile | 7 ++++--- etc/profile-m-z/statusof.profile | 6 +++--- etc/profile-m-z/tesseract.profile | 5 +++-- etc/profile-m-z/textroom.profile | 4 ++-- etc/profile-m-z/tmux.profile | 4 ++-- etc/profile-m-z/tvnamer.profile | 6 +++--- etc/profile-m-z/virt-manager.profile | 4 ++-- etc/profile-m-z/w3m.profile | 4 ++-- 47 files changed, 100 insertions(+), 96 deletions(-) diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile index 1bf954e3a..06a5c831f 100644 --- a/etc/profile-a-l/agetpkg.profile +++ b/etc/profile-a-l/agetpkg.profile @@ -7,12 +7,12 @@ include agetpkg.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - # Allow python (blacklisted by disable-interpreters.inc) #include allow-python2.inc include allow-python3.inc +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-a-l/checkbashisms.profile b/etc/profile-a-l/checkbashisms.profile index 3baa80d50..221ac6bb7 100644 --- a/etc/profile-a-l/checkbashisms.profile +++ b/etc/profile-a-l/checkbashisms.profile @@ -7,13 +7,13 @@ include checkbashisms.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - noblacklist ${DOCUMENTS} # Allow perl (blacklisted by disable-interpreters.inc) include allow-perl.inc +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-a-l/deadlink.profile b/etc/profile-a-l/deadlink.profile index dd7283ed9..404f7d9ed 100644 --- a/etc/profile-a-l/deadlink.profile +++ b/etc/profile-a-l/deadlink.profile @@ -6,15 +6,15 @@ include deadlink.local # Persistent global definitions include globals.local -blacklist ${RUNUSER} -blacklist /usr/libexec - noblacklist ${HOME}/.config/deadlink # Allow python (blacklisted by disable-interpreters.inc) #include allow-python2.inc include allow-python3.inc +blacklist ${RUNUSER} +blacklist /usr/libexec + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-a-l/devilspie.profile b/etc/profile-a-l/devilspie.profile index 4461c2a82..ec1f1a473 100644 --- a/etc/profile-a-l/devilspie.profile +++ b/etc/profile-a-l/devilspie.profile @@ -6,10 +6,10 @@ include devilspie.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - noblacklist ${HOME}/.devilspie +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-a-l/enchant.profile b/etc/profile-a-l/enchant.profile index 051c75fc1..a4abd176e 100644 --- a/etc/profile-a-l/enchant.profile +++ b/etc/profile-a-l/enchant.profile @@ -6,10 +6,10 @@ include enchant.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - noblacklist ${HOME}/.config/enchant +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile index 06a4a64b1..ae1d67af9 100644 --- a/etc/profile-a-l/evince.profile +++ b/etc/profile-a-l/evince.profile @@ -13,9 +13,10 @@ noblacklist ${HOME}/.local/share/gvfs-metadata noblacklist ${HOME}/.config/evince noblacklist ${DOCUMENTS} +include allow-bin-sh.inc + blacklist /usr/libexec -include allow-bin-sh.inc include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-a-l/exiftool.profile b/etc/profile-a-l/exiftool.profile index a8be4828f..79670126c 100644 --- a/etc/profile-a-l/exiftool.profile +++ b/etc/profile-a-l/exiftool.profile @@ -6,11 +6,11 @@ include exiftool.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - # Allow perl (blacklisted by disable-interpreters.inc) include allow-perl.inc +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-a-l/gconf.profile b/etc/profile-a-l/gconf.profile index ead78d983..f6a9276d6 100644 --- a/etc/profile-a-l/gconf.profile +++ b/etc/profile-a-l/gconf.profile @@ -6,14 +6,14 @@ include gconf.