diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-01-09 21:41:43 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-01-27 18:18:38 -0300 |
commit | 83ac0239722f85ffed15e3b6b6088bfff547ac1b (patch) | |
tree | bab7befdd0200dac19366bdb3fcf290487e1c761 /etc/profile-m-z/ssh.profile | |
parent | git-cola.profile: add missing python template comment (diff) | |
download | firejail-83ac0239722f85ffed15e3b6b6088bfff547ac1b.tar.gz firejail-83ac0239722f85ffed15e3b6b6088bfff547ac1b.tar.zst firejail-83ac0239722f85ffed15e3b6b6088bfff547ac1b.zip |
etc: add allow-ssh.inc
And move the scattered `noblacklist ${HOME}/.ssh` entries into it.
Command used to find the relevant files:
$ grep -Fnr 'noblacklist ${HOME}/.ssh' etc
Also, add it to profile.template, as reminded by @rusty-snake at
https://github.com/netblue30/firejail/pull/3885#pullrequestreview-567527031
Diffstat (limited to 'etc/profile-m-z/ssh.profile')
-rw-r--r-- | etc/profile-m-z/ssh.profile | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index e3e2b4541..efdf63976 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile | |||
@@ -9,11 +9,13 @@ include globals.local | |||
9 | 9 | ||
10 | noblacklist /etc/ssh | 10 | noblacklist /etc/ssh |
11 | noblacklist /tmp/ssh-* | 11 | noblacklist /tmp/ssh-* |
12 | noblacklist ${HOME}/.ssh | ||
13 | # nc can be used as ProxyCommand, e.g. when using tor | 12 | # nc can be used as ProxyCommand, e.g. when using tor |
14 | noblacklist ${PATH}/nc | 13 | noblacklist ${PATH}/nc |
15 | noblacklist ${PATH}/ncat | 14 | noblacklist ${PATH}/ncat |
16 | 15 | ||
16 | # Allow ssh (blacklisted by disable-common.inc) | ||
17 | include allow-ssh.inc | ||
18 | |||
17 | include disable-common.inc | 19 | include disable-common.inc |
18 | include disable-exec.inc | 20 | include disable-exec.inc |
19 | include disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |