diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2021-05-08 15:27:30 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-08 15:27:30 +0000 |
commit | 699a803f174662a8ec62442438bb0807e41d3971 (patch) | |
tree | f9b8e2a121e2fc8c4e91005ac97241922bc309ad /etc/inc | |
parent | revert comment changes from #4257 (#4258) (diff) | |
download | firejail-699a803f174662a8ec62442438bb0807e41d3971.tar.gz firejail-699a803f174662a8ec62442438bb0807e41d3971.tar.zst firejail-699a803f174662a8ec62442438bb0807e41d3971.zip |
Node.js stack refactoring (#4255)
* Create node.profile
* Create node-gyp.profile
* refactor npm as redirect
* Create npx.profile
* Create nvm.profile
* Create semver.profile
* refactor yarn as redirect
* collect node.js stack configuration in common profile
* add ~/.nvm to node section
* account for node-gyp python dependency
* read-only ~/.nvm for node.js stack
* blacklist ~/.nvm for node.js stack
* move env var comment cfr. profile.template
* Delete node-gyp.profile
node-gyp is a shell script with a node shebang. We've got that covered via node.profile.
* Delete npx.profile
npx is a shell script with a node shebang. We've got that covered via node.profile.
* Delete semver.profile
semver is a shell script that calls node. We've got that covered via node.profile.
* add node and nvm to new profiles section
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/allow-common-devel.inc | 1 | ||||
-rw-r--r-- | etc/inc/allow-nodejs.inc | 4 | ||||
-rw-r--r-- | etc/inc/disable-common.inc | 1 | ||||
-rw-r--r-- | etc/inc/disable-programs.inc | 1 |
4 files changed, 7 insertions, 0 deletions
diff --git a/etc/inc/allow-common-devel.inc b/etc/inc/allow-common-devel.inc index 41643657d..babe46571 100644 --- a/etc/inc/allow-common-devel.inc +++ b/etc/inc/allow-common-devel.inc | |||
@@ -15,6 +15,7 @@ noblacklist ${HOME}/.java | |||
15 | noblacklist ${HOME}/.node-gyp | 15 | noblacklist ${HOME}/.node-gyp |
16 | noblacklist ${HOME}/.npm | 16 | noblacklist ${HOME}/.npm |
17 | noblacklist ${HOME}/.npmrc | 17 | noblacklist ${HOME}/.npmrc |
18 | noblacklist ${HOME}/.nvm | ||
18 | noblacklist ${HOME}/.yarn | 19 | noblacklist ${HOME}/.yarn |
19 | noblacklist ${HOME}/.yarn-config | 20 | noblacklist ${HOME}/.yarn-config |
20 | noblacklist ${HOME}/.yarncache | 21 | noblacklist ${HOME}/.yarncache |
diff --git a/etc/inc/allow-nodejs.inc b/etc/inc/allow-nodejs.inc index 78a4bed80..351c94ab8 100644 --- a/etc/inc/allow-nodejs.inc +++ b/etc/inc/allow-nodejs.inc | |||
@@ -4,3 +4,7 @@ include allow-nodejs.local | |||
4 | 4 | ||
5 | noblacklist ${PATH}/node | 5 | noblacklist ${PATH}/node |
6 | noblacklist /usr/include/node | 6 | noblacklist /usr/include/node |
7 | |||
8 | # Allow python for node-gyp (blacklisted by disable-interpreters.inc) | ||
9 | include allow-python2.inc | ||
10 | include allow-python3.inc | ||
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 35f89e11b..a6dbb7403 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -338,6 +338,7 @@ read-only ${HOME}/dotfiles | |||
338 | read-only ${HOME}/.gem | 338 | read-only ${HOME}/.gem |
339 | read-only ${HOME}/.luarocks | 339 | read-only ${HOME}/.luarocks |
340 | read-only ${HOME}/.npm-packages | 340 | read-only ${HOME}/.npm-packages |
341 | read-only ${HOME}/.nvm | ||
341 | read-only ${HOME}/bin | 342 | read-only ${HOME}/bin |
342 | read-only ${HOME}/.bin | 343 | read-only ${HOME}/.bin |
343 | read-only ${HOME}/.local/bin | 344 | read-only ${HOME}/.local/bin |
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index cbc8ef6d2..90abe1d3e 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -816,6 +816,7 @@ blacklist ${HOME}/.node-gyp | |||
816 | blacklist ${HOME}/.npm | 816 | blacklist ${HOME}/.npm |
817 | blacklist ${HOME}/.npmrc | 817 | blacklist ${HOME}/.npmrc |
818 | blacklist ${HOME}/.nv | 818 | blacklist ${HOME}/.nv |
819 | blacklist ${HOME}/.nvm | ||
819 | blacklist ${HOME}/.nylas-mail | 820 | blacklist ${HOME}/.nylas-mail |
820 | blacklist ${HOME}/.openarena | 821 | blacklist ${HOME}/.openarena |
821 | blacklist ${HOME}/.opencity | 822 | blacklist ${HOME}/.opencity |