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - noblacklist ${HOME}/.config/gconf # Allow python (blacklisted by disable-interpreters.inc) include allow-python2.inc #include allow-python3.inc +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-a-l/gist.profile b/etc/profile-a-l/gist.profile index 4dff73c54..ea78374f1 100644 --- a/etc/profile-a-l/gist.profile +++ b/etc/profile-a-l/gist.profile @@ -7,13 +7,13 @@ include gist.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - noblacklist ${HOME}/.gist # Allow ruby (blacklisted by disable-interpreters.inc) include allow-ruby.inc +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-a-l/gnome-boxes.profile b/etc/profile-a-l/gnome-boxes.profile index d026fec88..da11fa303 100644 --- a/etc/profile-a-l/gnome-boxes.profile +++ b/etc/profile-a-l/gnome-boxes.profile @@ -6,8 +6,6 @@ include gnome-boxes.local # Persistent global definitions include globals.local -blacklist /usr/libexec - noblacklist ${HOME}/.cache/gnome-boxes noblacklist ${HOME}/.config/gnome-boxes noblacklist ${HOME}/.local/share/gnome-boxes @@ -16,6 +14,8 @@ noblacklist ${RUNUSER}/libvirt noblacklist /sbin noblacklist /usr/sbin +blacklist /usr/libexec + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-a-l/googler-common.profile b/etc/profile-a-l/googler-common.profile index 823228612..f33020ca1 100644 --- a/etc/profile-a-l/googler-common.profile +++ b/etc/profile-a-l/googler-common.profile @@ -7,8 +7,6 @@ include googler-common.local # added by caller profile #include globals.local -blacklist ${RUNUSER} - noblacklist ${HOME}/.w3m # Allow /bin/sh (blacklisted by disable-shell.inc) @@ -16,6 +14,8 @@ include allow-bin-sh.inc # Allow python (blacklisted by disable-interpreters.inc) include allow-python3.inc +blacklist ${RUNUSER} + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-a-l/green-recoder.profile b/etc/profile-a-l/green-recoder.profile index 77c980daa..8ad3df921 100644 --- a/etc/profile-a-l/green-recoder.profile +++ b/etc/profile-a-l/green-recoder.profile @@ -6,8 +6,6 @@ include green-recorder.local # Persistent global definitions include globals.local -blacklist /usr/libexec - noblacklist ${HOME}/.config/green-recorder # Allow python 3 (blacklisted by disable-interpreters.inc) @@ -18,6 +16,8 @@ include allow-bin-sh.inc noblacklist ${VIDEOS} +blacklist /usr/libexec + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-a-l/hashcat.profile b/etc/profile-a-l/hashcat.profile index b4e0d53f3..7ee4a94f3 100644 --- a/etc/profile-a-l/hashcat.profile +++ b/etc/profile-a-l/hashcat.profile @@ -7,14 +7,14 @@ include hashcat.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - noblacklist ${HOME}/.cache/hashcat noblacklist ${HOME}/.hashcat noblacklist ${HOME}/.local/share/hashcat noblacklist /usr/include noblacklist ${DOCUMENTS} +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-a-l/highlight.profile b/etc/profile-a-l/highlight.profile index d77f49ce0..45804a93c 100644 --- a/etc/profile-a-l/highlight.profile +++ b/etc/profile-a-l/highlight.profile @@ -6,11 +6,11 @@ include highlight.local # Persistent global definitions include globals.local -blacklist ${RUNUSER} - # Allow lua (blacklisted by disable-interpreters.inc) include allow-lua.inc +blacklist ${RUNUSER} + include disable-common.inc include disable-devel.inc include disable-interpreters.inc diff --git a/etc/profile-a-l/host.profile b/etc/profile-a-l/host.profile index 3f7901d3f..2a6892ba0 100644 --- a/etc/profile-a-l/host.profile +++ b/etc/profile-a-l/host.profile @@ -7,9 +7,10 @@ include host.local # Persistent global definitions include globals.local -blacklist ${RUNUSER} noblacklist ${PATH}/host +blacklist ${RUNUSER} + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-a-l/img2txt.profile b/etc/profile-a-l/img2txt.profile index 8091a4c9e..f369b0c8a 100644 --- a/etc/profile-a-l/img2txt.profile +++ b/etc/profile-a-l/img2txt.profile @@ -6,11 +6,11 @@ include img2txt.