diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-18 06:56:08 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-18 06:56:08 -0400 |
commit | 8a08c221ce2dc6e7cc6a7564f6ed9caee4a3ff93 (patch) | |
tree | 03038c07bb527b5e78f627ff441de703bdb0d849 | |
parent | warzone2100 and firecfg fixes (diff) | |
parent | Merge pull request #451 from Fred-Barclay/proposed-todo (diff) | |
download | firejail-8a08c221ce2dc6e7cc6a7564f6ed9caee4a3ff93.tar.gz firejail-8a08c221ce2dc6e7cc6a7564f6ed9caee4a3ff93.tar.zst firejail-8a08c221ce2dc6e7cc6a7564f6ed9caee4a3ff93.zip |
fixes
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | etc/disable-common.inc | 8 | ||||
-rw-r--r-- | todo | 6 |
3 files changed, 11 insertions, 4 deletions
@@ -29,6 +29,7 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
29 | - added 0ad profile | 29 | - added 0ad profile |
30 | - fixed version for deb packages | 30 | - fixed version for deb packages |
31 | - added Warzone2100 profile | 31 | - added Warzone2100 profile |
32 | - blacklisted VeraCrypt | ||
32 | avoidr (https://github.com/avoidr) | 33 | avoidr (https://github.com/avoidr) |
33 | - whitelist fix | 34 | - whitelist fix |
34 | - recently-used.xbel fix | 35 | - recently-used.xbel fix |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index b1133f28f..4d05ba783 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -26,6 +26,14 @@ blacklist ${HOME}/.VirtualBox | |||
26 | blacklist ${HOME}/VirtualBox VMs | 26 | blacklist ${HOME}/VirtualBox VMs |
27 | blacklist ${HOME}/.config/VirtualBox | 27 | blacklist ${HOME}/.config/VirtualBox |
28 | 28 | ||
29 | # VeraCrypt | ||
30 | blacklist ${PATH}/veracrypt | ||
31 | blacklist ${PATH}/veracrypt-uninstall.sh | ||
32 | blacklist /usr/share/veracrypt | ||
33 | blacklist /usr/share/applications/veracrypt.* | ||
34 | blacklist /usr/share/pixmaps/veracrypt.* | ||
35 | blacklist ${HOME}/.VeraCrypt | ||
36 | |||
29 | # var | 37 | # var |
30 | blacklist /var/spool/cron | 38 | blacklist /var/spool/cron |
31 | blacklist /var/spool/anacron | 39 | blacklist /var/spool/anacron |
@@ -74,11 +74,9 @@ CapEff: 0000000000000000 | |||
74 | CapBnd: 0000003fffffffff | 74 | CapBnd: 0000003fffffffff |
75 | CapAmb: 0000000000000000 | 75 | CapAmb: 0000000000000000 |
76 | 76 | ||
77 | 11. cleanup thunderbird profile - disable-common was commented out | 77 | 11. check seccomp on Docker: https://docs.docker.com/engine/security/seccomp/ |
78 | |||
79 | 12. check seccomp on Docker: https://docs.docker.com/engine/security/seccomp/ | ||
80 | Seccomp lists: | 78 | Seccomp lists: |
81 | https://github.com/torvalds/linux/blob/1e75a9f34a5ed5902707fb74b468356c55142b71/arch/x86/entry/syscalls/syscall_64.tbl | 79 | https://github.com/torvalds/linux/blob/1e75a9f34a5ed5902707fb74b468356c55142b71/arch/x86/entry/syscalls/syscall_64.tbl |
82 | https://github.com/torvalds/linux/blob/1e75a9f34a5ed5902707fb74b468356c55142b71/arch/x86/entry/syscalls/syscall_32.tbl | 80 | https://github.com/torvalds/linux/blob/1e75a9f34a5ed5902707fb74b468356c55142b71/arch/x86/entry/syscalls/syscall_32.tbl |
83 | 81 | ||
84 | 13. check for --chroot why .config/pulse dir is not created | 82 | 12. check for --chroot why .config/pulse dir is not created |