diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2022-12-21 23:39:42 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-21 23:39:42 +0000 |
commit | ec44e1d8ca29dd023f20a64eb65a56e7d869af76 (patch) | |
tree | 93799f4fd787ec55dbb9032c946515ef8af09379 /etc | |
parent | New profile: ssmtp (#5544) (diff) | |
download | firejail-ec44e1d8ca29dd023f20a64eb65a56e7d869af76.tar.gz firejail-ec44e1d8ca29dd023f20a64eb65a56e7d869af76.tar.zst firejail-ec44e1d8ca29dd023f20a64eb65a56e7d869af76.zip |
clarify that duplicated blacklisting of /proc/config.gz is intentional (#5548)
* add comment on intentional duplication of blacklisted kernel configuration
* disable-proc.inc: update the duplication comment
* disable-common.inc: add duplication notice for kernel configuration
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/disable-common.inc | 2 | ||||
-rw-r--r-- | etc/inc/disable-proc.inc | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index fb3c823fc..44e45d416 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -620,7 +620,7 @@ blacklist ${HOME}/mail | |||
620 | blacklist ${HOME}/postponed | 620 | blacklist ${HOME}/postponed |
621 | blacklist ${HOME}/sent | 621 | blacklist ${HOME}/sent |
622 | 622 | ||
623 | # kernel configuration | 623 | # kernel configuration - keep this here although it's also in disable-proc.inc |
624 | blacklist /proc/config.gz | 624 | blacklist /proc/config.gz |
625 | 625 | ||
626 | # prevent DNS malware attempting to communicate with the server using regular DNS tools | 626 | # prevent DNS malware attempting to communicate with the server using regular DNS tools |
diff --git a/etc/inc/disable-proc.inc b/etc/inc/disable-proc.inc index 81a8883f3..7cb1ec2ab 100644 --- a/etc/inc/disable-proc.inc +++ b/etc/inc/disable-proc.inc | |||
@@ -8,7 +8,7 @@ blacklist /proc/bootconfig | |||
8 | blacklist /proc/buddyinfo | 8 | blacklist /proc/buddyinfo |
9 | blacklist /proc/cgroups | 9 | blacklist /proc/cgroups |
10 | blacklist /proc/cmdline | 10 | blacklist /proc/cmdline |
11 | blacklist /proc/config.gz | 11 | blacklist /proc/config.gz # keep this here even though it's also in disable-common.inc |
12 | blacklist /proc/consoles | 12 | blacklist /proc/consoles |
13 | #blacklist /proc/cpuinfo | 13 | #blacklist /proc/cpuinfo |
14 | blacklist /proc/crypto | 14 | blacklist /proc/crypto |