diff --git a/etc/JDownloader.profile b/etc/JDownloader.profile index d1bd5c9b2d1..c00730ef469 100644 --- a/etc/JDownloader.profile +++ b/etc/JDownloader.profile @@ -8,11 +8,8 @@ include globals.local noblacklist ${HOME}/.jd -# Allow access to java -noblacklist ${PATH}/java -noblacklist /usr/lib/java -noblacklist /etc/java -noblacklist /usr/share/java +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc include disable-common.inc include disable-devel.inc diff --git a/etc/allow-java.inc b/etc/allow-java.inc new file mode 100644 index 00000000000..c6ab3b2eb0d --- /dev/null +++ b/etc/allow-java.inc @@ -0,0 +1,4 @@ +noblacklist ${PATH}/java +noblacklist /usr/lib/java +noblacklist /etc/java +noblacklist /usr/share/java diff --git a/etc/allow-lua.inc b/etc/allow-lua.inc new file mode 100644 index 00000000000..51d76f9b112 --- /dev/null +++ b/etc/allow-lua.inc @@ -0,0 +1,4 @@ +noblacklist ${PATH}/lua* +noblacklist /usr/include/lua* +noblacklist /usr/lib/lua +noblacklist /usr/share/lua diff --git a/etc/allow-perl.inc b/etc/allow-perl.inc new file mode 100644 index 00000000000..d37328936d7 --- /dev/null +++ b/etc/allow-perl.inc @@ -0,0 +1,7 @@ +noblacklist ${PATH}/cpan* +noblacklist ${PATH}/core_perl +noblacklist ${PATH}/perl +noblacklist ${PATH}/site_perl +noblacklist ${PATH}/vendor_perl +noblacklist /usr/lib/perl* +noblacklist /usr/share/perl* diff --git a/etc/allow-python2.inc b/etc/allow-python2.inc new file mode 100644 index 00000000000..8ea61648bb7 --- /dev/null +++ b/etc/allow-python2.inc @@ -0,0 +1,5 @@ +noblacklist ${PATH}/python2* +noblacklist /usr/include/python2* +noblacklist /usr/lib/python2* +noblacklist /usr/local/lib/python2* +noblacklist /usr/share/python2* diff --git a/etc/allow-python3.inc b/etc/allow-python3.inc new file mode 100644 index 00000000000..91c7ffca45e --- /dev/null +++ b/etc/allow-python3.inc @@ -0,0 +1,5 @@ +noblacklist ${PATH}/python3* +noblacklist /usr/include/python3* +noblacklist /usr/lib/python3* +noblacklist /usr/local/lib/python3* +noblacklist /usr/share/python3* diff --git a/etc/anki.profile b/etc/anki.profile index 6ab95dd52bb..f7fa8c78091 100644 --- a/etc/anki.profile +++ b/etc/anki.profile @@ -10,12 +10,8 @@ noblacklist ${DOCUMENTS} noblacklist ${HOME}/.local/share/Anki2 # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/arduino.profile b/etc/arduino.profile index 2ea8445feaa..26bd3d0a701 100644 --- a/etc/arduino.profile +++ b/etc/arduino.profile @@ -11,11 +11,8 @@ noblacklist ${HOME}/.java noblacklist ${HOME}/Arduino noblacklist ${DOCUMENTS} -# Allow access to java -noblacklist ${PATH}/java -noblacklist /usr/lib/java -noblacklist /etc/java -noblacklist /usr/share/java +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc include disable-common.inc include disable-devel.inc diff --git a/etc/arm.profile b/etc/arm.profile index ae93e96659c..dd3fa190a91 100644 --- a/etc/arm.profile +++ b/etc/arm.profile @@ -9,12 +9,8 @@ include globals.local noblacklist ${HOME}/.arm # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/atool.profile b/etc/atool.profile index b17498e9dc8..4ea3c02dccd 100644 --- a/etc/atool.profile +++ b/etc/atool.profile @@ -10,11 +10,7 @@ include globals.local blacklist /tmp/.X11-unix # Allow perl (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/cpan* -noblacklist ${PATH}/core_perl -noblacklist ${PATH}/perl -noblacklist /usr/lib/perl* -noblacklist /usr/share/perl* +include allow-perl.inc include disable-common.inc # include disable-devel.inc diff --git a/etc/authenticator.profile b/etc/authenticator.profile index e08dc12eb9d..39546112e17 100644 --- a/etc/authenticator.profile +++ b/etc/authenticator.profile @@ -10,12 +10,8 @@ noblacklist ${HOME}/.cache/Authenticator noblacklist ${HOME}/.config/Authenticator # Allow python (blacklisted by disable-interpreters.inc) -#noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -#noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -#noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +#include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/autokey-common.profile b/etc/autokey-common.profile index 44c0a3c1583..47396fe4386 100644 --- a/etc/autokey-common.profile +++ b/etc/autokey-common.profile @@ -10,14 +10,8 @@ noblacklist ${HOME}/.config/autokey noblacklist ${HOME}/.local/share/autokey # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* -noblacklist /usr/share/python2* -noblacklist /usr/share/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index cbc8c25d62e..47c0cfa4823 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile @@ -7,12 +7,8 @@ include bleachbit.local include globals.local # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/blender.profile b/etc/blender.profile index bfe9064080a..6a72fb602a6 100644 --- a/etc/blender.profile +++ b/etc/blender.profile @@ -9,12 +9,8 @@ include globals.local noblacklist ${HOME}/.config/blender # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/caja.profile b/etc/caja.profile index f38110dc9ec..2a95649af88 100644 --- a/etc/caja.profile +++ b/etc/caja.profile @@ -14,12 +14,8 @@ noblacklist ${HOME}/.local/share/Trash # noblacklist ${HOME}/.local/share/caja-python # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/cantata.profile b/etc/cantata.profile index e4a4de9c1b3..19abbfea295 100644 --- a/etc/cantata.profile +++ b/etc/cantata.profile @@ -11,9 +11,8 @@ noblacklist ${HOME}/.config/cantata noblacklist ${HOME}/.local/share/cantata noblacklist ${MUSIC} -noblacklist ${PATH}/perl -noblacklist /usr/lib/perl* -noblacklist /usr/share/perl* +# Allow perl (blacklisted by disable-interpreters.inc) +include allow-perl.inc include disable-common.inc include disable-devel.inc diff --git a/etc/catfish.profile b/etc/catfish.profile index 341348ff957..f615b532380 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile @@ -12,12 +12,8 @@ include globals.local noblacklist ${HOME}/.config/catfish # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc # include disable-devel.inc diff --git a/etc/celluloid.profile b/etc/celluloid.profile index 5604a16b984..190a49588d9 100644 --- a/etc/celluloid.profile +++ b/etc/celluloid.profile @@ -12,12 +12,8 @@ noblacklist ${MUSIC} noblacklist ${VIDEOS} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile index 5afbf2d56bf..1bb9b186095 100644 --- a/etc/checkbashisms.profile +++ b/etc/checkbashisms.profile @@ -10,11 +10,7 @@ include globals.local noblacklist ${DOCUMENTS} # Allow perl (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/cpan* -noblacklist ${PATH}/core_perl -noblacklist ${PATH}/perl -noblacklist /usr/lib/perl* -noblacklist /usr/share/perl* +include allow-perl.inc include disable-common.inc include disable-devel.inc diff --git a/etc/cherrytree.profile b/etc/cherrytree.profile index 44ef12aa2fa..70dea5bd929 100644 --- a/etc/cherrytree.profile +++ b/etc/cherrytree.profile @@ -10,12 +10,8 @@ noblacklist ${HOME}/.config/cherrytree noblacklist ${DOCUMENTS} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/clawsker.profile b/etc/clawsker.profile index c519ecedb13..95f15398a29 100644 --- a/etc/clawsker.profile +++ b/etc/clawsker.profile @@ -9,11 +9,7 @@ include globals.local noblacklist ${HOME}/.claws-mail # Allow perl (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/cpan* -noblacklist ${PATH}/core_perl -noblacklist ${PATH}/perl -noblacklist /usr/lib/perl* -noblacklist /usr/share/perl* +include allow-perl.inc include disable-common.inc include disable-devel.inc diff --git a/etc/d-feet.profile b/etc/d-feet.profile index 9475bdd2ad5..30749ab4080 100644 --- a/etc/d-feet.profile +++ b/etc/d-feet.profile @@ -9,12 +9,8 @@ include globals.local noblacklist ${HOME}/.config/d-feet # Allow python (disabled by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/deluge.profile b/etc/deluge.profile index e86c8427213..e86255d22d5 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile @@ -9,12 +9,8 @@ include globals.local noblacklist ${HOME}/.config/deluge # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc # include disable-devel.inc diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile index 2f599366bce..9d67ee76ef4 100644 --- a/etc/devilspie2.profile +++ b/etc/devilspie2.profile @@ -8,6 +8,9 @@ include globals.local noblacklist ${HOME}/.config/devilspie2 +# Allow lua (blacklisted by disable-interpreters.inc) +include allow-lua.inc + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index 06a6be3aa04..a6fed6c7827 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile @@ -6,11 +6,8 @@ include dex2jar.local # Persistent global definitions include globals.local -# Allow access to java -noblacklist ${PATH}/java -noblacklist /usr/lib/java -noblacklist /etc/java -noblacklist /usr/share/java +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc include disable-common.inc include disable-devel.inc diff --git a/etc/disable-interpreters.inc b/etc/disable-interpreters.inc index 22f58bb857f..4c4eed25d84 100644 --- a/etc/disable-interpreters.inc +++ b/etc/disable-interpreters.inc @@ -19,6 +19,8 @@ blacklist ${HOME}/.nvm blacklist ${PATH}/cpan* blacklist ${PATH}/core_perl blacklist ${PATH}/perl +blacklist ${PATH}/site_perl +blacklist ${PATH}/vendor_perl blacklist /usr/lib/perl* blacklist /usr/share/perl* diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 5481f976f90..0153283f10f 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -430,6 +430,7 @@ blacklist ${HOME}/.kodi blacklist ${HOME}/.lincity-ng blacklist ${HOME}/.linphone-history.db blacklist ${HOME}/.linphonerc +blacklist ${HOME}/.links blacklist ${HOME}/.lmmsrc.xml blacklist ${HOME}/.local/lib/vivaldi blacklist ${HOME}/.local/share/0ad diff --git a/etc/display.profile b/etc/display.profile index 0bab32db146..0b9d685e86d 100644 --- a/etc/display.profile +++ b/etc/display.profile @@ -8,12 +8,8 @@ include globals.local noblacklist ${PICTURES} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/electrum.profile b/etc/electrum.profile index ffa0fb5f619..ab554b21f72 100644 --- a/etc/electrum.profile +++ b/etc/electrum.profile @@ -9,12 +9,8 @@ include globals.local noblacklist ${HOME}/.electrum # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/exfalso.profile b/etc/exfalso.profile index 6146a895212..97862945212 100644 --- a/etc/exfalso.profile +++ b/etc/exfalso.profile @@ -10,12 +10,8 @@ noblacklist ${HOME}/.quodlibet noblacklist ${MUSIC} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/exiftool.profile b/etc/exiftool.profile index f694ea21234..b33d732337e 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile @@ -8,10 +8,8 @@ include globals.local