aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar Kelvin M. Klann <kmk3.code@protonmail.com>2021-01-09 21:41:43 -0300
committerLibravatar Kelvin M. Klann <kmk3.code@protonmail.com>2021-01-27 18:18:38 -0300
commit83ac0239722f85ffed15e3b6b6088bfff547ac1b (patch)
treebab7befdd0200dac19366bdb3fcf290487e1c761 /etc
parentgit-cola.profile: add missing python template comment (diff)
downloadfirejail-83ac0239722f85ffed15e3b6b6088bfff547ac1b.tar.gz
firejail-83ac0239722f85ffed15e3b6b6088bfff547ac1b.tar.zst
firejail-83ac0239722f85ffed15e3b6b6088bfff547ac1b.zip
etc: add allow-ssh.inc
And move the scattered `noblacklist ${HOME}/.ssh` entries into it. Command used to find the relevant files: $ grep -Fnr 'noblacklist ${HOME}/.ssh' etc Also, add it to profile.template, as reminded by @rusty-snake at https://github.com/netblue30/firejail/pull/3885#pullrequestreview-567527031
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/allow-ssh.inc5
-rw-r--r--etc/profile-a-l/android-studio.profile4
-rw-r--r--etc/profile-a-l/aosp.profile4
-rw-r--r--etc/profile-a-l/clion.profile4
-rw-r--r--etc/profile-a-l/filezilla.profile4
-rw-r--r--etc/profile-a-l/git-cola.profile4
-rw-r--r--etc/profile-a-l/git.profile4
-rw-r--r--etc/profile-a-l/gitg.profile4
-rw-r--r--etc/profile-a-l/idea.sh.profile4
-rw-r--r--etc/profile-m-z/meld.profile4
-rw-r--r--etc/profile-m-z/remmina.profile4
-rw-r--r--etc/profile-m-z/seahorse.profile4
-rw-r--r--etc/profile-m-z/ssh-agent.profile4
-rw-r--r--etc/profile-m-z/ssh.profile4
-rw-r--r--etc/profile-m-z/webstorm.profile4
-rw-r--r--etc/profile-m-z/x2goclient.profile4
-rw-r--r--etc/templates/profile.template3
17 files changed, 53 insertions, 15 deletions
diff --git a/etc/inc/allow-ssh.inc b/etc/inc/allow-ssh.inc
new file mode 100644
index 000000000..2e864ad64
--- /dev/null
+++ b/etc/inc/allow-ssh.inc
@@ -0,0 +1,5 @@
1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file.
3include allow-ssh.local
4
5noblacklist ${HOME}/.ssh
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile
index 2e4e564dd..2cdd3a90c 100644
--- a/etc/profile-a-l/android-studio.profile
+++ b/etc/profile-a-l/android-studio.profile
@@ -10,12 +10,14 @@ noblacklist ${HOME}/.android
10noblacklist ${HOME}/.jack-server 10noblacklist ${HOME}/.jack-server
11noblacklist ${HOME}/.jack-settings 11noblacklist ${HOME}/.jack-settings
12noblacklist ${HOME}/.local/share/JetBrains 12noblacklist ${HOME}/.local/share/JetBrains
13noblacklist ${HOME}/.ssh
14noblacklist ${HOME}/.tooling 13noblacklist ${HOME}/.tooling
15 14
16# Allows files commonly used by IDEs 15# Allows files commonly used by IDEs
17include allow-common-devel.inc 16include allow-common-devel.inc
18 17
18# Allow ssh (blacklisted by disable-common.inc)
19include allow-ssh.inc
20
19include disable-common.inc 21include disable-common.inc
20include disable-passwdmgr.inc 22include disable-passwdmgr.inc
21include disable-programs.inc 23include disable-programs.inc
diff --git a/etc/profile-a-l/aosp.profile b/etc/profile-a-l/aosp.profile
index a5b1ba9f1..e7b09283e 100644
--- a/etc/profile-a-l/aosp.profile
+++ b/etc/profile-a-l/aosp.profile
@@ -11,12 +11,14 @@ noblacklist ${HOME}/.jack-server
11noblacklist ${HOME}/.jack-settings 11noblacklist ${HOME}/.jack-settings
12noblacklist ${HOME}/.repo_.gitconfig.json 12noblacklist ${HOME}/.repo_.gitconfig.json
13noblacklist ${HOME}/.repoconfig 13noblacklist ${HOME}/.repoconfig
