diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-01-09 21:41:43 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-01-27 18:18:38 -0300 |
commit | 83ac0239722f85ffed15e3b6b6088bfff547ac1b (patch) | |
tree | bab7befdd0200dac19366bdb3fcf290487e1c761 /etc/profile-a-l | |
parent | git-cola.profile: add missing python template comment (diff) | |
download | firejail-83ac0239722f85ffed15e3b6b6088bfff547ac1b.tar.gz firejail-83ac0239722f85ffed15e3b6b6088bfff547ac1b.tar.zst firejail-83ac0239722f85ffed15e3b6b6088bfff547ac1b.zip |
etc: add allow-ssh.inc
And move the scattered `noblacklist ${HOME}/.ssh` entries into it.
Command used to find the relevant files:
$ grep -Fnr 'noblacklist ${HOME}/.ssh' etc
Also, add it to profile.template, as reminded by @rusty-snake at
https://github.com/netblue30/firejail/pull/3885#pullrequestreview-567527031
Diffstat (limited to 'etc/profile-a-l')
-rw-r--r-- | etc/profile-a-l/android-studio.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/aosp.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/clion.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/filezilla.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/git-cola.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/git.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/gitg.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/idea.sh.profile | 4 |
8 files changed, 24 insertions, 8 deletions
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile index 2e4e564dd..2cdd3a90c 100644 --- a/etc/profile-a-l/android-studio.profile +++ b/etc/profile-a-l/android-studio.profile | |||
@@ -10,12 +10,14 @@ noblacklist ${HOME}/.android | |||
10 | noblacklist ${HOME}/.jack-server | 10 | noblacklist ${HOME}/.jack-server |
11 | noblacklist ${HOME}/.jack-settings | 11 | noblacklist ${HOME}/.jack-settings |
12 | noblacklist ${HOME}/.local/share/JetBrains | 12 | noblacklist ${HOME}/.local/share/JetBrains |
13 | noblacklist ${HOME}/.ssh | ||
14 | noblacklist ${HOME}/.tooling | 13 | noblacklist ${HOME}/.tooling |
15 | 14 | ||
16 | # Allows files commonly used by IDEs | 15 | # Allows files commonly used by IDEs |
17 | include allow-common-devel.inc | 16 | include allow-common-devel.inc |
18 | 17 | ||
18 | # Allow ssh (blacklisted by disable-common.inc) | ||
19 | include allow-ssh.inc | ||
20 | |||
19 | include disable-common.inc | 21 | include disable-common.inc |
20 | include disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
21 | include disable-programs.inc | 23 | include disable-programs.inc |
diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile index a5b1ba9f1..e7b09283e 100644 --- a/etc/profile-a-l/aosp.profile +++ b/etc/profile-a-l/aosp.profile | |||
@@ -11,12 +11,14 @@ noblacklist ${HOME}/.jack-server | |||
11 | noblacklist ${HOME}/.jack-settings | 11 | noblacklist ${HOME}/.jack-settings |
12 | noblacklist ${HOME}/.repo_.gitconfig.json | 12 | noblacklist ${HOME}/.repo_.gitconfig.json |
13 | noblacklist ${HOME}/.repoconfig | 13 | noblacklist ${HOME}/.repoconfig |
14 | noblacklist ${HOME}/.ssh | ||
15 | noblacklist ${HOME}/.tooling | 14 | noblacklist ${HOME}/.tooling |
16 | 15 | ||
17 | # Allows files commonly used by IDEs | 16 | # Allows files commonly used by IDEs |
18 | include allow-common-devel.inc | 17 | include allow-common-devel.inc |
19 | 18 | ||
19 | # Allow ssh (blacklisted by disable-common.inc) | ||
20 | include allow-ssh.inc | ||
21 | |||
20 | include disable-common.inc | 22 | include disable-common.inc |
21 | include disable-passwdmgr.inc | 23 | include disable-passwdmgr.inc |
22 | include disable-programs.inc | 24 | include disable-programs.inc |
diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile index b27d93684..09246ccbc 100644 --- a/etc/profile-a-l/clion.profile +++ b/etc/profile-a-l/clion.profile | |||
@@ -11,9 +11,11 @@ noblacklist ${HOME}/.gitconfig | |||
11 | noblacklist ${HOME}/.git-credentials | 11 | noblacklist ${HOME}/.git-credentials |
12 | noblacklist ${HOME}/.java | 12 | noblacklist ${HOME}/.java |
13 | noblacklist ${HOME}/.local/share/JetBrains | 13 | noblacklist ${HOME}/.local/share/JetBrains |
14 | noblacklist ${HOME}/.ssh | ||
15 | noblacklist ${HOME}/.tooling | 14 | noblacklist ${HOME}/.tooling |
16 | 15 | ||
16 | # Allow ssh (blacklisted by disable-common.inc) | ||
17 | include allow-ssh.inc | ||
18 | |||
17 | include disable-common.inc | 19 | include disable-common.inc |
18 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 21 | include disable-programs.inc |
diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile index 43e877fd0..728929638 100644 --- a/etc/profile-a-l/filezilla.profile +++ b/etc/profile-a-l/filezilla.profile | |||
@@ -8,12 +8,14 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.config/filezilla | 9 | noblacklist ${HOME}/.config/filezilla |
10 | noblacklist ${HOME}/.filezilla | 10 | noblacklist ${HOME}/.filezilla |
11 | noblacklist ${HOME}/.ssh | ||
12 | 11 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 12 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 13 | include allow-python2.inc |
15 | include allow-python3.inc | 14 | include allow-python3.inc |
16 | 15 | ||
16 | # Allow ssh (blacklisted by disable-common.inc) | ||
17 | include allow-ssh.inc | ||
18 | |||
17 | include disable-common.inc | 19 | include disable-common.inc |
18 | include disable-devel.inc | 20 | include disable-devel.inc |
19 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile index 84e6fc486..312655b9b 100644 --- a/etc/profile-a-l/git-cola.profile +++ b/etc/profile-a-l/git-cola.profile | |||
@@ -11,7 +11,6 @@ ignore noexec ${HOME} | |||
11 | noblacklist ${HOME}/.gitconfig | 11 | noblacklist ${HOME}/.gitconfig |
12 | noblacklist ${HOME}/.git-credentials | 12 | noblacklist ${HOME}/.git-credentials |
13 | noblacklist ${HOME}/.gnupg | 13 | noblacklist ${HOME}/.gnupg |
14 | noblacklist ${HOME}/.ssh | ||
15 | noblacklist ${HOME}/.subversion | 14 | noblacklist ${HOME}/.subversion |
16 | noblacklist ${HOME}/.config/git | 15 | noblacklist ${HOME}/.config/git |
17 | noblacklist ${HOME}/.config/git-cola | 16 | noblacklist ${HOME}/.config/git-cola |
@@ -22,6 +21,9 @@ noblacklist ${HOME}/.config/git-cola | |||
22 | include allow-python2.inc | 21 | include allow-python2.inc |
23 | include allow-python3.inc | 22 | include allow-python3.inc |
24 | 23 | ||
24 | # Allow ssh (blacklisted by disable-common.inc) | ||
25 | include allow-ssh.inc | ||
26 | |||
25 | include disable-common.inc | 27 | include disable-common.inc |
26 | include disable-devel.inc | 28 | include disable-devel.inc |
27 | include disable-exec.inc | 29 | include disable-exec.inc |
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile index e5a2f3985..aefb2917d 100644 --- a/etc/profile-a-l/git.profile +++ b/etc/profile-a-l/git.profile | |||
@@ -15,10 +15,12 @@ noblacklist ${HOME}/.gitconfig | |||
15 | noblacklist ${HOME}/.git-credentials | 15 | noblacklist ${HOME}/.git-credentials |
16 | noblacklist ${HOME}/.gnupg | 16 | noblacklist ${HOME}/.gnupg |
17 | noblacklist ${HOME}/.nanorc | 17 | noblacklist ${HOME}/.nanorc |
18 | noblacklist ${HOME}/.ssh | ||
19 | noblacklist ${HOME}/.vim | 18 | noblacklist ${HOME}/.vim |
20 | noblacklist ${HOME}/.viminfo | 19 | noblacklist ${HOME}/.viminfo |
21 | 20 | ||
21 | # Allow ssh (blacklisted by disable-common.inc) | ||
22 | include allow-ssh.inc | ||
23 | |||
22 | blacklist /tmp/.X11-unix | 24 | blacklist /tmp/.X11-unix |
23 | blacklist ${RUNUSER}/wayland-* | 25 | blacklist ${RUNUSER}/wayland-* |
24 | 26 | ||
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile index 3d80c1ed2..93b90eb9e 100644 --- a/etc/profile-a-l/gitg.profile +++ b/etc/profile-a-l/gitg.profile | |||
@@ -10,7 +10,9 @@ noblacklist ${HOME}/.config/git | |||
10 | noblacklist ${HOME}/.gitconfig | 10 | noblacklist ${HOME}/.gitconfig |
11 | noblacklist ${HOME}/.git-credentials | 11 | noblacklist ${HOME}/.git-credentials |
12 | noblacklist ${HOME}/.local/share/gitg | 12 | noblacklist ${HOME}/.local/share/gitg |
13 | noblacklist ${HOME}/.ssh | 13 | |
14 | # Allow ssh (blacklisted by disable-common.inc) | ||
15 | include allow-ssh.inc | ||
14 | 16 | ||
15 | include disable-common.inc | 17 | include disable-common.inc |
16 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile index a7d0d531f..0a048a38a 100644 --- a/etc/profile-a-l/idea.sh.profile +++ b/etc/profile-a-l/idea.sh.profile | |||
@@ -10,12 +10,14 @@ noblacklist ${HOME}/.android | |||
10 | noblacklist ${HOME}/.jack-server | 10 | noblacklist ${HOME}/.jack-server |
11 | noblacklist ${HOME}/.jack-settings | 11 | noblacklist ${HOME}/.jack-settings |
12 | noblacklist ${HOME}/.local/share/JetBrains | 12 | noblacklist ${HOME}/.local/share/JetBrains |
13 | noblacklist ${HOME}/.ssh | ||
14 | noblacklist ${HOME}/.tooling | 13 | noblacklist ${HOME}/.tooling |
15 | 14 | ||
16 | # Allows files commonly used by IDEs | 15 | # Allows files commonly used by IDEs |
17 | include allow-common-devel.inc | 16 | include allow-common-devel.inc |
18 | 17 | ||
18 | # Allow ssh (blacklisted by disable-common.inc) | ||
19 | include allow-ssh.inc | ||
20 | |||
19 | include disable-common.inc | 21 | include disable-common.inc |
20 | include disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
21 | include disable-programs.inc | 23 | include disable-programs.inc |