diff options
author | Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2019-02-03 13:18:07 +0100 |
---|---|---|
committer | Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2019-02-03 13:18:07 +0100 |
commit | 63c35052b7e76f40591f709571e19fbcb7cd8f48 (patch) | |
tree | fe5819efcbba2f637f3c75933a1cd829f6869823 /etc | |
parent | relnotes (diff) | |
download | firejail-63c35052b7e76f40591f709571e19fbcb7cd8f48.tar.gz firejail-63c35052b7e76f40591f709571e19fbcb7cd8f48.tar.zst firejail-63c35052b7e76f40591f709571e19fbcb7cd8f48.zip |
Add '$HOME/.local/share/pki' to blacklist
Since nss 3.42, '$HOME/.local/share/pki' is supported dir for storing certs
https://hg.mozilla.org/projects/nss/rev/da45424cb9a0b4d8e45e5040e2e3b574d994e254
Diffstat (limited to 'etc')
-rw-r--r-- | etc/chromium-common.profile | 3 | ||||
-rw-r--r-- | etc/disable-common.inc | 1 | ||||
-rw-r--r-- | etc/evolution.profile | 1 | ||||
-rw-r--r-- | etc/firefox-common.profile | 3 | ||||
-rw-r--r-- | etc/franz.profile | 3 | ||||
-rw-r--r-- | etc/mendeleydesktop.profile | 3 | ||||
-rw-r--r-- | etc/midori.profile | 3 | ||||
-rw-r--r-- | etc/min.profile | 3 | ||||
-rw-r--r-- | etc/rambox.profile | 3 | ||||
-rw-r--r-- | etc/seamonkey.profile | 2 |
10 files changed, 24 insertions, 1 deletions
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile index 7d8bc15ba..a182e5d20 100644 --- a/etc/chromium-common.profile +++ b/etc/chromium-common.profile | |||
@@ -7,6 +7,7 @@ include chromium-common.local | |||
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.pki | 9 | noblacklist ${HOME}/.pki |
10 | noblacklist ${HOME}/.local/share/pki | ||
10 | 11 | ||
11 | include disable-common.inc | 12 | include disable-common.inc |
12 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -14,8 +15,10 @@ include disable-interpreters.inc | |||
14 | include disable-programs.inc | 15 | include disable-programs.inc |
15 | 16 | ||
16 | mkdir ${HOME}/.pki | 17 | mkdir ${HOME}/.pki |
18 | mkdir ${HOME}/.local/share/pki | ||
17 | whitelist ${DOWNLOADS} | 19 | whitelist ${DOWNLOADS} |
18 | whitelist ${HOME}/.pki | 20 | whitelist ${HOME}/.pki |
21 | whitelist ${HOME}/.local/share/pki | ||
19 | include whitelist-common.inc | 22 | include whitelist-common.inc |
20 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
21 | 24 | ||
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 985d658e0..f98f247d5 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -306,6 +306,7 @@ blacklist ${HOME}/.mutt | |||
306 | blacklist ${HOME}/.muttrc | 306 | blacklist ${HOME}/.muttrc |
307 | blacklist ${HOME}/.netrc | 307 | blacklist ${HOME}/.netrc |
308 | blacklist ${HOME}/.pki | 308 | blacklist ${HOME}/.pki |
309 | blacklist ${HOME}/.local/share/pki | ||
309 | blacklist ${HOME}/.smbcredentials | 310 | blacklist ${HOME}/.smbcredentials |
310 | blacklist ${HOME}/.ssh | 311 | blacklist ${HOME}/.ssh |
311 | blacklist ${HOME}/.vaults | 312 | blacklist ${HOME}/.vaults |
diff --git a/etc/evolution.profile b/etc/evolution.profile index 1cce0656c..96f7e0eb5 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
@@ -14,6 +14,7 @@ noblacklist ${HOME}/.config/evolution | |||
14 | noblacklist ${HOME}/.gnupg | 14 | noblacklist ${HOME}/.gnupg |
15 | noblacklist ${HOME}/.local/share/evolution | 15 | noblacklist ${HOME}/.local/share/evolution |
16 | noblacklist ${HOME}/.pki | 16 | noblacklist ${HOME}/.pki |
17 | noblacklist ${HOME}/.local/share/pki | ||
17 | 18 | ||
18 | include disable-common.inc | 19 | include disable-common.inc |
19 | include disable-devel.inc | 20 | include disable-devel.inc |
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 644dc89b1..7c65be7cb 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
@@ -10,6 +10,7 @@ include firefox-common.local | |||
10 | #include firefox-common-addons.inc | 10 | #include firefox-common-addons.inc |
11 | 11 | ||
12 | noblacklist ${HOME}/.pki | 12 | noblacklist ${HOME}/.pki |
