diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-09-11 14:38:18 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-09-11 14:38:18 +0200 |
commit | 2712dd7274a59727b3118982044c7c9426099232 (patch) | |
tree | ae7382f9382158f2f86a7831c34c4adc255915f2 /etc/profile-a-l | |
parent | Add profiles for build-systems (/package-managers) (diff) | |
download | firejail-2712dd7274a59727b3118982044c7c9426099232.tar.gz firejail-2712dd7274a59727b3118982044c7c9426099232.tar.zst firejail-2712dd7274a59727b3118982044c7c9426099232.zip |
build-systems-common: Make whitelist opt-in
Diffstat (limited to 'etc/profile-a-l')
-rw-r--r-- | etc/profile-a-l/build-systems-common.profile | 5 | ||||
-rw-r--r-- | etc/profile-a-l/bundle.profile | 5 | ||||
-rw-r--r-- | etc/profile-a-l/cargo.profile | 5 |
3 files changed, 8 insertions, 7 deletions
diff --git a/etc/profile-a-l/build-systems-common.profile b/etc/profile-a-l/build-systems-common.profile index 159593eb7..1b199d612 100644 --- a/etc/profile-a-l/build-systems-common.profile +++ b/etc/profile-a-l/build-systems-common.profile | |||
@@ -28,9 +28,10 @@ include disable-shell.inc | |||
28 | include disable-X11.inc | 28 | include disable-X11.inc |
29 | include disable-xdg.inc | 29 | include disable-xdg.inc |
30 | 30 | ||
31 | whitelist ${HOME}/Projects | 31 | #whitelist ${HOME}/Projects |
32 | #include whitelist-common.inc | ||
33 | |||
32 | whitelist /usr/share/pkgconfig | 34 | whitelist /usr/share/pkgconfig |
33 | include whitelist-common.inc | ||
34 | include whitelist-run-common.inc | 35 | include whitelist-run-common.inc |
35 | include whitelist-usr-share-common.inc | 36 | include whitelist-usr-share-common.inc |
36 | include whitelist-var-common.inc | 37 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/bundle.profile b/etc/profile-a-l/bundle.profile index 269bfd130..a3a3e3cde 100644 --- a/etc/profile-a-l/bundle.profile +++ b/etc/profile-a-l/bundle.profile | |||
@@ -12,8 +12,9 @@ noblacklist ${HOME}/.bundle | |||
12 | # Allow ruby (blacklisted by disable-interpreters.inc) | 12 | # Allow ruby (blacklisted by disable-interpreters.inc) |
13 | include allow-ruby.inc | 13 | include allow-ruby.inc |
14 | 14 | ||
15 | mkdir ${HOME}/.bundle | 15 | #whitelist ${HOME}/.bundle |
16 | whitelist ${HOME}/.bundle | 16 | #whitelist ${HOME}/.gem |
17 | #whitelist ${HOME}/.local/share/gem | ||
17 | whitelist /usr/share/gems | 18 | whitelist /usr/share/gems |
18 | whitelist /usr/share/ruby | 19 | whitelist /usr/share/ruby |
19 | whitelist /usr/share/rubygems | 20 | whitelist /usr/share/rubygems |
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile index af188e7f9..4c8afd895 100644 --- a/etc/profile-a-l/cargo.profile +++ b/etc/profile-a-l/cargo.profile | |||
@@ -12,9 +12,8 @@ ignore read-only ${HOME}/.cargo/bin | |||
12 | noblacklist ${HOME}/.cargo/credentials | 12 | noblacklist ${HOME}/.cargo/credentials |
13 | noblacklist ${HOME}/.cargo/credentials.toml | 13 | noblacklist ${HOME}/.cargo/credentials.toml |
14 | 14 | ||
15 | mkdir ${HOME}/.cargo | 15 | #whitelist ${HOME}/.cargo |
16 | whitelist ${HOME}/.cargo | 16 | #whitelist ${HOME}/.rustup |
17 | whitelist ${HOME}/.rustup | ||
18 | 17 | ||
19 | #private-bin cargo,rustc | 18 | #private-bin cargo,rustc |
20 | private-etc alternatives,ca-certificates,crypto-policies,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,magic,magic.mgc,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl | 19 | private-etc alternatives,ca-certificates,crypto-policies,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,magic,magic.mgc,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl |