diff options
author | netblue30 <netblue30@yahoo.com> | 2017-10-04 09:47:11 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-10-04 09:47:11 -0400 |
commit | 195c1a6bbdaad705f92303832a1a73d05f053b71 (patch) | |
tree | 9aa21d428bec0fa5fe0de68e356b6717ba2df166 | |
parent | removed lxterminal support, blacklisting the terminal in disable-common.inc (diff) | |
download | firejail-195c1a6bbdaad705f92303832a1a73d05f053b71.tar.gz firejail-195c1a6bbdaad705f92303832a1a73d05f053b71.tar.zst firejail-195c1a6bbdaad705f92303832a1a73d05f053b71.zip |
various profile fixes
-rw-r--r-- | etc/akregator.profile | 4 | ||||
-rw-r--r-- | etc/display.profile | 8 | ||||
-rw-r--r-- | etc/knotes.profile | 6 | ||||
-rw-r--r-- | etc/pdftotext.profile | 2 |
4 files changed, 13 insertions, 7 deletions
diff --git a/etc/akregator.profile b/etc/akregator.profile index 55434e45b..f2e5ea341 100644 --- a/etc/akregator.profile +++ b/etc/akregator.profile | |||
@@ -19,6 +19,8 @@ whitelist ${HOME}/.config/akregatorrc | |||
19 | whitelist ${HOME}/.local/share/akregator | 19 | whitelist ${HOME}/.local/share/akregator |
20 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
21 | 21 | ||
22 | include /etc/firejail/whitelist-var-common.inc | ||
23 | |||
22 | caps.drop all | 24 | caps.drop all |
23 | netfilter | 25 | netfilter |
24 | no3d | 26 | no3d |
@@ -28,7 +30,7 @@ nonewprivs | |||
28 | noroot | 30 | noroot |
29 | notv | 31 | notv |
30 | novideo | 32 | novideo |
31 | protocol unix,inet,inet6 | 33 | protocol unix,inet,inet6,netlink |
32 | seccomp | 34 | seccomp |
33 | shell none | 35 | shell none |
34 | 36 | ||
diff --git a/etc/display.profile b/etc/display.profile index 44d37d5b2..eca749cec 100644 --- a/etc/display.profile +++ b/etc/display.profile | |||
@@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | include /etc/firejail/whitelist-var-common.inc | ||
15 | |||
14 | caps.drop all | 16 | caps.drop all |
15 | net none | 17 | net none |
16 | nodvd | 18 | nodvd |
@@ -22,9 +24,9 @@ notv | |||
22 | protocol unix | 24 | protocol unix |
23 | seccomp | 25 | seccomp |
24 | shell none | 26 | shell none |
25 | x11 xorg | 27 | # x11 xorg - problems on kubuntu 17.04 |
26 | 28 | ||
27 | private-bin display | 29 | # private-bin display - requires python |
28 | private-dev | 30 | private-dev |
29 | private-etc none | 31 | # private-etc none - on Debian-based systems display is a symlink in /etc/alternatives |
30 | private-tmp | 32 | private-tmp |
diff --git a/etc/knotes.profile b/etc/knotes.profile index a1d303ded..039f1b057 100644 --- a/etc/knotes.profile +++ b/etc/knotes.profile | |||
@@ -12,6 +12,8 @@ include /etc/firejail/disable-common.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | ||
16 | |||
15 | caps.drop all | 17 | caps.drop all |
16 | netfilter | 18 | netfilter |
17 | nodvd | 19 | nodvd |
@@ -25,7 +27,5 @@ seccomp | |||
25 | shell none | 27 | shell none |
26 | tracelog | 28 | tracelog |
27 | 29 | ||
28 | # private-bin kate | ||
29 | private-dev | 30 | private-dev |
30 | # private-etc fonts | 31 | #private-tmp - problems on kubuntu 17.04 |
31 | private-tmp | ||
diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 540a428cc..0c6bf9cde 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile | |||
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | ||
16 | |||
15 | caps.drop all | 17 | caps.drop all |
16 | net none | 18 | net none |
17 | no3d | 19 | no3d |