blacklist /tmp/.X11-unix -# Allow access to perl -noblacklist ${PATH}/perl -noblacklist /usr/lib/perl* -noblacklist /usr/share/perl* +# Allow perl (blacklisted by disable-interpreters.inc) +include allow-perl.inc include disable-common.inc include disable-devel.inc diff --git a/etc/filezilla.profile b/etc/filezilla.profile index d1bebafb5f2..af535880dfc 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile @@ -10,12 +10,8 @@ noblacklist ${HOME}/.config/filezilla noblacklist ${HOME}/.filezilla # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/firefox-common-addons.inc b/etc/firefox-common-addons.inc index 7a0c3e99f94..7d9e512b2cd 100644 --- a/etc/firefox-common-addons.inc +++ b/etc/firefox-common-addons.inc @@ -56,8 +56,7 @@ whitelist ${HOME}/dwhelper noblacklist ${HOME}/.local/share/gnome-shell whitelist ${HOME}/.local/share/gnome-shell ignore nodbus -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python3* +include allow-python3.inc # Flash plugin # private-etc must first be enabled in firefox-common.profile and in profiles including it. diff --git a/etc/flowblade.profile b/etc/flowblade.profile index 1e84d4ca6d6..40472ab931a 100644 --- a/etc/flowblade.profile +++ b/etc/flowblade.profile @@ -10,12 +10,8 @@ noblacklist ${HOME}/.config/flowblade noblacklist ${HOME}/.flowblade # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/font-manager.profile b/etc/font-manager.profile index 98952e1cce0..a1280124ae7 100644 --- a/etc/font-manager.profile +++ b/etc/font-manager.profile @@ -10,12 +10,8 @@ noblacklist ${HOME}/.cache/font-manager noblacklist ${HOME}/.config/font-manager # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/fontforge.profile b/etc/fontforge.profile index f98ad998312..6d305e2af6d 100644 --- a/etc/fontforge.profile +++ b/etc/fontforge.profile @@ -10,12 +10,8 @@ noblacklist ${HOME}/.FontForge noblacklist ${DOCUMENTS} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/freecol.profile b/etc/freecol.profile index 7987cc076ff..2d2853c9cbb 100644 --- a/etc/freecol.profile +++ b/etc/freecol.profile @@ -12,11 +12,8 @@ noblacklist ${HOME}/.cache/freecol noblacklist ${HOME}/.config/freecol noblacklist ${HOME}/.local/share/freecol -# Allow access to java -noblacklist ${PATH}/java -noblacklist /usr/lib/java -noblacklist /etc/java -noblacklist /usr/share/java +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc include disable-common.inc include disable-devel.inc diff --git a/etc/freemind.profile b/etc/freemind.profile index 507bd564d70..7ab4ae1291e 100644 --- a/etc/freemind.profile +++ b/etc/freemind.profile @@ -7,12 +7,11 @@ include freemind.local include globals.local noblacklist ${DOCUMENTS} -noblacklist ${PATH}/java -noblacklist /etc/java -noblacklist /usr/lib/java -noblacklist /usr/share/java noblacklist ${HOME}/.freemind +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 6de61840ce5..9596bc610df 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile @@ -9,11 +9,7 @@ include globals.local noblacklist ${HOME}/.frozen-bubble # Allow perl (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/cpan* -noblacklist ${PATH}/core_perl -noblacklist ${PATH}/perl -noblacklist /usr/lib/perl* -noblacklist /usr/share/perl* +include allow-perl.inc include disable-common.inc include disable-devel.inc diff --git a/etc/gajim.profile b/etc/gajim.profile index 238b4fca9cd..75d2f0774d9 100644 --- a/etc/gajim.profile +++ b/etc/gajim.profile @@ -11,12 +11,8 @@ noblacklist ${HOME}/.config/gajim noblacklist ${HOME}/.local/share/gajim # Allow python (blacklisted by disable-interpreters.inc) -#noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -#noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -#noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +#include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/gconf.profile b/etc/gconf.profile index 5cc6b87a03c..a795afa1735 100644 --- a/etc/gconf.profile +++ b/etc/gconf.profile @@ -9,12 +9,8 @@ include globals.local noblacklist ${HOME}/.config/gconf # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -#noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -#noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -#noblacklist /usr/local/lib/python3* +include allow-python2.inc +#include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index 6bebeb526db..f843452c9bb 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile @@ -10,12 +10,8 @@ noblacklist ${HOME}/.local/share/gnome-music noblacklist ${MUSIC} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/gnome-schedule.profile b/etc/gnome-schedule.profile index 931efbbaba4..08256f3a50a 100644 --- a/etc/gnome-schedule.profile +++ b/etc/gnome-schedule.profile @@ -36,12 +36,8 @@ noblacklist ${PATH}/xfce4-terminal noblacklist ${PATH}/xfce4-terminal.wrapper # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/gramps.profile b/etc/gramps.profile index 764c14b60aa..54b1549649d 100644 --- a/etc/gramps.profile +++ b/etc/gramps.profile @@ -9,12 +9,8 @@ include globals.local noblacklist ${HOME}/.gramps # Allow python (blacklisted by disable-interpreters.inc) -#noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -#noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -#noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +#include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/hexchat.profile