disable-shell.inc (#3411)

* disable-shell.inc * add disable-shell.inc to all profiles with a … … private-bin line without bash/sh except profiles with redirect profiles. * add it to some more profiles * exclude aria2c.profile
netblue30 · Jun 4, 2020 · 2c914c7 · 2c914c7
1 parent 52e24db
commit 2c914c7
Show file tree

Hide file tree

Showing 183 changed files with 197 additions and 2 deletions.
diff --git a/etc/inc/disable-shell.inc b/etc/inc/disable-shell.inc
@@ -0,0 +1,13 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include disable-shell.local
+
+blacklist ${PATH}/bash
+blacklist ${PATH}/csh
+blacklist ${PATH}/dash
+blacklist ${PATH}/fish
+blacklist ${PATH}/ksh
+blacklist ${PATH}/sh
+blacklist ${PATH}/tclsh
+blacklist ${PATH}/tcsh
+blacklist ${PATH}/zsh
diff --git a/etc/profile-a-l/abiword.profile b/etc/profile-a-l/abiword.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 whitelist /usr/share/abiword-3.0
 include whitelist-usr-share-common.inc

diff --git a/etc/profile-a-l/akregator.profile b/etc/profile-a-l/akregator.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 mkfile ${HOME}/.config/akregatorrc
 mkdir ${HOME}/.local/share/akregator

diff --git a/etc/profile-a-l/anki.profile b/etc/profile-a-l/anki.profile
@@ -19,6 +19,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.local/share/Anki2

diff --git a/etc/profile-a-l/anydesk.profile b/etc/profile-a-l/anydesk.profile
@@ -9,9 +9,10 @@ noblacklist ${HOME}/.anydesk
 
 include disable-common.inc
 include disable-devel.inc
+include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-include disable-interpreters.inc
+include disable-shell.inc
 
 mkdir ${HOME}/.anydesk
 whitelist ${HOME}/.anydesk

diff --git a/etc/profile-a-l/ar.profile b/etc/profile-a-l/ar.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 apparmor
 caps.drop all

diff --git a/etc/profile-a-l/arch-audit.profile b/etc/profile-a-l/arch-audit.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/arch-audit

diff --git a/etc/profile-a-l/artha.profile b/etc/profile-a-l/artha.profile
@@ -19,6 +19,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 # whitelisting in ${HOME} makes settings immutable, see #3112

diff --git a/etc/profile-a-l/assogiate.profile b/etc/profile-a-l/assogiate.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist ${PICTURES}

diff --git a/etc/profile-a-l/audacity.profile b/etc/profile-a-l/audacity.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-var-common.inc

diff --git a/etc/profile-a-l/aweather.profile b/etc/profile-a-l/aweather.profile
@@ -13,6 +13,7 @@ include disable-devel.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 mkdir ${HOME}/.config/aweather
 whitelist ${HOME}/.config/aweather

diff --git a/etc/profile-a-l/baobab.profile b/etc/profile-a-l/baobab.profile
@@ -12,6 +12,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 # include disable-programs.inc
+include disable-shell.inc
 # include disable-xdg.inc
 
 include whitelist-runuser-common.inc

diff --git a/etc/profile-a-l/bitcoin-qt.profile b/etc/profile-a-l/bitcoin-qt.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 mkdir ${HOME}/.bitcoin
 mkdir ${HOME}/.config/Bitcoin

diff --git a/etc/profile-a-l/bitwarden.profile b/etc/profile-a-l/bitwarden.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/Bitwarden

diff --git a/etc/profile-a-l/blobwars.profile b/etc/profile-a-l/blobwars.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.parallelrealities/blobwars

diff --git a/etc/profile-a-l/bzflag.profile b/etc/profile-a-l/bzflag.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.bzf

diff --git a/etc/profile-a-l/cameramonitor.profile b/etc/profile-a-l/cameramonitor.profile
@@ -17,6 +17,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/cameramonitor

diff --git a/etc/profile-a-l/cantata.profile b/etc/profile-a-l/cantata.profile
@@ -20,6 +20,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 # apparmor

diff --git a/etc/profile-a-l/cmus.profile b/etc/profile-a-l/cmus.profile
@@ -14,6 +14,7 @@ include disable-devel.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 caps.drop all

