Merge pull request #6286 from kmk3/x11-none-improvements

profiles: replace x11 socket blacklist with disable-X11.inc
2026-05-21 06:45:29 -06:00 · 2024-03-24 06:50:30 +00:00 · 2024-03-24 06:50:30 +00:00 · eaee3367d2
commit eaee3367d2
parent 945ad858ed 04efbb2763
49 changed files with 51 additions and 50 deletions
--- a/etc/profile-a-l/agetpkg.profile
+++ b/etc/profile-a-l/agetpkg.profile
@ -7,7 +7,6 @@ include agetpkg.local
 # Persistent global definitions
 include globals.local

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*

 # Allow python (blacklisted by disable-interpreters.inc)
@ -20,6 +19,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-programs.inc
 include disable-shell.inc
+include disable-X11.inc
 include disable-xdg.inc

 whitelist ${DOWNLOADS}
--- a/etc/profile-a-l/alpine.profile
+++ b/etc/profile-a-l/alpine.profile
@ -30,7 +30,6 @@ noblacklist ${HOME}/.pinercex
 noblacklist ${HOME}/.signature
 noblacklist ${HOME}/mail

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*

 include disable-common.inc
@ -39,6 +38,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-programs.inc
 include disable-shell.inc
+include disable-X11.inc
 include disable-xdg.inc

 #whitelist ${DOCUMENTS}
--- a/etc/profile-a-l/aria2c.profile
+++ b/etc/profile-a-l/aria2c.profile
@ -11,7 +11,6 @@ noblacklist ${HOME}/.cache/winetricks # XXX: See #5238
 noblacklist ${HOME}/.config/aria2
 noblacklist ${HOME}/.netrc

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*

 include disable-common.inc
@ -19,6 +18,7 @@ include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
 include disable-programs.inc
+include disable-X11.inc

 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
--- a/etc/profile-a-l/bpftop.profile
+++ b/etc/profile-a-l/bpftop.profile
@ -7,7 +7,6 @@ include bpftop.local
 # Persistent global definitions
 include globals.local

-blacklist /tmp/.X11-unix
 blacklist /usr/libexec
 blacklist ${RUNUSER}

@ -18,6 +17,7 @@ include disable-interpreters.inc
 include disable-proc.inc
 include disable-programs.inc
 include disable-shell.inc
+include disable-X11.inc
 include disable-xdg.inc

 include whitelist-common.inc
--- a/etc/profile-a-l/cloneit.profile
+++ b/etc/profile-a-l/cloneit.profile
@ -7,7 +7,6 @@ include cloneit.local
 # Persistent global definitions
 include globals.local

-blacklist /tmp/.X11-unix
 blacklist /usr/libexec
 blacklist ${RUNUSER}

@ -18,6 +17,7 @@ include disable-interpreters.inc
 include disable-proc.inc
 include disable-programs.inc
 include disable-shell.inc
+include disable-X11.inc
 include disable-xdg.inc

 include whitelist-run-common.inc
--- a/etc/profile-a-l/curl.profile
+++ b/etc/profile-a-l/curl.profile
@ -16,7 +16,6 @@ noblacklist ${HOME}/.config/curlrc # since curl 7.73.0
 noblacklist ${HOME}/.curl-hsts
 noblacklist ${HOME}/.curlrc

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}

 # If you use nvm, add the below lines to your curl.local
@ -26,6 +25,7 @@ blacklist ${RUNUSER}
 include disable-common.inc
 include disable-exec.inc
 include disable-programs.inc
+include disable-X11.inc
 # Depending on workflow you can add 'include disable-xdg.inc' to your curl.local.
 #include disable-xdg.inc

--- a/etc/profile-a-l/dbus-send.profile
+++ b/etc/profile-a-l/dbus-send.profile
@ -7,7 +7,6 @@ include dbus-send.local
 # Persistent global definitions
 include globals.local

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*

 include disable-common.inc
@ -17,6 +16,7 @@ include disable-interpreters.inc
 include disable-programs.inc
 include disable-shell.inc
 include disable-write-mnt.inc
+include disable-X11.inc
 include disable-xdg.inc

 #include whitelist-common.inc # see #903
--- a/etc/profile-a-l/deadlink.profile
+++ b/etc/profile-a-l/deadlink.profile
@ -6,7 +6,6 @@ include deadlink.local
 # Persistent global definitions
 include globals.local

