From 03af910fdcb5fbdc3b2bb00df716debf6593876d Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Thu, 2 Jun 2022 00:14:04 -0300
Subject: disable-shell.inc: add global shell paths from ids.config

Since /etc/profile is present, add the other shell-related paths in /etc
that are listed on ids.config.

Suggestion by @rusty-snake[1].

Relates to #5167 #5170.

[1] https://github.com/netblue30/firejail/pull/5167#pullrequestreview-989621852
---
 etc/inc/disable-shell.inc | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

(limited to 'etc/inc')

diff --git a/etc/inc/disable-shell.inc b/etc/inc/disable-shell.inc
index 3f19cdcf9..b1bfcd161 100644
--- a/etc/inc/disable-shell.inc
+++ b/etc/inc/disable-shell.inc
@@ -13,5 +13,35 @@ blacklist ${PATH}/sh
 blacklist ${PATH}/tclsh
 blacklist ${PATH}/tcsh
 blacklist ${PATH}/zsh
+
+# Note: This list should be kept in sync with the one in ../ids.config.
+### shells global ###
+# all
+blacklist /etc/dircolors
+blacklist /etc/environment
 blacklist /etc/profile
 blacklist /etc/profile.d
+blacklist /etc/shells
+blacklist /etc/skel
+# bash
+blacklist /etc/bash
+blacklist /etc/bash.bashrc
+blacklist /etc/bash_completion*
+blacklist /etc/bashrc
+# fish
+blacklist /etc/fish
+# ksh
+blacklist /etc/ksh.kshrc
+blacklist /etc/suid_profile
+# tcsh
+blacklist /etc/complete.tcsh
+blacklist /etc/csh.cshrc
+blacklist /etc/csh.login
+blacklist /etc/csh.logout
+# zsh
+blacklist /etc/zlogin
+blacklist /etc/zlogout
+blacklist /etc/zprofile
+blacklist /etc/zsh
+blacklist /etc/zshenv
+blacklist /etc/zshrc
-- 
cgit v1.2.3-54-g00ecf