diff options
| author |  valoq <valoq@mailbox.org> | 2016-10-26 17:51:07 +0200 |
|---|---|---|
| committer | valoq <valoq@mailbox.org> | 2016-10-26 17:51:07 +0200 |
| commit | ad773dec65ec32e0fcba1b123b3da5b9edcbf9d4 (patch) | |
| tree | 0e35dd6dc35f3c8d5ea32a6c076e270524b3db36 /etc/disable-common.inc | |
| parent | removed blacklist duplate (diff) | |
| parent | removed ping blacklisting (diff) | |
| download | firejail-ad773dec65ec32e0fcba1b123b3da5b9edcbf9d4.tar.gz firejail-ad773dec65ec32e0fcba1b123b3da5b9edcbf9d4.tar.zst firejail-ad773dec65ec32e0fcba1b123b3da5b9edcbf9d4.zip | |
resolve conflict
Diffstat (limited to 'etc/disable-common.inc')
| -rw-r--r-- | etc/disable-common.inc | 54 |
1 files changed, 24 insertions, 30 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 19a23d764..82398473d 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
| @@ -137,6 +137,11 @@ blacklist /etc/gshadow+ | |||
| 137 | blacklist /etc/ssh | 137 | blacklist /etc/ssh |
| 138 | blacklist /var/backup | 138 | blacklist /var/backup |
| 139 | 139 | ||
| 140 | # system directories | ||
| 141 | blacklist /sbin | ||
| 142 | blacklist /usr/sbin | ||
| 143 | blacklist /usr/local/sbin | ||
| 144 | |||
| 140 | # system management | 145 | # system management |
| 141 | # blacklist ${PATH}/umount | 146 | # blacklist ${PATH}/umount |
| 142 | # blacklist ${PATH}/mount | 147 | # blacklist ${PATH}/mount |
| @@ -149,11 +154,22 @@ blacklist ${PATH}/xev | |||
| 149 | blacklist ${PATH}/strace | 154 | blacklist ${PATH}/strace |
| 150 | blacklist ${PATH}/nc | 155 | blacklist ${PATH}/nc |
| 151 | blacklist ${PATH}/ncat | 156 | blacklist ${PATH}/ncat |
| 152 | 157 | blacklist ${PATH}/gpasswd | |
| 153 | # system directories | 158 | blacklist ${PATH}/newgidmap |
| 154 | blacklist /sbin | 159 | blacklist ${PATH}/newgrp |
| 155 | blacklist /usr/sbin | 160 | blacklist ${PATH}/newuidmap |
| 156 | blacklist /usr/local/sbin | 161 | blacklist ${PATH}/pkexec |
| 162 | blacklist ${PATH}/sg | ||
| 163 | blacklist ${PATH}/rsh | ||
| 164 | blacklist ${PATH}/rlogin | ||
| 165 | blacklist ${PATH}/rcp | ||
| 166 | blacklist ${PATH}/crontab | ||
| 167 | blacklist ${PATH}/ksu | ||
| 168 | blacklist ${PATH}/chsh | ||
| 169 | blacklist ${PATH}/chfn | ||
| 170 | blacklist ${PATH}/chage | ||
| 171 | blacklist ${PATH}/expiry | ||
| 172 | blacklist ${PATH}/unix_chkpwd | ||
| 157 | 173 | ||
| 158 | # prevent lxterminal connecting to an existing lxterminal session | 174 | # prevent lxterminal connecting to an existing lxterminal session |
| 159 | blacklist /tmp/.lxterminal-socket* | 175 | blacklist /tmp/.lxterminal-socket* |
| @@ -173,28 +189,6 @@ blacklist ${PATH}/terminix | |||
| 173 | blacklist ${PATH}/urxvtc | 189 | blacklist ${PATH}/urxvtc |
| 174 | blacklist ${PATH}/urxvtcd | 190 | blacklist ${PATH}/urxvtcd |
| 175 | 191 | ||
| 176 | # disable common suid programms | 192 | # kernel files |
| 177 | blacklist ${PATH}/firejail | 193 | blacklist /vmlinuz* |
| 178 | blacklist ${PATH}/sudo | 194 | blacklist /initrd* |
| 179 | blacklist ${PATH}/su | ||
| 180 | blacklist ${PATH}/mount | ||
| 181 | blacklist ${PATH}/umount | ||
| 182 | blacklist ${PATH}/fusermount | ||
| 183 | blacklist ${PATH}/passwd | ||
| 184 | blacklist ${PATH}/gpasswd | ||
| 185 | blacklist ${PATH}/newgidmap | ||
| 186 | blacklist ${PATH}/newgrp | ||
| 187 | blacklist ${PATH}/newuidmap | ||
| 188 | blacklist ${PATH}/pkexec | ||
| 189 | blacklist ${PATH}/sg | ||
| 190 | blacklist ${PATH}/rsh | ||
| 191 | blacklist ${PATH}/rlogin | ||
| 192 | blacklist ${PATH}/rcp | ||
| 193 | blacklist ${PATH}/crontab | ||
| 194 | blacklist ${PATH}/ksu | ||
| 195 | blacklist ${PATH}/chsh | ||
| 196 | blacklist ${PATH}/chfn | ||
| 197 | blacklist ${PATH}/chage | ||
| 198 | blacklist ${PATH}/expiry | ||
| 199 | blacklist ${PATH}/ping | ||
| 200 | blacklist ${PATH}/unix_chkpwd | ||