disable-common.inc: move blacklist of /etc/profile.d

To disable-shell.inc.

Interactive shells can be executed from certain development-related
programs (such as IDEs) and the shells themselves are not blocked by
default, but this shell startup directory currently is.  To avoid
running a shell without access to potentially needed startup files, only
blacklist /etc/profile.d when interactive shells are also blocked.

Note that /etc/profile.d should only be of concern to interactive
shells, so a profile that includes both disable-shell.inc and
allow-bin-sh.inc (which likely means that it needs access to only
non-interactive shells) should not be affected by the blacklisting.

Relates to #3411 #5159.

2 files changed, 1 insertions, 1 deletions

diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index d08ba3646..5918ee640 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -261,7 +261,6 @@ blacklist /etc/grub*
 blacklist /etc/kernel*
 blacklist /etc/logrotate*
 blacklist /etc/modules*
-blacklist /etc/profile.d
 blacklist /etc/rc.local
 # rc1.d, rc2.d, ...
 blacklist /etc/rc?.d
diff --git a/etc/inc/disable-shell.inc b/etc/inc/disable-shell.inc
index 8274b0215..6665251a8 100644
--- a/etc/inc/disable-shell.inc
+++ b/etc/inc/disable-shell.inc
@@ -13,3 +13,4 @@ blacklist ${PATH}/sh
 blacklist ${PATH}/tclsh
 blacklist ${PATH}/tcsh
 blacklist ${PATH}/zsh
+blacklist /etc/profile.d