-blacklist /tmp/.X11-unix
 blacklist /usr/libexec
 blacklist ${RUNUSER}

@ -23,6 +22,7 @@ include disable-interpreters.inc
 include disable-proc.inc
 include disable-programs.inc
 include disable-shell.inc
+include disable-X11.inc
 include disable-xdg.inc

 include whitelist-run-common.inc
--- a/etc/profile-a-l/dexios.profile
+++ b/etc/profile-a-l/dexios.profile
@ -7,7 +7,6 @@ include dexios.local
 # Persistent global definitions
 include globals.local

-blacklist /tmp/.X11-unix
 blacklist /usr/libexec
 blacklist ${RUNUSER}

@ -18,6 +17,7 @@ include disable-interpreters.inc
 include disable-proc.inc
 include disable-programs.inc
 include disable-shell.inc
+include disable-X11.inc
 include disable-xdg.inc

 whitelist ${DOWNLOADS}
--- a/etc/profile-a-l/dig.profile
+++ b/etc/profile-a-l/dig.profile
@ -10,7 +10,6 @@ include globals.local
 noblacklist ${HOME}/.digrc
 noblacklist ${PATH}/dig

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}

 include disable-common.inc
@ -18,6 +17,7 @@ include disable-common.inc
 include disable-exec.inc
 #include disable-interpreters.inc
 include disable-programs.inc
+include disable-X11.inc
 include disable-xdg.inc

 #mkfile ${HOME}/.digrc # see #903
--- a/etc/profile-a-l/dnscrypt-proxy.profile
+++ b/etc/profile-a-l/dnscrypt-proxy.profile
@ -7,7 +7,6 @@ include dnscrypt-proxy.local
 # Persistent global definitions
 include globals.local

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*

 noblacklist /sbin
@ -18,6 +17,7 @@ include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
 include disable-programs.inc
+include disable-X11.inc
 include disable-xdg.inc

 whitelist /usr/share/dnscrypt-proxy
--- a/etc/profile-a-l/dnsmasq.profile
+++ b/etc/profile-a-l/dnsmasq.profile
@ -11,13 +11,13 @@ noblacklist /sbin
 noblacklist /usr/sbin
 noblacklist /var/lib/libvirt

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}

 include disable-common.inc
 include disable-devel.inc
 include disable-interpreters.inc
 include disable-programs.inc
+include disable-X11.inc
 include disable-xdg.inc

 whitelist /var/lib/libvirt/dnsmasq
--- a/etc/profile-a-l/drill.profile
+++ b/etc/profile-a-l/drill.profile
@ -9,7 +9,6 @@ include globals.local

 noblacklist ${PATH}/drill

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}

 include disable-common.inc
@ -17,6 +16,7 @@ include disable-common.inc
 include disable-exec.inc
 #include disable-interpreters.inc
 include disable-programs.inc
+include disable-X11.inc
 include disable-xdg.inc

 #include whitelist-common.inc # see #903
--- a/etc/profile-a-l/editorconfiger.profile
+++ b/etc/profile-a-l/editorconfiger.profile
@ -6,7 +6,6 @@ include editorconfiger.local
 # Persistent global definitions
 include globals.local

-blacklist /tmp/.X11-unix
 blacklist /usr/libexec
 blacklist ${RUNUSER}

@ -17,6 +16,7 @@ include disable-interpreters.inc
 include disable-proc.inc
 include disable-programs.inc
 include disable-shell.inc
+include disable-X11.inc
 include disable-xdg.inc

 apparmor
--- a/etc/profile-a-l/erd.profile
+++ b/etc/profile-a-l/erd.profile
@ -7,9 +7,8 @@ include erd.local
 # Persistent global definitions
 include globals.local

-blacklist /tmp/.X11-unix
-
 include disable-exec.inc
+#include disable-X11.inc # x11 none

 apparmor
 caps.drop all
--- a/etc/profile-a-l/fdns.profile
+++ b/etc/profile-a-l/fdns.profile
@ -8,7 +8,6 @@ include globals.local
 noblacklist /sbin
 noblacklist /usr/sbin

