diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2022-05-29 00:26:56 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2022-05-30 14:45:21 -0300 |
commit | 66dc2643aca9d19e3d77ad4153d2ec9684a3794f (patch) | |
tree | 3a3230e6f9dacf34f41c405ef2d7ef441ba552d3 /etc | |
parent | kate.profile: add missing include comment (diff) | |
download | firejail-66dc2643aca9d19e3d77ad4153d2ec9684a3794f.tar.gz firejail-66dc2643aca9d19e3d77ad4153d2ec9684a3794f.tar.zst firejail-66dc2643aca9d19e3d77ad4153d2ec9684a3794f.zip |
disable-common.inc: move blacklist of /etc/profile.d
To disable-shell.inc.
Interactive shells can be executed from certain development-related
programs (such as IDEs) and the shells themselves are not blocked by
default, but this shell startup directory currently is. To avoid
running a shell without access to potentially needed startup files, only
blacklist /etc/profile.d when interactive shells are also blocked.
Note that /etc/profile.d should only be of concern to interactive
shells, so a profile that includes both disable-shell.inc and
allow-bin-sh.inc (which likely means that it needs access to only
non-interactive shells) should not be affected by the blacklisting.
Relates to #3411 #5159.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/disable-common.inc | 1 | ||||
-rw-r--r-- | etc/inc/disable-shell.inc | 1 | ||||
-rw-r--r-- | etc/profile-a-l/kate.profile | 1 |
3 files changed, 1 insertions, 2 deletions
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index d08ba3646..5918ee640 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -261,7 +261,6 @@ blacklist /etc/grub* | |||
261 | blacklist /etc/kernel* | 261 | blacklist /etc/kernel* |
262 | blacklist /etc/logrotate* | 262 | blacklist /etc/logrotate* |
263 | blacklist /etc/modules* | 263 | blacklist /etc/modules* |
264 | blacklist /etc/profile.d | ||
265 | blacklist /etc/rc.local | 264 | blacklist /etc/rc.local |
266 | # rc1.d, rc2.d, ... | 265 | # rc1.d, rc2.d, ... |
267 | blacklist /etc/rc?.d | 266 | blacklist /etc/rc?.d |
diff --git a/etc/inc/disable-shell.inc b/etc/inc/disable-shell.inc index 8274b0215..6665251a8 100644 --- a/etc/inc/disable-shell.inc +++ b/etc/inc/disable-shell.inc | |||
@@ -13,3 +13,4 @@ blacklist ${PATH}/sh | |||
13 | blacklist ${PATH}/tclsh | 13 | blacklist ${PATH}/tclsh |
14 | blacklist ${PATH}/tcsh | 14 | blacklist ${PATH}/tcsh |
15 | blacklist ${PATH}/zsh | 15 | blacklist ${PATH}/zsh |
16 | blacklist /etc/profile.d | ||
diff --git a/etc/profile-a-l/kate.profile b/etc/profile-a-l/kate.profile index d3ad0482a..51296408c 100644 --- a/etc/profile-a-l/kate.profile +++ b/etc/profile-a-l/kate.profile | |||
@@ -23,7 +23,6 @@ noblacklist ${HOME}/.local/share/kxmlgui5/kateopenheaderplugin | |||
23 | noblacklist ${HOME}/.local/share/kxmlgui5/katepart | 23 | noblacklist ${HOME}/.local/share/kxmlgui5/katepart |
24 | noblacklist ${HOME}/.local/share/kxmlgui5/kateproject | 24 | noblacklist ${HOME}/.local/share/kxmlgui5/kateproject |
25 | noblacklist ${HOME}/.local/share/kxmlgui5/katesearch | 25 | noblacklist ${HOME}/.local/share/kxmlgui5/katesearch |
26 | noblacklist /etc/profile.d | ||
27 | 26 | ||
28 | # Allows files commonly used by IDEs | 27 | # Allows files commonly used by IDEs |
29 | include allow-common-devel.inc | 28 | include allow-common-devel.inc |