diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-09-08 23:21:07 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-09-08 23:21:07 +0200 |
commit | d452e45a9196aa2f4d34706fcfb7907707a19ff9 (patch) | |
tree | 1bc43ac88064e688a32e580a8e4512837f685733 /etc/profile-m-z | |
parent | Fix #4509 -- Nextcloud profile broken - needs 3D and system tray access (diff) | |
download | firejail-d452e45a9196aa2f4d34706fcfb7907707a19ff9.tar.gz firejail-d452e45a9196aa2f4d34706fcfb7907707a19ff9.tar.zst firejail-d452e45a9196aa2f4d34706fcfb7907707a19ff9.zip |
Add profiles for build-systems (/package-managers)
Profiles: bunler, cargo (refactor), cmake (untested), make, meson, pip
All redirect to build-systems-common.profile
Other fixes:
- blacklist ${HOME}/.bundle
- blacklist ${HOME}/.cargo/* -> blacklist ${HOME}/.cargo
- blacklist /usr/lib64/ruby
Diffstat (limited to 'etc/profile-m-z')
-rw-r--r-- | etc/profile-m-z/make.profile | 13 | ||||
-rw-r--r-- | etc/profile-m-z/meson.profile | 16 | ||||
-rw-r--r-- | etc/profile-m-z/pip.profile | 20 |
3 files changed, 49 insertions, 0 deletions
diff --git a/etc/profile-m-z/make.profile b/etc/profile-m-z/make.profile new file mode 100644 index 000000000..7e9638fe4 --- /dev/null +++ b/etc/profile-m-z/make.profile | |||
@@ -0,0 +1,13 @@ | |||
1 | # Firejail profile for make | ||
2 | # Description: GNU make utility to maintain groups of programs | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include make.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | memory-deny-write-execute | ||
11 | |||
12 | # Redirect | ||
13 | include build-systems-common.profile | ||
diff --git a/etc/profile-m-z/meson.profile b/etc/profile-m-z/meson.profile new file mode 100644 index 000000000..43109e771 --- /dev/null +++ b/etc/profile-m-z/meson.profile | |||
@@ -0,0 +1,16 @@ | |||
1 | # Firejail profile for meson | ||
2 | # Description: A high productivity build system | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include meson.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | # Allow python3 (blacklisted by disable-interpreters.inc) | ||
11 | include allow-python3.inc | ||
12 | |||
13 | private-bin meson,python3* | ||
14 | |||
15 | # Redirect | ||
16 | include build-systems-common.profile | ||
diff --git a/etc/profile-m-z/pip.profile b/etc/profile-m-z/pip.profile new file mode 100644 index 000000000..54d95e335 --- /dev/null +++ b/etc/profile-m-z/pip.profile | |||
@@ -0,0 +1,20 @@ | |||
1 | # Firejail profile for pip | ||
2 | # Description: package manager for Python packages | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include meson.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | ignore read-only ${HOME}/.local/lib | ||
11 | |||
12 | # Allow python3 (blacklisted by disable-interpreters.inc) | ||
13 | include allow-python3.inc | ||
14 | |||
15 | whitelist ${HOME}/.local/lib/python* | ||
16 | |||
17 | private-bin pip,pip[0-9].[0-9],pip[0-9].[0-9],python3* | ||
18 | |||
19 | # Redirect | ||
20 | include build-systems-common.profile | ||