diff options
author | valoq <valoq@mailbox.org> | 2016-10-26 17:51:07 +0200 |
---|---|---|
committer | valoq <valoq@mailbox.org> | 2016-10-26 17:51:07 +0200 |
commit | ad773dec65ec32e0fcba1b123b3da5b9edcbf9d4 (patch) | |
tree | 0e35dd6dc35f3c8d5ea32a6c076e270524b3db36 /etc/disable-common.inc | |
parent | removed blacklist duplate (diff) | |
parent | removed ping blacklisting (diff) | |
download | firejail-ad773dec65ec32e0fcba1b123b3da5b9edcbf9d4.tar.gz firejail-ad773dec65ec32e0fcba1b123b3da5b9edcbf9d4.tar.zst firejail-ad773dec65ec32e0fcba1b123b3da5b9edcbf9d4.zip |
resolve conflict
Diffstat (limited to 'etc/disable-common.inc')
-rw-r--r-- | etc/disable-common.inc | 54 |
1 files changed, 24 insertions, 30 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 19a23d764..82398473d 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -137,6 +137,11 @@ blacklist /etc/gshadow+ | |||
137 | blacklist /etc/ssh | 137 | blacklist /etc/ssh |
138 | blacklist /var/backup | 138 | blacklist /var/backup |
139 | 139 | ||
140 | # system directories | ||
141 | blacklist /sbin | ||
142 | blacklist /usr/sbin | ||
143 | blacklist /usr/local/sbin | ||
144 | |||
140 | # system management | 145 | # system management |
141 | # blacklist ${PATH}/umount | 146 | # blacklist ${PATH}/umount |
142 | # blacklist ${PATH}/mount | 147 | # blacklist ${PATH}/mount |
@@ -149,11 +154,22 @@ blacklist ${PATH}/xev | |||
149 | blacklist ${PATH}/strace | 154 | blacklist ${PATH}/strace |
150 | blacklist ${PATH}/nc | 155 | blacklist ${PATH}/nc |
151 | blacklist ${PATH}/ncat | 156 | blacklist ${PATH}/ncat |
152 | 157 | blacklist ${PATH}/gpasswd | |
153 | # system directories | 158 | blacklist ${PATH}/newgidmap |
154 | blacklist /sbin | 159 | blacklist ${PATH}/newgrp |
155 | blacklist /usr/sbin | 160 | blacklist ${PATH}/newuidmap |
156 | blacklist /usr/local/sbin | 161 | blacklist ${PATH}/pkexec |
162 | blacklist ${PATH}/sg | ||
163 | blacklist ${PATH}/rsh | ||
164 | blacklist ${PATH}/rlogin | ||
165 | blacklist ${PATH}/rcp | ||
166 | blacklist ${PATH}/crontab | ||
167 | blacklist ${PATH}/ksu | ||
168 | blacklist ${PATH}/chsh | ||
169 | blacklist ${PATH}/chfn | ||
170 | blacklist ${PATH}/chage | ||
171 | blacklist ${PATH}/expiry | ||
172 | blacklist ${PATH}/unix_chkpwd | ||
157 | 173 | ||
158 | # prevent lxterminal connecting to an existing lxterminal session | 174 | # prevent lxterminal connecting to an existing lxterminal session |
159 | blacklist /tmp/.lxterminal-socket* | 175 | blacklist /tmp/.lxterminal-socket* |
@@ -173,28 +189,6 @@ blacklist ${PATH}/terminix | |||
173 | blacklist ${PATH}/urxvtc | 189 | blacklist ${PATH}/urxvtc |
174 | blacklist ${PATH}/urxvtcd | 190 | blacklist ${PATH}/urxvtcd |
175 | 191 | ||
176 | # disable common suid programms | 192 | # kernel files |
177 | blacklist ${PATH}/firejail | 193 | blacklist /vmlinuz* |
178 | blacklist ${PATH}/sudo | 194 | blacklist /initrd* |
179 | blacklist ${PATH}/su | ||
180 | blacklist ${PATH}/mount | ||
181 | blacklist ${PATH}/umount | ||
182 | blacklist ${PATH}/fusermount | ||
183 | blacklist ${PATH}/passwd | ||
184 | blacklist ${PATH}/gpasswd | ||
185 | blacklist ${PATH}/newgidmap | ||
186 | blacklist ${PATH}/newgrp | ||
187 | blacklist ${PATH}/newuidmap | ||
188 | blacklist ${PATH}/pkexec | ||
189 | blacklist ${PATH}/sg | ||
190 | blacklist ${PATH}/rsh | ||
191 | blacklist ${PATH}/rlogin | ||
192 | blacklist ${PATH}/rcp | ||
193 | blacklist ${PATH}/crontab | ||
194 | blacklist ${PATH}/ksu | ||
195 | blacklist ${PATH}/chsh | ||
196 | blacklist ${PATH}/chfn | ||
197 | blacklist ${PATH}/chage | ||
198 | blacklist ${PATH}/expiry | ||
199 | blacklist ${PATH}/ping | ||
200 | blacklist ${PATH}/unix_chkpwd | ||