diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-05-27 12:07:09 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-05-27 12:07:09 +0200 |
commit | 28c099bdc32710fc40e16aa53549a53222eef931 (patch) | |
tree | 86b4216a4b34d6099381d871c8a70b1e1b6808e5 | |
parent | Update dino-im.profile (#3433) (diff) | |
download | firejail-28c099bdc32710fc40e16aa53549a53222eef931.tar.gz firejail-28c099bdc32710fc40e16aa53549a53222eef931.tar.zst firejail-28c099bdc32710fc40e16aa53549a53222eef931.zip |
${RUNUSER} blacklisting + typo
-rw-r--r-- | etc/inc/disable-common.inc | 20 | ||||
-rw-r--r-- | platform/rpm/firejail.spec | 2 |
2 files changed, 21 insertions, 1 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 8f1350a60..ce3b24584 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -144,12 +144,16 @@ blacklist ${RUNUSER}/kdesud_* | |||
144 | blacklist ${HOME}/.local/share/gnome-shell | 144 | blacklist ${HOME}/.local/share/gnome-shell |
145 | # no direct modification of dconf database | 145 | # no direct modification of dconf database |
146 | read-only ${HOME}/.config/dconf | 146 | read-only ${HOME}/.config/dconf |
147 | blacklist ${RUNUSER}/gnome-session-leader-fifo | ||
148 | blacklist ${RUNUSER}/gnome-shell | ||
149 | blacklist ${RUNUSER}/gsconnect | ||
147 | 150 | ||
148 | # systemd | 151 | # systemd |
149 | blacklist ${HOME}/.config/systemd | 152 | blacklist ${HOME}/.config/systemd |
150 | blacklist ${HOME}/.local/share/systemd | 153 | blacklist ${HOME}/.local/share/systemd |
151 | blacklist /var/lib/systemd | 154 | blacklist /var/lib/systemd |
152 | blacklist ${PATH}/systemd-run | 155 | blacklist ${PATH}/systemd-run |
156 | blacklist ${RUNUSER}/systemd | ||
153 | # creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf | 157 | # creates problems on Arch where /etc/resolv.conf is a symlink to /var/run/systemd/resolve/resolv.conf |
154 | #blacklist /var/run/systemd | 158 | #blacklist /var/run/systemd |
155 | 159 | ||
@@ -175,6 +179,13 @@ blacklist /var/cache/libvirt | |||
175 | blacklist /var/lib/libvirt | 179 | blacklist /var/lib/libvirt |
176 | blacklist /var/log/libvirt | 180 | blacklist /var/log/libvirt |
177 | 181 | ||
182 | # OCI-Containers / Podman | ||
183 | blacklist ${RUNUSER}/containers | ||
184 | blacklist ${RUNUSER}/crun | ||
185 | blacklist ${RUNUSER}/libpod | ||
186 | blacklist ${RUNUSER}/runc | ||
187 | blacklist ${RUNUSER}/toolbox | ||
188 | |||
178 | # VeraCrypt | 189 | # VeraCrypt |
179 | blacklist ${HOME}/.VeraCrypt | 190 | blacklist ${HOME}/.VeraCrypt |
180 | blacklist ${PATH}/veracrypt | 191 | blacklist ${PATH}/veracrypt |
@@ -478,6 +489,9 @@ blacklist /var/lib/flatpak | |||
478 | # most of the time bwrap is SUID binary | 489 | # most of the time bwrap is SUID binary |
479 | blacklist ${PATH}/bwrap | 490 | blacklist ${PATH}/bwrap |
480 | 491 | ||
492 | # snap | ||
493 | blacklist ${RUNUSER}/snapd-session-agent.socket | ||
494 | |||
481 | # mail directories used by mutt | 495 | # mail directories used by mutt |
482 | blacklist ${HOME}/.Mail | 496 | blacklist ${HOME}/.Mail |
483 | blacklist ${HOME}/.mail | 497 | blacklist ${HOME}/.mail |
@@ -502,3 +516,9 @@ blacklist ${PATH}/dns2tcp | |||
502 | blacklist ${PATH}/iodine | 516 | blacklist ${PATH}/iodine |
503 | blacklist ${PATH}/knsupdate | 517 | blacklist ${PATH}/knsupdate |
504 | blacklist ${PATH}/resolvectl | 518 | blacklist ${PATH}/resolvectl |
519 | |||
520 | # rest of ${RUNUSER} | ||
521 | blacklist ${RUNUSER}/*.lock | ||
522 | blacklist ${RUNUSER}/inaccessible | ||
523 | blacklist ${RUNUSER}/update-notifier.pid | ||
524 | blacklist ${RUNUSER}/pk-debconf-socket | ||
diff --git a/platform/rpm/firejail.spec b/platform/rpm/firejail.spec index bce160f04..da91f5a4f 100644 --- a/platform/rpm/firejail.spec +++ b/platform/rpm/firejail.spec | |||
@@ -1,7 +1,7 @@ | |||
1 | Name: __NAME__ | 1 | Name: __NAME__ |
2 | Version: __VERSION__ | 2 | Version: __VERSION__ |
3 | Release: 1 | 3 | Release: 1 |
4 | Summary: Linux namepaces sandbox program | 4 | Summary: Linux namespaces sandbox program |
5 | 5 | ||
6 | License: GPLv2+ | 6 | License: GPLv2+ |
7 | Group: Development/Tools | 7 | Group: Development/Tools |