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - noblacklist ${DOCUMENTS} noblacklist ${PICTURES} +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-a-l/koreader.profile b/etc/profile-a-l/koreader.profile index f210ba72c..526d417b2 100644 --- a/etc/profile-a-l/koreader.profile +++ b/etc/profile-a-l/koreader.profile @@ -6,14 +6,14 @@ include koreader.local # Persistent global definitions include globals.local -blacklist /usr/libexec - noblacklist ${HOME}/.config/koreader noblacklist ${DOCUMENTS} # Allow lua (blacklisted by disable-interpreters.inc) include allow-lua.inc +blacklist /usr/libexec + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-a-l/less.profile b/etc/profile-a-l/less.profile index 0362aa2e8..ef9701833 100644 --- a/etc/profile-a-l/less.profile +++ b/etc/profile-a-l/less.profile @@ -7,10 +7,10 @@ include less.local # Persistent global definitions include globals.local -blacklist ${RUNUSER} - noblacklist ${HOME}/.lesshst +blacklist ${RUNUSER} + include disable-devel.inc include disable-exec.inc include disable-interpreters.inc diff --git a/etc/profile-a-l/localsend_app.profile b/etc/profile-a-l/localsend_app.profile index e9dbb0607..f2ed15c85 100644 --- a/etc/profile-a-l/localsend_app.profile +++ b/etc/profile-a-l/localsend_app.profile @@ -6,10 +6,10 @@ include localsend_app.local # Persistent global definitions include globals.local -blacklist /usr/libexec - noblacklist ${HOME}/.local/share/localsend_app +blacklist /usr/libexec + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/makepkg.profile b/etc/profile-m-z/makepkg.profile index 252df873e..68c45a7fb 100644 --- a/etc/profile-m-z/makepkg.profile +++ b/etc/profile-m-z/makepkg.profile @@ -7,8 +7,6 @@ include makepkg.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 # for potential issues and their solutions when Firejailing makepkg @@ -29,6 +27,8 @@ blacklist ${HOME}/.gnupg/random_seed # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. noblacklist /var/lib/pacman +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-exec.inc include disable-programs.inc diff --git a/etc/profile-m-z/man.profile b/etc/profile-m-z/man.profile index 96a2be1b1..fe6be5984 100644 --- a/etc/profile-m-z/man.profile +++ b/etc/profile-m-z/man.profile @@ -7,14 +7,14 @@ include man.local # Persistent global definitions include globals.local -blacklist ${RUNUSER} - noblacklist ${HOME}/.local/share/man noblacklist ${HOME}/.rustup # Allow perl (blacklisted by disable-interpreters.inc) include allow-perl.inc +blacklist ${RUNUSER} + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/mp3splt.profile b/etc/profile-m-z/mp3splt.profile index ef4635075..6a91844f1 100644 --- a/etc/profile-m-z/mp3splt.profile +++ b/etc/profile-m-z/mp3splt.profile @@ -6,10 +6,10 @@ include mp3splt.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - noblacklist ${MUSIC} +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/mutt.profile b/etc/profile-m-z/mutt.profile index 494b957dd..799ac7b13 100644 --- a/etc/profile-m-z/mutt.profile +++ b/etc/profile-m-z/mutt.profile @@ -38,13 +38,13 @@ noblacklist ${HOME}/postponed noblacklist ${HOME}/sent noblacklist /etc/msmtprc -blacklist ${RUNUSER}/wayland-* - # Add the next lines to your mutt.local for oauth.py,S/MIME support. #include allow-perl.inc #include allow-python2.inc #include allow-python3.inc +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/nano.profile b/etc/profile-m-z/nano.profile index 33dddff7c..01de9f864 100644 --- a/etc/profile-m-z/nano.profile +++ b/etc/profile-m-z/nano.profile @@ -7,11 +7,11 @@ include nano.