13 | noblacklist ${HOME}/.local/share/pki | ||
13 | 14 | ||
14 | include disable-common.inc | 15 | include disable-common.inc |
15 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -17,8 +18,10 @@ include disable-interpreters.inc | |||
17 | include disable-programs.inc | 18 | include disable-programs.inc |
18 | 19 | ||
19 | mkdir ${HOME}/.pki | 20 | mkdir ${HOME}/.pki |
21 | mkdir ${HOME}/.local/share/pki | ||
20 | whitelist ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
21 | whitelist ${HOME}/.pki | 23 | whitelist ${HOME}/.pki |
24 | whitelist ${HOME}/.local/share/pki | ||
22 | include whitelist-common.inc | 25 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
24 | 27 | ||
diff --git a/etc/franz.profile b/etc/franz.profile index 5ce8954c4..d6445ff8e 100644 --- a/etc/franz.profile +++ b/etc/franz.profile | |||
@@ -8,6 +8,7 @@ include globals.local | |||
8 | noblacklist ${HOME}/.cache/Franz | 8 | noblacklist ${HOME}/.cache/Franz |
9 | noblacklist ${HOME}/.config/Franz | 9 | noblacklist ${HOME}/.config/Franz |
10 | noblacklist ${HOME}/.pki | 10 | noblacklist ${HOME}/.pki |
11 | noblacklist ${HOME}/.local/share/pki | ||
11 | 12 | ||
12 | include disable-common.inc | 13 | include disable-common.inc |
13 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -17,10 +18,12 @@ include disable-programs.inc | |||
17 | mkdir ${HOME}/.cache/Franz | 18 | mkdir ${HOME}/.cache/Franz |
18 | mkdir ${HOME}/.config/Franz | 19 | mkdir ${HOME}/.config/Franz |
19 | mkdir ${HOME}/.pki | 20 | mkdir ${HOME}/.pki |
21 | mkdir ${HOME}/.local/share/pki | ||
20 | whitelist ${DOWNLOADS} | 22 | whitelist ${DOWNLOADS} |
21 | whitelist ${HOME}/.cache/Franz | 23 | whitelist ${HOME}/.cache/Franz |
22 | whitelist ${HOME}/.config/Franz | 24 | whitelist ${HOME}/.config/Franz |
23 | whitelist ${HOME}/.pki | 25 | whitelist ${HOME}/.pki |
26 | whitelist ${HOME}/.local/share/pki | ||
24 | include whitelist-common.inc | 27 | include whitelist-common.inc |
25 | 28 | ||
26 | caps.drop all | 29 | caps.drop all |
diff --git a/etc/mendeleydesktop.profile b/etc/mendeleydesktop.profile index 280baebdc..3a5edc364 100644 --- a/etc/mendeleydesktop.profile +++ b/etc/mendeleydesktop.profile | |||
@@ -12,7 +12,8 @@ noblacklist ${HOME}/.cache/Mendeley Ltd. | |||
12 | noblacklist ${HOME}/.config/Mendeley Ltd. | 12 | noblacklist ${HOME}/.config/Mendeley Ltd. |
13 | noblacklist ${HOME}/.local/share/Mendeley Ltd. | 13 | noblacklist ${HOME}/.local/share/Mendeley Ltd. |
14 | noblacklist ${HOME}/.local/share/data/Mendeley Ltd. | 14 | noblacklist ${HOME}/.local/share/data/Mendeley Ltd. |
15 | noblacklist ${HOME}/.pki/nssdb | 15 | noblacklist ${HOME}/.pki |
16 | noblacklist ${HOME}/.local/share/pki | ||
16 | 17 | ||
17 | # Allow python (blacklisted by disable-interpreters.inc) | 18 | # Allow python (blacklisted by disable-interpreters.inc) |
18 | noblacklist ${PATH}/python2* | 19 | noblacklist ${PATH}/python2* |
diff --git a/etc/midori.profile b/etc/midori.profile index 6a69f2282..4e9a6c63d 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/midori | |||
11 | # noblacklist ${HOME}/.local/share/webkit | 11 | # noblacklist ${HOME}/.local/share/webkit |
12 | # noblacklist ${HOME}/.local/share/webkitgtk | 12 | # noblacklist ${HOME}/.local/share/webkitgtk |
13 | noblacklist ${HOME}/.pki | 13 | noblacklist ${HOME}/.pki |
14 | noblacklist ${HOME}/.local/share/pki | ||
14 | 15 | ||
15 | include disable-common.inc | 16 | include disable-common.inc |
16 | include disable-devel.inc | 17 | include disable-devel.inc |
@@ -23,6 +24,7 @@ mkdir ${HOME}/.local/share/midori | |||
23 | mkdir ${HOME}/.local/share/webkit | 24 | mkdir ${HOME}/.local/share/webkit |
24 | mkdir ${HOME}/.local/share/webkitgtk | 25 | mkdir ${HOME}/.local/share/webkitgtk |
25 | mkdir ${HOME}/.pki | 26 | mkdir ${HOME}/.pki |
27 | mkdir ${HOME}/.local/share/pki | ||
26 | whitelist ${DOWNLOADS} | 28 | whitelist ${DOWNLOADS} |
