Protect shell startup files

author: netblue30 <netblue30@yahoo.com> 2015-10-30 08:55:25 -0400
committer: netblue30 <netblue30@yahoo.com> 2015-10-30 08:55:25 -0400
commit: 2b37849dbdc1e7be2fac0756a39de8e54b40ae2c (patch)
tree: 7ddf41d4c3b53176aa978ddd63384e009125bd1b /etc/disable-common.inc
parent: release 0.9.34-rc1 testing (diff)
download: firejail-2b37849dbdc1e7be2fac0756a39de8e54b40ae2c.tar.gz
firejail-2b37849dbdc1e7be2fac0756a39de8e54b40ae2c.tar.zst
firejail-2b37849dbdc1e7be2fac0756a39de8e54b40ae2c.zip
1 files changed, 33 insertions, 0 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index ece906717..87a979034 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -76,3 +76,36 @@ blacklist /etc/profile.d
 blacklist /etc/rc.local
 blacklist /etc/anacrontab
+# General startup files
+read-only ${HOME}/.xinitrc
+read-only ${HOME}/.xserverrc
+read-only ${HOME}/.profile
+# Shell startup files
+read-only ${HOME}/.bash_login
+read-only ${HOME}/.bashrc
+read-only ${HOME}/.bash_profile
+read-only ${HOME}/.bash_logout
+read-only ${HOME}/.zshrc
+read-only ${HOME}/.zlogin
+read-only ${HOME}/.zprofile
+read-only ${HOME}/.zlogout
+read-only ${HOME}/.zsh_files
+read-only ${HOME}/.tcshrc
+read-only ${HOME}/.cshrc
+read-only ${HOME}/.csh_files
+# Initialization files that allow arbitrary command execution
+read-only ${HOME}/.mailcap
+read-only ${HOME}/.exrc
+read-only ${HOME}/.vimrc
+read-only ${HOME}/.vim
+read-only ${HOME}/.emacs
+read-only ${HOME}/.tmux.conf
+read-only ${HOME}/.iscreenrc
+read-only ${HOME}/.muttrc
+read-only ${HOME}/.xmonad
+# The user ~/bin directory can override commands such as ls
+read-only ${HOME}/bin
author	netblue30 <netblue30@yahoo.com>	2015-10-30 08:55:25 -0400
committer	netblue30 <netblue30@yahoo.com>	2015-10-30 08:55:25 -0400
commit	2b37849dbdc1e7be2fac0756a39de8e54b40ae2c (patch)
tree	7ddf41d4c3b53176aa978ddd63384e009125bd1b /etc/disable-common.inc
parent	release 0.9.34-rc1 testing (diff)
download	firejail-2b37849dbdc1e7be2fac0756a39de8e54b40ae2c.tar.gz firejail-2b37849dbdc1e7be2fac0756a39de8e54b40ae2c.tar.zst firejail-2b37849dbdc1e7be2fac0756a39de8e54b40ae2c.zip

diff --git a/etc/disable-common.inc b/etc/disable-common.inc index ece906717..87a979034 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc
@@ -76,3 +76,36 @@ blacklist /etc/profile.d
76	blacklist /etc/rc.local	76	blacklist /etc/rc.local
77	blacklist /etc/anacrontab	77	blacklist /etc/anacrontab
78		78
		79	# General startup files
		80	read-only ${HOME}/.xinitrc
		81	read-only ${HOME}/.xserverrc
		82	read-only ${HOME}/.profile
		83
		84	# Shell startup files
		85	read-only ${HOME}/.bash_login
		86	read-only ${HOME}/.bashrc
		87	read-only ${HOME}/.bash_profile
		88	read-only ${HOME}/.bash_logout
		89	read-only ${HOME}/.zshrc
		90	read-only ${HOME}/.zlogin
		91	read-only ${HOME}/.zprofile
		92	read-only ${HOME}/.zlogout
		93	read-only ${HOME}/.zsh_files
		94	read-only ${HOME}/.tcshrc
		95	read-only ${HOME}/.cshrc
		96	read-only ${HOME}/.csh_files
		97
		98	# Initialization files that allow arbitrary command execution
		99	read-only ${HOME}/.mailcap
		100	read-only ${HOME}/.exrc
		101	read-only ${HOME}/.vimrc
		102	read-only ${HOME}/.vim
		103	read-only ${HOME}/.emacs
		104	read-only ${HOME}/.tmux.conf
		105	read-only ${HOME}/.iscreenrc
		106	read-only ${HOME}/.muttrc
		107	read-only ${HOME}/.xmonad
		108
		109	# The user ~/bin directory can override commands such as ls
		110	read-only ${HOME}/bin
		111