build-systems-common: Make whitelist opt-in

author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2021-09-11 14:38:18 +0200
committer: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2021-09-11 14:38:18 +0200
commit: 2712dd7274a59727b3118982044c7c9426099232 (patch)
tree: ae7382f9382158f2f86a7831c34c4adc255915f2 /etc
parent: Add profiles for build-systems (/package-managers) (diff)
download: firejail-2712dd7274a59727b3118982044c7c9426099232.tar.gz
firejail-2712dd7274a59727b3118982044c7c9426099232.tar.zst
firejail-2712dd7274a59727b3118982044c7c9426099232.zip
4 files changed, 9 insertions, 8 deletions
diff --git a/etc/profile-a-l/build-systems-common.profile b/etc/profile-a-l/build-systems-common.profile
index 159593eb7..1b199d612 100644
--- a/etc/profile-a-l/build-systems-common.profile
+++ b/etc/profile-a-l/build-systems-common.profile
@@ -28,9 +28,10 @@ include disable-shell.inc
 include disable-X11.inc
 include disable-xdg.inc
-whitelist ${HOME}/Projects
+#whitelist ${HOME}/Projects
+#include whitelist-common.inc
 whitelist /usr/share/pkgconfig
-include whitelist-common.inc
 include whitelist-run-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
diff --git a/etc/profile-a-l/bundle.profile b/etc/profile-a-l/bundle.profile
index 269bfd130..a3a3e3cde 100644
--- a/etc/profile-a-l/bundle.profile
+++ b/etc/profile-a-l/bundle.profile
@@ -12,8 +12,9 @@ noblacklist ${HOME}/.bundle
 # Allow ruby (blacklisted by disable-interpreters.inc)
 include allow-ruby.inc
-mkdir ${HOME}/.bundle
+#whitelist ${HOME}/.bundle
-whitelist ${HOME}/.bundle
+#whitelist ${HOME}/.gem
+#whitelist ${HOME}/.local/share/gem
 whitelist /usr/share/gems
 whitelist /usr/share/ruby
 whitelist /usr/share/rubygems
diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile
index af188e7f9..4c8afd895 100644
--- a/etc/profile-a-l/cargo.profile
+++ b/etc/profile-a-l/cargo.profile
@@ -12,9 +12,8 @@ ignore read-only ${HOME}/.cargo/bin
 noblacklist ${HOME}/.cargo/credentials
 noblacklist ${HOME}/.cargo/credentials.toml
-mkdir ${HOME}/.cargo
+#whitelist ${HOME}/.cargo
-whitelist ${HOME}/.cargo
+#whitelist ${HOME}/.rustup
-whitelist ${HOME}/.rustup
 #private-bin cargo,rustc
 private-etc alternatives,ca-certificates,crypto-policies,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,magic,magic.mgc,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl
diff --git a/etc/profile-m-z/pip.profile b/etc/profile-m-z/pip.profile
index 54d95e335..1f551b718 100644
--- a/etc/profile-m-z/pip.profile
+++ b/etc/profile-m-z/pip.profile
@@ -12,7 +12,7 @@ ignore read-only ${HOME}/.local/lib
 # Allow python3 (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
-whitelist ${HOME}/.local/lib/python*
+#whitelist ${HOME}/.local/lib/python*
 private-bin pip,pip[0-9].[0-9],pip[0-9].[0-9],python3*
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2021-09-11 14:38:18 +0200
committer	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2021-09-11 14:38:18 +0200
commit	2712dd7274a59727b3118982044c7c9426099232 (patch)
tree	ae7382f9382158f2f86a7831c34c4adc255915f2 /etc
parent	Add profiles for build-systems (/package-managers) (diff)
download	firejail-2712dd7274a59727b3118982044c7c9426099232.tar.gz firejail-2712dd7274a59727b3118982044c7c9426099232.tar.zst firejail-2712dd7274a59727b3118982044c7c9426099232.zip