profile #5389

New issue

Closed

opened 2026-05-05 10:37:32 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:37:32 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/5167
Author: @kmk3
Created: 5/30/2022
Status: ✅ Merged
Merged: 5/31/2022
Merged by: @netblue30

Base: master ← Head: mv-sh-profile-blacklist

📝 Commits (3)

c7fde57 kate.profile: add missing include comment
66dc264 disable-common.inc: move blacklist of /etc/profile.d
2e0727f disable-shell.inc: blacklist /etc/profile

📊 Changes

3 files changed (+3 additions, -2 deletions)

View changed files

📝 etc/inc/disable-common.inc (+0 -1)
📝 etc/inc/disable-shell.inc (+2 -0)
📝 etc/profile-a-l/kate.profile (+1 -1)

📄 Description

disable-common.inc: move blacklist of /etc/profile.d

To disable-shell.inc.

Interactive shells can be executed from certain development-related
programs (such as IDEs) and the shells themselves are not blocked by
default, but this shell startup directory currently is. To avoid
running a shell without access to potentially needed startup files, only
blacklist /etc/profile.d when interactive shells are also blocked.

Note that /etc/profile.d should only be of concern to interactive
shells, so a profile that includes both disable-shell.inc and
allow-bin-sh.inc (which likely means that it needs access to only
non-interactive shells) should not be affected by the blacklisting.

Relates to #3411 #5159.

Cc: @hknaack (from #5159).

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/5167 **Author:** [@kmk3](https://github.com/kmk3) **Created:** 5/30/2022 **Status:** ✅ Merged **Merged:** 5/31/2022 **Merged by:** [@netblue30](https://github.com/netblue30) **Base:** `master` ← **Head:** `mv-sh-profile-blacklist` --- ### 📝 Commits (3) - [`c7fde57`](https://github.com/netblue30/firejail/commit/c7fde57d121ce166e247a87969d3cba6894a9c82) kate.profile: add missing include comment - [`66dc264`](https://github.com/netblue30/firejail/commit/66dc2643aca9d19e3d77ad4153d2ec9684a3794f) disable-common.inc: move blacklist of /etc/profile.d - [`2e0727f`](https://github.com/netblue30/firejail/commit/2e0727f62a1577d3b1444876195ae990e7b74055) disable-shell.inc: blacklist /etc/profile ### 📊 Changes **3 files changed** (+3 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `etc/inc/disable-common.inc` (+0 -1) 📝 `etc/inc/disable-shell.inc` (+2 -0) 📝 `etc/profile-a-l/kate.profile` (+1 -1) </details> ### 📄 Description disable-common.inc: move blacklist of /etc/profile.d To disable-shell.inc. Interactive shells can be executed from certain development-related programs (such as IDEs) and the shells themselves are not blocked by default, but this shell startup directory currently is. To avoid running a shell without access to potentially needed startup files, only blacklist /etc/profile.d when interactive shells are also blocked. Note that /etc/profile.d should only be of concern to interactive shells, so a profile that includes both disable-shell.inc and allow-bin-sh.inc (which likely means that it needs access to only non-interactive shells) should not be affected by the blacklisting. Relates to #3411 #5159. Cc: @hknaack (from #5159). --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:37:32 -06:00

closed this issue
added the
pull-request
label

gitea-mirror referenced this issue

2026-05-05 10:39:10 -06:00

[PR #5389] [MERGED] Harden qutebrowser profile #5479

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#5389

No description provided.

Rows
Columns