14noblacklist ${HOME}/.ssh
15noblacklist ${HOME}/.tooling 14noblacklist ${HOME}/.tooling
16 15
17# Allows files commonly used by IDEs 16# Allows files commonly used by IDEs
18include allow-common-devel.inc 17include allow-common-devel.inc
19 18
19# Allow ssh (blacklisted by disable-common.inc)
20include allow-ssh.inc
21
20include disable-common.inc 22include disable-common.inc
21include disable-passwdmgr.inc 23include disable-passwdmgr.inc
22include disable-programs.inc 24include disable-programs.inc
diff --git a/etc/profile-a-l/clion.profile b/etc/profile-a-l/clion.profile
index b27d93684..09246ccbc 100644
--- a/etc/profile-a-l/clion.profile
+++ b/etc/profile-a-l/clion.profile
@@ -11,9 +11,11 @@ noblacklist ${HOME}/.gitconfig
11noblacklist ${HOME}/.git-credentials 11noblacklist ${HOME}/.git-credentials
12noblacklist ${HOME}/.java 12noblacklist ${HOME}/.java
13noblacklist ${HOME}/.local/share/JetBrains 13noblacklist ${HOME}/.local/share/JetBrains
14noblacklist ${HOME}/.ssh
15noblacklist ${HOME}/.tooling 14noblacklist ${HOME}/.tooling
16 15
16# Allow ssh (blacklisted by disable-common.inc)
17include allow-ssh.inc
18
17include disable-common.inc 19include disable-common.inc
18include disable-passwdmgr.inc 20include disable-passwdmgr.inc
19include disable-programs.inc 21include disable-programs.inc
diff --git a/etc/profile-a-l/filezilla.profile b/etc/profile-a-l/filezilla.profile
index 43e877fd0..728929638 100644
--- a/etc/profile-a-l/filezilla.profile
+++ b/etc/profile-a-l/filezilla.profile
@@ -8,12 +8,14 @@ include globals.local
8 8
9noblacklist ${HOME}/.config/filezilla 9noblacklist ${HOME}/.config/filezilla
10noblacklist ${HOME}/.filezilla 10noblacklist ${HOME}/.filezilla
11noblacklist ${HOME}/.ssh
12 11
13# Allow python (blacklisted by disable-interpreters.inc) 12# Allow python (blacklisted by disable-interpreters.inc)
14include allow-python2.inc 13include allow-python2.inc
15include allow-python3.inc 14include allow-python3.inc
16 15
16# Allow ssh (blacklisted by disable-common.inc)
17include allow-ssh.inc
18
17include disable-common.inc 19include disable-common.inc
18include disable-devel.inc 20include disable-devel.inc
19include disable-interpreters.inc 21include disable-interpreters.inc
diff --git a/etc/profile-a-l/git-cola.profile b/etc/profile-a-l/git-cola.profile
index 84e6fc486..312655b9b 100644
--- a/etc/profile-a-l/git-cola.profile
+++ b/etc/profile-a-l/git-cola.profile
@@ -11,7 +11,6 @@ ignore noexec ${HOME}
11noblacklist ${HOME}/.gitconfig 11noblacklist ${HOME}/.gitconfig
12noblacklist ${HOME}/.git-credentials 12noblacklist ${HOME}/.git-credentials
13noblacklist ${HOME}/.gnupg 13noblacklist ${HOME}/.gnupg
14noblacklist ${HOME}/.ssh
15noblacklist ${HOME}/.subversion 14noblacklist ${HOME}/.subversion
16noblacklist ${HOME}/.config/git 15noblacklist ${HOME}/.config/git
17noblacklist ${HOME}/.config/git-cola 16noblacklist ${HOME}/.config/git-cola
@@ -22,6 +21,9 @@ noblacklist ${HOME}/.config/git-cola
22include allow-python2.inc 21include allow-python2.inc
23include allow-python3.inc 22include allow-python3.inc
24 23
24# Allow ssh (blacklisted by disable-common.inc)
25include allow-ssh.inc
26
25include disable-common.inc 27include disable-common.inc
26include disable-devel.inc 28include disable-devel.inc
27include disable-exec.inc 29include disable-exec.inc
diff --git a/etc/profile-a-l/git.profile b/etc/profile-a-l/git.profile
