diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 55aabbc73f7..14f7d8cf7f3 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc @@ -167,6 +167,10 @@ blacklist ${RUNUSER}/gnome-session-leader-fifo blacklist ${RUNUSER}/gnome-shell blacklist ${RUNUSER}/gsconnect +# i3 IPC socket (allows arbitrary shell script execution) +blacklist ${RUNUSER}/i3/ipc-socket.* +blacklist /tmp/i3-*/ipc-socket.* + # systemd blacklist ${HOME}/.config/systemd blacklist ${HOME}/.local/share/systemd diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 73876fde32e..d2f8b8cfa5c 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -1251,11 +1251,13 @@ blacklist ${HOME}/yt-dlp.conf blacklist ${HOME}/yt-dlp.conf.txt blacklist ${RUNUSER}/*firefox* blacklist ${RUNUSER}/akonadi +blacklist ${RUNUSER}/i3 blacklist ${RUNUSER}/psd/*firefox* blacklist ${RUNUSER}/qutebrowser blacklist /etc/ssmtp blacklist /tmp/.wine-* blacklist /tmp/akonadi-* +blacklist /tmp/i3-* blacklist /tmp/lwjgl_* blacklist /var/games/nethack blacklist /var/games/slashem diff --git a/etc/profile-a-l/i3.profile b/etc/profile-a-l/i3.profile index 2268072efee..412e3176219 100644 --- a/etc/profile-a-l/i3.profile +++ b/etc/profile-a-l/i3.profile @@ -8,6 +8,10 @@ include globals.local # all applications started in i3 will run in this profile noblacklist ${HOME}/.config/i3 +noblacklist ${RUNUSER}/i3 +noblacklist ${RUNUSER}/i3/ipc-socket.* +noblacklist /tmp/i3-* +noblacklist /tmp/i3-*/ipc-socket.* include disable-common.inc caps.drop all