aboutsummaryrefslogtreecommitdiffstats
path: root/etc/profile-m-z
diff options
context:
space:
mode:
authorLibravatar glitsj16 <glitsj16@users.noreply.github.com>2021-05-08 15:27:30 +0000
committerLibravatar GitHub <noreply@github.com>2021-05-08 15:27:30 +0000
commit699a803f174662a8ec62442438bb0807e41d3971 (patch)
treef9b8e2a121e2fc8c4e91005ac97241922bc309ad /etc/profile-m-z
parentrevert comment changes from #4257 (#4258) (diff)
downloadfirejail-699a803f174662a8ec62442438bb0807e41d3971.tar.gz
firejail-699a803f174662a8ec62442438bb0807e41d3971.tar.zst
firejail-699a803f174662a8ec62442438bb0807e41d3971.zip
Node.js stack refactoring (#4255)
* Create node.profile * Create node-gyp.profile * refactor npm as redirect * Create npx.profile * Create nvm.profile * Create semver.profile * refactor yarn as redirect * collect node.js stack configuration in common profile * add ~/.nvm to node section * account for node-gyp python dependency * read-only ~/.nvm for node.js stack * blacklist ~/.nvm for node.js stack * move env var comment cfr. profile.template * Delete node-gyp.profile node-gyp is a shell script with a node shebang. We've got that covered via node.profile. * Delete npx.profile npx is a shell script with a node shebang. We've got that covered via node.profile. * Delete semver.profile semver is a shell script that calls node. We've got that covered via node.profile. * add node and nvm to new profiles section
Diffstat (limited to 'etc/profile-m-z')
-rw-r--r--etc/profile-m-z/node.profile11
-rw-r--r--etc/profile-m-z/nodejs-common.profile49
-rw-r--r--etc/profile-m-z/npm.profile18
-rw-r--r--etc/profile-m-z/nvm.profile13
-rw-r--r--etc/profile-m-z/yarn.profile20
5 files changed, 69 insertions, 42 deletions
diff --git a/etc/profile-m-z/node.profile b/etc/profile-m-z/node.profile
new file mode 100644
index 000000000..cd48ed3c7
--- /dev/null
+++ b/etc/profile-m-z/node.profile
@@ -0,0 +1,11 @@
1# Firejail profile for node
2# Description: Evented I/O for V8 javascript
3quiet
4# This file is overwritten after every install/update
5# Persistent local customizations
6include node.local
7# Persistent global definitions
8include globals.local
9
10# Redirect
11include nodejs-common.profile
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile
index 4095337dd..fa69f9214 100644
--- a/etc/profile-m-z/nodejs-common.profile
+++ b/etc/profile-m-z/nodejs-common.profile
@@ -10,6 +10,20 @@ include nodejs-common.local
10blacklist /tmp/.X11-unix 10blacklist /tmp/.X11-unix
11blacklist ${RUNUSER} 11blacklist ${RUNUSER}
12 12
13ignore read-only ${HOME}/.npm-packages
14ignore read-only ${HOME}/.npmrc
15ignore read-only ${HOME}/.nvm
16ignore read-only ${HOME}/.yarnrc
17
18noblacklist ${HOME}/.node-gyp
19noblacklist ${HOME}/.npm
20noblacklist ${HOME}/.npmrc
21noblacklist ${HOME}/.nvm
22noblacklist ${HOME}/.yarn
23noblacklist ${HOME}/.yarn-config
24noblacklist ${HOME}/.yarncache
25noblacklist ${HOME}/.yarnrc
26
13ignore noexec ${HOME} 27ignore noexec ${HOME}
14 28
15include allow-bin-sh.inc 29include allow-bin-sh.inc
@@ -21,6 +35,32 @@ include disable-programs.inc
21include disable-shell.inc 35include disable-shell.inc
22include disable-xdg.inc 36include disable-xdg.inc
23 37
38# If you want whitelisting, change ${HOME}/Projects below to your node projects directory
39# and add the next lines to your nodejs-common.local.
