diff options
author | smitsohu <smitsohu@gmail.com> | 2017-09-14 16:36:04 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-14 16:36:04 +0200 |
commit | a5df0070fff2771ff2821e07fca9b57801079146 (patch) | |
tree | ccc732767a999ac3dce6165a4fbc44b43560be7c | |
parent | --writable-run-user man page (diff) | |
download | firejail-a5df0070fff2771ff2821e07fca9b57801079146.tar.gz firejail-a5df0070fff2771ff2821e07fca9b57801079146.tar.zst firejail-a5df0070fff2771ff2821e07fca9b57801079146.zip |
goobox enhancements (permit metadata retrieval)
1) We should permit internet access, as Goobox retrieves metadata via cddb-slave2 2) We can safely enable private-dev after the introduction of nodvd
-rw-r--r-- | etc/goobox.profile | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/etc/goobox.profile b/etc/goobox.profile index 60ffe0594..98514ce8d 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile | |||
@@ -13,17 +13,18 @@ include /etc/firejail/disable-programs.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | no3d | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
19 | notv | 20 | notv |
20 | novideo | 21 | novideo |
21 | protocol unix | 22 | protocol unix,inet,inet6 |
22 | seccomp | 23 | seccomp |
23 | shell none | 24 | shell none |
24 | tracelog | 25 | tracelog |
25 | 26 | ||
26 | # private-bin goobox | 27 | # private-bin goobox |
27 | # private-dev | 28 | private-dev |
28 | # private-etc fonts | 29 | # private-etc fonts |
29 | # private-tmp | 30 | # private-tmp |