diff options
| author |  glitsj16 <glitsj16@users.noreply.github.com> | 2023-10-24 23:53:15 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2023-10-24 23:53:15 +0000 |
| commit | 30c30f57fe901aab2dbf86b9573fefc181716346 (patch) | |
| tree | 0232d29d5aa6cbe63a457f6e41af980befb5e9a5 | |
| parent | Merge pull request #6064 from kmk3/profiles-dedup-dc-dp (diff) | |
| download | firejail-30c30f57fe901aab2dbf86b9573fefc181716346.tar.gz firejail-30c30f57fe901aab2dbf86b9573fefc181716346.tar.zst firejail-30c30f57fe901aab2dbf86b9573fefc181716346.zip | |
profiles: Extend node stack support for pnpm (#6063)
* nodejs-common: add pnpm support
* disable-programs.inc: add pnpm support
* Create pnpm.profile
* Create pnpx.profile
| -rw-r--r-- | etc/inc/disable-programs.inc | 1 | ||||
| -rw-r--r-- | etc/profile-m-z/nodejs-common.profile | 5 | ||||
| -rw-r--r-- | etc/profile-m-z/pnpm.profile | 11 | ||||
| -rw-r--r-- | etc/profile-m-z/pnpx.profile | 11 |
4 files changed, 27 insertions, 1 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 312869334..5a61bd448 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
| @@ -1014,6 +1014,7 @@ blacklist ${HOME}/.local/share/orage | |||
| 1014 | blacklist ${HOME}/.local/share/org.kde.gwenview | 1014 | blacklist ${HOME}/.local/share/org.kde.gwenview |
| 1015 | blacklist ${HOME}/.local/share/pix | 1015 | blacklist ${HOME}/.local/share/pix |
| 1016 | blacklist ${HOME}/.local/share/plasma_notes | 1016 | blacklist ${HOME}/.local/share/plasma_notes |
| 1017 | blacklist ${HOME}/.local/share/pnpm | ||
| 1017 | blacklist ${HOME}/.local/share/profanity | 1018 | blacklist ${HOME}/.local/share/profanity |
| 1018 | blacklist ${HOME}/.local/share/psi | 1019 | blacklist ${HOME}/.local/share/psi |
| 1019 | blacklist ${HOME}/.local/share/psi+ | 1020 | blacklist ${HOME}/.local/share/psi+ |
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile index 4c463521c..f301196c6 100644 --- a/etc/profile-m-z/nodejs-common.profile +++ b/etc/profile-m-z/nodejs-common.profile | |||
| @@ -7,7 +7,7 @@ include nodejs-common.local | |||
| 7 | # added by caller profile | 7 | # added by caller profile |
| 8 | #include globals.local | 8 | #include globals.local |
| 9 | 9 | ||
| 10 | # Note: gulp, node-gyp, npm, npx, semver and yarn are all node scripts | 10 | # Note: gulp, node-gyp, npm, npx, pnpm, pnpx, semver and yarn are all node scripts |
| 11 | # using the `#!/usr/bin/env node` shebang. By sandboxing node the full | 11 | # using the `#!/usr/bin/env node` shebang. By sandboxing node the full |
| 12 | # node.js stack will be firejailed. The only exception is nvm, which is implemented | 12 | # node.js stack will be firejailed. The only exception is nvm, which is implemented |
| 13 | # as a sourced shell function, not an executable binary. Hence it is not | 13 | # as a sourced shell function, not an executable binary. Hence it is not |
| @@ -22,6 +22,7 @@ ignore read-only ${HOME}/.npmrc | |||
| 22 | ignore read-only ${HOME}/.nvm | 22 | ignore read-only ${HOME}/.nvm |
| 23 | ignore read-only ${HOME}/.yarnrc | 23 | ignore read-only ${HOME}/.yarnrc |
| 24 | 24 | ||
| 25 | noblacklist ${HOME}/.local/share/pnpm | ||
| 25 | noblacklist ${HOME}/.node-gyp | 26 | noblacklist ${HOME}/.node-gyp |
| 26 | noblacklist ${HOME}/.npm | 27 | noblacklist ${HOME}/.npm |
| 27 | noblacklist ${HOME}/.npmrc | 28 | noblacklist ${HOME}/.npmrc |
| @@ -43,6 +44,7 @@ include disable-xdg.inc | |||
| 43 | 44 | ||
| 44 | # If you want whitelisting, change ${HOME}/Projects below to your node projects directory | 45 | # If you want whitelisting, change ${HOME}/Projects below to your node projects directory |
| 45 | # and add the next lines to your nodejs-common.local. | 46 | # and add the next lines to your nodejs-common.local. |
| 47 | #mkdir ${HOME}/.local/share/pnpm | ||
| 46 | #mkdir ${HOME}/.node-gyp | 48 | #mkdir ${HOME}/.node-gyp |
| 47 | #mkdir ${HOME}/.npm | 49 | #mkdir ${HOME}/.npm |
| 48 | #mkdir ${HOME}/.npm-packages | 50 | #mkdir ${HOME}/.npm-packages |
| @@ -52,6 +54,7 @@ include disable-xdg.inc | |||
| 52 | #mkdir ${HOME}/.yarn-config | 54 | #mkdir ${HOME}/.yarn-config |
| 53 | #mkdir ${HOME}/.yarncache | 55 | #mkdir ${HOME}/.yarncache |
| 54 | #mkfile ${HOME}/.yarnrc | 56 | #mkfile ${HOME}/.yarnrc |
| 57 | #whitelist ${HOME}/.local/share/pnpm | ||
| 55 | #whitelist ${HOME}/.node-gyp | 58 | #whitelist ${HOME}/.node-gyp |
| 56 | #whitelist ${HOME}/.npm | 59 | #whitelist ${HOME}/.npm |
| 57 | #whitelist ${HOME}/.npm-packages | 60 | #whitelist ${HOME}/.npm-packages |
diff --git a/etc/profile-m-z/pnpm.profile b/etc/profile-m-z/pnpm.profile new file mode 100644 index 000000000..08f88be43 --- /dev/null +++ b/etc/profile-m-z/pnpm.profile | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | # Firejail profile for pnpm | ||
| 2 | # Description: Fast, disk space efficient package manager | ||
| 3 | quiet | ||
| 4 | # This file is overwritten after every install/update | ||
| 5 | # Persistent local customizations | ||
| 6 | include pnpm.local | ||
| 7 | # Persistent global definitions | ||
| 8 | include globals.local | ||
| 9 | |||
| 10 | # Redirect | ||
| 11 | include nodejs-common.profile | ||
diff --git a/etc/profile-m-z/pnpx.profile b/etc/profile-m-z/pnpx.profile new file mode 100644 index 000000000..a99d1232a --- /dev/null +++ b/etc/profile-m-z/pnpx.profile | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | # Firejail profile for pnpx | ||
| 2 | # Description: Part of the Node.js stack | ||
| 3 | quiet | ||
| 4 | # This file is overwritten after every install/update | ||
| 5 | # Persistent local customizations | ||
| 6 | include pnpx.local | ||
| 7 | # Persistent global definitions | ||
| 8 | include globals.local | ||
| 9 | |||
| 10 | # Redirect | ||
| 11 | include nodejs-common.profile | ||