From 7dfd850505c9d99f3e7b95b29f99bb68bd4459ea Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Thu, 20 Jun 2019 20:59:39 +0000 Subject: Arch Linux specific changes (#2788) * Arch Linux specific addition to gzip.profile * Arch Linux specifics for tar.profile * Arch Linux specifics for gzip.profile * Minor re-ordering and wording edits for makepkg.profile * Spacing fix for cower.profile --- etc/makepkg.profile | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'etc/makepkg.profile') diff --git a/etc/makepkg.profile b/etc/makepkg.profile index 55bea9c5e..0120fc2cd 100644 --- a/etc/makepkg.profile +++ b/etc/makepkg.profile @@ -1,5 +1,10 @@ # Firejail profile for makepkg # This file is overwritten after every install/update +quiet +# Persistent local customizations +include makepkg.local +# Persistent global definitions +include globals.local # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138 # for potential issues and their solutions when Firejailing makepkg @@ -8,13 +13,6 @@ # whitelist ${HOME}/ # whitelist ${HOME}/.gnupg -quiet -# Persistent local customizations -include makepkg.local -# Persistent global definitions -include globals.local - - # Enable severely restricted access to ${HOME}/.gnupg noblacklist ${HOME}/.gnupg read-only ${HOME}/.gnupg/gpg.conf @@ -26,8 +24,7 @@ blacklist ${HOME}/.gnupg/private-keys-v1.d blacklist ${HOME}/.gnupg/crls.d blacklist ${HOME}/.gnupg/openpgp-revocs.d - -# Need to be able to read /var/lib/pacman, {Note no capabilities so automatically read-only} +# Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. noblacklist /var/lib/pacman include disable-common.inc -- cgit v1.2.3-70-g09d2