40#mkdir ${HOME}/.node-gyp
41#mkdir ${HOME}/.npm
42#mkdir ${HOME}/.npm-packages
43#mkfile ${HOME}/.npmrc
44#mkdir ${HOME}/.nvm
45#mkdir ${HOME}/.yarn
46#mkdir ${HOME}/.yarn-config
47#mkdir ${HOME}/.yarncache
48#mkfile ${HOME}/.yarnrc
49#whitelist ${HOME}/.node-gyp
50#whitelist ${HOME}/.npm
51#whitelist ${HOME}/.npm-packages
52#whitelist ${HOME}/.npmrc
53#whitelist ${HOME}/.nvm
54#whitelist ${HOME}/.yarn
55#whitelist ${HOME}/.yarn-config
56#whitelist ${HOME}/.yarncache
57#whitelist ${HOME}/.yarnrc
58#whitelist ${HOME}/Projects
59#include whitelist-common.inc
60
61whitelist /usr/share/doc/node
62whitelist /usr/share/nvm
63whitelist /usr/share/systemtap/tapset/node.stp
24include whitelist-runuser-common.inc 64include whitelist-runuser-common.inc
25include whitelist-usr-share-common.inc 65include whitelist-usr-share-common.inc
26include whitelist-var-common.inc 66include whitelist-var-common.inc
@@ -46,10 +86,11 @@ shell none
46 86
47disable-mnt 87disable-mnt
48private-dev 88private-dev
49# May need to add `passwd` to `private-etc` below to enable debugging with some IDEs 89private-etc alternatives,ca-certificates,crypto-policies,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg
50private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,xdg 90#private-tmp
51# May need to be commented out in order to enable debugging with some IDEs
52private-tmp
53 91
54dbus-user none 92dbus-user none
55dbus-system none 93dbus-system none
94
95# Add the next line to your nodejs-common.local if you prefer to disable gatsby telemetry.
96#env GATSBY_TELEMETRY_DISABLED=1
diff --git a/etc/profile-m-z/npm.profile b/etc/profile-m-z/npm.profile
index f51d58782..4d8beea5a 100644
--- a/etc/profile-m-z/npm.profile
+++ b/etc/profile-m-z/npm.profile
@@ -7,23 +7,5 @@ include npm.local
7# Persistent global definitions 7# Persistent global definitions
8include globals.local 8include globals.local
9 9
10ignore read-only ${HOME}/.npm-packages
11ignore read-only ${HOME}/.npmrc
12
13noblacklist ${HOME}/.node-gyp
14noblacklist ${HOME}/.npm
15noblacklist ${HOME}/.npmrc
16
17# If you want whitelisting, change ${HOME}/Projects below to your npm projects directory
18# and add the next lines to your npm.local.
19#mkdir ${HOME}/.node-gyp
20#mkdir ${HOME}/.npm
21#mkfile ${HOME}/.npmrc
22#whitelist ${HOME}/.node-gyp
23#whitelist ${HOME}/.npm
24#whitelist ${HOME}/.npmrc
25#whitelist ${HOME}/Projects
26#include whitelist-common.inc
27
28# Redirect 10# Redirect
29include nodejs-common.profile 11include nodejs-common.profile
diff --git a/etc/profile-m-z/nvm.profile b/etc/profile-m-z/nvm.profile
new file mode 100644
index 000000000..80da22834
--- /dev/null
+++ b/etc/profile-m-z/nvm.profile
@@ -0,0 +1,13 @@
1# Firejail profile for nvm
2# Description: Node Version Manager - Simple bash script to manage multiple active node.js versions
3quiet
4# This file is overwritten after every install/update
5# Persistent local customizations
6include nvm.local
7# Persistent global definitions
8include globals.local
9
10ignore noroot
11
12# Redirect
13include nodejs-common.profile
diff --git a/etc/profile-m-z/yarn.profile b/etc/profile-m-z/yarn.profile
index 360bd8442..05b55d071 100644
--- a/etc/profile-m-z/yarn.profile
+++ b/etc/profile-m-z/yarn.profile
@@ -6,25 +6,5 @@ include yarn.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9ignore read-only ${HOME}/.yarnrc
10
11noblacklist ${HOME}/.yarn
12noblacklist ${HOME}/.yarn-config
13noblacklist ${HOME}/.yarncache
14noblacklist ${HOME}/.yarnrc
15
16# If you want whitelisting, change ${HOME}/Projects below to your yarn projects directory and
17# add the next lines to you yarn.local.
18#mkdir ${HOME}/.yarn
19#mkdir ${HOME}/.yarn-config
20#mkdir ${HOME}/.yarncache
21#mkfile ${HOME}/.yarnrc
22#whitelist ${HOME}/.yarn
23#whitelist ${HOME}/.yarn-config
24#whitelist ${HOME}/.yarncache
25#whitelist ${HOME}/.yarnrc
26#whitelist ${HOME}/Projects
27#include whitelist-common.inc
28
29# Redirect 9# Redirect
30include nodejs-common.profile 10include nodejs-common.profile
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-03 10:11:24 +0000