Merge branch 'master' of ssh://github.com/netblue30/firejail

2 files changed, 8 insertions, 1 deletions

diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index faed10008..010cb05b6 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -319,9 +319,13 @@ read-only ${HOME}/.zshenv
 read-only ${HOME}/.zshrc
 read-only ${HOME}/.zshrc.local
 
-# Remote access - ${HOME}/.ssh directory blacklisted in top secret section below
+# Remote access (used only by sshd; should always be blacklisted)
 blacklist ${HOME}/.rhosts
 blacklist ${HOME}/.shosts
+blacklist ${HOME}/.ssh/authorized_keys
+blacklist ${HOME}/.ssh/authorized_keys2
+blacklist ${HOME}/.ssh/environment
+blacklist ${HOME}/.ssh/rc
 blacklist /etc/hosts.equiv
 
 # Initialization files that allow arbitrary command execution
@@ -354,6 +358,8 @@ read-only ${HOME}/.nanorc
 read-only ${HOME}/.npmrc
 read-only ${HOME}/.pythonrc.py
 read-only ${HOME}/.reportbugrc
+read-only ${HOME}/.ssh/config
+read-only ${HOME}/.ssh/config.d
 read-only ${HOME}/.tmux.conf
 read-only ${HOME}/.vim
 read-only ${HOME}/.viminfo
diff --git a/test/fs/kmsg.exp b/test/fs/kmsg.exp
index 3f952a4d4..1e647ab8d 100755
--- a/test/fs/kmsg.exp
+++ b/test/fs/kmsg.exp
@@ -17,6 +17,7 @@ sleep 1
 send -- "cat /dev/kmsg\r"
 expect {
         timeout {puts "TESTING ERROR 2\n";exit}
+        "No such file or directory" # FIXME: Needed in CI
         "Permission denied"
 }
 after 100