diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2021-01-11 17:32:31 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-11 17:32:31 +0000 |
commit | 37452ef1a71473b87431c3c708d3b31ca1b7a25f (patch) | |
tree | cbd95f66f264c2c049052f4434757db9ebf99c1e /etc/inc | |
parent | fix ordering in ssh.profile (#3882) (diff) | |
download | firejail-37452ef1a71473b87431c3c708d3b31ca1b7a25f.tar.gz firejail-37452ef1a71473b87431c3c708d3b31ca1b7a25f.tar.zst firejail-37452ef1a71473b87431c3c708d3b31ca1b7a25f.zip |
refactor nodejs applications (npm & yarn) (#3876)
* add yarn & reorder
* add node-gyp & yarn files
* Create nodejs-common.profile
* Create yarn.profile
* refactor npm.profile
* add new profile: yarn
* read-only's for npm/yarn
Thanks to the [suggestion](https://github.com/netblue30/firejail/pull/3876#pullrequestreview-564682989) from @kmk3.
* ignore read-only's for npm
As [suggested](https://github.com/netblue30/firejail/pull/3876#pullrequestreview-564682989) by @kmk3.
* ignore read-only for yarn
As suggested in https://github.com/netblue30/firejail/pull/3876#pullrequestreview-564682989 by @kmk3.
* remove quiet from nodejs-common.profile
quiet should go into the caller profiles instead
* add quiet to npm.profile
Thanks @rusty-snake for the review.
* re-ordering some options
* re-ordering
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/allow-common-devel.inc | 13 | ||||
-rw-r--r-- | etc/inc/disable-common.inc | 2 | ||||
-rw-r--r-- | etc/inc/disable-programs.inc | 5 |
3 files changed, 16 insertions, 4 deletions
diff --git a/etc/inc/allow-common-devel.inc b/etc/inc/allow-common-devel.inc index 68e91a09b..41643657d 100644 --- a/etc/inc/allow-common-devel.inc +++ b/etc/inc/allow-common-devel.inc | |||
@@ -11,6 +11,15 @@ noblacklist ${HOME}/.git-credentials | |||
11 | noblacklist ${HOME}/.gradle | 11 | noblacklist ${HOME}/.gradle |
12 | noblacklist ${HOME}/.java | 12 | noblacklist ${HOME}/.java |
13 | 13 | ||
14 | # Node.js | ||
15 | noblacklist ${HOME}/.node-gyp | ||
16 | noblacklist ${HOME}/.npm | ||
17 | noblacklist ${HOME}/.npmrc | ||
18 | noblacklist ${HOME}/.yarn | ||
19 | noblacklist ${HOME}/.yarn-config | ||
20 | noblacklist ${HOME}/.yarncache | ||
21 | noblacklist ${HOME}/.yarnrc | ||
22 | |||
14 | # Python | 23 | # Python |
15 | noblacklist ${HOME}/.pylint.d | 24 | noblacklist ${HOME}/.pylint.d |
16 | noblacklist ${HOME}/.python-history | 25 | noblacklist ${HOME}/.python-history |
@@ -25,7 +34,3 @@ noblacklist ${HOME}/.cargo/registry | |||
25 | noblacklist ${HOME}/.cargo/.crates.toml | 34 | noblacklist ${HOME}/.cargo/.crates.toml |
26 | noblacklist ${HOME}/.cargo/.crates2.json | 35 | noblacklist ${HOME}/.cargo/.crates2.json |
27 | noblacklist ${HOME}/.cargo/.package-cache | 36 | noblacklist ${HOME}/.cargo/.package-cache |
28 | |||
29 | # npm | ||
30 | noblacklist ${HOME}/.npm | ||
31 | noblacklist ${HOME}/.npmrc | ||
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index d88506d90..0de539d57 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -310,6 +310,7 @@ read-only ${HOME}/.msmtprc | |||
310 | read-only ${HOME}/.mutt/muttrc | 310 | read-only ${HOME}/.mutt/muttrc |
311 | read-only ${HOME}/.muttrc | 311 | read-only ${HOME}/.muttrc |
312 | read-only ${HOME}/.nano | 312 | read-only ${HOME}/.nano |
313 | read-only ${HOME}/.npmrc | ||
313 | read-only ${HOME}/.pythonrc.py | 314 | read-only ${HOME}/.pythonrc.py |
314 | read-only ${HOME}/.reportbugrc | 315 | read-only ${HOME}/.reportbugrc |
315 | read-only ${HOME}/.tmux.conf | 316 | read-only ${HOME}/.tmux.conf |
@@ -318,6 +319,7 @@ read-only ${HOME}/.viminfo | |||
318 | read-only ${HOME}/.vimrc | 319 | read-only ${HOME}/.vimrc |
319 | read-only ${HOME}/.xmonad | 320 | read-only ${HOME}/.xmonad |
320 | read-only ${HOME}/.xscreensaver | 321 | read-only ${HOME}/.xscreensaver |
322 | read-only ${HOME}/.yarnrc | ||
321 | read-only ${HOME}/_exrc | 323 | read-only ${HOME}/_exrc |
322 | read-only ${HOME}/_gvimrc | 324 | read-only ${HOME}/_gvimrc |
323 | read-only ${HOME}/_vimrc | 325 | read-only ${HOME}/_vimrc |
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index f5bce4ba4..74cbfbcbe 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -761,6 +761,7 @@ blacklist ${HOME}/.neverball | |||
761 | blacklist ${HOME}/.newsbeuter | 761 | blacklist ${HOME}/.newsbeuter |
762 | blacklist ${HOME}/.newsboat | 762 | blacklist ${HOME}/.newsboat |
763 | blacklist ${HOME}/.nicotine | 763 | blacklist ${HOME}/.nicotine |
764 | blacklist ${HOME}/.node-gyp | ||
764 | blacklist ${HOME}/.npm | 765 | blacklist ${HOME}/.npm |
765 | blacklist ${HOME}/.npmrc | 766 | blacklist ${HOME}/.npmrc |
766 | blacklist ${HOME}/.nv | 767 | blacklist ${HOME}/.nv |
@@ -849,6 +850,10 @@ blacklist ${HOME}/.xmr-stak | |||
849 | blacklist ${HOME}/.xonotic | 850 | blacklist ${HOME}/.xonotic |
850 | blacklist ${HOME}/.xournalpp | 851 | blacklist ${HOME}/.xournalpp |
851 | blacklist ${HOME}/.xpdfrc | 852 | blacklist ${HOME}/.xpdfrc |
853 | blacklist ${HOME}/.yarn | ||
854 | blacklist ${HOME}/.yarn-config | ||
855 | blacklist ${HOME}/.yarncache | ||
856 | blacklist ${HOME}/.yarnrc | ||
852 | blacklist ${HOME}/.zoom | 857 | blacklist ${HOME}/.zoom |
853 | blacklist /tmp/akonadi-* | 858 | blacklist /tmp/akonadi-* |
854 | blacklist /tmp/ssh-* | 859 | blacklist /tmp/ssh-* |