aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--etc/inc/allow-common-devel.inc4
-rw-r--r--etc/inc/allow-nodejs.inc6
-rw-r--r--etc/inc/disable-programs.inc2
-rw-r--r--etc/profile-m-z/npm.profile64
4 files changed, 76 insertions, 0 deletions
diff --git a/etc/inc/allow-common-devel.inc b/etc/inc/allow-common-devel.inc
index 7cd087b14..68e91a09b 100644
--- a/etc/inc/allow-common-devel.inc
+++ b/etc/inc/allow-common-devel.inc
@@ -25,3 +25,7 @@ noblacklist ${HOME}/.cargo/registry
25noblacklist ${HOME}/.cargo/.crates.toml 25noblacklist ${HOME}/.cargo/.crates.toml
26noblacklist ${HOME}/.cargo/.crates2.json 26noblacklist ${HOME}/.cargo/.crates2.json
27noblacklist ${HOME}/.cargo/.package-cache 27noblacklist ${HOME}/.cargo/.package-cache
28
29# npm
30noblacklist ${HOME}/.npm
31noblacklist ${HOME}/.npmrc
diff --git a/etc/inc/allow-nodejs.inc b/etc/inc/allow-nodejs.inc
new file mode 100644
index 000000000..78a4bed80
--- /dev/null
+++ b/etc/inc/allow-nodejs.inc
@@ -0,0 +1,6 @@
1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file.
3include allow-nodejs.local
4
5noblacklist ${PATH}/node
6noblacklist /usr/include/node
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 74d45c4ca..2112c9b4f 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -760,6 +760,8 @@ blacklist ${HOME}/.neverball
760blacklist ${HOME}/.newsbeuter 760blacklist ${HOME}/.newsbeuter
761blacklist ${HOME}/.newsboat 761blacklist ${HOME}/.newsboat
762blacklist ${HOME}/.nicotine 762blacklist ${HOME}/.nicotine
763blacklist ${HOME}/.npm
764blacklist ${HOME}/.npmrc
763blacklist ${HOME}/.nv 765blacklist ${HOME}/.nv
764blacklist ${HOME}/.nylas-mail 766blacklist ${HOME}/.nylas-mail
765blacklist ${HOME}/.openarena 767blacklist ${HOME}/.openarena
diff --git a/etc/profile-m-z/npm.profile b/etc/profile-m-z/npm.profile
new file mode 100644
index 000000000..2136fb443
--- /dev/null
+++ b/etc/profile-m-z/npm.profile
@@ -0,0 +1,64 @@
1# Firejail profile for npm
2# Description: The Node.js Package Manager
3# This file is overwritten after every install/update
4# Persistent local customizations
5include npm.local
6# Persistent global definitions
7include globals.local
8
9blacklist /tmp/.X11-unix
10blacklist ${RUNUSER}
11
12noblacklist ${HOME}/.npm
13noblacklist ${HOME}/.npmrc
14
15noblacklist ${PATH}/bash
16noblacklist ${PATH}/dash
17noblacklist ${PATH}/sh
18
19ignore noexec ${HOME}
20
21include disable-common.inc
22include disable-exec.inc
23include disable-passwdmgr.inc
24include disable-programs.inc
25include disable-shell.inc
26include disable-xdg.inc
27
28# If you want whitelisting, change the line below to your npm projects directory
29# and uncomment the lines below.
30#mkdir ${HOME}/.npm
31#mkfile ${HOME}/.npmrc
32#whitelist ${HOME}/.npm
33#whitelist ${HOME}/.npmrc
34#whitelist ${HOME}/Projects
35#include whitelist-common.inc
36include whitelist-runuser-common.inc
37include whitelist-usr-share-common.inc
38include whitelist-var-common.inc
39
40caps.drop all
41ipc-namespace
42machine-id
43netfilter
44no3d
45nodvd
46nogroups
47nonewprivs
48noroot
49nosound
50notv
51nou2f
52novideo
53protocol unix,inet,inet6,netlink
54seccomp
55seccomp.block-secondary
56shell none
57
58disable-mnt
59private-dev
60private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,xdg
61private-tmp
62
63dbus-user none
64dbus-system none
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-05 14:25:45 +0000