diff options
| author |  smitsohu <smitsohu@gmail.com> | 2018-10-12 19:55:55 +0200 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2018-10-12 19:55:55 +0200 |
| commit | bcf53870f3dab1d1a813337886bd0965976875bd (patch) | |
| tree | bb6017c2bf2574690ceae4fd6da3238632261810 /etc/disable-common.inc | |
| parent | clean homedir pathname (diff) | |
| download | firejail-bcf53870f3dab1d1a813337886bd0965976875bd.tar.gz firejail-bcf53870f3dab1d1a813337886bd0965976875bd.tar.zst firejail-bcf53870f3dab1d1a813337886bd0965976875bd.zip | |
consolidate cloud blacklisting, alphabetize, other nitpicks
Diffstat (limited to 'etc/disable-common.inc')
| -rw-r--r-- | etc/disable-common.inc | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 0f6e6bd19..ceca17826 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
| @@ -317,9 +317,11 @@ blacklist /var/backup | |||
| 317 | # cloud provider configuration | 317 | # cloud provider configuration |
| 318 | blacklist ${HOME}/.aws | 318 | blacklist ${HOME}/.aws |
| 319 | blacklist ${HOME}/.boto | 319 | blacklist ${HOME}/.boto |
| 320 | blacklist /etc/boto.cfg | ||
| 321 | blacklist ${HOME}/.config/gcloud | 320 | blacklist ${HOME}/.config/gcloud |
| 322 | blacklist ${HOME}/.kube | 321 | blacklist ${HOME}/.kube |
| 322 | blacklist ${HOME}/.passwd-s3fs | ||
| 323 | blacklist ${HOME}/.s3cmd | ||
| 324 | blacklist /etc/boto.cfg | ||
| 323 | 325 | ||
| 324 | # system directories | 326 | # system directories |
| 325 | blacklist /sbin | 327 | blacklist /sbin |
| @@ -391,14 +393,14 @@ blacklist /vmlinuz* | |||
| 391 | # snapshot files | 393 | # snapshot files |
| 392 | blacklist /.snapshots | 394 | blacklist /.snapshots |
| 393 | 395 | ||
| 394 | # complement noexec ${HOME} and noexec /tmp | ||
| 395 | noexec /tmp/.X11-unix | ||
| 396 | |||
| 397 | # flatpak | 396 | # flatpak |
| 398 | blacklist ${HOME}/*.config/flatpak | 397 | blacklist ${HOME}/.config/flatpak |
| 399 | blacklist ${HOME}/*.var | 398 | blacklist ${HOME}/.local/share/flatpak |
| 400 | blacklist ${HOME}/*.local/share/flatpak | 399 | blacklist ${HOME}/.var |
| 401 | blacklist /var/lib/flatpak | ||
| 402 | blacklist /usr/share/flatpak | 400 | blacklist /usr/share/flatpak |
| 401 | blacklist /var/lib/flatpak | ||
| 403 | # most of the time bwrap is SUID binary | 402 | # most of the time bwrap is SUID binary |
| 404 | blacklist ${PATH}/bwrap | 403 | blacklist ${PATH}/bwrap |
| 404 | |||
| 405 | # complement noexec ${HOME} and noexec /tmp | ||
| 406 | noexec /tmp/.X11-unix | ||