clarify that duplicated blacklisting of /proc/config.gz is intentional (#5548)

* add comment on intentional duplication of blacklisted kernel configuration * disable-proc.inc: update the duplication comment * disable-common.inc: add duplication notice for kernel configuration
author: glitsj16 <glitsj16@users.noreply.github.com> 2022-12-21 23:39:42 +0000
committer: GitHub <noreply@github.com> 2022-12-21 23:39:42 +0000
commit: ec44e1d8ca29dd023f20a64eb65a56e7d869af76 (patch)
tree: 93799f4fd787ec55dbb9032c946515ef8af09379 /etc/inc
parent: New profile: ssmtp (#5544) (diff)
download: firejail-ec44e1d8ca29dd023f20a64eb65a56e7d869af76.tar.gz
firejail-ec44e1d8ca29dd023f20a64eb65a56e7d869af76.tar.zst
firejail-ec44e1d8ca29dd023f20a64eb65a56e7d869af76.zip
2 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index fb3c823fc..44e45d416 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -620,7 +620,7 @@ blacklist ${HOME}/mail
 blacklist ${HOME}/postponed
 blacklist ${HOME}/sent
-# kernel configuration
+# kernel configuration - keep this here although it's also in disable-proc.inc
 blacklist /proc/config.gz
 # prevent DNS malware attempting to communicate with the server using regular DNS tools
diff --git a/etc/inc/disable-proc.inc b/etc/inc/disable-proc.inc
index 81a8883f3..7cb1ec2ab 100644
--- a/etc/inc/disable-proc.inc
+++ b/etc/inc/disable-proc.inc
@@ -8,7 +8,7 @@ blacklist /proc/bootconfig
 blacklist /proc/buddyinfo
 blacklist /proc/cgroups
 blacklist /proc/cmdline
-blacklist /proc/config.gz
+blacklist /proc/config.gz # keep this here even though it's also in disable-common.inc
 blacklist /proc/consoles
 #blacklist /proc/cpuinfo
 blacklist /proc/crypto
author	glitsj16 <glitsj16@users.noreply.github.com>	2022-12-21 23:39:42 +0000
committer	GitHub <noreply@github.com>	2022-12-21 23:39:42 +0000
commit	ec44e1d8ca29dd023f20a64eb65a56e7d869af76 (patch)
tree	93799f4fd787ec55dbb9032c946515ef8af09379 /etc/inc
parent	New profile: ssmtp (#5544) (diff)
download	firejail-ec44e1d8ca29dd023f20a64eb65a56e7d869af76.tar.gz firejail-ec44e1d8ca29dd023f20a64eb65a56e7d869af76.tar.zst firejail-ec44e1d8ca29dd023f20a64eb65a56e7d869af76.zip

diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index fb3c823fc..44e45d416 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc
@@ -620,7 +620,7 @@ blacklist ${HOME}/mail
620	blacklist ${HOME}/postponed	620	blacklist ${HOME}/postponed
621	blacklist ${HOME}/sent	621	blacklist ${HOME}/sent
622		622
623	# kernel configuration	623	# kernel configuration - keep this here although it's also in disable-proc.inc
624	blacklist /proc/config.gz	624	blacklist /proc/config.gz
625		625
626	# prevent DNS malware attempting to communicate with the server using regular DNS tools	626	# prevent DNS malware attempting to communicate with the server using regular DNS tools


diff --git a/etc/inc/disable-proc.inc b/etc/inc/disable-proc.inc index 81a8883f3..7cb1ec2ab 100644 --- a/etc/inc/disable-proc.inc +++ b/etc/inc/disable-proc.inc
@@ -8,7 +8,7 @@ blacklist /proc/bootconfig
8	blacklist /proc/buddyinfo	8	blacklist /proc/buddyinfo
9	blacklist /proc/cgroups	9	blacklist /proc/cgroups
10	blacklist /proc/cmdline	10	blacklist /proc/cmdline
11	blacklist /proc/config.gz	11	blacklist /proc/config.gz # keep this here even though it's also in disable-common.inc
12	blacklist /proc/consoles	12	blacklist /proc/consoles
13	#blacklist /proc/cpuinfo	13	#blacklist /proc/cpuinfo
14	blacklist /proc/crypto	14	blacklist /proc/crypto