From dff36279a7eec294b9870c779b3f31fb92fee90c Mon Sep 17 00:00:00 2001 From: jc_gargma Date: Mon, 11 Sep 2017 06:22:19 -0700 Subject: Updated firejail profile --- test/poi.profile | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'test') diff --git a/test/poi.profile b/test/poi.profile index 9e28868..f405a10 100644 --- a/test/poi.profile +++ b/test/poi.profile @@ -9,19 +9,21 @@ include /etc/firejail/globals.local noblacklist ~/.cache/smolbote noblacklist ~/.config/smolbote noblacklist ~/.local/share/smolbote + include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +mkdir ~/.cache/smolbote +mkdir ~/.config/smolbote +mkdir ~/.local/share/smolbote whitelist ${DOWNLOADS} -mkdir ~/.cache/smolbote whitelist ~/.cache/smolbote -mkdir ~/.config/smolbote whitelist ~/.config/smolbote -mkdir ~/.local/share/smolbote whitelist ~/.local/share/smolbote +include /etc/firejail/whitelist-common.inc ## caps.drop all - Removes the ability to call programs usually run only by root. Ex - chown, setuid @@ -45,6 +47,9 @@ noroot ## notv - Disable access to DVB TV devices. notv +# novideo - Disable access to video devices. +novideo + ## protocol - Only allows sockets of the following types. Not supported on i386 architecture. protocol unix,inet,inet6,netlink @@ -69,7 +74,8 @@ disable-mnt private-dev ## private-etc - Creates a virtual /etc directory containing only temporary copies of the following files and directories. -#private-etc nsswitch.conf,resolv.conf +# Experimental support for only fonts and alsa audio +#private-etc fonts,machine-id ## private-tmp - Creates a virtual /tmp directory to prevent the program from accessing the /tmp files from other programs. private-tmp @@ -78,6 +84,3 @@ private-tmp ## noexec - Prevent execution of files in the specified locations noexec ${HOME} noexec /tmp - - -include /etc/firejail/whitelist-common.inc -- cgit v1.2.1