index e5a2f3985..aefb2917d 100644
--- a/etc/profile-a-l/git.profile
+++ b/etc/profile-a-l/git.profile
@@ -15,10 +15,12 @@ noblacklist ${HOME}/.gitconfig
15noblacklist ${HOME}/.git-credentials 15noblacklist ${HOME}/.git-credentials
16noblacklist ${HOME}/.gnupg 16noblacklist ${HOME}/.gnupg
17noblacklist ${HOME}/.nanorc 17noblacklist ${HOME}/.nanorc
18noblacklist ${HOME}/.ssh
19noblacklist ${HOME}/.vim 18noblacklist ${HOME}/.vim
20noblacklist ${HOME}/.viminfo 19noblacklist ${HOME}/.viminfo
21 20
21# Allow ssh (blacklisted by disable-common.inc)
22include allow-ssh.inc
23
22blacklist /tmp/.X11-unix 24blacklist /tmp/.X11-unix
23blacklist ${RUNUSER}/wayland-* 25blacklist ${RUNUSER}/wayland-*
24 26
diff --git a/etc/profile-a-l/gitg.profile b/etc/profile-a-l/gitg.profile
index 3d80c1ed2..93b90eb9e 100644
--- a/etc/profile-a-l/gitg.profile
+++ b/etc/profile-a-l/gitg.profile
@@ -10,7 +10,9 @@ noblacklist ${HOME}/.config/git
10noblacklist ${HOME}/.gitconfig 10noblacklist ${HOME}/.gitconfig
11noblacklist ${HOME}/.git-credentials 11noblacklist ${HOME}/.git-credentials
12noblacklist ${HOME}/.local/share/gitg 12noblacklist ${HOME}/.local/share/gitg
13noblacklist ${HOME}/.ssh 13
14# Allow ssh (blacklisted by disable-common.inc)
15include allow-ssh.inc
14 16
15include disable-common.inc 17include disable-common.inc
16include disable-devel.inc 18include disable-devel.inc
diff --git a/etc/profile-a-l/idea.sh.profile b/etc/profile-a-l/idea.sh.profile
index a7d0d531f..0a048a38a 100644
--- a/etc/profile-a-l/idea.sh.profile
+++ b/etc/profile-a-l/idea.sh.profile
@@ -10,12 +10,14 @@ noblacklist ${HOME}/.android
10noblacklist ${HOME}/.jack-server 10noblacklist ${HOME}/.jack-server
11noblacklist ${HOME}/.jack-settings 11noblacklist ${HOME}/.jack-settings
12noblacklist ${HOME}/.local/share/JetBrains 12noblacklist ${HOME}/.local/share/JetBrains
13noblacklist ${HOME}/.ssh
14noblacklist ${HOME}/.tooling 13noblacklist ${HOME}/.tooling
15 14
16# Allows files commonly used by IDEs 15# Allows files commonly used by IDEs
17include allow-common-devel.inc 16include allow-common-devel.inc
18 17
18# Allow ssh (blacklisted by disable-common.inc)
19include allow-ssh.inc
20
19include disable-common.inc 21include disable-common.inc
20include disable-passwdmgr.inc 22include disable-passwdmgr.inc
21include disable-programs.inc 23include disable-programs.inc
diff --git a/etc/profile-m-z/meld.profile b/etc/profile-m-z/meld.profile
index 6ceeb867f..a5c74047a 100644
--- a/etc/profile-m-z/meld.profile
+++ b/etc/profile-m-z/meld.profile
@@ -18,7 +18,6 @@ noblacklist ${HOME}/.config/git
18noblacklist ${HOME}/.gitconfig 18noblacklist ${HOME}/.gitconfig
19noblacklist ${HOME}/.git-credentials 19noblacklist ${HOME}/.git-credentials
20noblacklist ${HOME}/.local/share/meld 20noblacklist ${HOME}/.local/share/meld
21noblacklist ${HOME}/.ssh
22noblacklist ${HOME}/.subversion 21noblacklist ${HOME}/.subversion
23 22
24# Allow python (blacklisted by disable-interpreters.inc) 23# Allow python (blacklisted by disable-interpreters.inc)
@@ -27,6 +26,9 @@ include allow-python3.inc
27# Python 2 is EOL (see #3164). Uncomment the next line (or put it into your meld.local) if you understand the risks but want python 2 support for older meld versions. 26# Python 2 is EOL (see #3164). Uncomment the next line (or put it into your meld.local) if you understand the risks but want python 2 support for older meld versions.
28#include allow-python2.inc 27#include allow-python2.inc
29 28
29# Allow ssh (blacklisted by disable-common.inc)
30include allow-ssh.inc
31
30# Uncomment the next line (or put it into your meld.local) if you don't need to compare files in disable-common.inc. 32# Uncomment the next line (or put it into your meld.local) if you don't need to compare files in disable-common.inc.
31#include disable-common.inc 33#include disable-common.inc
32include disable-devel.inc 34include disable-devel.inc
diff --git a/etc/profile-m-z/remmina.profile b/etc/profile-m-z/remmina.profile
index 6311c91df..d4c7bdf31 100644
--- a/etc/profile-m-z/remmina.profile
+++ b/etc/profile-m-z/remmina.profile
@@ -9,7 +9,9 @@ include globals.local
9noblacklist ${HOME}/.remmina 9noblacklist ${HOME}/.remmina
10noblacklist ${HOME}/.config/remmina 10noblacklist ${HOME}/.config/remmina
11noblacklist ${HOME}/.local/share/remmina 11noblacklist ${HOME}/.local/share/remmina
12noblacklist ${HOME}/.ssh 12
13# Allow ssh (blacklisted by disable-common.inc)
14include allow-ssh.inc
13 15
14include disable-common.inc 16include disable-common.inc
15include disable-devel.inc 17include disable-devel.inc
diff --git a/etc/profile-m-z/seahorse.profile b/etc/profile-m-z/seahorse.profile
index 8bb1f53a7..0f91c79ec 100644
--- a/etc/profile-m-z/seahorse.profile
+++ b/etc/profile-m-z/seahorse.profile
@@ -9,9 +9,11 @@ include globals.local
9blacklist /tmp/.X11-unix 9blacklist /tmp/.X11-unix
10 10
11noblacklist ${HOME}/.gnupg 11noblacklist ${HOME}/.gnupg
12noblacklist ${HOME}/.ssh
13noblacklist /tmp/ssh-* 12noblacklist /tmp/ssh-*
14 13
14# Allow ssh (blacklisted by disable-common.inc)
15include allow-ssh.inc
16
15include disable-common.inc 17include disable-common.inc
16include disable-devel.inc 18include disable-devel.inc
17include disable-exec.inc 19include disable-exec.inc
diff --git a/etc/profile-m-z/ssh-agent.profile b/etc/profile-m-z/ssh-agent.profile
index 01b63d3ce..d2e2b3408 100644
--- a/etc/profile-m-z/ssh-agent.profile
+++ b/etc/profile-m-z/ssh-agent.profile
@@ -8,7 +8,9 @@ include globals.local
8 8
9noblacklist /etc/ssh 9noblacklist /etc/ssh
10noblacklist /tmp/ssh-* 10noblacklist /tmp/ssh-*
11noblacklist ${HOME}/.ssh 11
12# Allow ssh (blacklisted by disable-common.inc)
13include allow-ssh.inc
12 14
13blacklist /tmp/.X11-unix 15blacklist /tmp/.X11-unix
14blacklist ${RUNUSER}/wayland-* 16blacklist ${RUNUSER}/wayland-*
diff --git a/etc/profile-m-z/ssh.profile b/etc/profile-m-z/ssh.profile
index e3e2b4541..efdf63976 100644
--- a/etc/profile-m-z/ssh.profile
+++ b/etc/profile-m-z/ssh.profile
@@ -9,11 +9,13 @@ include globals.local
9 9
10noblacklist /etc/ssh 10noblacklist /etc/ssh
11noblacklist /tmp/ssh-* 11noblacklist /tmp/ssh-*
12noblacklist ${HOME}/.ssh
