mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-16 14:16:16 -06:00
Protect shell startup files
This commit is contained in:
netblue30
parent
9f0bfe58c7
commit
2b37849dbd
4 changed files with 45 additions and 10 deletions
2
README
2
README
|
|
@ -18,6 +18,8 @@ License: GPL v2
|
|||
Firejail Authors:
|
||||
|
||||
netblue30 (netblue30@yahoo.com)
|
||||
Daan Bakker (https://github.com/dbakker)
|
||||
- protect shell startup files
|
||||
Duncan Overbruck (https://github.com/Duncaen)
|
||||
- musl libc fix
|
||||
andrew160 (https://github.com/andrew160)
|
||||
|
|
|
|||
18
configure
vendored
18
configure
vendored
|
|
@ -1,6 +1,6 @@
|
|||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.69 for firejail 0.9.34-rc1.
|
||||
# Generated by GNU Autoconf 2.69 for firejail 0.9.34-rc2.
|
||||
#
|
||||
# Report bugs to <netblue30@yahoo.com>.
|
||||
#
|
||||
|
|
@ -580,8 +580,8 @@ MAKEFLAGS=
|
|||
# Identity of this package.
|
||||
PACKAGE_NAME='firejail'
|
||||
PACKAGE_TARNAME='firejail'
|
||||
PACKAGE_VERSION='0.9.34-rc1'
|
||||
PACKAGE_STRING='firejail 0.9.34-rc1'
|
||||
PACKAGE_VERSION='0.9.34-rc2'
|
||||
PACKAGE_STRING='firejail 0.9.34-rc2'
|
||||
PACKAGE_BUGREPORT='netblue30@yahoo.com'
|
||||
PACKAGE_URL='http://github.com/netblue30/firejail'
|
||||
|
||||
|
|
@ -1238,7 +1238,7 @@ if test "$ac_init_help" = "long"; then
|
|||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures firejail 0.9.34-rc1 to adapt to many kinds of systems.
|
||||
\`configure' configures firejail 0.9.34-rc2 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
|
|
@ -1299,7 +1299,7 @@ fi
|
|||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of firejail 0.9.34-rc1:";;
|
||||
short | recursive ) echo "Configuration of firejail 0.9.34-rc2:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
|
|
@ -1389,7 +1389,7 @@ fi
|
|||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
firejail configure 0.9.34-rc1
|
||||
firejail configure 0.9.34-rc2
|
||||
generated by GNU Autoconf 2.69
|
||||
|
||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||
|
|
@ -1691,7 +1691,7 @@ cat >config.log <<_ACEOF
|
|||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by firejail $as_me 0.9.34-rc1, which was
|
||||
It was created by firejail $as_me 0.9.34-rc2, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
|
|
@ -4102,7 +4102,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
|||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by firejail $as_me 0.9.34-rc1, which was
|
||||
This file was extended by firejail $as_me 0.9.34-rc2, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
|
|
@ -4156,7 +4156,7 @@ _ACEOF
|
|||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||
ac_cs_version="\\
|
||||
firejail config.status 0.9.34-rc1
|
||||
firejail config.status 0.9.34-rc2
|
||||
configured by $0, generated by GNU Autoconf 2.69,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
AC_PREREQ([2.68])
|
||||
AC_INIT(firejail, 0.9.34-rc1, netblue30@yahoo.com, , http://github.com/netblue30/firejail)
|
||||
AC_INIT(firejail, 0.9.34-rc2, netblue30@yahoo.com, , http://github.com/netblue30/firejail)
|
||||
AC_CONFIG_SRCDIR([src/firejail/main.c])
|
||||
#AC_CONFIG_HEADERS([config.h])
|
||||
|
||||
|
|
|
|||
|
|
@ -76,3 +76,36 @@ blacklist /etc/profile.d
|
|||
blacklist /etc/rc.local
|
||||
blacklist /etc/anacrontab
|
||||
|
||||
# General startup files
|
||||
read-only ${HOME}/.xinitrc
|
||||
read-only ${HOME}/.xserverrc
|
||||
read-only ${HOME}/.profile
|
||||
|
||||
# Shell startup files
|
||||
read-only ${HOME}/.bash_login
|
||||
read-only ${HOME}/.bashrc
|
||||
read-only ${HOME}/.bash_profile
|
||||
read-only ${HOME}/.bash_logout
|
||||
read-only ${HOME}/.zshrc
|
||||
read-only ${HOME}/.zlogin
|
||||
read-only ${HOME}/.zprofile
|
||||
read-only ${HOME}/.zlogout
|
||||
read-only ${HOME}/.zsh_files
|
||||
read-only ${HOME}/.tcshrc
|
||||
read-only ${HOME}/.cshrc
|
||||
read-only ${HOME}/.csh_files
|
||||
|
||||
# Initialization files that allow arbitrary command execution
|
||||
read-only ${HOME}/.mailcap
|
||||
read-only ${HOME}/.exrc
|
||||
read-only ${HOME}/.vimrc
|
||||
read-only ${HOME}/.vim
|
||||
read-only ${HOME}/.emacs
|
||||
read-only ${HOME}/.tmux.conf
|
||||
read-only ${HOME}/.iscreenrc
|
||||
read-only ${HOME}/.muttrc
|
||||
read-only ${HOME}/.xmonad
|
||||
|
||||
# The user ~/bin directory can override commands such as ls
|
||||
read-only ${HOME}/bin
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue