diff options
Diffstat (limited to 'etc/profile-m-z')
-rw-r--r-- | etc/profile-m-z/node.profile | 11 | ||||
-rw-r--r-- | etc/profile-m-z/nodejs-common.profile | 49 | ||||
-rw-r--r-- | etc/profile-m-z/npm.profile | 18 | ||||
-rw-r--r-- | etc/profile-m-z/nvm.profile | 13 | ||||
-rw-r--r-- | etc/profile-m-z/yarn.profile | 20 |
5 files changed, 69 insertions, 42 deletions
diff --git a/etc/profile-m-z/node.profile b/etc/profile-m-z/node.profile new file mode 100644 index 000000000..cd48ed3c7 --- /dev/null +++ b/etc/profile-m-z/node.profile | |||
@@ -0,0 +1,11 @@ | |||
1 | # Firejail profile for node | ||
2 | # Description: Evented I/O for V8 javascript | ||
3 | quiet | ||
4 | # This file is overwritten after every install/update | ||
5 | # Persistent local customizations | ||
6 | include node.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | # Redirect | ||
11 | include nodejs-common.profile | ||
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile index 4095337dd..fa69f9214 100644 --- a/etc/profile-m-z/nodejs-common.profile +++ b/etc/profile-m-z/nodejs-common.profile | |||
@@ -10,6 +10,20 @@ include nodejs-common.local | |||
10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | blacklist ${RUNUSER} | 11 | blacklist ${RUNUSER} |
12 | 12 | ||
13 | ignore read-only ${HOME}/.npm-packages | ||
14 | ignore read-only ${HOME}/.npmrc | ||
15 | ignore read-only ${HOME}/.nvm | ||
16 | ignore read-only ${HOME}/.yarnrc | ||
17 | |||
18 | noblacklist ${HOME}/.node-gyp | ||
19 | noblacklist ${HOME}/.npm | ||
20 | noblacklist ${HOME}/.npmrc | ||
21 | noblacklist ${HOME}/.nvm | ||
22 | noblacklist ${HOME}/.yarn | ||
23 | noblacklist ${HOME}/.yarn-config | ||
24 | noblacklist ${HOME}/.yarncache | ||
25 | noblacklist ${HOME}/.yarnrc | ||
26 | |||
13 | ignore noexec ${HOME} | 27 | ignore noexec ${HOME} |
14 | 28 | ||
15 | include allow-bin-sh.inc | 29 | include allow-bin-sh.inc |
@@ -21,6 +35,32 @@ include disable-programs.inc | |||
21 | include disable-shell.inc | 35 | include disable-shell.inc |
22 | include disable-xdg.inc | 36 | include disable-xdg.inc |
23 | 37 | ||
38 | # If you want whitelisting, change ${HOME}/Projects below to your node projects directory | ||
39 | # and add the next lines to your nodejs-common.local. | ||
40 | #mkdir ${HOME}/.node-gyp | ||
41 | #mkdir ${HOME}/.npm | ||
42 | #mkdir ${HOME}/.npm-packages | ||
43 | #mkfile ${HOME}/.npmrc | ||
44 | #mkdir ${HOME}/.nvm | ||
45 | #mkdir ${HOME}/.yarn | ||
46 | #mkdir ${HOME}/.yarn-config | ||
47 | #mkdir ${HOME}/.yarncache | ||
48 | #mkfile ${HOME}/.yarnrc | ||
49 | #whitelist ${HOME}/.node-gyp | ||
50 | #whitelist ${HOME}/.npm | ||
51 | #whitelist ${HOME}/.npm-packages | ||
52 | #whitelist ${HOME}/.npmrc | ||
53 | #whitelist ${HOME}/.nvm | ||
54 | #whitelist ${HOME}/.yarn | ||
55 | #whitelist ${HOME}/.yarn-config | ||
56 | #whitelist ${HOME}/.yarncache | ||
57 | #whitelist ${HOME}/.yarnrc | ||
58 | #whitelist ${HOME}/Projects | ||
59 | #include whitelist-common.inc | ||
60 | |||
61 | whitelist /usr/share/doc/node | ||
62 | whitelist /usr/share/nvm | ||
63 | whitelist /usr/share/systemtap/tapset/node.stp | ||
24 | include whitelist-runuser-common.inc | 64 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 65 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 66 | include whitelist-var-common.inc |
@@ -46,10 +86,11 @@ shell none | |||
46 | 86 | ||
47 | disable-mnt | 87 | disable-mnt |
48 | private-dev | 88 | private-dev |
