From d452e45a9196aa2f4d34706fcfb7907707a19ff9 Mon Sep 17 00:00:00 2001 From: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Date: Wed, 8 Sep 2021 23:21:07 +0200 Subject: Add profiles for build-systems (/package-managers) Profiles: bunler, cargo (refactor), cmake (untested), make, meson, pip All redirect to build-systems-common.profile Other fixes: - blacklist ${HOME}/.bundle - blacklist ${HOME}/.cargo/* -> blacklist ${HOME}/.cargo - blacklist /usr/lib64/ruby --- etc/profile-a-l/cargo.profile | 61 +++++-------------------------------------- 1 file changed, 7 insertions(+), 54 deletions(-) (limited to 'etc/profile-a-l/cargo.profile') diff --git a/etc/profile-a-l/cargo.profile b/etc/profile-a-l/cargo.profile index ff46cd429..af188e7f9 100644 --- a/etc/profile-a-l/cargo.profile +++ b/etc/profile-a-l/cargo.profile @@ -7,66 +7,19 @@ include cargo.local # Persistent global definitions include globals.local -ignore noexec ${HOME} -ignore noexec /tmp - -blacklist /tmp/.X11-unix -blacklist ${RUNUSER} +ignore read-only ${HOME}/.cargo/bin noblacklist ${HOME}/.cargo/credentials noblacklist ${HOME}/.cargo/credentials.toml -# Allows files commonly used by IDEs -include allow-common-devel.inc - -# Allow ssh (blacklisted by disable-common.inc) -#include allow-ssh.inc - -include disable-common.inc -include disable-exec.inc -include disable-interpreters.inc -include disable-programs.inc -include disable-xdg.inc - -#mkdir ${HOME}/.cargo -#whitelist ${HOME}/YOUR_CARGO_PROJECTS -#whitelist ${HOME}/.cargo -#whitelist ${HOME}/.rustup -#include whitelist-common.inc -whitelist /usr/share/pkgconfig -include whitelist-runuser-common.inc -include whitelist-usr-share-common.inc -include whitelist-var-common.inc +mkdir ${HOME}/.cargo +whitelist ${HOME}/.cargo +whitelist ${HOME}/.rustup -caps.drop all -ipc-namespace -machine-id -netfilter -no3d -nodvd -nogroups -noinput -nonewprivs -noroot -nosound -notv -nou2f -novideo -protocol unix,inet,inet6 -seccomp -seccomp.block-secondary -shell none -tracelog - -disable-mnt #private-bin cargo,rustc -private-cache -private-dev private-etc alternatives,ca-certificates,crypto-policies,group,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,magic,magic.mgc,nsswitch.conf,passwd,pki,protocols,resolv.conf,rpc,services,ssl -private-tmp - -dbus-user none -dbus-system none memory-deny-write-execute -read-write ${HOME}/.cargo/bin + +# Redirect +include build-systems-common.profile -- cgit v1.2.3-70-g09d2