From 4a40e2a5f2009cf282dd783e73e1fb860ac758ba Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Tue, 15 Dec 2020 19:05:54 +0000 Subject: Refactor archivers (#3820) * Create archiver-common.inc * add apparmor to archiver-common.inc * refactor 7z.profile * refactor ar.profile * refactor atool.profile * refactor bsdtar.profile * refactor cpio.profile * refactor gzip.profile * refactor tar.profile * refactor unrar.profile * refactor unzip.profile * refactor xzdec.profile * refactor zstd.profile * rewording * blacklist ${RUNUSER} in archiver-common.inc Thanks to @rusty-snake for suggesting this. * drop non-sensical ${RUNUSER}/wayland-* blacklisting in archiver-common.inc See discussion in https://github.com/netblue30/firejail/pull/3820#discussion_r543523343 --- etc/profile-a-l/gzip.profile | 39 ++------------------------------------- 1 file changed, 2 insertions(+), 37 deletions(-) (limited to 'etc/profile-a-l/gzip.profile') diff --git a/etc/profile-a-l/gzip.profile b/etc/profile-a-l/gzip.profile index 8ec39d8ca..96c1743e3 100644 --- a/etc/profile-a-l/gzip.profile +++ b/etc/profile-a-l/gzip.profile @@ -7,43 +7,8 @@ include gzip.local # Persistent global definitions include globals.local -blacklist ${RUNUSER}/wayland-* - # Arch Linux (based distributions) need access to /var/lib/pacman. As we drop all capabilities this is automatically read-only. noblacklist /var/lib/pacman -include disable-common.inc -include disable-devel.inc -include disable-exec.inc -include disable-interpreters.inc -include disable-passwdmgr.inc -include disable-programs.inc - -apparmor -caps.drop all -hostname gzip -ipc-namespace -machine-id -net none -no3d -nodvd -nogroups -nonewprivs -#noroot -nosound -notv -nou2f -novideo -protocol unix -seccomp -shell none -tracelog -x11 none - -private-cache -private-dev - -dbus-user none -dbus-system none - -memory-deny-write-execute +ignore include disable-shell.inc +include archiver-common.inc -- cgit v1.2.3-70-g09d2