diff options
| author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2017-01-14 17:54:00 -0800 |
|---|---|---|
| committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2017-01-14 17:54:00 -0800 |
| commit | 2b68d68ed733152f5fa433c94c19fb8fe152a715 (patch) | |
| tree | 319595f40799167db92c7514a8362d3d56d579b7 | |
| parent | Updated firejail profile (diff) | |
| download | smolbote-2b68d68ed733152f5fa433c94c19fb8fe152a715.tar.xz | |
Updated firejail profile
| -rw-r--r-- | test/poi.profile | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/test/poi.profile b/test/poi.profile index 573a5ea..9af4461 100644 --- a/test/poi.profile +++ b/test/poi.profile @@ -6,6 +6,7 @@ noblacklist ~/.local/share/smolbote include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-devel.inc whitelist ${DOWNLOADS} mkdir ~/.cache/smolbote @@ -13,8 +14,6 @@ whitelist ~/.cache/smolbote mkdir ~/.local/share/smolbote whitelist ~/.local/share/smolbote -#blacklist ${HOME}/.wine - ## caps.drop all - Removes the ability to call programs usually run only by root. Ex - chown, setuid caps.drop all @@ -47,4 +46,7 @@ private-etc nsswitch.conf,resolv.conf ## private-tmp - Creates a virtual /tmp directory to prevent the program from accessing the /tmp files from other programs. private-tmp +## tracelog - Log all viloations to syslog +tracelog + include /etc/firejail/whitelist-common.inc |