diff options
author | Tad <tad@spotco.us> | 2018-09-06 16:49:16 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2018-09-06 16:49:16 -0400 |
commit | 736216cacfe6a818b1ea0255f474089a8fa2f394 (patch) | |
tree | ee5bdf7807d9f207b93fcfb645e397693d0e1efc | |
parent | disallow overriding of global rlimits, tiny improvements (diff) | |
download | firejail-736216cacfe6a818b1ea0255f474089a8fa2f394.tar.gz firejail-736216cacfe6a818b1ea0255f474089a8fa2f394.tar.zst firejail-736216cacfe6a818b1ea0255f474089a8fa2f394.zip |
-rw-r--r-- | etc/start-tor-browser.profile | 2 | ||||
-rw-r--r-- | etc/torbrowser-launcher.profile | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index 6069c5174..4d9ebcb2e 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile | |||
@@ -28,7 +28,7 @@ protocol unix,inet,inet6 | |||
28 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | 28 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
29 | shell none | 29 | shell none |
30 | # tracelog may cause issues, see github issue #1930 | 30 | # tracelog may cause issues, see github issue #1930 |
31 | tracelog | 31 | #tracelog |
32 | 32 | ||
33 | disable-mnt | 33 | disable-mnt |
34 | private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf | 34 | private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,rm,getconf |
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index f175b6590..307377acc 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile | |||
@@ -43,7 +43,7 @@ protocol unix,inet,inet6 | |||
43 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | 43 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
44 | shell none | 44 | shell none |
45 | # tracelog may cause issues, see github issue #1930 | 45 | # tracelog may cause issues, see github issue #1930 |
46 | tracelog | 46 | #tracelog |
47 | 47 | ||
48 | disable-mnt | 48 | disable-mnt |
49 | private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,tar,tclsh,test,tor-browser-en,torbrowser-launcher,xz | 49 | private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,readlink,rm,sed,sh,tail,tar,tclsh,test,tor-browser-en,torbrowser-launcher,xz |