add disable-exec.inc to all profiles with apparmor (#2576)

* add disable-exec.inc to all profiles with apparmor - #2385 #2505 * drop disable-exec.inc from generic electron.profile
author: smitsohu <smitsohu@gmail.com> 2019-03-12 20:44:51 +0000
committer: GitHub <noreply@github.com> 2019-03-12 20:44:51 +0000
commit: aa2bdffc4b4d0437dd710a70546c87b8f882b100 (patch)
tree: e44a8864ec0964a6c72caa7b6297ca90d7e8fd21 /etc/gcloud.profile
parent: Harden meld.profile (#2577) (diff)
download: firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.tar.gz
firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.tar.zst
firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.zip
1 files changed, 4 insertions, 5 deletions
diff --git a/etc/gcloud.profile b/etc/gcloud.profile
index d9df8fd37..a08aebf2c 100644
--- a/etc/gcloud.profile
+++ b/etc/gcloud.profile
@@ -5,12 +5,16 @@ include gcloud.local
 # Persistent global definitions
 include globals.local
+# noexec ${HOME} will break user-local installs of gcloud tooling
+ignore noexec ${HOME}
 noblacklist ${HOME}/.boto
 noblacklist ${HOME}/.config/gcloud
 noblacklist /var/run/docker.sock
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-programs.inc
 apparmor
@@ -34,8 +38,3 @@ disable-mnt
 private-dev
 private-etc alternatives,ca-certificates,ssl,hosts,localtime,nsswitch.conf,resolv.conf,pki,crypto-policies,ld.so.cache
 private-tmp
-noexec /tmp
-# will break user-local installs of gcloud tooling
-# noexec ${HOME}
author	smitsohu <smitsohu@gmail.com>	2019-03-12 20:44:51 +0000
committer	GitHub <noreply@github.com>	2019-03-12 20:44:51 +0000
commit	aa2bdffc4b4d0437dd710a70546c87b8f882b100 (patch)
tree	e44a8864ec0964a6c72caa7b6297ca90d7e8fd21 /etc/gcloud.profile
parent	Harden meld.profile (#2577) (diff)
download	firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.tar.gz firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.tar.zst firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.zip