diff options
author | pirate486743186 <429925+pirate486743186@users.noreply.github.com> | 2023-05-11 20:32:45 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-05-11 18:32:45 +0000 |
commit | 06816e904573ec3feb8a27a230d36ee5d488e72b (patch) | |
tree | 26a074e8c61aa7134d36da50c2862f1a7d1a10e8 | |
parent | sbox: improve seccomp blacklist (diff) | |
download | firejail-06816e904573ec3feb8a27a230d36ee5d488e72b.tar.gz firejail-06816e904573ec3feb8a27a230d36ee5d488e72b.tar.zst firejail-06816e904573ec3feb8a27a230d36ee5d488e72b.zip |
block local python (#5826)
Co-authored-by: pirate486743186 <>
-rw-r--r-- | etc/inc/allow-python2.inc | 1 | ||||
-rw-r--r-- | etc/inc/allow-python3.inc | 1 | ||||
-rw-r--r-- | etc/inc/disable-interpreters.inc | 2 |
3 files changed, 4 insertions, 0 deletions
diff --git a/etc/inc/allow-python2.inc b/etc/inc/allow-python2.inc index b0525e2e1..0d4ab8c35 100644 --- a/etc/inc/allow-python2.inc +++ b/etc/inc/allow-python2.inc | |||
@@ -2,6 +2,7 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-python2.local | 3 | include allow-python2.local |
4 | 4 | ||
5 | noblacklist ${HOME}/.local/lib/python2* | ||
5 | noblacklist ${PATH}/python2* | 6 | noblacklist ${PATH}/python2* |
6 | noblacklist /usr/include/python2* | 7 | noblacklist /usr/include/python2* |
7 | noblacklist /usr/lib/python2* | 8 | noblacklist /usr/lib/python2* |
diff --git a/etc/inc/allow-python3.inc b/etc/inc/allow-python3.inc index d968886b0..0693fb7e7 100644 --- a/etc/inc/allow-python3.inc +++ b/etc/inc/allow-python3.inc | |||
@@ -2,6 +2,7 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include allow-python3.local | 3 | include allow-python3.local |
4 | 4 | ||
5 | noblacklist ${HOME}/.local/lib/python3* | ||
5 | noblacklist ${PATH}/python3* | 6 | noblacklist ${PATH}/python3* |
6 | noblacklist /usr/include/python3* | 7 | noblacklist /usr/include/python3* |
7 | noblacklist /usr/lib/python3* | 8 | noblacklist /usr/lib/python3* |
diff --git a/etc/inc/disable-interpreters.inc b/etc/inc/disable-interpreters.inc index ca43e5ed9..4e3590fed 100644 --- a/etc/inc/disable-interpreters.inc +++ b/etc/inc/disable-interpreters.inc | |||
@@ -61,6 +61,7 @@ blacklist /usr/lib64/ruby | |||
61 | 61 | ||
62 | # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus | 62 | # Programs using python: deluge, firefox addons, filezilla, cherrytree, xchat, hexchat, libreoffice, scribus |
63 | # Python 2 | 63 | # Python 2 |
64 | blacklist ${HOME}/.local/lib/python2* | ||
64 | blacklist ${PATH}/python2* | 65 | blacklist ${PATH}/python2* |
65 | blacklist /usr/include/python2* | 66 | blacklist /usr/include/python2* |
66 | blacklist /usr/lib/python2* | 67 | blacklist /usr/lib/python2* |
@@ -70,6 +71,7 @@ blacklist /usr/share/python2* | |||
70 | # You will want to add noblacklist for python3 stuff in the firefox and/or chromium profiles if you use the Gnome connector (see Issue #2026) | 71 | # You will want to add noblacklist for python3 stuff in the firefox and/or chromium profiles if you use the Gnome connector (see Issue #2026) |
71 | 72 | ||
72 | # Python 3 | 73 | # Python 3 |
74 | blacklist ${HOME}/.local/lib/python3* | ||
73 | blacklist ${PATH}/python3* | 75 | blacklist ${PATH}/python3* |
74 | blacklist /usr/include/python3* | 76 | blacklist /usr/include/python3* |
75 | blacklist /usr/lib/python3* | 77 | blacklist /usr/lib/python3* |