13# nc can be used as ProxyCommand, e.g. when using tor 12# nc can be used as ProxyCommand, e.g. when using tor
14noblacklist ${PATH}/nc 13noblacklist ${PATH}/nc
15noblacklist ${PATH}/ncat 14noblacklist ${PATH}/ncat
16 15
16# Allow ssh (blacklisted by disable-common.inc)
17include allow-ssh.inc
18
17include disable-common.inc 19include disable-common.inc
18include disable-exec.inc 20include disable-exec.inc
19include disable-passwdmgr.inc 21include disable-passwdmgr.inc
diff --git a/etc/profile-m-z/webstorm.profile b/etc/profile-m-z/webstorm.profile
index fc4e8e571..a4adf2896 100644
--- a/etc/profile-m-z/webstorm.profile
+++ b/etc/profile-m-z/webstorm.profile
@@ -8,12 +8,14 @@ include globals.local
8noblacklist ${HOME}/.WebStorm* 8noblacklist ${HOME}/.WebStorm*
9noblacklist ${HOME}/.android 9noblacklist ${HOME}/.android
10noblacklist ${HOME}/.local/share/JetBrains 10noblacklist ${HOME}/.local/share/JetBrains
11noblacklist ${HOME}/.ssh
12noblacklist ${HOME}/.tooling 11noblacklist ${HOME}/.tooling
13 12
14# Allows files commonly used by IDEs 13# Allows files commonly used by IDEs
15include allow-common-devel.inc 14include allow-common-devel.inc
16 15
16# Allow ssh (blacklisted by disable-common.inc)
17include allow-ssh.inc
18
17noblacklist ${PATH}/node 19noblacklist ${PATH}/node
18noblacklist ${HOME}/.nvm 20noblacklist ${HOME}/.nvm
19 21
diff --git a/etc/profile-m-z/x2goclient.profile b/etc/profile-m-z/x2goclient.profile
index bc9603835..6146016b2 100644
--- a/etc/profile-m-z/x2goclient.profile
+++ b/etc/profile-m-z/x2goclient.profile
@@ -6,10 +6,12 @@ include x2goclient.local
6# Persistent global definitions 6# Persistent global definitions
7include globals.local 7include globals.local
8 8
9noblacklist ${HOME}/.ssh
10noblacklist ${HOME}/.x2go 9noblacklist ${HOME}/.x2go
11noblacklist ${HOME}/.x2goclient 10noblacklist ${HOME}/.x2goclient
12 11
12# Allow ssh (blacklisted by disable-common.inc)
13include allow-ssh.inc
14
13include disable-common.inc 15include disable-common.inc
14include disable-devel.inc 16include disable-devel.inc
15include disable-exec.inc 17include disable-exec.inc
diff --git a/etc/templates/profile.template b/etc/templates/profile.template
index 3d37fc827..9435fffae 100644
--- a/etc/templates/profile.template
+++ b/etc/templates/profile.template
@@ -103,6 +103,9 @@ include globals.local
103# Allows files commonly used by IDEs 103# Allows files commonly used by IDEs
104#include allow-common-devel.inc 104#include allow-common-devel.inc
105 105
106# Allow ssh (blacklisted by disable-common.inc)
107#include allow-ssh.inc
108
106#include disable-common.inc 109#include disable-common.inc
107#include disable-devel.inc 110#include disable-devel.inc
108#include disable-exec.inc 111#include disable-exec.inc
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-24 10:32:47 +0000