From b4e225df75a2be56941cc8d65fe88df2eeec8fa2 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Wed, 16 Dec 2020 21:31:12 +0000 Subject: [PATCH 1/6] drop private-bin --- etc/profile-a-l/7z.profile | 2 -- 1 file changed, 2 deletions(-) diff --git a/etc/profile-a-l/7z.profile b/etc/profile-a-l/7z.profile index 4f9e72a791b..5e1c17b2834 100644 --- a/etc/profile-a-l/7z.profile +++ b/etc/profile-a-l/7z.profile @@ -10,5 +10,3 @@ include globals.local noblacklist ${PATH}/bash noblacklist ${PATH}/sh include archiver-common.inc - -private-bin 7z,7z*,bash,p7zip,sh From 5b277b144153bfe76a0ab553d7f1d843aef2de91 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Wed, 16 Dec 2020 21:32:07 +0000 Subject: [PATCH 2/6] drop private-bin --- etc/profile-a-l/ar.profile | 2 -- 1 file changed, 2 deletions(-) diff --git a/etc/profile-a-l/ar.profile b/etc/profile-a-l/ar.profile index a600eddef0b..c2b21580791 100644 --- a/etc/profile-a-l/ar.profile +++ b/etc/profile-a-l/ar.profile @@ -8,5 +8,3 @@ include ar.local include globals.local include archiver-common.inc - -private-bin ar From 03e38b232824e1fc881f4dc86737ce29f460a327 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Wed, 16 Dec 2020 21:34:29 +0000 Subject: [PATCH 3/6] drop private-bin --- etc/profile-a-l/bsdtar.profile | 2 -- 1 file changed, 2 deletions(-) diff --git a/etc/profile-a-l/bsdtar.profile b/etc/profile-a-l/bsdtar.profile index f2116f4ab6a..c37f4071e2f 100644 --- a/etc/profile-a-l/bsdtar.profile +++ b/etc/profile-a-l/bsdtar.profile @@ -8,6 +8,4 @@ include globals.local include archiver-common.inc -# support compressed archives -private-bin bash,bsdcat,bsdcpio,bsdtar,bzip2,compress,gtar,gzip,lbzip2,libarchive,lz4,lzip,lzma,lzop,sh,xz private-etc alternatives,group,localtime,passwd From bbaffc6e54d446e2ca831ffd29111599a819ef97 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Wed, 16 Dec 2020 21:45:41 +0000 Subject: [PATCH 4/6] drop private-bin --- etc/profile-m-z/tar.profile | 2 -- 1 file changed, 2 deletions(-) diff --git a/etc/profile-m-z/tar.profile b/etc/profile-m-z/tar.profile index 5233f5e4e92..a378ca27b5d 100644 --- a/etc/profile-m-z/tar.profile +++ b/etc/profile-m-z/tar.profile @@ -13,8 +13,6 @@ noblacklist /var/lib/pacman ignore include disable-shell.inc include archiver-common.inc -# support compressed archives -private-bin awk,bash,bzip2,compress,firejail,grep,gtar,gzip,lbzip2,lzip,lzma,lzop,sh,tar,xz private-etc alternatives,group,localtime,login.defs,passwd private-lib libfakeroot,liblzma.so.*,libreadline.so.* # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) From fe7ef29b6e165ca82a5c033f40b34f733341814f Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Wed, 16 Dec 2020 21:47:34 +0000 Subject: [PATCH 5/6] drop private-bin --- etc/profile-m-z/unzip.profile | 2 -- 1 file changed, 2 deletions(-) diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile index be480923e68..8da9ea82062 100644 --- a/etc/profile-m-z/unzip.profile +++ b/etc/profile-m-z/unzip.profile @@ -10,8 +10,6 @@ include globals.local # GNOME Shell integration (chrome-gnome-shell) noblacklist ${HOME}/.local/share/gnome-shell -noroot include archiver-common.inc -private-bin unzip private-etc alternatives,group,localtime,passwd From 2167a8724c60093d9648235d925b7b4752932e0c Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Wed, 16 Dec 2020 23:12:53 +0000 Subject: [PATCH 6/6] disable private-lib in tar.profile Removing private-bin caused a test to fail - see discussion in https://github.com/netblue30/firejail/pull/3832. Thanks to @reinerh for explaining why I broke things! --- etc/profile-m-z/tar.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/profile-m-z/tar.profile b/etc/profile-m-z/tar.profile index a378ca27b5d..f6efb0febb0 100644 --- a/etc/profile-m-z/tar.profile +++ b/etc/profile-m-z/tar.profile @@ -14,6 +14,6 @@ ignore include disable-shell.inc include archiver-common.inc private-etc alternatives,group,localtime,login.defs,passwd -private-lib libfakeroot,liblzma.so.*,libreadline.so.* +#private-lib libfakeroot,liblzma.so.*,libreadline.so.* # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) writable-var