diff options
author | The Fox in the Shell <KellerFuchs@hashbang.sh> | 2017-01-10 00:26:11 +0100 |
---|---|---|
committer | The Fox in the Shell <KellerFuchs@hashbang.sh> | 2017-01-12 00:17:05 +0100 |
commit | f12f4756c822b786547f29b5f88f389ba4dd6b6c (patch) | |
tree | 20954a3081003054c23931a78cfbac269b297261 | |
parent | Merge pull request #1027 from reinerh/cve-references2 (diff) | |
download | firejail-f12f4756c822b786547f29b5f88f389ba4dd6b6c.tar.gz firejail-f12f4756c822b786547f29b5f88f389ba4dd6b6c.tar.zst firejail-f12f4756c822b786547f29b5f88f389ba4dd6b6c.zip |
disable-common: Make directories commonly found in $PATH read-only
-rw-r--r-- | etc/disable-common.inc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index efe5c850d..78698782b 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -117,8 +117,11 @@ read-only ${HOME}/.reportbugrc | |||
117 | read-only ${HOME}/.xmonad | 117 | read-only ${HOME}/.xmonad |
118 | read-only ${HOME}/.xscreensaver | 118 | read-only ${HOME}/.xscreensaver |
119 | 119 | ||
120 | # The user ~/bin directory can override commands such as ls | 120 | # Make directories commonly found in $PATH read-only |
121 | read-only ${HOME}/bin | 121 | read-only ${HOME}/bin |
122 | read-only ${HOME}/.gem | ||
123 | read-only ${HOME}/.luarocks | ||
124 | read-only ${HOME}/.npm-packages | ||
122 | 125 | ||
123 | # top secret | 126 | # top secret |
124 | blacklist ${HOME}/.ecryptfs | 127 | blacklist ${HOME}/.ecryptfs |