diff --git a/etc/profile-a-l/com.github.dahenson.agenda.profile b/etc/profile-a-l/com.github.dahenson.agenda.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/agenda

diff --git a/etc/profile-a-l/com.github.johnfactotum.Foliate.profile b/etc/profile-a-l/com.github.johnfactotum.Foliate.profile
@@ -19,6 +19,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/com.github.johnfactotum.Foliate

diff --git a/etc/profile-a-l/corebird.profile b/etc/profile-a-l/corebird.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-var-common.inc

diff --git a/etc/profile-a-l/cower.profile b/etc/profile-a-l/cower.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 # This profile could be significantly strengthened by adding the following to cower.local

diff --git a/etc/profile-a-l/crow.profile b/etc/profile-a-l/crow.profile
@@ -17,6 +17,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-common.inc

diff --git a/etc/profile-a-l/d-feet.profile b/etc/profile-a-l/d-feet.profile
@@ -18,6 +18,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/d-feet

diff --git a/etc/profile-a-l/dconf-editor.profile b/etc/profile-a-l/dconf-editor.profile
@@ -12,6 +12,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist ${HOME}/.local/share/glib-2.0

diff --git a/etc/profile-a-l/devhelp.profile b/etc/profile-a-l/devhelp.profile
@@ -13,6 +13,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/devhelp

diff --git a/etc/profile-a-l/dino.profile b/etc/profile-a-l/dino.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 mkdir ${HOME}/.local/share/dino
 whitelist ${HOME}/.local/share/dino

diff --git a/etc/profile-a-l/display.profile b/etc/profile-a-l/display.profile
@@ -17,6 +17,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-usr-share-common.inc

diff --git a/etc/profile-a-l/dosbox.profile b/etc/profile-a-l/dosbox.profile
@@ -14,6 +14,7 @@ include disable-devel.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-var-common.inc

diff --git a/etc/profile-a-l/dragon.profile b/etc/profile-a-l/dragon.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/dragonplayer

diff --git a/etc/profile-a-l/drawio.profile b/etc/profile-a-l/drawio.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/draw.io

diff --git a/etc/profile-a-l/electron-mail.profile b/etc/profile-a-l/electron-mail.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/electron-mail

diff --git a/etc/profile-a-l/electrum.profile b/etc/profile-a-l/electrum.profile
@@ -18,6 +18,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.electrum

diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.etr

diff --git a/etc/profile-a-l/evince.profile b/etc/profile-a-l/evince.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/doc

diff --git a/etc/profile-a-l/exfalso.profile b/etc/profile-a-l/exfalso.profile
@@ -22,6 +22,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.quodlibet

diff --git a/etc/profile-a-l/fbreader.profile b/etc/profile-a-l/fbreader.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-var-common.inc

diff --git a/etc/profile-a-l/feh.profile b/etc/profile-a-l/feh.profile
@@ -12,6 +12,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 
 # This profile disables network access
 # In order to enable network access,

diff --git a/etc/profile-a-l/ffmpeg.profile b/etc/profile-a-l/ffmpeg.profile
@@ -16,6 +16,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/devedeng

diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-runuser-common.inc

diff --git a/etc/profile-a-l/font-manager.profile b/etc/profile-a-l/font-manager.profile
@@ -19,6 +19,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/font-manager

diff --git a/etc/profile-a-l/galculator.profile b/etc/profile-a-l/galculator.profile
@@ -14,6 +14,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/galculator

diff --git a/etc/profile-a-l/gfeeds.profile b/etc/profile-a-l/gfeeds.profile
@@ -19,6 +19,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.cache/gfeeds

diff --git a/etc/profile-a-l/ghostwriter.profile b/etc/profile-a-l/ghostwriter.profile
@@ -17,6 +17,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/ghostwriter

diff --git a/etc/profile-a-l/gnome-calculator.profile b/etc/profile-a-l/gnome-calculator.profile
@@ -13,6 +13,7 @@ include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-interpreters.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 include whitelist-common.inc

diff --git a/etc/profile-a-l/gnome-characters.profile b/etc/profile-a-l/gnome-characters.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 whitelist /usr/share/org.gnome.Characters

diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile
@@ -15,6 +15,7 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 #mkdir ${HOME}/.local/share/gnome-chess