Merge pull request #2166 from glitsj16/checkbashisms

Create checkbashisms.profile
author: netblue30 <netblue30@yahoo.com> 2018-10-11 08:31:14 -0500
committer: GitHub <noreply@github.com> 2018-10-11 08:31:14 -0500
commit: 5e859d4139324515079762364b12cd976cf1ac31 (patch)
tree: f3affaf7ed71e7fe15d983c68bd28d7a76ef5f9b /etc
parent: Merge pull request #2165 from glitsj16/authenticator (diff)
parent: Create checkbashisms.profile (diff)
download: firejail-5e859d4139324515079762364b12cd976cf1ac31.tar.gz
firejail-5e859d4139324515079762364b12cd976cf1ac31.tar.zst
firejail-5e859d4139324515079762364b12cd976cf1ac31.zip
1 files changed, 49 insertions, 0 deletions
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile
new file mode 100644
index 000000000..c8b8be04e
--- /dev/null
+++ b/etc/checkbashisms.profile
@@ -0,0 +1,49 @@
+# Firejail profile for checkbashisms
+# Description: Lint tool for shell scripts
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/checkbashisms.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${DOCUMENTS}
+# Allow perl (blacklisted by disable-interpreters.inc)
+noblacklist ${PATH}/cpan*
+noblacklist ${PATH}/core_perl
+noblacklist ${PATH}/perl
+noblacklist /usr/lib/perl*
+noblacklist /usr/share/perl*
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
+include /etc/firejail/whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix
+seccomp
+shell none
+private-dev
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
author	netblue30 <netblue30@yahoo.com>	2018-10-11 08:31:14 -0500
committer	GitHub <noreply@github.com>	2018-10-11 08:31:14 -0500
commit	5e859d4139324515079762364b12cd976cf1ac31 (patch)
tree	f3affaf7ed71e7fe15d983c68bd28d7a76ef5f9b /etc
parent	Merge pull request #2165 from glitsj16/authenticator (diff)
parent	Create checkbashisms.profile (diff)
download	firejail-5e859d4139324515079762364b12cd976cf1ac31.tar.gz firejail-5e859d4139324515079762364b12cd976cf1ac31.tar.zst firejail-5e859d4139324515079762364b12cd976cf1ac31.zip

diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile new file mode 100644 index 000000000..c8b8be04e --- /dev/null +++ b/etc/checkbashisms.profile
@@ -0,0 +1,49 @@
	1	# Firejail profile for checkbashisms
	2	# Description: Lint tool for shell scripts
	3	# This file is overwritten after every install/update
	4	quiet
	5	# Persistent local customizations
	6	include /etc/firejail/checkbashisms.local
	7	# Persistent global definitions
	8	include /etc/firejail/globals.local
	9
	10	noblacklist ${DOCUMENTS}
	11
	12	# Allow perl (blacklisted by disable-interpreters.inc)
	13	noblacklist ${PATH}/cpan*
	14	noblacklist ${PATH}/core_perl
	15	noblacklist ${PATH}/perl
	16	noblacklist /usr/lib/perl*
	17	noblacklist /usr/share/perl*
	18
	19	include /etc/firejail/disable-common.inc
	20	include /etc/firejail/disable-devel.inc
	21	include /etc/firejail/disable-interpreters.inc
	22	include /etc/firejail/disable-passwdmgr.inc
	23	include /etc/firejail/disable-programs.inc
	24	include /etc/firejail/disable-xdg.inc
	25
	26	include /etc/firejail/whitelist-var-common.inc
	27
	28	caps.drop all
	29	ipc-namespace
	30	net none
	31	no3d
	32	nodbus
	33	nodvd
	34	nogroups
	35	nonewprivs
	36	noroot
	37	nosound
	38	notv
	39	novideo
	40	protocol unix
	41	seccomp
	42	shell none
	43
	44	private-dev
	45	private-tmp
	46
	47	memory-deny-write-execute
	48	noexec ${HOME}
	49	noexec /tmp