diff options
author | valoq <valoq@mailbox.org> | 2016-11-20 12:38:38 +0100 |
---|---|---|
committer | valoq <valoq@mailbox.org> | 2016-11-20 12:38:38 +0100 |
commit | bedf08d73c59ac95e2de56ccf279108a038cb313 (patch) | |
tree | 39fe5bdeae43ab7c51247f33db71947d500ea843 | |
parent | reversed incorrect changes (diff) | |
download | firejail-bedf08d73c59ac95e2de56ccf279108a038cb313.tar.gz firejail-bedf08d73c59ac95e2de56ccf279108a038cb313.tar.zst firejail-bedf08d73c59ac95e2de56ccf279108a038cb313.zip |
updated default.profile
-rw-r--r-- | etc/default.profile | 10 | ||||
-rw-r--r-- | etc/file.profile | 19 |
2 files changed, 22 insertions, 7 deletions
diff --git a/etc/default.profile b/etc/default.profile index a2de72695..487e80c64 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
@@ -5,11 +5,17 @@ include /etc/firejail/disable-common.inc | |||
5 | include /etc/firejail/disable-programs.inc | 5 | include /etc/firejail/disable-programs.inc |
6 | include /etc/firejail/disable-passwdmgr.inc | 6 | include /etc/firejail/disable-passwdmgr.inc |
7 | 7 | ||
8 | #blacklist ${HOME}/.wine | ||
9 | |||
10 | caps.drop all | 8 | caps.drop all |
11 | netfilter | 9 | netfilter |
10 | nogroups | ||
12 | nonewprivs | 11 | nonewprivs |
13 | noroot | 12 | noroot |
14 | protocol unix,inet,inet6 | 13 | protocol unix,inet,inet6 |
15 | seccomp | 14 | seccomp |
15 | shell none | ||
16 | |||
17 | # private-bin program | ||
18 | # private-etc none | ||
19 | # private-dev | ||
20 | # private-tmp | ||
21 | |||
diff --git a/etc/file.profile b/etc/file.profile index 199a97fad..f709e7f0c 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -1,16 +1,25 @@ | |||
1 | # file profile | 1 | # file profile |
2 | ignore noroot | 2 | include /etc/firejail/disable-common.inc |
3 | include /etc/firejail/default.profile | 3 | include /etc/firejail/disable-programs.inc |
4 | 4 | include /etc/firejail/disable-passwdmgr.inc | |
5 | blacklist /tmp/.X11-unix | ||
6 | 5 | ||
6 | caps.drop all | ||
7 | hostname file | 7 | hostname file |
8 | netfilter | ||
8 | net none | 9 | net none |
9 | no3d | 10 | no3d |
11 | nogroups | ||
12 | nonewprivs | ||
13 | #noroot | ||
10 | nosound | 14 | nosound |
11 | quiet | 15 | protocol unix |
16 | seccomp | ||
12 | shell none | 17 | shell none |
13 | tracelog | 18 | tracelog |
19 | quiet | ||
20 | x11 none | ||
21 | |||
22 | blacklist /tmp/.X11-unix | ||
14 | 23 | ||
15 | private-dev | 24 | private-dev |
16 | private-bin file | 25 | private-bin file |