b/etc/hexchat.profile index ee70e665566..d032c93e6d6 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile @@ -10,12 +10,8 @@ noblacklist ${HOME}/.config/hexchat noblacklist /usr/share/perl* # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/imagej.profile b/etc/imagej.profile index 9d0ab43a0dc..be656bafa51 100644 --- a/etc/imagej.profile +++ b/etc/imagej.profile @@ -8,11 +8,8 @@ include globals.local noblacklist ${HOME}/.imagej -# Allow access to java -noblacklist ${PATH}/java -noblacklist /usr/lib/java -noblacklist /etc/java -noblacklist /usr/share/java +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc include disable-common.inc include disable-devel.inc diff --git a/etc/inkscape.profile b/etc/inkscape.profile index ecc5e5d35cb..bc0377e53d9 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile @@ -13,12 +13,8 @@ noblacklist ${DOCUMENTS} noblacklist ${PICTURES} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index dce44e5d43e..8442c6ed713 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile @@ -8,11 +8,8 @@ include globals.local noblacklist ${HOME}/.config/jd-gui.cfg noblacklist ${HOME}/.java -# Allow access to java -noblacklist ${PATH}/java -noblacklist /usr/lib/java -noblacklist /etc/java -noblacklist /usr/share/java +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc include disable-common.inc include disable-devel.inc diff --git a/etc/jitsi.profile b/etc/jitsi.profile index 5a575bb7121..223c360b8cc 100644 --- a/etc/jitsi.profile +++ b/etc/jitsi.profile @@ -7,11 +7,8 @@ include globals.local noblacklist ${HOME}/.jitsi -# Allow access to java -noblacklist ${PATH}/java -noblacklist /usr/lib/java -noblacklist /etc/java -noblacklist /usr/share/java +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc include disable-common.inc include disable-devel.inc diff --git a/etc/kodi.profile b/etc/kodi.profile index dad085967bb..86afe46b536 100644 --- a/etc/kodi.profile +++ b/etc/kodi.profile @@ -15,12 +15,8 @@ noblacklist ${PICTURES} noblacklist ${VIDEOS} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/krita.profile b/etc/krita.profile index 8f275f8df95..49c36274ae2 100644 --- a/etc/krita.profile +++ b/etc/krita.profile @@ -15,12 +15,8 @@ noblacklist ${DOCUMENTS} noblacklist ${PICTURES} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 5bb943323d9..05dfd4ca615 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile @@ -10,12 +10,10 @@ noblacklist ${HOME}/.java noblacklist /usr/local/sbin noblacklist ${HOME}/.config/libreoffice -# libreoffice uses java; if you don't care about java functionality, -# comment the next four lines -noblacklist ${PATH}/java -noblacklist /usr/lib/java -noblacklist /etc/java -noblacklist /usr/share/java +# libreoffice uses java for some certain operations +# comment if you don't care about java functionality +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc include disable-common.inc include disable-devel.inc diff --git a/etc/liferea.profile b/etc/liferea.profile index e778d7b55bb..70d31719946 100644 --- a/etc/liferea.profile +++ b/etc/liferea.profile @@ -11,12 +11,8 @@ noblacklist ${HOME}/.config/liferea noblacklist ${HOME}/.local/share/liferea # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/links.profile b/etc/links.profile new file mode 100644 index 00000000000..99b445fe022 --- /dev/null +++ b/etc/links.profile @@ -0,0 +1,64 @@ +# Firejail profile for links +# Description: Text WWW browser +# This file is overwritten after every install/update +# Persistent local customizations +include links.local +# Persistent global definitions +include globals.local + +blacklist /tmp/.X11-unix + +noblacklist ${HOME}/.links + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +# you may want to noblacklist files/directories blacklisted in +# disable-programs.inc and used as associated programs +include disable-programs.inc +include disable-xdg.inc + +mkdir ${HOME}/.links +whitelist ${HOME}/.links +whitelist ${DOWNLOADS} +include whitelist-var-common.inc + +caps.drop all +ipc-namespace +# comment machine-id (or put 'ignore machine-id' in your links.local) if you want +# to allow access only to user-configured associated media player +machine-id +netfilter +# comment no3d (or put 'ignore no3d' in your links.local) if you want +# to allow access only to user-configured associated media player +no3d +nodvd +nogroups +nonewprivs +noroot +# comment nosound (or put 'ignore nosound' in your links.local) if you want +# to allow access only to user-configured associated media player +nosound +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +disable-mnt +# if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2' to your links.local +# or append 'PROGRAM1,PROGRAM2' to this private-bin line +private-bin links,sh +private-cache +private-dev +private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl +# Uncomment the following line (or put it in your links.local) allow external +# media players +# private-etc alsa,asound.conf,machine-id,openal,pulse +private-tmp + +memory-deny-write-execute diff --git a/etc/lollypop.profile b/etc/lollypop.profile index 76b8ed75c2f..6667815b9c1 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile @@ -10,12 +10,8 @@ noblacklist ${HOME}/.local/share/lollypop noblacklist ${MUSIC} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/macrofusion.profile b/etc/macrofusion.profile index 7d42f2bfe95..f7a059f50ba 100644 --- a/etc/macrofusion.profile +++ b/etc/macrofusion.profile @@ -9,12 +9,8 @@ noblacklist ${HOME}/.config/mfusion noblacklist ${PICTURES} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile index 497014dab93..4ebb5429a22 100644 --- a/etc/mediathekview.profile +++ b/etc/mediathekview.profile @@ -18,11 +18,8 @@ noblacklist ${HOME}/.mediathek3 noblacklist ${HOME}/.mplayer noblacklist ${VIDEOS} -# Allow access to java -noblacklist ${PATH}/java -noblacklist /usr/lib/java -noblacklist /etc/java -noblacklist /usr/share/java +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc include disable-common.inc include disable-devel.inc diff --git a/etc/meld.profile b/etc/meld.profile index 14e0f238dac..8aa30feffea 100644 --- a/etc/meld.profile +++ b/etc/meld.profile @@ -6,22 +6,17 @@ include meld.local # Persistent global definitions include globals.local -noblacklist ${HOME}/.local/share/meld - -# Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* - noblacklist ${HOME}/.config/git noblacklist ${HOME}/.gitconfig noblacklist ${HOME}/.git-credentials +noblacklist ${HOME}/.local/share/meld noblacklist ${HOME}/.ssh noblacklist ${HOME}/.subversion +# Allow python (blacklisted by disable-interpreters.inc) +include allow-python2.inc +include allow-python3.inc + # Uncomment the next line (or put it into your meld.local) if you don't need to compare files in disable-common.inc. #include disable-common.inc include disable-devel.inc diff --git a/etc/mendeleydesktop.profile b/etc/mendeleydesktop.profile index d5437137132..ed6cc3ae0b4 100644 --- a/etc/mendeleydesktop.profile +++ b/etc/mendeleydesktop.profile @@ -15,12 +15,8 @@ noblacklist ${HOME}/.pki noblacklist ${HOME}/.local/share/pki # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/meteo-qt.profile b/etc/meteo-qt.profile index a769a97ec46..7c9b5f7f185 100644 --- a/etc/meteo-qt.profile +++ b/etc/meteo-qt.profile @@ -10,9 +10,7 @@ noblacklist ${HOME}/.config/autostart noblacklist ${HOME}/.config/meteo-qt # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python3* +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/mpDris2.profile b/etc/mpDris2.profile index 81bf88b8b8b..db2bb6a9355 100644 --- a/etc/mpDris2.profile +++ b/etc/mpDris2.profile @@ -9,12 +9,8 @@ include globals.local noblacklist ${HOME}/.config/mpDris2 # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/mpsyt.profile b/etc/mpsyt.profile index 0808c5a1a6b..88d464b5f37 100644 --- a/etc/mpsyt.profile +++ b/etc/mpsyt.profile @@ -7,12 +7,8 @@ include mpsyt.local include globals.local # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc noblacklist ${HOME}/.config/mpv noblacklist ${HOME}/.mplayer diff --git a/etc/mpv.profile b/etc/mpv.profile index 34542b11bd8..aa2335516f6 100644 --- a/etc/mpv.profile +++ b/etc/mpv.profile @@ -13,12 +13,8 @@ noblacklist ${MUSIC} noblacklist ${VIDEOS} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/ms-office.profile b/etc/ms-office.profile index f8e75379e6f..25b097d72aa 100644 --- a/etc/ms-office.profile +++ b/etc/ms-office.profile @@ -9,12 +9,8 @@ noblacklist ${HOME}/.cache/ms-office-online noblacklist ${HOME}/.jak # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/multimc5.profile b/etc/multimc5.profile index b6407c4f92f..88dd4c53671 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile @@ -10,11 +10,8 @@ noblacklist ${HOME}/.local/share/multimc noblacklist ${HOME}/.local/share/multimc5 noblacklist ${HOME}/.multimc5 -# Allow access to java -noblacklist ${PATH}/java -noblacklist /usr/lib/java -noblacklist /etc/java -noblacklist /usr/share/java +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc include disable-common.inc include disable-devel.inc diff --git a/etc/mypaint.profile b/etc/mypaint.profile index 615bb60d152..19643e749e1 100644 --- a/etc/mypaint.profile +++ b/etc/mypaint.profile @@ -9,10 +9,12 @@ include globals.local noblacklist ${HOME}/.cache/mypaint noblacklist ${HOME}/.config/mypaint noblacklist ${HOME}/.local/share/mypaint -noblacklist ${PATH}/python2* -noblacklist /usr/lib/python2* noblacklist ${PICTURES} +# Allow python (blacklisted by disable-interpreters.inc) +include allow-python2.inc +include allow-python3.inc + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/natron.profile b/etc/natron.profile index 3f997a7a06d..329f79f9bb8 100644 --- a/etc/natron.profile +++ b/etc/natron.profile @@ -5,19 +5,15 @@ include natron.local # Persistent global definitions include globals.local -# Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* - noblacklist ${HOME}/.Natron noblacklist ${HOME}/.cache/INRIA/Natron noblacklist ${HOME}/.config/INRIA noblacklist /opt/natron +# Allow python (blacklisted by disable-interpreters.inc) +include allow-python2.inc +include allow-python3.inc + include disable-common.inc include disable-devel.inc include disable-exec.inc diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 1d68ef8e38c..b81313b6a51 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile @@ -15,12 +15,8 @@ noblacklist ${HOME}/.local/share/nautilus noblacklist ${HOME}/.local/share/nautilus-python # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/nemo.profile b/etc/nemo.profile index a23ba1700f4..26cfedb663e 100644 --- a/etc/nemo.profile +++ b/etc/nemo.profile @@ -12,12 +12,8 @@ noblacklist ${HOME}/.local/share/nemo noblacklist ${HOME}/.local/share/nemo-python # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/nitroshare.profile b/etc/nitroshare.profile index 7aba694901a..19b6615efe6 100644 --- a/etc/nitroshare.profile +++ b/etc/nitroshare.profile @@ -10,12 +10,8 @@ noblacklist ${HOME}/.config/Nathan Osman noblacklist ${HOME}/.config/NitroShare # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/nyx.profile b/etc/nyx.profile index ed39283b28d..f50014a4d41 100644 --- a/etc/nyx.profile +++ b/etc/nyx.profile @@ -6,10 +6,9 @@ include nyx.local # Persistent global definitions include globals.local -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* +# Allow python (blacklisted by disable-interpreters.inc) +include allow-python2.inc +include allow-python3.inc noblacklist ${HOME}/.nyx mkdir ${HOME}/.nyx diff --git a/etc/obs.profile b/etc/obs.profile index 1f02efc7f91..038242caeaa 100644 --- a/etc/obs.profile +++ b/etc/obs.profile @@ -11,12 +11,8 @@ noblacklist ${PICTURES} noblacklist ${VIDEOS} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/onionshare-gui.profile b/etc/onionshare-gui.profile index 3ee78c59d67..5bfcd052789 100644 --- a/etc/onionshare-gui.profile +++ b/etc/onionshare-gui.profile @@ -8,9 +8,7 @@ include globals.local noblacklist ${HOME}/.config/onionshare # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python3* +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/openshot.profile b/etc/openshot.profile index cfda1d0cec1..0222243edf7 100644 --- a/etc/openshot.profile +++ b/etc/openshot.profile @@ -10,12 +10,8 @@ noblacklist ${HOME}/.openshot noblacklist ${HOME}/.openshot_qt # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index 98dcce0b7d0..bd3592f4871 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile @@ -9,11 +9,8 @@ include globals.local noblacklist ${HOME}/.java noblacklist ${DOCUMENTS} -# Allow access to java -noblacklist ${PATH}/java -noblacklist /usr/lib/java -noblacklist /etc/java -noblacklist /usr/share/java +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc include disable-common.inc include disable-devel.inc diff --git a/etc/picard.profile b/etc/picard.profile index b756ed629be..15fc7a4547d 100644 --- a/etc/picard.profile +++ b/etc/picard.profile @@ -11,12 +11,8 @@ noblacklist ${HOME}/.config/MusicBrainz noblacklist ${MUSIC} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/pithos.profile b/etc/pithos.profile index d6a0a7822c0..62050eb5562 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile @@ -7,12 +7,8 @@ include pithos.local include globals.local # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/pitivi.profile b/etc/pitivi.profile index 83f5ccbb9ea..89a6a020b05 100644 --- a/etc/pitivi.profile +++ b/etc/pitivi.profile @@ -10,12 +10,8 @@ include globals.local noblacklist ${HOME}/.config/pitivi # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/playonlinux.profile b/etc/playonlinux.profile index 2f287223bea..03091af6d23 100644 --- a/etc/playonlinux.profile +++ b/etc/playonlinux.profile @@ -16,19 +16,11 @@ noblacklist ${HOME}/.PlayOnLinux noblacklist ${PATH}/nc # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc # Allow perl (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/cpan* -noblacklist ${PATH}/core_perl -noblacklist ${PATH}/perl -noblacklist /usr/lib/perl* -noblacklist /usr/share/perl* +include allow-perl.inc include disable-common.inc include disable-devel.inc diff --git a/etc/pybitmessage.profile b/etc/pybitmessage.profile index 28ab8caa6d5..3bce425d989 100644 --- a/etc/pybitmessage.profile +++ b/etc/pybitmessage.profile @@ -10,12 +10,8 @@ noblacklist /usr/local/sbin noblacklist /usr/sbin # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile index 1a6f171c862..0531aee4af3 100644 --- a/etc/pycharm-community.profile +++ b/etc/pycharm-community.profile @@ -10,11 +10,8 @@ noblacklist ${HOME}/.python-history noblacklist ${HOME}/.pythonrc.py noblacklist ${HOME}/.java -# Allow access to java -noblacklist ${PATH}/java -noblacklist /usr/lib/java -noblacklist /etc/java -noblacklist /usr/share/java +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc include disable-common.inc include disable-devel.inc diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 63810c1d0a7..82e237d54a8 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile @@ -12,12 +12,8 @@ noblacklist ${HOME}/.config/qBittorrentrc noblacklist ${HOME}/.local/share/data/qBittorrent # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/qgis.profile b/etc/qgis.profile index 45fe59cf729..c3d6011eb3a 100644 --- a/etc/qgis.profile +++ b/etc/qgis.profile @@ -13,9 +13,7 @@ noblacklist ${HOME}/.qgis2 noblacklist ${DOCUMENTS} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python3* +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index 9e3853a0971..e556ecf1f54 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile @@ -9,18 +9,13 @@ include globals.local noblacklist ${HOME}/.cache/qutebrowser noblacklist ${HOME}/.config/qutebrowser noblacklist ${HOME}/.local/share/qutebrowser - -# Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* - # with >=llvm-4 mesa drivers need llvm stuff noblacklist /usr/lib/llvm* +# Allow python (blacklisted by disable-interpreters.inc) +include allow-python2.inc +include allow-python3.inc + include disable-common.inc include disable-devel.inc include disable-interpreters.inc diff --git a/etc/ranger.profile b/etc/ranger.profile index 1e50ca9fa6f..13e8911ea46 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile @@ -11,18 +11,11 @@ noblacklist ${HOME}/.config/ranger noblacklist ${HOME}/.nanorc # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc # Allow perl -# noblacklist ${PATH}/cpan* -noblacklist ${PATH}/perl -noblacklist /usr/lib/perl* -noblacklist /usr/share/perl* +include allow-perl.inc include disable-common.inc include disable-devel.inc diff --git a/etc/scribus.profile b/etc/scribus.profile index d8dc7b0e0ef..c50e0861cb3 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile @@ -27,12 +27,8 @@ noblacklist ${DOCUMENTS} noblacklist ${PICTURES} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index 485326fcc2c..176842c446a 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile @@ -7,12 +7,8 @@ include sdat2img.local include globals.local # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 5ae498ab2d4..0363a247528 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile @@ -12,12 +12,8 @@ noblacklist ${MUSIC} noblacklist ${VIDEOS} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index 4d6e80840f8..d875146de33 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile @@ -9,12 +9,8 @@ include globals.local noblacklist ${MUSIC} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/spectre-meltdown-checker.profile b/etc/spectre-meltdown-checker.profile index 74582dd2f90..edbe0e772b1 100644 --- a/etc/spectre-meltdown-checker.profile +++ b/etc/spectre-meltdown-checker.profile @@ -11,12 +11,8 @@ include globals.local noblacklist ${PATH}/mount noblacklist ${PATH}/umount -# Allow access to perl -noblacklist ${PATH}/cpan* -noblacklist ${PATH}/core_perl -noblacklist ${PATH}/perl -noblacklist /usr/lib/perl* -noblacklist /usr/share/perl* +# Allow perl (blacklisted by disable-interpreters.inc) +include allow-perl.inc include disable-common.inc include disable-devel.inc diff --git a/etc/steam.profile b/etc/steam.profile index 8f08b18f066..5ab600bfbe7 100644 --- a/etc/steam.profile +++ b/etc/steam.profile @@ -25,19 +25,12 @@ noblacklist /usr/lib/llvm* # needed for STEAM_RUNTIME_PREFER_HOST_LIBRARIES=1 to work noblacklist /sbin -# Allow access to java -noblacklist ${PATH}/java -noblacklist /usr/lib/java -noblacklist /etc/java -noblacklist /usr/share/java +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/subdownloader.profile b/etc/subdownloader.profile index c07131893c1..b55300c889f 100644 --- a/etc/subdownloader.profile +++ b/etc/subdownloader.profile @@ -10,12 +10,8 @@ noblacklist ${HOME}/.config/SubDownloader noblacklist ${VIDEOS} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/templates/profile.template b/etc/templates/profile.template index fe0ec713b16..16bf05cec02 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template @@ -22,8 +22,10 @@ # Sections structure # HEADER # COMMENTS -# BLACKLISTS +# IGNORES # NOBLACKLISTS +# ALLOW INCLUDES +# BLACKLISTS # DISABLE INCLUDES # MKDIRS # WHITELISTS @@ -59,19 +61,17 @@ #noblacklist PATH # Allow python (blacklisted by disable-interpreters.inc) -#noblacklist ${PATH}/python2* -#noblacklist ${PATH}/python3* -#noblacklist /usr/lib/python2* -#noblacklist /usr/lib/python3* -#noblacklist /usr/local/lib/python2* -#noblacklist /usr/local/lib/python3* +#include allow-python2.inc +#include allow-python3.inc # Allow perl (blacklisted by disable-interpreters.inc) -#noblacklist ${PATH}/cpan* -#noblacklist ${PATH}/core_perl -#noblacklist ${PATH}/perl -#noblacklist /usr/lib/perl* -#noblacklist /usr/share/perl* +#include allow-perl.inc + +# Allow java (blacklisted by disable-devel.inc) +#include allow-java.inc + +# Allow lua (blacklisted by disable-interpreters.inc) +include allow-lua.inc #include disable-common.inc #include disable-devel.inc diff --git a/etc/templates/redirect_alias-profile.template b/etc/templates/redirect_alias-profile.template index 7df157583b8..5a00933a580 100644 --- a/etc/templates/redirect_alias-profile.template +++ b/etc/templates/redirect_alias-profile.template @@ -8,29 +8,38 @@ include PROFILE.local #include globals.local #NOTE: let include globals.local commented -# Additional blacklisting (if needed) -#blacklist PATH +# For more informations see profile.template + +# Ignore something that is in the included profile +#ignore net none +#ignore private-bin +#ignore seccomp +#... # Additional noblacklisting (if needed) #noblacklist PATH +# Additional allow includes (if needed) + +# Additional blacklisting (if needed) +#blacklist PATH + # Additional whitelisting (if needed) #mkdir PATH -#mkfile PATH +##mkfile PATH #whitelist PATH -# Additional options if needed (see firejail-profile.example) +# Additional options (if needed) + + +# Additional private-options (if needed) # Add programs to private-bin (if needed) #private-bin PROGRAMS # Add files to private-etc (if needed) #private-etc FILES -# Ignore something that is in the included profile -#ignore net none -#ignore private-bin -#ignore seccomp -#... +# Additional special options (if needed) # Redirect include PROFILE.profile diff --git a/etc/terasology.profile b/etc/terasology.profile index 43865b6fba2..b01b4fdb33b 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile @@ -8,11 +8,8 @@ include globals.local noblacklist ${HOME}/.java noblacklist ${HOME}/.local/share/terasology -# Allow access to java -noblacklist ${PATH}/java -noblacklist /usr/lib/java -noblacklist /etc/java -noblacklist /usr/share/java +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc include disable-common.inc include disable-devel.inc diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index c7c810cda53..ff4a8587130 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile @@ -12,12 +12,8 @@ noblacklist ${HOME}/.config/torbrowser noblacklist ${HOME}/.local/share/torbrowser # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/transmission-remote-cli.profile b/etc/transmission-remote-cli.profile index 3e3ad1a0789..7b7a47f14c9 100644 --- a/etc/transmission-remote-cli.profile +++ b/etc/transmission-remote-cli.profile @@ -8,12 +8,8 @@ include transmission-remote-cli.local #include globals.local # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc mkdir ${HOME}/.cache/transmission mkdir ${HOME}/.config/transmission diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile index 1b657d0838a..3111a1e2224 100644 --- a/etc/tuxguitar.profile +++ b/etc/tuxguitar.profile @@ -11,11 +11,8 @@ noblacklist ${HOME}/.tuxguitar* noblacklist ${DOCUMENTS} noblacklist ${MUSIC} -# Allow access to java -noblacklist ${PATH}/java -noblacklist /usr/lib/java -noblacklist /etc/java -noblacklist /usr/share/java +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc include disable-common.inc include disable-devel.inc diff --git a/etc/uzbl-browser.profile b/etc/uzbl-browser.profile index dbee819cd32..d4e54235b4d 100644 --- a/etc/uzbl-browser.profile +++ b/etc/uzbl-browser.profile @@ -10,12 +10,8 @@ noblacklist ${HOME}/.gnupg noblacklist ${HOME}/.local/share/uzbl # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/wireshark.profile b/etc/wireshark.profile index 9b9757cd547..b44eae1286a 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile @@ -10,11 +10,8 @@ noblacklist ${HOME}/.config/wireshark noblacklist ${HOME}/.wireshark noblacklist ${DOCUMENTS} -# Wireshark can use Lua for scripting -noblacklist ${PATH}/lua* -noblacklist /usr/lib/lua -noblacklist /usr/include/lua* -noblacklist /usr/share/lua +# Allow lua (blacklisted by disable-interpreters.inc) +include allow-lua.inc include disable-common.inc include disable-devel.inc diff --git a/etc/xed.profile b/etc/xed.profile index cce0432a4dc..9a7806b1961 100644 --- a/etc/xed.profile +++ b/etc/xed.profile @@ -9,12 +9,8 @@ noblacklist ${HOME}/.config/xed noblacklist ${HOME}/.pythonrc.py # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/xlinks.profile b/etc/xlinks.profile new file mode 100644 index 00000000000..775d6f8ed0b --- /dev/null +++ b/etc/xlinks.profile @@ -0,0 +1,18 @@ +# Firejail profile for xlinks +# Description: Text WWW browser (X11) +# This file is overwritten after every install/update +# Persistent local customizations +include xlinks.local + +noblacklist /tmp/.X11-unix +noblacklist ${HOME}/.links + +include whitelist-common.inc + +# if you want to use user-configured programs add 'private-bin PROGRAM1,PROGRAM2' +# to your xlinks.local or append 'PROGRAM1,PROGRAM2' to this private-bin line +private-bin xlinks +private-etc fonts + +# Redirect +include links.profile \ No newline at end of file diff --git a/etc/xplayer.profile b/etc/xplayer.profile index b4932c99ece..5f4e3bf4c51 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile @@ -11,12 +11,8 @@ noblacklist ${MUSIC} noblacklist ${VIDEOS} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/xpra.profile b/etc/xpra.profile index d58810228f4..fc861176fb9 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile @@ -17,12 +17,8 @@ include globals.local blacklist /media # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc include disable-common.inc include disable-devel.inc diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index 621ffb2b043..237f24fd15e 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile @@ -12,12 +12,8 @@ noblacklist ${MUSIC} noblacklist ${VIDEOS} # Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* +include allow-python2.inc +include allow-python3.inc # breaks when installed via pip ignore noexec ${HOME} diff --git a/etc/zaproxy.profile b/etc/zaproxy.profile index dc3164da1f2..9ef3e713eb6 100644 --- a/etc/zaproxy.profile +++ b/etc/zaproxy.profile @@ -9,11 +9,8 @@ include globals.local noblacklist ${HOME}/.java noblacklist ${HOME}/.ZAP -# Allow access to java -noblacklist ${PATH}/java -noblacklist /usr/lib/java -noblacklist /etc/java -noblacklist /usr/share/java +# Allow java (blacklisted by disable-devel.inc) +include allow-java.inc include disable-common.inc include disable-devel.inc diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 48789359df3..994487f5a3a 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -322,6 +322,7 @@ less libreoffice liferea lincity-ng +links linphone lmms lobase @@ -622,6 +623,7 @@ xfce4-dict xfce4-mixer xfce4-notes xiphos +xlinks xmms xmr-stak xonotic