diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2021-11-10 10:24:15 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-11-10 10:24:15 +0000 |
commit | 437043c9ddb812d6c4c31b9d373443ec003f7dc4 (patch) | |
tree | 924da6ab7bbe4fb3dd18454461dd15116a6e9dcc /etc/inc/allow-ssh.inc | |
parent | disable-common.inc: fix ssh (diff) | |
download | firejail-437043c9ddb812d6c4c31b9d373443ec003f7dc4.tar.gz firejail-437043c9ddb812d6c4c31b9d373443ec003f7dc4.tar.zst firejail-437043c9ddb812d6c4c31b9d373443ec003f7dc4.zip |
fixes for ssh
After seeing https://github.com/netblue30/firejail/commit/9a81078ddbbb4215d06f7d1861481ece05ebda99 it dawned on me that Arch Linux doesn't have /usr/lib/openssh, but uses /usr/lib/ssh instead. That's a different path than what's referenced in our current {allow-ssh,disable-common}.inc files. Some very superficial checks revealed that OpenSSH seems to be packaged quite differently, at least on Debian/Ubuntu and Arch Linux. And then there's version differences on non-rolling distro's to consider. All in all IMO it makes more sense to (no)blacklist /usr/lib/openssh and /usr/lib/ssh instead of referencing all the possible individual files that live under those paths.
Diffstat (limited to 'etc/inc/allow-ssh.inc')
-rw-r--r-- | etc/inc/allow-ssh.inc | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/inc/allow-ssh.inc b/etc/inc/allow-ssh.inc index a78798a18..8995e5a74 100644 --- a/etc/inc/allow-ssh.inc +++ b/etc/inc/allow-ssh.inc | |||
@@ -5,6 +5,9 @@ include allow-ssh.local | |||
5 | noblacklist ${HOME}/.ssh | 5 | noblacklist ${HOME}/.ssh |
6 | noblacklist /etc/ssh | 6 | noblacklist /etc/ssh |
7 | noblacklist /etc/ssh/ssh_config | 7 | noblacklist /etc/ssh/ssh_config |
8 | noblacklist /tmp/ssh-* | ||
9 | noblacklist ${PATH}/ssh | 8 | noblacklist ${PATH}/ssh |
10 | noblacklist /usr/lib/openssh/ssh-keysign | 9 | noblacklist /tmp/ssh-* |
10 | # Debian/Ubuntu and derivatives | ||
11 | noblacklist /usr/lib/openssh | ||
12 | # Arch Linux and derivatives | ||
13 | noblacklist /usr/lib/ssh | ||