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - noblacklist ${HOME}/.config/nano noblacklist ${HOME}/.nanorc +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/neomutt.profile b/etc/profile-m-z/neomutt.profile index 1371ddd1e..bb3ae68af 100644 --- a/etc/profile-m-z/neomutt.profile +++ b/etc/profile-m-z/neomutt.profile @@ -39,10 +39,10 @@ noblacklist /etc/msmtprc noblacklist /var/mail noblacklist /var/spool/mail -blacklist ${RUNUSER}/wayland-* - include allow-lua.inc +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile index 43fafc3de..fc6f30306 100644 --- a/etc/profile-m-z/nodejs-common.profile +++ b/etc/profile-m-z/nodejs-common.profile @@ -15,8 +15,6 @@ include nodejs-common.local # used by nvm: curl, sha256sum, tar and wget. We have comments in these # profiles on how to enable nvm support via local overrides. -blacklist ${RUNUSER} - ignore read-only ${HOME}/.npm-packages ignore read-only ${HOME}/.npmrc ignore read-only ${HOME}/.nvm @@ -35,6 +33,8 @@ noblacklist ${HOME}/.yarnrc ignore noexec ${HOME} include allow-bin-sh.inc +blacklist ${RUNUSER} + include disable-common.inc include disable-exec.inc include disable-programs.inc diff --git a/etc/profile-m-z/nslookup.profile b/etc/profile-m-z/nslookup.profile index 5313d2906..41c4dc050 100644 --- a/etc/profile-m-z/nslookup.profile +++ b/etc/profile-m-z/nslookup.profile @@ -7,10 +7,10 @@ include nslookup.local # Persistent global definitions include globals.local -blacklist ${RUNUSER} - noblacklist ${PATH}/nslookup +blacklist ${RUNUSER} + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/nvim.profile b/etc/profile-m-z/nvim.profile index 6f415d60a..d9b8bccbf 100644 --- a/etc/profile-m-z/nvim.profile +++ b/etc/profile-m-z/nvim.profile @@ -13,13 +13,13 @@ noblacklist ${HOME}/.config/nvim noblacklist ${HOME}/.local/share/nvim noblacklist ${HOME}/.local/state/nvim +blacklist ${RUNUSER} + include disable-common.inc include disable-devel.inc include disable-programs.inc include disable-xdg.inc -blacklist ${RUNUSER} - include whitelist-runuser-common.inc ipc-namespace diff --git a/etc/profile-m-z/odt2txt.profile b/etc/profile-m-z/odt2txt.profile index 73b72efc2..84157991e 100644 --- a/etc/profile-m-z/odt2txt.profile +++ b/etc/profile-m-z/odt2txt.profile @@ -6,10 +6,10 @@ include odt2txt.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - noblacklist ${DOCUMENTS} +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-interpreters.inc diff --git a/etc/profile-m-z/pandoc.profile b/etc/profile-m-z/pandoc.profile index 0a906718a..960696ef2 100644 --- a/etc/profile-m-z/pandoc.profile +++ b/etc/profile-m-z/pandoc.profile @@ -7,12 +7,12 @@ include pandoc.local # Persistent global definitions include globals.local -blacklist ${RUNUSER} - noblacklist ${DOCUMENTS} include allow-bin-sh.inc +blacklist ${RUNUSER} + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/patch.profile b/etc/profile-m-z/patch.profile index 23e734b43..a12f086f4 100644 --- a/etc/profile-m-z/patch.profile +++ b/etc/profile-m-z/patch.profile @@ -7,11 +7,11 @@ include patch.local # Persistent global definitions include globals.local -blacklist ${RUNUSER} - noblacklist ${DOCUMENTS} noblacklist ${PATH}/patch +blacklist ${RUNUSER} + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/pdftotext.profile b/etc/profile-m-z/pdftotext.profile index cb7e0809f..ed8b0867b 100644 --- a/etc/profile-m-z/pdftotext.profile +++ b/etc/profile-m-z/pdftotext.profile @@ -7,10 +7,10 @@ include pdftotext.local # Persistent global definitions include