aboutsummaryrefslogtreecommitdiffstats
path: root/etc/inc
diff options
context:
space:
mode:
authorLibravatar glitsj16 <glitsj16@users.noreply.github.com>2021-05-08 15:27:30 +0000
committerLibravatar GitHub <noreply@github.com>2021-05-08 15:27:30 +0000
commit699a803f174662a8ec62442438bb0807e41d3971 (patch)
treef9b8e2a121e2fc8c4e91005ac97241922bc309ad /etc/inc
parentrevert comment changes from #4257 (#4258) (diff)
downloadfirejail-699a803f174662a8ec62442438bb0807e41d3971.tar.gz
firejail-699a803f174662a8ec62442438bb0807e41d3971.tar.zst
firejail-699a803f174662a8ec62442438bb0807e41d3971.zip
Node.js stack refactoring (#4255)
* Create node.profile * Create node-gyp.profile * refactor npm as redirect * Create npx.profile * Create nvm.profile * Create semver.profile * refactor yarn as redirect * collect node.js stack configuration in common profile * add ~/.nvm to node section * account for node-gyp python dependency * read-only ~/.nvm for node.js stack * blacklist ~/.nvm for node.js stack * move env var comment cfr. profile.template * Delete node-gyp.profile node-gyp is a shell script with a node shebang. We've got that covered via node.profile. * Delete npx.profile npx is a shell script with a node shebang. We've got that covered via node.profile. * Delete semver.profile semver is a shell script that calls node. We've got that covered via node.profile. * add node and nvm to new profiles section
Diffstat (limited to 'etc/inc')
-rw-r--r--etc/inc/allow-common-devel.inc1
-rw-r--r--etc/inc/allow-nodejs.inc4
-rw-r--r--etc/inc/disable-common.inc1
-rw-r--r--etc/inc/disable-programs.inc1
4 files changed, 7 insertions, 0 deletions
diff --git a/etc/inc/allow-common-devel.inc b/etc/inc/allow-common-devel.inc
index 41643657d..babe46571 100644
--- a/etc/inc/allow-common-devel.inc
+++ b/etc/inc/allow-common-devel.inc
@@ -15,6 +15,7 @@ noblacklist ${HOME}/.java
15noblacklist ${HOME}/.node-gyp 15noblacklist ${HOME}/.node-gyp
16noblacklist ${HOME}/.npm 16noblacklist ${HOME}/.npm
17noblacklist ${HOME}/.npmrc 17noblacklist ${HOME}/.npmrc
18noblacklist ${HOME}/.nvm
18noblacklist ${HOME}/.yarn 19noblacklist ${HOME}/.yarn
19noblacklist ${HOME}/.yarn-config 20noblacklist ${HOME}/.yarn-config
20noblacklist ${HOME}/.yarncache 21noblacklist ${HOME}/.yarncache
diff --git a/etc/inc/allow-nodejs.inc b/etc/inc/allow-nodejs.inc
index 78a4bed80..351c94ab8 100644
--- a/etc/inc/allow-nodejs.inc
+++ b/etc/inc/allow-nodejs.inc
@@ -4,3 +4,7 @@ include allow-nodejs.local
4 4
5noblacklist ${PATH}/node 5noblacklist ${PATH}/node
6noblacklist /usr/include/node 6noblacklist /usr/include/node
7
8# Allow python for node-gyp (blacklisted by disable-interpreters.inc)
9include allow-python2.inc
10include allow-python3.inc
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 35f89e11b..a6dbb7403 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -338,6 +338,7 @@ read-only ${HOME}/dotfiles
338read-only ${HOME}/.gem 338read-only ${HOME}/.gem
339read-only ${HOME}/.luarocks 339read-only ${HOME}/.luarocks
340read-only ${HOME}/.npm-packages 340read-only ${HOME}/.npm-packages
341read-only ${HOME}/.nvm
341read-only ${HOME}/bin 342read-only ${HOME}/bin
342read-only ${HOME}/.bin 343read-only ${HOME}/.bin
343read-only ${HOME}/.local/bin 344read-only ${HOME}/.local/bin
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index cbc8ef6d2..90abe1d3e 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -816,6 +816,7 @@ blacklist ${HOME}/.node-gyp
816blacklist ${HOME}/.npm 816blacklist ${HOME}/.npm
817blacklist ${HOME}/.npmrc 817blacklist ${HOME}/.npmrc
818blacklist ${HOME}/.nv 818blacklist ${HOME}/.nv
819blacklist ${HOME}/.nvm
819blacklist ${HOME}/.nylas-mail 820blacklist ${HOME}/.nylas-mail
820blacklist ${HOME}/.openarena 821blacklist ${HOME}/.openarena
821blacklist ${HOME}/.opencity 822blacklist ${HOME}/.opencity
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 06:24:54 +0000