Create checkbashisms.profile

author: glitsj16 <glitsj16@users.noreply.github.com> 2018-10-11 07:06:28 +0000
committer: GitHub <noreply@github.com> 2018-10-11 07:06:28 +0000
commit: c647e1f6edd8cee0a6d46190d25ccb067c466b26 (patch)
tree: 17f6a9822ae9eb63fff6f43f8d417cf268b9a54a /etc
parent: merges (diff)
download: firejail-c647e1f6edd8cee0a6d46190d25ccb067c466b26.tar.gz
firejail-c647e1f6edd8cee0a6d46190d25ccb067c466b26.tar.zst
firejail-c647e1f6edd8cee0a6d46190d25ccb067c466b26.zip
1 files changed, 49 insertions, 0 deletions
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile
new file mode 100644
index 000000000..c8b8be04e
--- /dev/null
+++ b/etc/checkbashisms.profile
@@ -0,0 +1,49 @@
+# Firejail profile for checkbashisms
+# Description: Lint tool for shell scripts
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/checkbashisms.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${DOCUMENTS}
+# Allow perl (blacklisted by disable-interpreters.inc)
+noblacklist ${PATH}/cpan*
+noblacklist ${PATH}/core_perl
+noblacklist ${PATH}/perl
+noblacklist /usr/lib/perl*
+noblacklist /usr/share/perl*
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
+include /etc/firejail/whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix
+seccomp
+shell none
+private-dev
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
author	glitsj16 <glitsj16@users.noreply.github.com>	2018-10-11 07:06:28 +0000
committer	GitHub <noreply@github.com>	2018-10-11 07:06:28 +0000
commit	c647e1f6edd8cee0a6d46190d25ccb067c466b26 (patch)
tree	17f6a9822ae9eb63fff6f43f8d417cf268b9a54a /etc
parent	merges (diff)
download	firejail-c647e1f6edd8cee0a6d46190d25ccb067c466b26.tar.gz firejail-c647e1f6edd8cee0a6d46190d25ccb067c466b26.tar.zst firejail-c647e1f6edd8cee0a6d46190d25ccb067c466b26.zip

diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile new file mode 100644 index 000000000..c8b8be04e --- /dev/null +++ b/etc/checkbashisms.profile
@@ -0,0 +1,49 @@
	1	# Firejail profile for checkbashisms
	2	# Description: Lint tool for shell scripts
	3	# This file is overwritten after every install/update
	4	quiet
	5	# Persistent local customizations
	6	include /etc/firejail/checkbashisms.local
	7	# Persistent global definitions
	8	include /etc/firejail/globals.local
	9
	10	noblacklist ${DOCUMENTS}
	11
	12	# Allow perl (blacklisted by disable-interpreters.inc)
	13	noblacklist ${PATH}/cpan*
	14	noblacklist ${PATH}/core_perl
	15	noblacklist ${PATH}/perl
	16	noblacklist /usr/lib/perl*
	17	noblacklist /usr/share/perl*
	18
	19	include /etc/firejail/disable-common.inc
	20	include /etc/firejail/disable-devel.inc
	21	include /etc/firejail/disable-interpreters.inc
	22	include /etc/firejail/disable-passwdmgr.inc
	23	include /etc/firejail/disable-programs.inc
	24	include /etc/firejail/disable-xdg.inc
	25
	26	include /etc/firejail/whitelist-var-common.inc
	27
	28	caps.drop all
	29	ipc-namespace
	30	net none
	31	no3d
	32	nodbus
	33	nodvd
	34	nogroups
	35	nonewprivs
	36	noroot
	37	nosound
	38	notv
	39	novideo
	40	protocol unix
	41	seccomp
	42	shell none
	43
	44	private-dev
	45	private-tmp
	46
	47	memory-deny-write-execute
	48	noexec ${HOME}
	49	noexec /tmp