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*

 include disable-common.inc
@ -16,6 +15,7 @@ include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
 include disable-programs.inc
+include disable-X11.inc
 include disable-xdg.inc

 #include whitelist-usr-share-common.inc
--- a/etc/profile-a-l/gget.profile
+++ b/etc/profile-a-l/gget.profile
@ -7,7 +7,6 @@ include gget.local
 # Persistent global definitions
 include globals.local

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}

 include disable-common.inc
@ -16,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-programs.inc
 include disable-shell.inc
+include disable-X11.inc
 include disable-xdg.inc

 whitelist ${DOWNLOADS}
--- a/etc/profile-a-l/gist.profile
+++ b/etc/profile-a-l/gist.profile
@ -7,7 +7,6 @@ include gist.local
 # Persistent global definitions
 include globals.local

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*

 noblacklist ${HOME}/.gist
@ -20,6 +19,7 @@ include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
 include disable-programs.inc
+include disable-X11.inc
 include disable-xdg.inc

 mkdir ${HOME}/.gist
--- a/etc/profile-a-l/git.profile
+++ b/etc/profile-a-l/git.profile
@ -28,12 +28,12 @@ ignore rmenv GITHUB_ENTERPRISE_TOKEN
 # Allow ssh (blacklisted by disable-common.inc)
 include allow-ssh.inc

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*

 include disable-common.inc
 include disable-exec.inc
 include disable-programs.inc
+include disable-X11.inc

 whitelist /usr/share/git
 whitelist /usr/share/git-core
--- a/etc/profile-a-l/gnome-keyring-daemon.profile
+++ b/etc/profile-a-l/gnome-keyring-daemon.profile
@ -7,7 +7,6 @@ include gnome-keyring-daemon.local
 # Persistent global definitions
 include globals.local

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*

 include disable-common.inc
@ -16,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-programs.inc
 #include disable-X11.inc # x11 none
+include disable-X11.inc
 include disable-xdg.inc

 whitelist ${RUNUSER}/gnupg
--- a/etc/profile-a-l/googler-common.profile
+++ b/etc/profile-a-l/googler-common.profile
@ -7,7 +7,6 @@ include googler-common.local
 # added by caller profile
 #include globals.local

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}

 noblacklist ${HOME}/.w3m
@ -23,6 +22,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-programs.inc
 include disable-shell.inc
+include disable-X11.inc
 include disable-xdg.inc

 whitelist ${HOME}/.w3m
--- a/etc/profile-a-l/gpg-agent.profile
+++ b/etc/profile-a-l/gpg-agent.profile
@ -9,13 +9,13 @@ include globals.local

 noblacklist ${HOME}/.gnupg

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*

 include disable-common.inc
 include disable-devel.inc
 include disable-interpreters.inc
 include disable-programs.inc
+include disable-X11.inc
 include disable-xdg.inc

 mkdir ${HOME}/.gnupg
--- a/etc/profile-a-l/gpg.profile
+++ b/etc/profile-a-l/gpg.profile
@ -9,13 +9,13 @@ include globals.local

 noblacklist ${HOME}/.gnupg

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*

 include disable-common.inc
 include disable-devel.inc
 include disable-interpreters.inc
 include disable-programs.inc
+include disable-X11.inc

 whitelist ${RUNUSER}/gnupg
 whitelist ${RUNUSER}/keyring
--- a/etc/profile-a-l/links-common.profile
+++ b/etc/profile-a-l/links-common.profile
@ -4,7 +4,6 @@ include links-common.local

 # common profile for links browsers

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*

 include disable-common.inc
@ -14,6 +13,7 @@ include disable-interpreters.inc
 # Additional noblacklist files/directories (blacklisted in disable-programs.inc)
 # used as associated programs can be added in your links-common.local.
 include disable-programs.inc
+include disable-X11.inc
 include disable-xdg.inc

 whitelist ${DOWNLOADS}
--- a/etc/profile-a-l/lynx.profile
+++ b/etc/profile-a-l/lynx.profile
@ -7,13 +7,13 @@ include lynx.local
 # Persistent global definitions
 include globals.local

-blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*

 include disable-common.inc
 include disable-devel.inc
 include disable-interpreters.inc
 include disable-programs.inc
+include disable-X11.inc
 include disable-xdg.inc

 include whitelist-runuser-common.inc