diff options
| author |  Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-01-09 21:41:43 -0300 |
|---|---|---|
| committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-01-27 18:18:38 -0300 |
| commit | 83ac0239722f85ffed15e3b6b6088bfff547ac1b (patch) | |
| tree | bab7befdd0200dac19366bdb3fcf290487e1c761 /etc/profile-m-z/ssh.profile | |
| parent | git-cola.profile: add missing python template comment (diff) | |
| download | firejail-83ac0239722f85ffed15e3b6b6088bfff547ac1b.tar.gz firejail-83ac0239722f85ffed15e3b6b6088bfff547ac1b.tar.zst firejail-83ac0239722f85ffed15e3b6b6088bfff547ac1b.zip | |
etc: add allow-ssh.inc
And move the scattered `noblacklist ${HOME}/.ssh` entries into it.
Command used to find the relevant files:
$ grep -Fnr 'noblacklist ${HOME}/.ssh' etc
Also, add it to profile.template, as reminded by @rusty-snake at
https://github.com/netblue30/firejail/pull/3885#pullrequestreview-567527031
Diffstat (limited to 'etc/profile-m-z/ssh.profile')
| -rw-r--r-- | etc/profile-m-z/ssh.profile | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index e3e2b4541..efdf63976 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile | |||
| @@ -9,11 +9,13 @@ include globals.local | |||
| 9 | 9 | ||
| 10 | noblacklist /etc/ssh | 10 | noblacklist /etc/ssh |
| 11 | noblacklist /tmp/ssh-* | 11 | noblacklist /tmp/ssh-* |
| 12 | noblacklist ${HOME}/.ssh | ||
| 13 | # nc can be used as ProxyCommand, e.g. when using tor | 12 | # nc can be used as ProxyCommand, e.g. when using tor |
| 14 | noblacklist ${PATH}/nc | 13 | noblacklist ${PATH}/nc |
| 15 | noblacklist ${PATH}/ncat | 14 | noblacklist ${PATH}/ncat |
| 16 | 15 | ||
| 16 | # Allow ssh (blacklisted by disable-common.inc) | ||
| 17 | include allow-ssh.inc | ||
| 18 | |||
| 17 | include disable-common.inc | 19 | include disable-common.inc |
| 18 | include disable-exec.inc | 20 | include disable-exec.inc |
| 19 | include disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |