diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-08-11 05:26:05 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-09-08 04:57:37 -0300 |
commit | c6d33375cc34e4e5e527ab43c219adfbc8848c62 (patch) | |
tree | 0ccf4359f9b8ab8a5c4e37bd042fbf19314f12a8 /etc/profile-m-z/server.profile | |
parent | profiles: fix some comments (diff) | |
download | firejail-c6d33375cc34e4e5e527ab43c219adfbc8848c62.tar.gz firejail-c6d33375cc34e4e5e527ab43c219adfbc8848c62.tar.zst firejail-c6d33375cc34e4e5e527ab43c219adfbc8848c62.zip |
profiles: fix commented code and eol comments
Main changes:
* Remove the space after `#` for commented code lines to distinguish
them from normal comments
* Use `#` instead of `-` for comments at the end of the line so that
commented code lines work after being uncommented
Commands used to search and replace:
arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
git ls-files -z -- etc/inc etc/profile* | xargs -0 -I '{}' \
sh -c "printf '%s\n' \"\$(sed -E \
-e 's/^# ($arg0)( [#-]-? .*)?\$/#\\1\\2/' \
-e 's/^# ($arg1)( [^ ]*)?( [#-]-? .*)?\$/#\\1\\2\\3/' \
-e 's/^# (whitelist \\$)/#\\1/' \
-e 's/^(#[^ ].+) --? /\\1 # /' \
'{}')\" >'{}'"
Commands used to check for leftover entries:
arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list |
LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')"
git grep -E "^# ($arg0|$arg1)( +|$)" -- etc/inc etc/profile*
See also commit 30f9ad908 ("build: improve comments in firecfg.config",
2023-08-05) / PR #5942.
Diffstat (limited to 'etc/profile-m-z/server.profile')
-rw-r--r-- | etc/profile-m-z/server.profile | 50 |
1 files changed, 25 insertions, 25 deletions
diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile index 667f9c557..74587c992 100644 --- a/etc/profile-m-z/server.profile +++ b/etc/profile-m-z/server.profile | |||
@@ -34,36 +34,36 @@ include globals.local | |||
34 | noblacklist /sbin | 34 | noblacklist /sbin |
35 | noblacklist /usr/sbin | 35 | noblacklist /usr/sbin |
36 | noblacklist /etc/init.d | 36 | noblacklist /etc/init.d |
37 | # noblacklist /var/opt | 37 | #noblacklist /var/opt |
38 | 38 | ||
39 | blacklist /tmp/.X11-unix | 39 | blacklist /tmp/.X11-unix |
40 | blacklist ${RUNUSER}/wayland-* | 40 | blacklist ${RUNUSER}/wayland-* |
41 | 41 | ||
42 | include disable-common.inc | 42 | include disable-common.inc |
43 | # include disable-devel.inc | 43 | #include disable-devel.inc |
44 | # include disable-exec.inc | 44 | #include disable-exec.inc |
45 | # include disable-interpreters.inc | 45 | #include disable-interpreters.inc |
46 | include disable-programs.inc | 46 | include disable-programs.inc |
47 | include disable-write-mnt.inc | 47 | include disable-write-mnt.inc |
48 | include disable-xdg.inc | 48 | include disable-xdg.inc |
49 | 49 | ||
50 | # include whitelist-runuser-common.inc | 50 | #include whitelist-runuser-common.inc |
51 | # include whitelist-usr-share-common.inc | 51 | #include whitelist-usr-share-common.inc |
52 | # include whitelist-var-common.inc | 52 | #include whitelist-var-common.inc |
53 | 53 | ||
54 | # people use to install servers all over the place! | 54 | # people use to install servers all over the place! |
55 | # apparmor runs executable only from default system locations | 55 | # apparmor runs executable only from default system locations |
56 | # apparmor | 56 | #apparmor |
57 | caps | 57 | caps |
58 | # ipc-namespace | 58 | #ipc-namespace |
59 | machine-id | 59 | machine-id |
60 | # netfilter /etc/firejail/webserver.net | 60 | #netfilter /etc/firejail/webserver.net |
61 | no3d | 61 | no3d |
62 | nodvd | 62 | nodvd |
63 | # nogroups | 63 | #nogroups |
64 | noinput | 64 | noinput |
65 | nonewprivs | 65 | nonewprivs |
66 | # noroot | 66 | #noroot |
67 | nosound | 67 | nosound |
68 | notv | 68 | notv |
69 | nou2f | 69 | nou2f |
@@ -74,22 +74,22 @@ tab # allow tab completion | |||
74 | 74 | ||
75 | disable-mnt | 75 | disable-mnt |
76 | private | 76 | private |
77 | # private-bin program | 77 | #private-bin program |
78 | # private-cache | 78 | #private-cache |
79 | private-dev | 79 | private-dev |
80 | # see /usr/share/doc/firejail/profile.template for more common private-etc paths. | 80 | # see /usr/share/doc/firejail/profile.template for more common private-etc paths. |
81 | # private-etc alternatives | 81 | #private-etc alternatives |
82 | # private-lib | 82 | #private-lib |
83 | # private-opt none | 83 | #private-opt none |
84 | private-tmp | 84 | private-tmp |
85 | # writable-run-user | 85 | #writable-run-user |
86 | # writable-var | 86 | #writable-var |
87 | # writable-var-log | 87 | #writable-var-log |
88 | 88 | ||
89 | dbus-user none | 89 | dbus-user none |
90 | # dbus-system none | 90 | #dbus-system none |
91 | 91 | ||
92 | # deterministic-shutdown | 92 | #deterministic-shutdown |
93 | # memory-deny-write-execute | 93 | #memory-deny-write-execute |
94 | # read-only ${HOME} | 94 | #read-only ${HOME} |
95 | # restrict-namespaces | 95 | #restrict-namespaces |