From 37452ef1a71473b87431c3c708d3b31ca1b7a25f Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Mon, 11 Jan 2021 17:32:31 +0000
Subject: refactor nodejs applications (npm & yarn) (#3876)

* add yarn & reorder

* add node-gyp & yarn files

* Create nodejs-common.profile

* Create yarn.profile

* refactor npm.profile

* add new profile: yarn

* read-only's for npm/yarn

Thanks to the [suggestion](https://github.com/netblue30/firejail/pull/3876#pullrequestreview-564682989) from @kmk3.

* ignore read-only's for npm

As [suggested](https://github.com/netblue30/firejail/pull/3876#pullrequestreview-564682989) by @kmk3.

* ignore read-only for yarn

As suggested in https://github.com/netblue30/firejail/pull/3876#pullrequestreview-564682989 by @kmk3.

* remove quiet from nodejs-common.profile

quiet should go into the caller profiles instead

* add quiet to npm.profile

Thanks @rusty-snake for the review.

* re-ordering some options

* re-ordering
---
 etc/profile-m-z/nodejs-common.profile | 54 +++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 etc/profile-m-z/nodejs-common.profile

(limited to 'etc/profile-m-z/nodejs-common.profile')

diff --git a/etc/profile-m-z/nodejs-common.profile b/etc/profile-m-z/nodejs-common.profile
new file mode 100644
index 000000000..acef622c2
--- /dev/null
+++ b/etc/profile-m-z/nodejs-common.profile
@@ -0,0 +1,54 @@
+# Firejail profile for Node.js
+# Description: Common profile for npm/yarn
+# This file is overwritten after every install/update
+# Persistent local customizations
+include nodejs-common.local
+# Persistent global definitions
+# added by caller profile
+#include globals.local
+
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}
+
+ignore noexec ${HOME}
+
+noblacklist ${PATH}/bash
+noblacklist ${PATH}/dash
+noblacklist ${PATH}/sh
+
+include disable-common.inc
+include disable-exec.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink
+seccomp
+seccomp.block-secondary
+shell none
+
+disable-mnt
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,login.defs,mime.types,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl,xdg
+private-tmp
+
+dbus-user none
+dbus-system none
-- 
cgit v1.2.3-70-g09d2