diff options
author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2017-01-14 17:54:00 -0800 |
---|---|---|
committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2017-01-14 17:54:00 -0800 |
commit | 2b68d68ed733152f5fa433c94c19fb8fe152a715 (patch) | |
tree | 319595f40799167db92c7514a8362d3d56d579b7 /test/poi.profile | |
parent | Updated firejail profile (diff) | |
download | smolbote-2b68d68ed733152f5fa433c94c19fb8fe152a715.tar.xz |
Updated firejail profile
Diffstat (limited to 'test/poi.profile')
-rw-r--r-- | test/poi.profile | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/test/poi.profile b/test/poi.profile index 573a5ea..9af4461 100644 --- a/test/poi.profile +++ b/test/poi.profile @@ -6,6 +6,7 @@ noblacklist ~/.local/share/smolbote include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-devel.inc whitelist ${DOWNLOADS} mkdir ~/.cache/smolbote @@ -13,8 +14,6 @@ whitelist ~/.cache/smolbote mkdir ~/.local/share/smolbote whitelist ~/.local/share/smolbote -#blacklist ${HOME}/.wine - ## caps.drop all - Removes the ability to call programs usually run only by root. Ex - chown, setuid caps.drop all @@ -47,4 +46,7 @@ private-etc nsswitch.conf,resolv.conf ## private-tmp - Creates a virtual /tmp directory to prevent the program from accessing the /tmp files from other programs. private-tmp +## tracelog - Log all viloations to syslog +tracelog + include /etc/firejail/whitelist-common.inc |