diff options
author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2017-09-11 06:22:19 -0700 |
---|---|---|
committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2017-09-11 06:22:19 -0700 |
commit | dff36279a7eec294b9870c779b3f31fb92fee90c (patch) | |
tree | f6274eaca020c3ae902fa4bf2b84f538cb11b8ae /test | |
parent | Updated firejail profile (diff) | |
download | smolbote-dff36279a7eec294b9870c779b3f31fb92fee90c.tar.xz |
Updated firejail profile
Diffstat (limited to 'test')
-rw-r--r-- | test/poi.profile | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/test/poi.profile b/test/poi.profile index 9e28868..f405a10 100644 --- a/test/poi.profile +++ b/test/poi.profile @@ -9,19 +9,21 @@ include /etc/firejail/globals.local noblacklist ~/.cache/smolbote noblacklist ~/.config/smolbote noblacklist ~/.local/share/smolbote + include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +mkdir ~/.cache/smolbote +mkdir ~/.config/smolbote +mkdir ~/.local/share/smolbote whitelist ${DOWNLOADS} -mkdir ~/.cache/smolbote whitelist ~/.cache/smolbote -mkdir ~/.config/smolbote whitelist ~/.config/smolbote -mkdir ~/.local/share/smolbote whitelist ~/.local/share/smolbote +include /etc/firejail/whitelist-common.inc ## caps.drop all - Removes the ability to call programs usually run only by root. Ex - chown, setuid @@ -45,6 +47,9 @@ noroot ## notv - Disable access to DVB TV devices. notv +# novideo - Disable access to video devices. +novideo + ## protocol - Only allows sockets of the following types. Not supported on i386 architecture. protocol unix,inet,inet6,netlink @@ -69,7 +74,8 @@ disable-mnt private-dev ## private-etc - Creates a virtual /etc directory containing only temporary copies of the following files and directories. -#private-etc nsswitch.conf,resolv.conf +# Experimental support for only fonts and alsa audio +#private-etc fonts,machine-id ## private-tmp - Creates a virtual /tmp directory to prevent the program from accessing the /tmp files from other programs. private-tmp @@ -78,6 +84,3 @@ private-tmp ## noexec - Prevent execution of files in the specified locations noexec ${HOME} noexec /tmp - - -include /etc/firejail/whitelist-common.inc |