From c6d33375cc34e4e5e527ab43c219adfbc8848c62 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Fri, 11 Aug 2023 05:26:05 -0300 Subject: profiles: fix commented code and eol comments Main changes: * Remove the space after `#` for commented code lines to distinguish them from normal comments * Use `#` instead of `-` for comments at the end of the line so that commented code lines work after being uncommented Commands used to search and replace: arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list | LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')" arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list | LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')" git ls-files -z -- etc/inc etc/profile* | xargs -0 -I '{}' \ sh -c "printf '%s\n' \"\$(sed -E \ -e 's/^# ($arg0)( [#-]-? .*)?\$/#\\1\\2/' \ -e 's/^# ($arg1)( [^ ]*)?( [#-]-? .*)?\$/#\\1\\2\\3/' \ -e 's/^# (whitelist \\$)/#\\1/' \ -e 's/^(#[^ ].+) --? /\\1 # /' \ '{}')\" >'{}'" Commands used to check for leftover entries: arg0="$(cat contrib/syntax/lists/profile_commands_arg0.list | LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')" arg1="$(cat contrib/syntax/lists/profile_commands_arg1.list | LC_ALL=C sort -u | tr '\n' '|' | sed -e 's/|$//' -e 's/\./\\./g')" git grep -E "^# ($arg0|$arg1)( +|$)" -- etc/inc etc/profile* See also commit 30f9ad908 ("build: improve comments in firecfg.config", 2023-08-05) / PR #5942. --- etc/profile-a-l/default.profile | 64 ++++++++++++++++++++--------------------- 1 file changed, 32 insertions(+), 32 deletions(-) (limited to 'etc/profile-a-l/default.profile') diff --git a/etc/profile-a-l/default.profile b/etc/profile-a-l/default.profile index 377c4e2e3..c071da4b7 100644 --- a/etc/profile-a-l/default.profile +++ b/etc/profile-a-l/default.profile @@ -9,54 +9,54 @@ include globals.local # depending on your usage, you can enable some of the commands below: include disable-common.inc -# include disable-devel.inc -# include disable-exec.inc -# include disable-interpreters.inc +#include disable-devel.inc +#include disable-exec.inc +#include disable-interpreters.inc include disable-programs.inc -# include disable-shell.inc -# include disable-write-mnt.inc -# include disable-xdg.inc +#include disable-shell.inc +#include disable-write-mnt.inc +#include disable-xdg.inc -# include whitelist-common.inc -# include whitelist-runuser-common.inc -# include whitelist-usr-share-common.inc -# include whitelist-var-common.inc +#include whitelist-common.inc +#include whitelist-runuser-common.inc +#include whitelist-usr-share-common.inc +#include whitelist-var-common.inc -# apparmor +#apparmor caps.drop all -# ipc-namespace -# machine-id -# net none +#ipc-namespace +#machine-id +#net none netfilter -# no3d -# nodvd -# nogroups +#no3d +#nodvd +#nogroups noinput nonewprivs noroot -# nosound +#nosound notv -# nou2f +#nou2f novideo protocol unix,inet,inet6 seccomp -# tracelog +#tracelog -# disable-mnt -# private -# private-bin program -# private-cache +#disable-mnt +#private +#private-bin program +#private-cache private-dev # see /usr/share/doc/firejail/profile.template for more common private-etc paths. -# private-etc alternatives,fonts,machine-id -# private-lib -# private-opt none +#private-etc alternatives,fonts,machine-id +#private-lib +#private-opt none private-tmp -# dbus-user none -# dbus-system none +#dbus-user none +#dbus-system none -# deterministic-shutdown -# memory-deny-write-execute -# read-only ${HOME} +#deterministic-shutdown +#memory-deny-write-execute +#read-only ${HOME} restrict-namespaces -- cgit v1.2.3-70-g09d2