diff options
Diffstat (limited to 'test/poi.profile')
| -rw-r--r-- | test/poi.profile | 17 | 
1 files changed, 10 insertions, 7 deletions
| diff --git a/test/poi.profile b/test/poi.profile index 9e28868..f405a10 100644 --- a/test/poi.profile +++ b/test/poi.profile @@ -9,19 +9,21 @@ include /etc/firejail/globals.local  noblacklist ~/.cache/smolbote  noblacklist ~/.config/smolbote  noblacklist ~/.local/share/smolbote +  include /etc/firejail/disable-common.inc  include /etc/firejail/disable-devel.inc  include /etc/firejail/disable-passwdmgr.inc  include /etc/firejail/disable-programs.inc +mkdir ~/.cache/smolbote +mkdir ~/.config/smolbote +mkdir ~/.local/share/smolbote  whitelist ${DOWNLOADS} -mkdir ~/.cache/smolbote  whitelist ~/.cache/smolbote -mkdir ~/.config/smolbote  whitelist ~/.config/smolbote -mkdir ~/.local/share/smolbote  whitelist ~/.local/share/smolbote +include /etc/firejail/whitelist-common.inc  ## caps.drop all - Removes the ability to call programs usually run only by root. Ex - chown, setuid @@ -45,6 +47,9 @@ noroot  ## notv - Disable access to DVB TV devices.  notv +# novideo - Disable access to video devices. +novideo +  ## protocol - Only allows sockets of the following types. Not supported on i386 architecture.  protocol unix,inet,inet6,netlink @@ -69,7 +74,8 @@ disable-mnt  private-dev  ## private-etc - Creates a virtual /etc directory containing only temporary copies of the following files and directories. -#private-etc nsswitch.conf,resolv.conf +# Experimental support for only fonts and alsa audio +#private-etc fonts,machine-id  ## private-tmp - Creates a virtual /tmp directory to prevent the program from accessing the /tmp files from other programs.  private-tmp @@ -78,6 +84,3 @@ private-tmp  ## noexec - Prevent execution of files in the specified locations  noexec ${HOME}  noexec /tmp - - -include /etc/firejail/whitelist-common.inc | 
