diff options
author | Tad <tad@spotco.us> | 2018-03-12 17:48:53 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2018-03-12 17:48:53 -0400 |
commit | 27f32e45d24635a32e219babec276139042bed4e (patch) | |
tree | 277e814a5afaed14ecf7f44fc3f4dec702baa28f /etc | |
parent | Merge branch 'master' of http://github.com/netblue30/firejail (diff) | |
download | firejail-27f32e45d24635a32e219babec276139042bed4e.tar.gz firejail-27f32e45d24635a32e219babec276139042bed4e.tar.zst firejail-27f32e45d24635a32e219babec276139042bed4e.zip |
More fixes for /etc/profile and mdwe
- Adds noblacklist /etc/profile.d to many profiles like 2e17082ba4b3399bf5d68bb75587934ea028cc5c and 970f739e2be202a39ab82f589d5773267b903de6
- Disables mdwe to workaround #1803 like 970f739e2be202a39ab82f589d5773267b903de6
Diffstat (limited to 'etc')
-rw-r--r-- | etc/aosp.profile | 1 | ||||
-rw-r--r-- | etc/atom.profile | 1 | ||||
-rw-r--r-- | etc/baobab.profile | 2 | ||||
-rw-r--r-- | etc/file-roller.profile | 2 | ||||
-rw-r--r-- | etc/gedit.profile | 1 | ||||
-rw-r--r-- | etc/gnome-builder.profile | 2 | ||||
-rw-r--r-- | etc/gnome-calculator.profile | 2 | ||||
-rw-r--r-- | etc/idea.sh.profile | 1 | ||||
-rw-r--r-- | etc/pycharm-community.profile | 1 |
9 files changed, 10 insertions, 3 deletions
diff --git a/etc/aosp.profile b/etc/aosp.profile index 5ceef9348..015f0967d 100644 --- a/etc/aosp.profile +++ b/etc/aosp.profile | |||
@@ -6,6 +6,7 @@ include /etc/firejail/aosp.local | |||
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | 8 | ||
9 | noblacklist /etc/profile.d | ||
9 | noblacklist ${HOME}/.android | 10 | noblacklist ${HOME}/.android |
10 | noblacklist ${HOME}/.bash_history | 11 | noblacklist ${HOME}/.bash_history |
11 | noblacklist ${HOME}/.gitconfig | 12 | noblacklist ${HOME}/.gitconfig |
diff --git a/etc/atom.profile b/etc/atom.profile index de09275cc..ec8e0e900 100644 --- a/etc/atom.profile +++ b/etc/atom.profile | |||
@@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # blacklist /run/user/*/bus | 8 | # blacklist /run/user/*/bus |
9 | 9 | ||
10 | noblacklist /etc/profile.d | ||
10 | noblacklist ${HOME}/.atom | 11 | noblacklist ${HOME}/.atom |
11 | noblacklist ${HOME}/.config/Atom | 12 | noblacklist ${HOME}/.config/Atom |
12 | 13 | ||
diff --git a/etc/baobab.profile b/etc/baobab.profile index 52f8af82e..e47e31bb1 100644 --- a/etc/baobab.profile +++ b/etc/baobab.profile | |||
@@ -30,6 +30,6 @@ private-bin baobab | |||
30 | private-dev | 30 | private-dev |
31 | private-tmp | 31 | private-tmp |
32 | 32 | ||
33 | memory-deny-write-execute | 33 | #memory-deny-write-execute - breaks on Arch |
34 | noexec ${HOME} | 34 | noexec ${HOME} |
35 | noexec /tmp | 35 | noexec /tmp |
diff --git a/etc/file-roller.profile b/etc/file-roller.profile index 98b7aad42..bc4e70da4 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile | |||
@@ -34,6 +34,6 @@ private-dev | |||
34 | # private-etc fonts | 34 | # private-etc fonts |
35 | # private-tmp | 35 | # private-tmp |
36 | 36 | ||
37 | memory-deny-write-execute | 37 | #memory-deny-write-execute - breaks on Arch |
38 | noexec ${HOME} | 38 | noexec ${HOME} |
39 | noexec /tmp | 39 | noexec /tmp |
diff --git a/etc/gedit.profile b/etc/gedit.profile index 97eb692de..87f89b6be 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile | |||
@@ -7,6 +7,7 @@ include /etc/firejail/globals.local | |||
7 | 7 | ||
8 | # blacklist /run/user/*/bus - makes settings immutable | 8 | # blacklist /run/user/*/bus - makes settings immutable |
9 | 9 | ||
10 | noblacklist /etc/profile.d | ||
10 | noblacklist ${HOME}/.config/enchant | 11 | noblacklist ${HOME}/.config/enchant |
11 | noblacklist ${HOME}/.config/gedit | 12 | noblacklist ${HOME}/.config/gedit |
12 | noblacklist ${HOME}/.gitconfig | 13 | noblacklist ${HOME}/.gitconfig |
diff --git a/etc/gnome-builder.profile b/etc/gnome-builder.profile index a5a48e97a..91e84f9e9 100644 --- a/etc/gnome-builder.profile +++ b/etc/gnome-builder.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/gnome-builder.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist /etc/profile.d | ||
9 | |||
8 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
9 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
10 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index ce3cb03b4..03e68a5cc 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
@@ -34,6 +34,6 @@ private-dev | |||
34 | private-lib | 34 | private-lib |
35 | private-tmp | 35 | private-tmp |
36 | 36 | ||
37 | memory-deny-write-execute | 37 | #memory-deny-write-execute - breaks on Arch |
38 | noexec ${HOME} | 38 | noexec ${HOME} |
39 | noexec /tmp | 39 | noexec /tmp |
diff --git a/etc/idea.sh.profile b/etc/idea.sh.profile index caec416e9..52afe8eb0 100644 --- a/etc/idea.sh.profile +++ b/etc/idea.sh.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/idea.sh.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist /etc/profile.d | ||
8 | noblacklist ${HOME}/.IdeaIC* | 9 | noblacklist ${HOME}/.IdeaIC* |
9 | noblacklist ${HOME}/.android | 10 | noblacklist ${HOME}/.android |
10 | noblacklist ${HOME}/.gitconfig | 11 | noblacklist ${HOME}/.gitconfig |
diff --git a/etc/pycharm-community.profile b/etc/pycharm-community.profile index b5e508d06..65dd3e69e 100644 --- a/etc/pycharm-community.profile +++ b/etc/pycharm-community.profile | |||
@@ -5,6 +5,7 @@ include /etc/firejail/pycharm-community.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | noblacklist /etc/profile.d | ||
8 | noblacklist ${HOME}/snap | 9 | noblacklist ${HOME}/snap |
9 | noblacklist ${HOME}/.PyCharmCE* | 10 | noblacklist ${HOME}/.PyCharmCE* |
10 | noblacklist ${HOME}/.java | 11 | noblacklist ${HOME}/.java |