49 | # May need to add `passwd` to `private-etc` below to enable debugging with some IDEs | 89 | private-etc alternatives,ca-certificates,crypto-policies,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,mime.types,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl,xdg |
50 | private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,xdg | 90 | #private-tmp |
51 | # May need to be commented out in order to enable debugging with some IDEs | ||
52 | private-tmp | ||
53 | 91 | ||
54 | dbus-user none | 92 | dbus-user none |
55 | dbus-system none | 93 | dbus-system none |
94 | |||
95 | # Add the next line to your nodejs-common.local if you prefer to disable gatsby telemetry. | ||
96 | #env GATSBY_TELEMETRY_DISABLED=1 | ||
diff --git a/etc/profile-m-z/npm.profile b/etc/profile-m-z/npm.profile index f51d58782..4d8beea5a 100644 --- a/etc/profile-m-z/npm.profile +++ b/etc/profile-m-z/npm.profile | |||
@@ -7,23 +7,5 @@ include npm.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | ignore read-only ${HOME}/.npm-packages | ||
11 | ignore read-only ${HOME}/.npmrc | ||
12 | |||
13 | noblacklist ${HOME}/.node-gyp | ||
14 | noblacklist ${HOME}/.npm | ||
15 | noblacklist ${HOME}/.npmrc | ||
16 | |||
17 | # If you want whitelisting, change ${HOME}/Projects below to your npm projects directory | ||
18 | # and add the next lines to your npm.local. | ||
19 | #mkdir ${HOME}/.node-gyp | ||
20 | #mkdir ${HOME}/.npm | ||
21 | #mkfile ${HOME}/.npmrc | ||
22 | #whitelist ${HOME}/.node-gyp | ||
23 | #whitelist ${HOME}/.npm | ||
24 | #whitelist ${HOME}/.npmrc | ||
25 | #whitelist ${HOME}/Projects | ||
26 | #include whitelist-common.inc | ||
27 | |||
28 | # Redirect | 10 | # Redirect |
29 | include nodejs-common.profile | 11 | include nodejs-common.profile |
diff --git a/etc/profile-m-z/nvm.profile b/etc/profile-m-z/nvm.profile new file mode 100644 index 000000000..80da22834 --- /dev/null +++ b/etc/profile-m-z/nvm.profile | |||
@@ -0,0 +1,13 @@ | |||
1 | # Firejail profile for nvm | ||
2 | # Description: Node Version Manager - Simple bash script to manage multiple active node.js versions | ||
3 | quiet | ||
4 | # This file is overwritten after every install/update | ||
5 | # Persistent local customizations | ||
6 | include nvm.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | ignore noroot | ||
11 | |||
12 | # Redirect | ||
13 | include nodejs-common.profile | ||
diff --git a/etc/profile-m-z/yarn.profile b/etc/profile-m-z/yarn.profile index 360bd8442..05b55d071 100644 --- a/etc/profile-m-z/yarn.profile +++ b/etc/profile-m-z/yarn.profile | |||
@@ -6,25 +6,5 @@ include yarn.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | ignore read-only ${HOME}/.yarnrc | ||
10 | |||
11 | noblacklist ${HOME}/.yarn | ||
12 | noblacklist ${HOME}/.yarn-config | ||
13 | noblacklist ${HOME}/.yarncache | ||
14 | noblacklist ${HOME}/.yarnrc | ||
15 | |||
16 | # If you want whitelisting, change ${HOME}/Projects below to your yarn projects directory and | ||
17 | # add the next lines to you yarn.local. | ||
18 | #mkdir ${HOME}/.yarn | ||
19 | #mkdir ${HOME}/.yarn-config | ||
20 | #mkdir ${HOME}/.yarncache | ||
21 | #mkfile ${HOME}/.yarnrc | ||
22 | #whitelist ${HOME}/.yarn | ||
23 | #whitelist ${HOME}/.yarn-config | ||
24 | #whitelist ${HOME}/.yarncache | ||
25 | #whitelist ${HOME}/.yarnrc | ||
26 | #whitelist ${HOME}/Projects | ||
27 | #include whitelist-common.inc | ||
28 | |||
29 | # Redirect | 9 | # Redirect |
30 | include nodejs-common.profile | 10 | include nodejs-common.profile |