From f18124baa4290e658babc6dd0716232e9a474335 Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Fri, 15 Jan 2021 21:51:20 +0100
Subject: Add new allow include allow-bin-sh.inc

/bin/sh is usually just a symlink to bash. However this is not the case
for every distro, debian for example uses dash. bash,dash and sh have a
blacklist command in disable-shell.inc. An own allow-*.inc for it
enusres usage of all necessary nolacklists.

For private-bin sh is enough because it follows symlinks.
---
 etc/inc/allow-bin-sh.inc              | 7 +++++++
 etc/profile-m-z/mpv.profile           | 2 +-
 etc/profile-m-z/nodejs-common.profile | 4 +---
 3 files changed, 9 insertions(+), 4 deletions(-)
 create mode 100644 etc/inc/allow-bin-sh.inc

diff --git a/etc/inc/allow-bin-sh.inc b/etc/inc/allow-bin-sh.inc
new file mode 100644
index 000000000..d6c295414
--- /dev/null
+++ b/etc/inc/allow-bin-sh.inc
@@ -0,0 +1,7 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include allow-bin-sh.local
+
+noblacklist ${PATH}/bash
+noblacklist ${PATH}/dash
+noblacklist ${PATH}/sh
diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile
index 1d87eeb48..7111febc2 100644
--- a/etc/profile-m-z/mpv.profile
+++ b/etc/profile-m-z/mpv.profile
@@ -21,7 +21,7 @@ include globals.local
 #  - ...
 #
 # Often these scripts require a shell:
-#noblacklist ${PATH}/sh
+#include allow-bin-sh.inc
 #private-bin sh
 
 noblacklist ${HOME}/.config/mpv
diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile
index acef622c2..c12fc9a78 100644
--- a/etc/profile-m-z/nodejs-common.profile
+++ b/etc/profile-m-z/nodejs-common.profile
@@ -12,9 +12,7 @@ blacklist ${RUNUSER}
 
 ignore noexec ${HOME}
 
-noblacklist ${PATH}/bash
-noblacklist ${PATH}/dash
-noblacklist ${PATH}/sh
+include allow-bin-sh.inc
 
 include disable-common.inc
 include disable-exec.inc
-- 
cgit v1.2.3-54-g00ecf