diff options
author | smitsohu <smitsohu@gmail.com> | 2021-10-20 16:10:19 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-20 16:10:19 +0200 |
commit | 72e90164ecbb0c081515783bfb1690ee72f4fb7d (patch) | |
tree | f952bb5bbd930203b93b647d5fe02ac60ecf6b4e | |
parent | mountinfo: improve readability (diff) | |
parent | Update disable-proc.inc (diff) | |
download | firejail-72e90164ecbb0c081515783bfb1690ee72f4fb7d.tar.gz firejail-72e90164ecbb0c081515783bfb1690ee72f4fb7d.tar.zst firejail-72e90164ecbb0c081515783bfb1690ee72f4fb7d.zip |
Merge pull request #4521 from rusty-snake/disable-proc.inc
Create disable-proc.inc
-rw-r--r-- | etc/inc/disable-proc.inc | 82 | ||||
-rw-r--r-- | etc/templates/profile.template | 1 |
2 files changed, 83 insertions, 0 deletions
diff --git a/etc/inc/disable-proc.inc b/etc/inc/disable-proc.inc new file mode 100644 index 000000000..81a8883f3 --- /dev/null +++ b/etc/inc/disable-proc.inc | |||
@@ -0,0 +1,82 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include disable-proc.local | ||
4 | |||
5 | blacklist /proc/acpi | ||
6 | blacklist /proc/asound | ||
7 | blacklist /proc/bootconfig | ||
8 | blacklist /proc/buddyinfo | ||
9 | blacklist /proc/cgroups | ||
10 | blacklist /proc/cmdline | ||
11 | blacklist /proc/config.gz | ||
12 | blacklist /proc/consoles | ||
13 | #blacklist /proc/cpuinfo | ||
14 | blacklist /proc/crypto | ||
15 | blacklist /proc/devices | ||
16 | blacklist /proc/diskstats | ||
17 | blacklist /proc/dma | ||
18 | #blacklist /proc/driver | ||
19 | blacklist /proc/dynamic_debug | ||
20 | blacklist /proc/execdomains | ||
21 | blacklist /proc/fb | ||
22 | #blacklist /proc/filesystems | ||
23 | blacklist /proc/fs | ||
24 | blacklist /proc/i8k | ||
25 | blacklist /proc/interrupts | ||
26 | blacklist /proc/iomem | ||
27 | blacklist /proc/ioports | ||
28 | blacklist /proc/irq | ||
29 | blacklist /proc/kallsyms | ||
30 | blacklist /proc/kcore | ||
31 | blacklist /proc/keys | ||
32 | blacklist /proc/key-users | ||
33 | blacklist /proc/kmsg | ||
34 | blacklist /proc/kpagecgroup | ||
35 | blacklist /proc/kpagecount | ||
36 | blacklist /proc/kpageflags | ||
37 | blacklist /proc/latency_stats | ||
38 | #blacklist /proc/loadavg | ||
39 | blacklist /proc/locks | ||
40 | blacklist /proc/mdstat | ||
41 | #blacklist /proc/meminfo | ||
42 | blacklist /proc/misc | ||
43 | #blacklist /proc/modules | ||
44 | #blacklist /proc/mounts | ||
45 | blacklist /proc/mtrr | ||
46 | #blacklist /proc/net | ||
47 | blacklist /proc/partitions | ||
48 | blacklist /proc/pressure | ||
49 | blacklist /proc/sched_debug | ||
50 | blacklist /proc/schedstat | ||
51 | blacklist /proc/scsi | ||
52 | #blacklist /proc/self | ||
53 | blacklist /proc/slabinfo | ||
54 | blacklist /proc/softirqs | ||
55 | blacklist /proc/spl | ||
56 | #blacklist /proc/stat | ||
57 | blacklist /proc/swaps | ||
58 | #blacklist /proc/sys | ||
59 | blacklist /proc/sysrq-trigger | ||
60 | blacklist /proc/sysvipc | ||
61 | #blacklist /proc/thread-self | ||
62 | blacklist /proc/timer_list | ||
63 | blacklist /proc/tty | ||
64 | #blacklist /proc/uptime | ||
65 | #blacklist /proc/version | ||
66 | blacklist /proc/version_signature | ||
67 | blacklist /proc/vmallocinfo | ||
68 | #blacklist /proc/vmstat | ||
69 | #blacklist /proc/zoneinfo | ||
70 | |||
71 | blacklist /proc/sys/abi | ||
72 | blacklist /proc/sys/crypto | ||
73 | blacklist /proc/sys/debug | ||
74 | blacklist /proc/sys/dev | ||
75 | blacklist /proc/sys/fs | ||
76 | blacklist /proc/sys/net | ||
77 | blacklist /proc/sys/user | ||
78 | blacklist /proc/sys/vm | ||
79 | |||
80 | noblacklist /proc/sys/kernel/osrelease | ||
81 | noblacklist /proc/sys/kernel/yama | ||
82 | blacklist /proc/sys/*/* | ||
diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 7628313e0..44197b547 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template | |||
@@ -116,6 +116,7 @@ include globals.local | |||
116 | #include disable-devel.inc | 116 | #include disable-devel.inc |
117 | #include disable-exec.inc | 117 | #include disable-exec.inc |
118 | #include disable-interpreters.inc | 118 | #include disable-interpreters.inc |
119 | #include disable-proc.inc | ||
119 | #include disable-programs.inc | 120 | #include disable-programs.inc |
120 | #include disable-shell.inc | 121 | #include disable-shell.inc |
121 | #include disable-write-mnt.inc | 122 | #include disable-write-mnt.inc |