diff options
author | netblue30 <netblue30@protonmail.com> | 2021-11-09 07:18:31 -0500 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-11-09 07:18:31 -0500 |
commit | e479ac000074b096559bc16bd0b6886dc03f2f45 (patch) | |
tree | b9d9468cbc6448935f857e7e1bf336cc979a7c67 | |
parent | Merge pull request #4574 from a1346054/shellcheck-fix (diff) | |
download | firejail-e479ac000074b096559bc16bd0b6886dc03f2f45.tar.gz firejail-e479ac000074b096559bc16bd0b6886dc03f2f45.tar.zst firejail-e479ac000074b096559bc16bd0b6886dc03f2f45.zip |
disable-common.inc: blacklist ssh
-rw-r--r-- | etc/inc/allow-ssh.inc | 1 | ||||
-rw-r--r-- | etc/inc/disable-common.inc | 3 | ||||
-rw-r--r-- | etc/profile-m-z/ssh-agent.profile | 1 | ||||
-rw-r--r-- | etc/profile-m-z/ssh.profile | 1 |
4 files changed, 4 insertions, 2 deletions
diff --git a/etc/inc/allow-ssh.inc b/etc/inc/allow-ssh.inc index 67c78a483..e3f546389 100644 --- a/etc/inc/allow-ssh.inc +++ b/etc/inc/allow-ssh.inc | |||
@@ -6,3 +6,4 @@ noblacklist ${HOME}/.ssh | |||
6 | noblacklist /etc/ssh | 6 | noblacklist /etc/ssh |
7 | noblacklist /etc/ssh/ssh_config | 7 | noblacklist /etc/ssh/ssh_config |
8 | noblacklist /tmp/ssh-* | 8 | noblacklist /tmp/ssh-* |
9 | noblacklist ${PATH}/ssh | ||
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index f3d685d18..52221f4b3 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -493,6 +493,8 @@ blacklist ${PATH}/umount | |||
493 | blacklist ${PATH}/unix_chkpwd | 493 | blacklist ${PATH}/unix_chkpwd |
494 | blacklist ${PATH}/xev | 494 | blacklist ${PATH}/xev |
495 | blacklist ${PATH}/xinput | 495 | blacklist ${PATH}/xinput |
496 | # from 0.9.67 | ||
497 | blacklist ${PATH}/ssh | ||
496 | blacklist /usr/lib/openssh/ssh-keysign | 498 | blacklist /usr/lib/openssh/ssh-keysign |
497 | blacklist ${PATH}/passwd | 499 | blacklist ${PATH}/passwd |
498 | blacklist /usr/lib/xorg/Xorg.wrap | 500 | blacklist /usr/lib/xorg/Xorg.wrap |
@@ -593,3 +595,4 @@ blacklist ${RUNUSER}/*.lock | |||
593 | blacklist ${RUNUSER}/inaccessible | 595 | blacklist ${RUNUSER}/inaccessible |
594 | blacklist ${RUNUSER}/pk-debconf-socket | 596 | blacklist ${RUNUSER}/pk-debconf-socket |
595 | blacklist ${RUNUSER}/update-notifier.pid | 597 | blacklist ${RUNUSER}/update-notifier.pid |
598 | |||
diff --git a/etc/profile-m-z/ssh-agent.profile b/etc/profile-m-z/ssh-agent.profile index 9d3fe9637..11723664f 100644 --- a/etc/profile-m-z/ssh-agent.profile +++ b/etc/profile-m-z/ssh-agent.profile | |||
@@ -11,7 +11,6 @@ include allow-ssh.inc | |||
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
13 | blacklist ${RUNUSER}/wayland-* | 13 | blacklist ${RUNUSER}/wayland-* |
14 | noblacklist /usr/lib/openssh/ssh-keysign | ||
15 | 14 | ||
16 | include disable-common.inc | 15 | include disable-common.inc |
17 | include disable-programs.inc | 16 | include disable-programs.inc |
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index 194b2082c..9295013e7 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile | |||
@@ -10,7 +10,6 @@ include globals.local | |||
10 | # nc can be used as ProxyCommand, e.g. when using tor | 10 | # nc can be used as ProxyCommand, e.g. when using tor |
11 | noblacklist ${PATH}/nc | 11 | noblacklist ${PATH}/nc |
12 | noblacklist ${PATH}/ncat | 12 | noblacklist ${PATH}/ncat |
13 | noblacklist /usr/lib/openssh/ssh-keysign | ||
14 | 13 | ||
15 | # Allow ssh (blacklisted by disable-common.inc) | 14 | # Allow ssh (blacklisted by disable-common.inc) |
16 | include allow-ssh.inc | 15 | include allow-ssh.inc |