diff options
author | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-06-16 13:42:48 +0200 |
---|---|---|
committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-06-16 13:42:48 +0200 |
commit | 913ab0b418c561ab29d78ef4b689eaf75c3f5d8c (patch) | |
tree | 9a44ea31f52e2b0c78564bf29b490e0c2e56c218 | |
parent | move noblacklist ~/.java to allow-java.inc (diff) | |
download | firejail-913ab0b418c561ab29d78ef4b689eaf75c3f5d8c.tar.gz firejail-913ab0b418c561ab29d78ef4b689eaf75c3f5d8c.tar.zst firejail-913ab0b418c561ab29d78ef4b689eaf75c3f5d8c.zip |
consequent order of writable-*
-rw-r--r-- | etc/kmail.profile | 5 | ||||
-rw-r--r-- | etc/kopete.profile | 2 | ||||
-rw-r--r-- | etc/less.profile | 2 | ||||
-rw-r--r-- | etc/mutt.profile | 2 | ||||
-rw-r--r-- | etc/ssh.profile | 2 | ||||
-rw-r--r-- | etc/tar.profile | 4 | ||||
-rw-r--r-- | etc/tor.profile | 2 | ||||
-rw-r--r-- | etc/unbound.profile | 2 |
8 files changed, 10 insertions, 11 deletions
diff --git a/etc/kmail.profile b/etc/kmail.profile index 009b2c063..0b602c79a 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -53,9 +53,8 @@ protocol unix,inet,inet6,netlink | |||
53 | # we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls | 53 | # we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls |
54 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | 54 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
55 | # tracelog | 55 | # tracelog |
56 | # writable-run-user is needed for signing and encrypting emails | ||
57 | writable-run-user | ||
58 | 56 | ||
59 | private-dev | 57 | private-dev |
60 | # private-tmp - interrupts connection to akonadi, breaks opening of email attachments | 58 | # private-tmp - interrupts connection to akonadi, breaks opening of email attachments |
61 | 59 | # writable-run-user is needed for signing and encrypting emails | |
60 | writable-run-user | ||
diff --git a/etc/kopete.profile b/etc/kopete.profile index 5e931ddac..e0bdce059 100644 --- a/etc/kopete.profile +++ b/etc/kopete.profile | |||
@@ -31,8 +31,8 @@ notv | |||
31 | nou2f | 31 | nou2f |
32 | protocol unix,inet,inet6,netlink | 32 | protocol unix,inet,inet6,netlink |
33 | seccomp | 33 | seccomp |
34 | writable-var | ||
35 | 34 | ||
36 | private-dev | 35 | private-dev |
37 | private-tmp | 36 | private-tmp |
37 | writable-var | ||
38 | 38 | ||
diff --git a/etc/less.profile b/etc/less.profile index bc85e5ad5..897d38b9d 100644 --- a/etc/less.profile +++ b/etc/less.profile | |||
@@ -34,7 +34,6 @@ protocol unix | |||
34 | seccomp | 34 | seccomp |
35 | shell none | 35 | shell none |
36 | tracelog | 36 | tracelog |
37 | writable-var-log | ||
38 | 37 | ||
39 | # The user can have a custom coloring script configured in ${HOME}/.lessfilter. | 38 | # The user can have a custom coloring script configured in ${HOME}/.lessfilter. |
40 | # Enable private-bin and private-lib if you are not using any filter. | 39 | # Enable private-bin and private-lib if you are not using any filter. |
@@ -42,5 +41,6 @@ writable-var-log | |||
42 | # private-lib | 41 | # private-lib |
43 | private-cache | 42 | private-cache |
44 | private-dev | 43 | private-dev |
44 | writable-var-log | ||
45 | 45 | ||
46 | memory-deny-write-execute | 46 | memory-deny-write-execute |
diff --git a/etc/mutt.profile b/etc/mutt.profile index 419e17e95..c424dbb85 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile | |||
@@ -54,6 +54,6 @@ novideo | |||
54 | protocol unix,inet,inet6 | 54 | protocol unix,inet,inet6 |
55 | seccomp | 55 | seccomp |
56 | shell none | 56 | shell none |
57 | writable-run-user | ||
58 | 57 | ||
59 | private-dev | 58 | private-dev |
59 | writable-run-user | ||
diff --git a/etc/ssh.profile b/etc/ssh.profile index 17d286b18..ce0e54a0d 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -37,6 +37,6 @@ tracelog | |||
37 | private-cache | 37 | private-cache |
38 | private-dev | 38 | private-dev |
39 | # private-tmp # Breaks when exiting | 39 | # private-tmp # Breaks when exiting |
40 | writable-run-user | ||
40 | 41 | ||
41 | memory-deny-write-execute | 42 | memory-deny-write-execute |
42 | writable-run-user | ||
diff --git a/etc/tar.profile b/etc/tar.profile index 71f7414bc..7e1fa8b92 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -43,7 +43,7 @@ private-cache | |||
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,group,localtime,passwd | 44 | private-etc alternatives,group,localtime,passwd |
45 | private-lib libfakeroot | 45 | private-lib libfakeroot |
46 | |||
47 | memory-deny-write-execute | ||
48 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) | 46 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) |
49 | writable-var | 47 | writable-var |
48 | |||
49 | memory-deny-write-execute | ||
diff --git a/etc/tor.profile b/etc/tor.profile index e896b609a..13d071635 100644 --- a/etc/tor.profile +++ b/etc/tor.profile | |||
@@ -40,7 +40,6 @@ novideo | |||
40 | protocol unix,inet,inet6 | 40 | protocol unix,inet,inet6 |
41 | seccomp | 41 | seccomp |
42 | shell none | 42 | shell none |
43 | writable-var | ||
44 | 43 | ||
45 | disable-mnt | 44 | disable-mnt |
46 | private | 45 | private |
@@ -49,3 +48,4 @@ private-cache | |||
49 | private-dev | 48 | private-dev |
50 | private-etc alternatives,ca-certificates,crypto-policies,passwd,pki,ssl,tor | 49 | private-etc alternatives,ca-certificates,crypto-policies,passwd,pki,ssl,tor |
51 | private-tmp | 50 | private-tmp |
51 | writable-var | ||
diff --git a/etc/unbound.profile b/etc/unbound.profile index 50304d223..e152ee7ea 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -30,11 +30,11 @@ notv | |||
30 | nou2f | 30 | nou2f |
31 | novideo | 31 | novideo |
32 | seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice | 32 | seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice |
33 | writable-var | ||
34 | 33 | ||
35 | disable-mnt | 34 | disable-mnt |
36 | private | 35 | private |
37 | private-dev | 36 | private-dev |
37 | writable-var | ||
38 | 38 | ||
39 | # mdwe can break modules/plugins | 39 | # mdwe can break modules/plugins |
40 | memory-deny-write-execute | 40 | memory-deny-write-execute |