globals.local -blacklist ${RUNUSER} - noblacklist ${DOCUMENTS} +blacklist ${RUNUSER} + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile index ae10ce36b..c57a8cb21 100644 --- a/etc/profile-m-z/pkglog.profile +++ b/etc/profile-m-z/pkglog.profile @@ -6,11 +6,11 @@ include pkglog.local # Persistent global definitions include globals.local -blacklist ${RUNUSER} - # Allow python (blacklisted by disable-interpreters.inc) include allow-python3.inc +blacklist ${RUNUSER} + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/qpdf.profile b/etc/profile-m-z/qpdf.profile index a5b65aa8e..3a4ab1082 100644 --- a/etc/profile-m-z/qpdf.profile +++ b/etc/profile-m-z/qpdf.profile @@ -7,10 +7,10 @@ include qpdf.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - noblacklist ${DOCUMENTS} +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/rtv.profile b/etc/profile-m-z/rtv.profile index 9ef0da5f6..dfbeba1ac 100644 --- a/etc/profile-m-z/rtv.profile +++ b/etc/profile-m-z/rtv.profile @@ -11,8 +11,6 @@ include globals.local # Add the next line to your rtv.local to enable external application support. #include rtv-addons.profile -blacklist ${RUNUSER}/wayland-* - noblacklist ${HOME}/.config/rtv noblacklist ${HOME}/.local/share/rtv @@ -23,6 +21,8 @@ include allow-bin-sh.inc include allow-python2.inc include allow-python3.inc +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/session-desktop.profile b/etc/profile-m-z/session-desktop.profile index b1076b080..50a03eaf3 100644 --- a/etc/profile-m-z/session-desktop.profile +++ b/etc/profile-m-z/session-desktop.profile @@ -6,12 +6,12 @@ include session-desktop.local # Persistent global definitions include globals.local -blacklist /usr/libexec - ignore noexec /tmp noblacklist ${HOME}/.config/Session +blacklist /usr/libexec + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/shellcheck.profile b/etc/profile-m-z/shellcheck.profile index cf6b37db6..e8113ef37 100644 --- a/etc/profile-m-z/shellcheck.profile +++ b/etc/profile-m-z/shellcheck.profile @@ -7,10 +7,10 @@ include shellcheck.local # Persistent global definitions include globals.local -blacklist ${RUNUSER} - noblacklist ${DOCUMENTS} +blacklist ${RUNUSER} + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/signal-cli.profile b/etc/profile-m-z/signal-cli.profile index 67bb45141..0787ca89e 100644 --- a/etc/profile-m-z/signal-cli.profile +++ b/etc/profile-m-z/signal-cli.profile @@ -6,12 +6,12 @@ include signal-cli.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - noblacklist ${HOME}/.local/share/signal-cli include allow-java.inc +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/spectre-meltdown-checker.profile b/etc/profile-m-z/spectre-meltdown-checker.profile index 49d0b46e5..998f33e72 100644 --- a/etc/profile-m-z/spectre-meltdown-checker.profile +++ b/etc/profile-m-z/spectre-meltdown-checker.profile @@ -6,8 +6,6 @@ include spectre-meltdown-checker.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - noblacklist ${PATH}/mount noblacklist ${PATH}/umount noblacklist /proc/config.gz @@ -15,6 +13,8 @@ noblacklist /proc/config.gz # Allow perl (blacklisted by disable-interpreters.inc) include allow-perl.inc +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/ssmtp.profile b/etc/profile-m-z/ssmtp.profile index 8e2c21498..a9c631a0c 100644 --- a/etc/profile-m-z/ssmtp.profile +++ b/etc/profile-m-z/ssmtp.profile @@ -7,9 +7,6 @@ include ssmtp.local # Persistent global definitions include globals.local -blacklist ${RUNUSER} -blacklist /usr/libexec - noblacklist /etc/logcheck noblacklist /etc/ssmtp noblacklist /sbin @@ -17,6 +14,10 @@ noblacklist /usr/sbin