27 | whitelist ${HOME}/.cache/gnome-mplayer/plugin | 29 | whitelist ${HOME}/.cache/gnome-mplayer/plugin |
28 | whitelist ${HOME}/.cache/midori | 30 | whitelist ${HOME}/.cache/midori |
@@ -33,6 +35,7 @@ whitelist ${HOME}/.local/share/midori | |||
33 | whitelist ${HOME}/.local/share/webkit | 35 | whitelist ${HOME}/.local/share/webkit |
34 | whitelist ${HOME}/.local/share/webkitgtk | 36 | whitelist ${HOME}/.local/share/webkitgtk |
35 | whitelist ${HOME}/.pki | 37 | whitelist ${HOME}/.pki |
38 | whitelist ${HOME}/.local/share/pki | ||
36 | include whitelist-common.inc | 39 | include whitelist-common.inc |
37 | 40 | ||
38 | caps.drop all | 41 | caps.drop all |
diff --git a/etc/min.profile b/etc/min.profile index 3029c2952..80baedff7 100644 --- a/etc/min.profile +++ b/etc/min.profile | |||
@@ -9,6 +9,7 @@ include globals.local | |||
9 | noblacklist ${HOME}/.config/Min | 9 | noblacklist ${HOME}/.config/Min |
10 | 10 | ||
11 | noblacklist ${HOME}/.pki | 11 | noblacklist ${HOME}/.pki |
12 | noblacklist ${HOME}/.local/share/pki | ||
12 | 13 | ||
13 | include disable-common.inc | 14 | include disable-common.inc |
14 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -16,8 +17,10 @@ include disable-interpreters.inc | |||
16 | include disable-programs.inc | 17 | include disable-programs.inc |
17 | 18 | ||
18 | mkdir ${HOME}/.pki | 19 | mkdir ${HOME}/.pki |
20 | mkdir ${HOME}/.local/share/pki | ||
19 | whitelist ${DOWNLOADS} | 21 | whitelist ${DOWNLOADS} |
20 | whitelist ${HOME}/.pki | 22 | whitelist ${HOME}/.pki |
23 | whitelist ${HOME}/.local/share/pki | ||
21 | include whitelist-common.inc | 24 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
23 | 26 | ||
diff --git a/etc/rambox.profile b/etc/rambox.profile index 6c65f869b..6f7f37aaf 100644 --- a/etc/rambox.profile +++ b/etc/rambox.profile | |||
@@ -7,6 +7,7 @@ include globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Rambox | 8 | noblacklist ${HOME}/.config/Rambox |
9 | noblacklist ${HOME}/.pki | 9 | noblacklist ${HOME}/.pki |
10 | noblacklist ${HOME}/.local/share/pki | ||
10 | 11 | ||
11 | include disable-common.inc | 12 | include disable-common.inc |
12 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -15,9 +16,11 @@ include disable-programs.inc | |||
15 | 16 | ||
16 | mkdir ${HOME}/.config/Rambox | 17 | mkdir ${HOME}/.config/Rambox |
17 | mkdir ${HOME}/.pki | 18 | mkdir ${HOME}/.pki |
19 | mkdir ${HOME}/.local/share/pki | ||
18 | whitelist ${DOWNLOADS} | 20 | whitelist ${DOWNLOADS} |
19 | whitelist ${HOME}/.config/Rambox | 21 | whitelist ${HOME}/.config/Rambox |
20 | whitelist ${HOME}/.pki | 22 | whitelist ${HOME}/.pki |
23 | whitelist ${HOME}/.local/share/pki | ||
21 | include whitelist-common.inc | 24 | include whitelist-common.inc |
22 | 25 | ||
23 | caps.drop all | 26 | caps.drop all |
diff --git a/etc/seamonkey.profile b/etc/seamonkey.profile index 9c38414bb..8cb291ba6 100644 --- a/etc/seamonkey.profile +++ b/etc/seamonkey.profile | |||
@@ -9,6 +9,7 @@ include globals.local | |||
9 | noblacklist ${HOME}/.cache/mozilla | 9 | noblacklist ${HOME}/.cache/mozilla |
10 | noblacklist ${HOME}/.mozilla | 10 | noblacklist ${HOME}/.mozilla |
11 | noblacklist ${HOME}/.pki | 11 | noblacklist ${HOME}/.pki |
12 | noblacklist ${HOME}/.local/share/pki | ||
12 | 13 | ||
13 | include disable-common.inc | 14 | include disable-common.inc |
14 | include disable-devel.inc | 15 | include disable-devel.inc |
@@ -29,6 +30,7 @@ whitelist ${HOME}/.mozilla | |||
29 | whitelist ${HOME}/.pentadactyl | 30 | whitelist ${HOME}/.pentadactyl |
30 | whitelist ${HOME}/.pentadactylrc | 31 | whitelist ${HOME}/.pentadactylrc |
31 | whitelist ${HOME}/.pki | 32 | whitelist ${HOME}/.pki |
33 | whitelist ${HOME}/.local/share/pki | ||
32 | whitelist ${HOME}/.vimperator | 34 | whitelist ${HOME}/.vimperator |
33 | whitelist ${HOME}/.vimperatorrc | 35 | whitelist ${HOME}/.vimperatorrc |
34 | whitelist ${HOME}/.wine-pipelight | 36 | whitelist ${HOME}/.wine-pipelight |