aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjc_gargma <jc_gargma@iserlohn-fortress.net>2017-09-11 06:22:19 -0700
committerjc_gargma <jc_gargma@iserlohn-fortress.net>2017-09-11 06:22:19 -0700
commitdff36279a7eec294b9870c779b3f31fb92fee90c (patch)
treef6274eaca020c3ae902fa4bf2b84f538cb11b8ae
parentUpdated firejail profile (diff)
downloadsmolbote-dff36279a7eec294b9870c779b3f31fb92fee90c.tar.xz
Updated firejail profile
-rw-r--r--test/poi.profile17
1 files changed, 10 insertions, 7 deletions
diff --git a/test/poi.profile b/test/poi.profile
index 9e28868..f405a10 100644
--- a/test/poi.profile
+++ b/test/poi.profile
@@ -9,19 +9,21 @@ include /etc/firejail/globals.local
noblacklist ~/.cache/smolbote
noblacklist ~/.config/smolbote
noblacklist ~/.local/share/smolbote
+
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
+mkdir ~/.cache/smolbote
+mkdir ~/.config/smolbote
+mkdir ~/.local/share/smolbote
whitelist ${DOWNLOADS}
-mkdir ~/.cache/smolbote
whitelist ~/.cache/smolbote
-mkdir ~/.config/smolbote
whitelist ~/.config/smolbote
-mkdir ~/.local/share/smolbote
whitelist ~/.local/share/smolbote
+include /etc/firejail/whitelist-common.inc
## caps.drop all - Removes the ability to call programs usually run only by root. Ex - chown, setuid
@@ -45,6 +47,9 @@ noroot
## notv - Disable access to DVB TV devices.
notv
+# novideo - Disable access to video devices.
+novideo
+
## protocol - Only allows sockets of the following types. Not supported on i386 architecture.
protocol unix,inet,inet6,netlink
@@ -69,7 +74,8 @@ disable-mnt
private-dev
## private-etc - Creates a virtual /etc directory containing only temporary copies of the following files and directories.
-#private-etc nsswitch.conf,resolv.conf
+# Experimental support for only fonts and alsa audio
+#private-etc fonts,machine-id
## private-tmp - Creates a virtual /tmp directory to prevent the program from accessing the /tmp files from other programs.
private-tmp
@@ -78,6 +84,3 @@ private-tmp
## noexec - Prevent execution of files in the specified locations
noexec ${HOME}
noexec /tmp
-
-
-include /etc/firejail/whitelist-common.inc