feat(profile): various security/linter improvement
- Ignore some rule from the linter - Move some bin to subprofile
This commit is contained in:
Alexandre Pujol
parent
aafcd1c861
commit
c29b4ba536
10 changed files with 18 additions and 18 deletions
|
|
@ -171,6 +171,9 @@ _check_abstractions() {
|
|||
_err abstractions "$file:$line_number" "deprecated abstraction '<$ABS/$absname>', use '<$ABS/${ABS_DEPRECATED[$absname]}>' instead"
|
||||
fi
|
||||
done
|
||||
if [[ "$line" == *"<$ABS/ubuntu-"*">"* ]]; then
|
||||
_err abstractions "$file:$line_number" "deprecated, ubuntu only abstraction '<$ABS/$absname>'"
|
||||
fi
|
||||
}
|
||||
|
||||
readonly DIRECTORIES=('@{HOME}' '@{MOUNTS}' '@{bin}' '@{sbin}' '@{lib}' '@{tmp}' '_dirs}' '_DIR}')
|
||||
|
|
@ -222,7 +225,7 @@ readonly TRANSITION_MUST_PC=( # Must transition to 'Px'
|
|||
ischroot who
|
||||
)
|
||||
readonly TRANSITION_MUST_C=( # Must transition to 'Cx'
|
||||
sysctl kmod pgrep pkexec sudo systemctl udevadm
|
||||
sysctl kmod pgrep pkill pkexec sudo systemctl udevadm
|
||||
fusermount fusermount3 fusermount{,3}
|
||||
nvim vim sensible-editor
|
||||
)
|
||||
|
|
|
|||
|
|
@ -761,6 +761,7 @@ ugc
|
|||
umount.nfs
|
||||
umount.nfs4
|
||||
umount.udisks2
|
||||
unbound
|
||||
unconfined
|
||||
undump.bt
|
||||
unix_chkpwd
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue