diff options
Diffstat (limited to 'etc/makepkg.profile')
-rw-r--r-- | etc/makepkg.profile | 15 |
1 files changed, 6 insertions, 9 deletions
diff --git a/etc/makepkg.profile b/etc/makepkg.profile index 55bea9c5e..0120fc2cd 100644 --- a/etc/makepkg.profile +++ b/etc/makepkg.profile | |||
@@ -1,5 +1,10 @@ | |||
1 | # Firejail profile for makepkg | 1 | # Firejail profile for makepkg |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | ||
4 | # Persistent local customizations | ||
5 | include makepkg.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
3 | 8 | ||
4 | # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 | 9 | # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 |
5 | # for potential issues and their solutions when Firejailing makepkg | 10 | # for potential issues and their solutions when Firejailing makepkg |
@@ -8,13 +13,6 @@ | |||
8 | # whitelist ${HOME}/<Your Build Folder> | 13 | # whitelist ${HOME}/<Your Build Folder> |
9 | # whitelist ${HOME}/.gnupg | 14 | # whitelist ${HOME}/.gnupg |
10 | 15 | ||
11 | quiet | ||
12 | # Persistent local customizations | ||
13 | include makepkg.local | ||
14 | # Persistent global definitions | ||
15 | include globals.local | ||
16 | |||
17 | |||
18 | # Enable severely restricted access to ${HOME}/.gnupg | 16 | # Enable severely restricted access to ${HOME}/.gnupg |
19 | noblacklist ${HOME}/.gnupg | 17 | noblacklist ${HOME}/.gnupg |
20 | read-only ${HOME}/.gnupg/gpg.conf | 18 | read-only ${HOME}/.gnupg/gpg.conf |
@@ -26,8 +24,7 @@ blacklist ${HOME}/.gnupg/private-keys-v1.d | |||
26 | blacklist ${HOME}/.gnupg/crls.d | 24 | blacklist ${HOME}/.gnupg/crls.d |
27 | blacklist ${HOME}/.gnupg/openpgp-revocs.d | 25 | blacklist ${HOME}/.gnupg/openpgp-revocs.d |
28 | 26 | ||
29 | 27 | # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. | |
30 | # Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} | ||
31 | noblacklist /var/lib/pacman | 28 | noblacklist /var/lib/pacman |
32 | 29 | ||
33 | include disable-common.inc | 30 | include disable-common.inc |