diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2021-01-30 00:37:01 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-30 00:37:01 +0000 |
commit | dbd8925fd98036647db04dcf902f5585752c8289 (patch) | |
tree | d337d510897cf1c2dc19f246e68e952d2c765af4 /etc/profile-m-z | |
parent | Fix #3925 -- telegram-desktop launch browser for … (diff) | |
parent | disable-common.inc: add missing openssh paths (diff) | |
download | firejail-dbd8925fd98036647db04dcf902f5585752c8289.tar.gz firejail-dbd8925fd98036647db04dcf902f5585752c8289.tar.zst firejail-dbd8925fd98036647db04dcf902f5585752c8289.zip |
Merge pull request #3885 from kmk3/fix-ssh
ssh: Refactor, fix bugs & harden
Diffstat (limited to 'etc/profile-m-z')
-rw-r--r-- | etc/profile-m-z/meld.profile | 4 | ||||
-rw-r--r-- | etc/profile-m-z/remmina.profile | 4 | ||||
-rw-r--r-- | etc/profile-m-z/seahorse.profile | 5 | ||||
-rw-r--r-- | etc/profile-m-z/ssh-agent.profile | 5 | ||||
-rw-r--r-- | etc/profile-m-z/ssh.profile | 6 | ||||
-rw-r--r-- | etc/profile-m-z/webstorm.profile | 4 | ||||
-rw-r--r-- | etc/profile-m-z/x2goclient.profile | 4 |
7 files changed, 20 insertions, 12 deletions
diff --git a/etc/profile-m-z/meld.profile b/etc/profile-m-z/meld.profile index 1a68cd37d..d76522fce 100644 --- a/etc/profile-m-z/meld.profile +++ b/etc/profile-m-z/meld.profile | |||
@@ -18,7 +18,6 @@ noblacklist ${HOME}/.config/git | |||
18 | noblacklist ${HOME}/.gitconfig | 18 | noblacklist ${HOME}/.gitconfig |
19 | noblacklist ${HOME}/.git-credentials | 19 | noblacklist ${HOME}/.git-credentials |
20 | noblacklist ${HOME}/.local/share/meld | 20 | noblacklist ${HOME}/.local/share/meld |
21 | noblacklist ${HOME}/.ssh | ||
22 | noblacklist ${HOME}/.subversion | 21 | noblacklist ${HOME}/.subversion |
23 | 22 | ||
24 | # Allow python (blacklisted by disable-interpreters.inc) | 23 | # Allow python (blacklisted by disable-interpreters.inc) |
@@ -26,6 +25,9 @@ noblacklist ${HOME}/.subversion | |||
26 | #include allow-python2.inc | 25 | #include allow-python2.inc |
27 | include allow-python3.inc | 26 | include allow-python3.inc |
28 | 27 | ||
28 | # Allow ssh (blacklisted by disable-common.inc) | ||
29 | include allow-ssh.inc | ||
30 | |||
29 | # Uncomment the next line (or put it into your meld.local) if you don't need to compare files in disable-common.inc. | 31 | # Uncomment the next line (or put it into your meld.local) if you don't need to compare files in disable-common.inc. |
30 | #include disable-common.inc | 32 | #include disable-common.inc |
31 | include disable-devel.inc | 33 | include disable-devel.inc |
diff --git a/etc/profile-m-z/remmina.profile b/etc/profile-m-z/remmina.profile index 6311c91df..d4c7bdf31 100644 --- a/etc/profile-m-z/remmina.profile +++ b/etc/profile-m-z/remmina.profile | |||
@@ -9,7 +9,9 @@ include globals.local | |||
9 | noblacklist ${HOME}/.remmina | 9 | noblacklist ${HOME}/.remmina |
10 | noblacklist ${HOME}/.config/remmina | 10 | noblacklist ${HOME}/.config/remmina |
11 | noblacklist ${HOME}/.local/share/remmina | 11 | noblacklist ${HOME}/.local/share/remmina |
12 | noblacklist ${HOME}/.ssh | 12 | |
13 | # Allow ssh (blacklisted by disable-common.inc) | ||
14 | include allow-ssh.inc | ||
13 | 15 | ||
14 | include disable-common.inc | 16 | include disable-common.inc |
15 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile index 8bb1f53a7..065409e78 100644 --- a/etc/profile-m-z/seahorse.profile +++ b/etc/profile-m-z/seahorse.profile | |||
@@ -9,8 +9,9 @@ include globals.local | |||
9 | blacklist /tmp/.X11-unix | 9 | blacklist /tmp/.X11-unix |
10 | 10 | ||
