diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2020-12-15 20:06:10 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-15 20:06:10 +0000 |
commit | 95ad89d24e8e75f2f52defbb80d0d4ee0f27d31e (patch) | |
tree | 7be50ac3107bfa62f0227c7c6ff73528de84a422 /etc/profile-m-z | |
parent | Refactor archivers (#3820) (diff) | |
download | firejail-95ad89d24e8e75f2f52defbb80d0d4ee0f27d31e.tar.gz firejail-95ad89d24e8e75f2f52defbb80d0d4ee0f27d31e.tar.zst firejail-95ad89d24e8e75f2f52defbb80d0d4ee0f27d31e.zip |
Refactor archivers ii (#3827)
* harden 7z.profile
* harden atool.profile
* harden bsdtar.profile
* harden cpio.profile
* harden gzip.profile
* harden tar.profile
* harden unrar.profile
* harden unzip.profile
* harden xzdec.profile
* harden zstd.profile
Diffstat (limited to 'etc/profile-m-z')
-rw-r--r-- | etc/profile-m-z/tar.profile | 5 | ||||
-rw-r--r-- | etc/profile-m-z/unrar.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/unzip.profile | 1 | ||||
-rw-r--r-- | etc/profile-m-z/xzdec.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/zstd.profile | 1 |
5 files changed, 3 insertions, 8 deletions
diff --git a/etc/profile-m-z/tar.profile b/etc/profile-m-z/tar.profile index 2ddc82dbb..29fda7e45 100644 --- a/etc/profile-m-z/tar.profile +++ b/etc/profile-m-z/tar.profile | |||
@@ -10,12 +10,13 @@ include globals.local | |||
10 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. | 10 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. |
11 | noblacklist /var/lib/pacman | 11 | noblacklist /var/lib/pacman |
12 | 12 | ||
13 | ignore include disable-shell.inc | 13 | noblacklist ${PATH}/bash |
14 | noblacklist ${PATH}/sh | ||
14 | include archiver-common.inc | 15 | include archiver-common.inc |
15 | 16 | ||
16 | # support compressed archives | 17 | # support compressed archives |
17 | private-bin awk,bash,bzip2,compress,firejail,grep,gtar,gzip,lbzip2,lzip,lzma,lzop,sh,tar,xz | 18 | private-bin awk,bash,bzip2,compress,firejail,grep,gtar,gzip,lbzip2,lzip,lzma,lzop,sh,tar,xz |
18 | private-etc alternatives,group,localtime,login.defs,passwd | 19 | private-etc alternatives,group,localtime,login.defs,passwd |
19 | private-lib libfakeroot | 20 | private-lib libfakeroot,liblzma.so.*,libreadline.so.* |
20 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) | 21 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) |
21 | writable-var | 22 | writable-var |
diff --git a/etc/profile-m-z/unrar.profile b/etc/profile-m-z/unrar.profile index cbf0e8679..9487f8e68 100644 --- a/etc/profile-m-z/unrar.profile +++ b/etc/profile-m-z/unrar.profile | |||
@@ -7,8 +7,6 @@ include unrar.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | ignore nogroups | ||
11 | ignore private-cache | ||
12 | include archiver-common.inc | 10 | include archiver-common.inc |
13 | 11 | ||
14 | private-bin unrar | 12 | private-bin unrar |
diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile index 30ee3ec12..be480923e 100644 --- a/etc/profile-m-z/unzip.profile +++ b/etc/profile-m-z/unzip.profile | |||
@@ -10,7 +10,6 @@ include globals.local | |||
10 | # GNOME Shell integration (chrome-gnome-shell) | 10 | # GNOME Shell integration (chrome-gnome-shell) |
11 | noblacklist ${HOME}/.local/share/gnome-shell | 11 | noblacklist ${HOME}/.local/share/gnome-shell |
12 | 12 | ||
13 | ignore nogroups | ||
14 | noroot | 13 | noroot |
15 | include archiver-common.inc | 14 | include archiver-common.inc |
16 | 15 | ||
diff --git a/etc/profile-m-z/xzdec.profile b/etc/profile-m-z/xzdec.profile index c21fe16cf..082392a08 100644 --- a/etc/profile-m-z/xzdec.profile +++ b/etc/profile-m-z/xzdec.profile | |||
@@ -7,6 +7,4 @@ include xzdec.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | ignore include disable-shell.inc | ||
11 | ignore nogroups | ||
12 | include archiver-common.inc | 10 | include archiver-common.inc |
diff --git a/etc/profile-m-z/zstd.profile b/etc/profile-m-z/zstd.profile index 5ae38e633..42749ba6d 100644 --- a/etc/profile-m-z/zstd.profile +++ b/etc/profile-m-z/zstd.profile | |||
@@ -7,5 +7,4 @@ include zstd.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | ignore include disable-shell.inc | ||
11 | include archiver-common.inc | 10 | include archiver-common.inc |