1 files changed, 49 insertions, 0 deletions
diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile
new file mode 100644
index 000000000..c8b8be04e
--- /dev/null
+++ b/etc/checkbashisms.profile
@@ -0,0 +1,49 @@
+# Firejail profile for checkbashisms
+# Description: Lint tool for shell scripts
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/checkbashisms.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${DOCUMENTS}
+# Allow perl (blacklisted by disable-interpreters.inc)
+noblacklist ${PATH}/cpan*
+noblacklist ${PATH}/core_perl
+noblacklist ${PATH}/perl
+noblacklist /usr/lib/perl*
+noblacklist /usr/share/perl*
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
+include /etc/firejail/whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix
+seccomp
+shell none
+private-dev
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp

diff --git a/etc/checkbashisms.profile b/etc/checkbashisms.profile new file mode 100644 index 000000000..c8b8be04e --- /dev/null +++ b/etc/checkbashisms.profile
@@ -0,0 +1,49 @@
	1	# Firejail profile for checkbashisms
	2	# Description: Lint tool for shell scripts
	3	# This file is overwritten after every install/update
	4	quiet
	5	# Persistent local customizations
	6	include /etc/firejail/checkbashisms.local
	7	# Persistent global definitions
	8	include /etc/firejail/globals.local
	9
	10	noblacklist ${DOCUMENTS}
	11
	12	# Allow perl (blacklisted by disable-interpreters.inc)
	13	noblacklist ${PATH}/cpan*
	14	noblacklist ${PATH}/core_perl
	15	noblacklist ${PATH}/perl
	16	noblacklist /usr/lib/perl*
	17	noblacklist /usr/share/perl*
	18
	19	include /etc/firejail/disable-common.inc
	20	include /etc/firejail/disable-devel.inc
	21	include /etc/firejail/disable-interpreters.inc
	22	include /etc/firejail/disable-passwdmgr.inc
	23	include /etc/firejail/disable-programs.inc
	24	include /etc/firejail/disable-xdg.inc
	25
	26	include /etc/firejail/whitelist-var-common.inc
	27
	28	caps.drop all
	29	ipc-namespace
	30	net none
	31	no3d
	32	nodbus
	33	nodvd
	34	nogroups
	35	nonewprivs
	36	noroot
	37	nosound
	38	notv
	39	novideo
	40	protocol unix
	41	seccomp
	42	shell none
	43
	44	private-dev
	45	private-tmp
	46
	47	memory-deny-write-execute
	48	noexec ${HOME}
	49	noexec /tmp