11 | noblacklist ${HOME}/.gnupg | 11 | noblacklist ${HOME}/.gnupg |
12 | noblacklist ${HOME}/.ssh | 12 | |
13 | noblacklist /tmp/ssh-* | 13 | # Allow ssh (blacklisted by disable-common.inc) |
14 | include allow-ssh.inc | ||
14 | 15 | ||
15 | include disable-common.inc | 16 | include disable-common.inc |
16 | include disable-devel.inc | 17 | include disable-devel.inc |
diff --git a/etc/profile-m-z/ssh-agent.profile b/etc/profile-m-z/ssh-agent.profile index 01b63d3ce..5802299a3 100644 --- a/etc/profile-m-z/ssh-agent.profile +++ b/etc/profile-m-z/ssh-agent.profile | |||
@@ -6,9 +6,8 @@ include ssh-agent.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist /etc/ssh | 9 | # Allow ssh (blacklisted by disable-common.inc) |
10 | noblacklist /tmp/ssh-* | 10 | include allow-ssh.inc |
11 | noblacklist ${HOME}/.ssh | ||
12 | 11 | ||
13 | blacklist /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
14 | blacklist ${RUNUSER}/wayland-* | 13 | blacklist ${RUNUSER}/wayland-* |
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile index e3e2b4541..641c3a79d 100644 --- a/etc/profile-m-z/ssh.profile +++ b/etc/profile-m-z/ssh.profile | |||
@@ -7,13 +7,13 @@ include ssh.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | noblacklist /etc/ssh | ||
11 | noblacklist /tmp/ssh-* | ||
12 | noblacklist ${HOME}/.ssh | ||
13 | # nc can be used as ProxyCommand, e.g. when using tor | 10 | # nc can be used as ProxyCommand, e.g. when using tor |
14 | noblacklist ${PATH}/nc | 11 | noblacklist ${PATH}/nc |
15 | noblacklist ${PATH}/ncat | 12 | noblacklist ${PATH}/ncat |
16 | 13 | ||
14 | # Allow ssh (blacklisted by disable-common.inc) | ||
15 | include allow-ssh.inc | ||
16 | |||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-exec.inc | 18 | include disable-exec.inc |
19 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
diff --git a/etc/profile-m-z/webstorm.profile b/etc/profile-m-z/webstorm.profile index fc4e8e571..a4adf2896 100644 --- a/etc/profile-m-z/webstorm.profile +++ b/etc/profile-m-z/webstorm.profile | |||
@@ -8,12 +8,14 @@ include globals.local | |||
8 | noblacklist ${HOME}/.WebStorm* | 8 | noblacklist ${HOME}/.WebStorm* |
9 | noblacklist ${HOME}/.android | 9 | noblacklist ${HOME}/.android |
10 | noblacklist ${HOME}/.local/share/JetBrains | 10 | noblacklist ${HOME}/.local/share/JetBrains |
11 | noblacklist ${HOME}/.ssh | ||
12 | noblacklist ${HOME}/.tooling | 11 | noblacklist ${HOME}/.tooling |
13 | 12 | ||
14 | # Allows files commonly used by IDEs | 13 | # Allows files commonly used by IDEs |
15 | include allow-common-devel.inc | 14 | include allow-common-devel.inc |
16 | 15 | ||
16 | # Allow ssh (blacklisted by disable-common.inc) | ||
17 | include allow-ssh.inc | ||
18 | |||
17 | noblacklist ${PATH}/node | 19 | noblacklist ${PATH}/node |
18 | noblacklist ${HOME}/.nvm | 20 | noblacklist ${HOME}/.nvm |
19 | 21 | ||
diff --git a/etc/profile-m-z/x2goclient.profile b/etc/profile-m-z/x2goclient.profile index bc9603835..6146016b2 100644 --- a/etc/profile-m-z/x2goclient.profile +++ b/etc/profile-m-z/x2goclient.profile | |||
@@ -6,10 +6,12 @@ include x2goclient.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.ssh | ||
10 | noblacklist ${HOME}/.x2go | 9 | noblacklist ${HOME}/.x2go |
11 | noblacklist ${HOME}/.x2goclient | 10 | noblacklist ${HOME}/.x2goclient |
12 | 11 | ||
12 | # Allow ssh (blacklisted by disable-common.inc) | ||
13 | include allow-ssh.inc | ||
14 | |||
13 | include disable-common.inc | 15 | include disable-common.inc |
14 | include disable-devel.inc | 16 | include disable-devel.inc |
15 | include disable-exec.inc | 17 | include disable-exec.inc |