aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar rusty-snake <41237666+rusty-snake@users.noreply.github.com>2020-09-07 07:55:47 +0000
committerLibravatar GitHub <noreply@github.com>2020-09-07 07:55:47 +0000
commit0c73dbc88bc917e50962405d32cb6b3b0da182cd (patch)
tree1943ee7fba4787639cc9387451951c4631eb72b0 /etc
parentbuild: remove preproc from gitignore (diff)
downloadfirejail-0c73dbc88bc917e50962405d32cb6b3b0da182cd.tar.gz
firejail-0c73dbc88bc917e50962405d32cb6b3b0da182cd.tar.zst
firejail-0c73dbc88bc917e50962405d32cb6b3b0da182cd.zip
New disable include: disable-write-mnt.inc (#3622)
* New disable include: disable-write-mnt.inc It is for profiles which have a reasonable mnt access (we can not add disable-mnt), but no edit function (e.g. any kind of viewer). Added to - profile.template - default.profile - eo-common.profile * Update default.profile
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/disable-write-mnt.inc8
-rw-r--r--etc/profile-a-l/default.profile1
-rw-r--r--etc/profile-a-l/eo-common.profile1
-rw-r--r--etc/templates/profile.template1
4 files changed, 11 insertions, 0 deletions
diff --git a/etc/inc/disable-write-mnt.inc b/etc/inc/disable-write-mnt.inc
new file mode 100644
index 000000000..3990cf760
--- /dev/null
+++ b/etc/inc/disable-write-mnt.inc
@@ -0,0 +1,8 @@
1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file.
3include disable-write-mnt.local
4
5read-only /mnt
6read-only /media
7read-only /run/mount
8read-only /run/media
diff --git a/etc/profile-a-l/default.profile b/etc/profile-a-l/default.profile
index 74314cf92..7eb7660dd 100644
--- a/etc/profile-a-l/default.profile
+++ b/etc/profile-a-l/default.profile
@@ -14,6 +14,7 @@ include disable-common.inc
14# include disable-interpreters.inc 14# include disable-interpreters.inc
15include disable-passwdmgr.inc 15include disable-passwdmgr.inc
16include disable-programs.inc 16include disable-programs.inc
17# include disable-write-mnt.inc
17# include disable-xdg.inc 18# include disable-xdg.inc
18 19
19# include whitelist-common.inc 20# include whitelist-common.inc
diff --git a/etc/profile-a-l/eo-common.profile b/etc/profile-a-l/eo-common.profile
index 80c704c6b..e8b49a395 100644
--- a/etc/profile-a-l/eo-common.profile
+++ b/etc/profile-a-l/eo-common.profile
@@ -17,6 +17,7 @@ include disable-exec.inc
17include disable-interpreters.inc 17include disable-interpreters.inc
18include disable-passwdmgr.inc 18include disable-passwdmgr.inc
19include disable-programs.inc 19include disable-programs.inc
20include disable-write-mnt.inc
20 21
21include whitelist-runuser-common.inc 22include whitelist-runuser-common.inc
22include whitelist-usr-share-common.inc 23include whitelist-usr-share-common.inc
diff --git a/etc/templates/profile.template b/etc/templates/profile.template
index 02d9fa076..d57306aee 100644
--- a/etc/templates/profile.template
+++ b/etc/templates/profile.template
@@ -110,6 +110,7 @@ include globals.local
110#include disable-passwdmgr.inc 110#include disable-passwdmgr.inc
111#include disable-programs.inc 111#include disable-programs.inc
112#include disable-shell.inc 112#include disable-shell.inc
113#include disable-write-mnt.inc
113#include disable-xdg.inc 114#include disable-xdg.inc
114 115
115# This section often mirrors noblacklist section above. The idea is 116# This section often mirrors noblacklist section above. The idea is
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-20 05:39:28 +0000