diff options
| -rw-r--r-- | test/poi.profile | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/test/poi.profile b/test/poi.profile index 573a5ea..9af4461 100644 --- a/test/poi.profile +++ b/test/poi.profile @@ -6,6 +6,7 @@ noblacklist ~/.local/share/smolbote include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-devel.inc whitelist ${DOWNLOADS} mkdir ~/.cache/smolbote @@ -13,8 +14,6 @@ whitelist ~/.cache/smolbote mkdir ~/.local/share/smolbote whitelist ~/.local/share/smolbote -#blacklist ${HOME}/.wine - ## caps.drop all - Removes the ability to call programs usually run only by root. Ex - chown, setuid caps.drop all @@ -47,4 +46,7 @@ private-etc nsswitch.conf,resolv.conf ## private-tmp - Creates a virtual /tmp directory to prevent the program from accessing the /tmp files from other programs. private-tmp +## tracelog - Log all viloations to syslog +tracelog + include /etc/firejail/whitelist-common.inc |