diff options
-rw-r--r-- | README | 2 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | etc/disable-common.inc | 33 |
4 files changed, 45 insertions, 10 deletions
@@ -18,6 +18,8 @@ License: GPL v2 | |||
18 | Firejail Authors: | 18 | Firejail Authors: |
19 | 19 | ||
20 | netblue30 (netblue30@yahoo.com) | 20 | netblue30 (netblue30@yahoo.com) |
21 | Daan Bakker (https://github.com/dbakker) | ||
22 | - protect shell startup files | ||
21 | Duncan Overbruck (https://github.com/Duncaen) | 23 | Duncan Overbruck (https://github.com/Duncaen) |
22 | - musl libc fix | 24 | - musl libc fix |
23 | andrew160 (https://github.com/andrew160) | 25 | andrew160 (https://github.com/andrew160) |
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.34-rc1. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.34-rc2. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@yahoo.com>. | 5 | # Report bugs to <netblue30@yahoo.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.34-rc1' | 583 | PACKAGE_VERSION='0.9.34-rc2' |
584 | PACKAGE_STRING='firejail 0.9.34-rc1' | 584 | PACKAGE_STRING='firejail 0.9.34-rc2' |
585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' | 585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
586 | PACKAGE_URL='http://github.com/netblue30/firejail' | 586 | PACKAGE_URL='http://github.com/netblue30/firejail' |
587 | 587 | ||
@@ -1238,7 +1238,7 @@ if test "$ac_init_help" = "long"; then | |||
1238 | # Omit some internal or obsolete options to make the list less imposing. | 1238 | # Omit some internal or obsolete options to make the list less imposing. |
1239 | # This message is too long to be a string in the A/UX 3.1 sh. | 1239 | # This message is too long to be a string in the A/UX 3.1 sh. |
1240 | cat <<_ACEOF | 1240 | cat <<_ACEOF |
1241 | \`configure' configures firejail 0.9.34-rc1 to adapt to many kinds of systems. | 1241 | \`configure' configures firejail 0.9.34-rc2 to adapt to many kinds of systems. |
1242 | 1242 | ||
1243 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1243 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1244 | 1244 | ||
@@ -1299,7 +1299,7 @@ fi | |||
1299 | 1299 | ||
1300 | if test -n "$ac_init_help"; then | 1300 | if test -n "$ac_init_help"; then |
1301 | case $ac_init_help in | 1301 | case $ac_init_help in |
1302 | short | recursive ) echo "Configuration of firejail 0.9.34-rc1:";; | 1302 | short | recursive ) echo "Configuration of firejail 0.9.34-rc2:";; |
1303 | esac | 1303 | esac |
1304 | cat <<\_ACEOF | 1304 | cat <<\_ACEOF |
1305 | 1305 | ||
@@ -1389,7 +1389,7 @@ fi | |||
1389 | test -n "$ac_init_help" && exit $ac_status | 1389 | test -n "$ac_init_help" && exit $ac_status |
1390 | if $ac_init_version; then | 1390 | if $ac_init_version; then |
1391 | cat <<\_ACEOF | 1391 | cat <<\_ACEOF |
1392 | firejail configure 0.9.34-rc1 | 1392 | firejail configure 0.9.34-rc2 |
1393 | generated by GNU Autoconf 2.69 | 1393 | generated by GNU Autoconf 2.69 |
1394 | 1394 | ||
1395 | Copyright (C) 2012 Free Software Foundation, Inc. | 1395 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1691,7 +1691,7 @@ cat >config.log <<_ACEOF | |||
1691 | This file contains any messages produced by compilers while | 1691 | This file contains any messages produced by compilers while |
1692 | running configure, to aid debugging if configure makes a mistake. | 1692 | running configure, to aid debugging if configure makes a mistake. |
1693 | 1693 | ||
1694 | It was created by firejail $as_me 0.9.34-rc1, which was | 1694 | It was created by firejail $as_me 0.9.34-rc2, which was |
