diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2019-06-20 20:59:39 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-06-20 20:59:39 +0000 |
commit | 7dfd850505c9d99f3e7b95b29f99bb68bd4459ea (patch) | |
tree | 2bca781d4090a53651ba809d69d596a98f43442e /etc/makepkg.profile | |
parent | Merge pull request #2771 from smitsohu/homedir2 (diff) | |
download | firejail-7dfd850505c9d99f3e7b95b29f99bb68bd4459ea.tar.gz firejail-7dfd850505c9d99f3e7b95b29f99bb68bd4459ea.tar.zst firejail-7dfd850505c9d99f3e7b95b29f99bb68bd4459ea.zip |
Arch Linux specific changes (#2788)
* Arch Linux specific addition to gzip.profile
* Arch Linux specifics for tar.profile
* Arch Linux specifics for gzip.profile
* Minor re-ordering and wording edits for makepkg.profile
* Spacing fix for cower.profile
Diffstat (limited to 'etc/makepkg.profile')
-rw-r--r-- | etc/makepkg.profile | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/etc/makepkg.profile b/etc/makepkg.profile index 55bea9c5e..0120fc2cd 100644 --- a/etc/makepkg.profile +++ b/etc/makepkg.profile | |||
@@ -1,5 +1,10 @@ | |||
1 | # Firejail profile for makepkg | 1 | # Firejail profile for makepkg |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | ||
4 | # Persistent local customizations | ||
5 | include makepkg.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
3 | 8 | ||
4 | # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 | 9 | # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 |
5 | # for potential issues and their solutions when Firejailing makepkg | 10 | # for potential issues and their solutions when Firejailing makepkg |
@@ -8,13 +13,6 @@ | |||
8 | # whitelist ${HOME}/<Your Build Folder> | 13 | # whitelist ${HOME}/<Your Build Folder> |
9 | # whitelist ${HOME}/.gnupg | 14 | # whitelist ${HOME}/.gnupg |
10 | 15 | ||
11 | quiet | ||
12 | # Persistent local customizations | ||
13 | include makepkg.local | ||
14 | # Persistent global definitions | ||
15 | include globals.local | ||
16 | |||
17 | |||
18 | # Enable severely restricted access to ${HOME}/.gnupg | 16 | # Enable severely restricted access to ${HOME}/.gnupg |
19 | noblacklist ${HOME}/.gnupg | 17 | noblacklist ${HOME}/.gnupg |
20 | read-only ${HOME}/.gnupg/gpg.conf | 18 | read-only ${HOME}/.gnupg/gpg.conf |
@@ -26,8 +24,7 @@ blacklist ${HOME}/.gnupg/private-keys-v1.d | |||
26 | blacklist ${HOME}/.gnupg/crls.d | 24 | blacklist ${HOME}/.gnupg/crls.d |
27 | blacklist ${HOME}/.gnupg/openpgp-revocs.d | 25 | blacklist ${HOME}/.gnupg/openpgp-revocs.d |
28 | 26 | ||
29 | 27 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. | |
30 | # Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} | ||
31 | noblacklist /var/lib/pacman | 28 | noblacklist /var/lib/pacman |
32 | 29 | ||
33 | include disable-common.inc | 30 | include disable-common.inc |