feat(tunable): add the user defined private directories

- Add @{XDG_PRIVATE_DIR} & @{user_private_dirs}
- This directories are denied in file browser and search engine.
This commit is contained in:
Alexandre Pujol 2024-05-06 15:19:10 +01:00
parent 8224ac2b3f
commit 3b41ee93dc
No known key found for this signature in database
GPG Key ID: C5469996F0DF68EC
2 changed files with 9 additions and 4 deletions

View File

@ -39,12 +39,13 @@
deny @{user_password_store_dirs}/{,**} mrwkl,
deny @{user_share_dirs}/kwalletd/{,**} mrwkl,
# User defined private directories
deny @{user_private_dirs}/** mrxwlk,
deny @{HOMEDIRS}/**/@{XDG_PRIVATE_DIR}/** mrxwlk,
deny @{MOUNTS}/**/@{XDG_PRIVATE_DIR}/** mrxwlk,
# Deny executable mapping in writable space as allowed in abstractions/fonts
deny @{HOME}/.{,cache/}fontconfig/ rw,
deny @{HOME}/.{,cache/}fontconfig/** mrwl,
# Deny executable mapping in writable space as allowed in abstractions/base for ecryptfs
deny @{HOME}/.Private/** mrxwlk,
deny @{HOMEDIRS}/.ecryptfs/*/.Private/** mrxwlk,
include if exists <abstractions/deny-sensitive-home.d>

View File

@ -30,6 +30,9 @@
@{XDG_GPG_DIR}=".gnupg"
@{XDG_PASSWORD_STORE_DIR}=".password-store"
# User personal private directories
@{XDG_PRIVATE_DIR}=".{p,P}rivate" "{p,P}rivate"
# Definition of local user configuration directories
@{XDG_CACHE_DIR}=".cache"
@{XDG_CONFIG_DIR}=".config"
@ -61,3 +64,4 @@
@{user_vm_dirs}=@{HOME}/@{XDG_VM_DIR} @{MOUNTS}/@{XDG_VM_DIR}
@{user_work_dirs}=@{HOME}/@{XDG_WORK_DIR} @{MOUNTS}/@{XDG_WORK_DIR}
@{user_password_store_dirs}=@{HOME}/@{XDG_PASSWORD_STORE_DIR} @{MOUNTS}/@{XDG_PASSWORD_STORE_DIR}
@{user_private_dirs}=@{HOME}/@{XDG_PRIVATE_DIR} @{MOUNTS}/@{XDG_PRIVATE_DIR}