diff options
| author |  rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-01-15 21:51:20 +0100 |
|---|---|---|
| committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-01-16 07:46:45 +0000 |
| commit | f18124baa4290e658babc6dd0716232e9a474335 (patch) | |
| tree | fe598e1bd6f01c1502b6fabf1a93e8eb764439a3 /etc/inc/allow-bin-sh.inc | |
| parent | add realaltffour (diff) | |
| download | firejail-f18124baa4290e658babc6dd0716232e9a474335.tar.gz firejail-f18124baa4290e658babc6dd0716232e9a474335.tar.zst firejail-f18124baa4290e658babc6dd0716232e9a474335.zip | |
Add new allow include allow-bin-sh.inc
/bin/sh is usually just a symlink to bash. However this is not the case
for every distro, debian for example uses dash. bash,dash and sh have a
blacklist command in disable-shell.inc. An own allow-*.inc for it
enusres usage of all necessary nolacklists.
For private-bin sh is enough because it follows symlinks.
Diffstat (limited to 'etc/inc/allow-bin-sh.inc')
| -rw-r--r-- | etc/inc/allow-bin-sh.inc | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/etc/inc/allow-bin-sh.inc b/etc/inc/allow-bin-sh.inc new file mode 100644 index 000000000..d6c295414 --- /dev/null +++ b/etc/inc/allow-bin-sh.inc | |||
| @@ -0,0 +1,7 @@ | |||
| 1 | # This file is overwritten during software install. | ||
| 2 | # Persistent customizations should go in a .local file. | ||
| 3 | include allow-bin-sh.local | ||
| 4 | |||
| 5 | noblacklist ${PATH}/bash | ||
| 6 | noblacklist ${PATH}/dash | ||
| 7 | noblacklist ${PATH}/sh | ||