1695 | generated by GNU Autoconf 2.69. Invocation command line was | 1695 | generated by GNU Autoconf 2.69. Invocation command line was |
1696 | 1696 | ||
1697 | $ $0 $@ | 1697 | $ $0 $@ |
@@ -4102,7 +4102,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4102 | # report actual input values of CONFIG_FILES etc. instead of their | 4102 | # report actual input values of CONFIG_FILES etc. instead of their |
4103 | # values after options handling. | 4103 | # values after options handling. |
4104 | ac_log=" | 4104 | ac_log=" |
4105 | This file was extended by firejail $as_me 0.9.34-rc1, which was | 4105 | This file was extended by firejail $as_me 0.9.34-rc2, which was |
4106 | generated by GNU Autoconf 2.69. Invocation command line was | 4106 | generated by GNU Autoconf 2.69. Invocation command line was |
4107 | 4107 | ||
4108 | CONFIG_FILES = $CONFIG_FILES | 4108 | CONFIG_FILES = $CONFIG_FILES |
@@ -4156,7 +4156,7 @@ _ACEOF | |||
4156 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4156 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4157 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4157 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4158 | ac_cs_version="\\ | 4158 | ac_cs_version="\\ |
4159 | firejail config.status 0.9.34-rc1 | 4159 | firejail config.status 0.9.34-rc2 |
4160 | configured by $0, generated by GNU Autoconf 2.69, | 4160 | configured by $0, generated by GNU Autoconf 2.69, |
4161 | with options \\"\$ac_cs_config\\" | 4161 | with options \\"\$ac_cs_config\\" |
4162 | 4162 | ||
diff --git a/configure.ac b/configure.ac index 70a1ce3ec..352cf0d12 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,5 +1,5 @@ | |||
1 | AC_PREREQ([2.68]) | 1 | AC_PREREQ([2.68]) |
2 | AC_INIT(firejail, 0.9.34-rc1, netblue30@yahoo.com, , http://github.com/netblue30/firejail) | 2 | AC_INIT(firejail, 0.9.34-rc2, netblue30@yahoo.com, , http://github.com/netblue30/firejail) |
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
5 | 5 | ||
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index ece906717..87a979034 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -76,3 +76,36 @@ blacklist /etc/profile.d | |||
76 | blacklist /etc/rc.local | 76 | blacklist /etc/rc.local |
77 | blacklist /etc/anacrontab | 77 | blacklist /etc/anacrontab |
78 | 78 | ||
79 | # General startup files | ||
80 | read-only ${HOME}/.xinitrc | ||
81 | read-only ${HOME}/.xserverrc | ||
82 | read-only ${HOME}/.profile | ||
83 | |||
84 | # Shell startup files | ||
85 | read-only ${HOME}/.bash_login | ||
86 | read-only ${HOME}/.bashrc | ||
87 | read-only ${HOME}/.bash_profile | ||
88 | read-only ${HOME}/.bash_logout | ||
89 | read-only ${HOME}/.zshrc | ||
90 | read-only ${HOME}/.zlogin | ||
91 | read-only ${HOME}/.zprofile | ||
92 | read-only ${HOME}/.zlogout | ||
93 | read-only ${HOME}/.zsh_files | ||
94 | read-only ${HOME}/.tcshrc | ||
95 | read-only ${HOME}/.cshrc | ||
96 | read-only ${HOME}/.csh_files | ||
97 | |||
98 | # Initialization files that allow arbitrary command execution | ||
99 | read-only ${HOME}/.mailcap | ||
100 | read-only ${HOME}/.exrc | ||
101 | read-only ${HOME}/.vimrc | ||
102 | read-only ${HOME}/.vim | ||
103 | read-only ${HOME}/.emacs | ||
104 | read-only ${HOME}/.tmux.conf | ||
105 | read-only ${HOME}/.iscreenrc | ||
106 | read-only ${HOME}/.muttrc | ||
107 | read-only ${HOME}/.xmonad | ||
108 | |||
109 | # The user ~/bin directory can override commands such as ls | ||
110 | read-only ${HOME}/bin | ||
111 | |||