Blacklist i3 IPC socket except for i3 itself

netblue30 · May 27, 2024 · 0af8540 · 0af8540
1 parent e25596b
commit 0af8540
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
@@ -167,6 +167,10 @@ blacklist ${RUNUSER}/gnome-session-leader-fifo
 blacklist ${RUNUSER}/gnome-shell
 blacklist ${RUNUSER}/gsconnect
 
+# i3 IPC socket (allows arbitrary shell script execution) & more
+blacklist ${RUNUSER}/i3
+blacklist /tmp/i3-*
+
 # systemd
 blacklist ${HOME}/.config/systemd
 blacklist ${HOME}/.local/share/systemd

diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile
@@ -8,6 +8,8 @@ include globals.local
 
 # all applications started in i3 will run in this profile
 noblacklist ${HOME}/.config/i3
+noblacklist ${RUNUSER}/i3
+noblacklist /tmp/i3-*
 include disable-common.inc
 
 caps.drop all