noblacklist ${DOCUMENTS} noblacklist ${PATH}/ssmtp + +blacklist ${RUNUSER} +blacklist /usr/libexec + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/statusof.profile b/etc/profile-m-z/statusof.profile index 6422f979b..4cb7c81d4 100644 --- a/etc/profile-m-z/statusof.profile +++ b/etc/profile-m-z/statusof.profile @@ -7,12 +7,12 @@ include statusof.local # Persistent global definitions include globals.local -blacklist ${RUNUSER} -blacklist /usr/libexec - # Allow python (blacklisted by disable-interpreters.inc) include allow-python3.inc +blacklist ${RUNUSER} +blacklist /usr/libexec + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/tesseract.profile b/etc/profile-m-z/tesseract.profile index 2a7c2e902..c212dbe32 100644 --- a/etc/profile-m-z/tesseract.profile +++ b/etc/profile-m-z/tesseract.profile @@ -7,10 +7,11 @@ include tesseract.local # Persistent global definitions include globals.local -blacklist ${RUNUSER} - noblacklist ${DOCUMENTS} noblacklist ${PICTURES} + +blacklist ${RUNUSER} + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/textroom.profile b/etc/profile-m-z/textroom.profile index 912fce6c1..7f24cbb73 100644 --- a/etc/profile-m-z/textroom.profile +++ b/etc/profile-m-z/textroom.profile @@ -6,11 +6,11 @@ include textroom.local # Persistent global definitions include globals.local +noblacklist ${HOME}/.config/textroom + blacklist ${RUNUSER}/wayland-* blacklist /usr/libexec -noblacklist ${HOME}/.config/textroom - include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/tmux.profile b/etc/profile-m-z/tmux.profile index a846b7f02..29769231b 100644 --- a/etc/profile-m-z/tmux.profile +++ b/etc/profile-m-z/tmux.profile @@ -7,10 +7,10 @@ include tmux.local # Persistent global definitions include globals.local -blacklist ${RUNUSER} - noblacklist /tmp/tmux-* +blacklist ${RUNUSER} + #include disable-common.inc #include disable-devel.inc #include disable-exec.inc diff --git a/etc/profile-m-z/tvnamer.profile b/etc/profile-m-z/tvnamer.profile index c71434f2a..dd5073699 100644 --- a/etc/profile-m-z/tvnamer.profile +++ b/etc/profile-m-z/tvnamer.profile @@ -6,9 +6,6 @@ include tvnamer.local # Persistent global definitions include globals.local -blacklist ${RUNUSER} -blacklist /usr/libexec - noblacklist ${HOME}/.config/tvnamer noblacklist ${VIDEOS} @@ -16,6 +13,9 @@ noblacklist ${VIDEOS} include allow-python2.inc include allow-python3.inc +blacklist ${RUNUSER} +blacklist /usr/libexec + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/virt-manager.profile b/etc/profile-m-z/virt-manager.profile index 16b7d8a9a..3cef653d9 100644 --- a/etc/profile-m-z/virt-manager.profile +++ b/etc/profile-m-z/virt-manager.profile @@ -6,8 +6,6 @@ include virt-manager.local # Persistent global definitions include globals.local -blacklist /usr/libexec - noblacklist ${HOME}/.cache/virt-manager noblacklist ${RUNUSER}/libvirt @@ -17,6 +15,8 @@ noblacklist /usr/sbin # Allow python 3 (blacklisted by disable-interpreters.inc) include allow-python3.inc +blacklist /usr/libexec + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/profile-m-z/w3m.profile b/etc/profile-m-z/w3m.profile index 40e6a12fa..ad6e47141 100644 --- a/etc/profile-m-z/w3m.profile +++ b/etc/profile-m-z/w3m.profile @@ -15,14 +15,14 @@ include globals.local noblacklist ${HOME}/.mailcap noblacklist ${HOME}/.w3m -blacklist ${RUNUSER}/wayland-* - # Allow /bin/sh (blacklisted by disable-shell.inc) include allow-bin-sh.inc # Allow perl (blacklisted by disable-interpreters.inc) include allow-perl.inc +blacklist ${RUNUSER}/wayland-* + include disable-common.inc include disable-devel.inc include disable-exec.inc