diff options
author | netblue30 <netblue30@yahoo.com> | 2016-06-27 09:03:06 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-06-27 09:03:06 -0400 |
commit | fdaab24ae0123ec3b0d23f5df6dd3dd97946cc52 (patch) | |
tree | 2308b9fb2e50157b0a0a9134a221018c327dd481 | |
parent | strings, cpio, gzip, xz profiles (diff) | |
download | firejail-fdaab24ae0123ec3b0d23f5df6dd3dd97946cc52.tar.gz firejail-fdaab24ae0123ec3b0d23f5df6dd3dd97946cc52.tar.zst firejail-fdaab24ae0123ec3b0d23f5df6dd3dd97946cc52.zip |
cpio, gzip, strings, xzdec
-rw-r--r-- | etc/cpio.profile | 14 | ||||
-rw-r--r-- | etc/gzip.profile | 21 | ||||
-rw-r--r-- | etc/strings.profile | 16 | ||||
-rw-r--r-- | etc/xzdec.profile | 16 |
4 files changed, 22 insertions, 45 deletions
diff --git a/etc/cpio.profile b/etc/cpio.profile index 811d657f2..f10b82962 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile | |||
@@ -1,8 +1,10 @@ | |||
1 | include /usr/local/etc/firejail/server.profile | 1 | # cpio profile |
2 | include /usr/local/etc/firejail/disable-common.inc | 2 | # testing: find . -print -depth | cpio -ov > tree.cpio |
3 | include /usr/local/etc/firejail/disable-programs.inc | 3 | include /etc/firejail/default.profile |
4 | include /usr/local/etc/firejail/disable-passwdmgr.inc | 4 | tracelog |
5 | caps.drop all | ||
6 | net none | 5 | net none |
7 | shell none | 6 | shell none |
8 | seccomp | 7 | private-bin cpio |
8 | private-dev | ||
9 | |||
10 | |||
diff --git a/etc/gzip.profile b/etc/gzip.profile index f231c3780..3c9e8a9bf 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
@@ -1,19 +1,6 @@ | |||
1 | ################################ | 1 | # gzip profile |
2 | # Gzip profile | 2 | include /etc/firejail/default.profile |
3 | ################################ | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-programs.inc | ||
6 | include /etc/firejail/disable-passwdmgr.inc | ||
7 | |||
8 | blacklist ${HOME}/.wine | ||
9 | blacklist ${HOME}/.ssh | ||
10 | |||
11 | tracelog | 3 | tracelog |
12 | caps.drop all | ||
13 | seccomp | ||
14 | net none | 4 | net none |
15 | noroot | 5 | shell none |
16 | nosound | 6 | private-dev |
17 | nogroups | ||
18 | nonewprivs | ||
19 | |||
diff --git a/etc/strings.profile b/etc/strings.profile index ea6d4b415..8be9a5719 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -1,12 +1,6 @@ | |||
1 | noblacklist ~/.config | 1 | # strings profile |
2 | 2 | include /etc/firejail/default.profile | |
3 | include /usr/local/etc/firejail/disable-common.inc | ||
4 | include /usr/local/etc/firejail/disable-programs.inc | ||
5 | include /usr/local/etc/firejail/disable-devel.inc | ||
6 | include /usr/local/etc/firejail/disable-passwdmgr.inc | ||
7 | |||
8 | caps.drop all | ||
9 | noroot | ||
10 | nonewprivs | ||
11 | seccomp | ||
12 | tracelog | 3 | tracelog |
4 | net none | ||
5 | shell none | ||
6 | private-dev | ||
diff --git a/etc/xzdec.profile b/etc/xzdec.profile index f29f7360c..ade46dddd 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile | |||
@@ -1,13 +1,7 @@ | |||
1 | # Firejail profile for XZ decompressor | 1 | # XZ decompressor profile |
2 | # xzdec.profile | 2 | include /etc/firejail/default.profile |
3 | |||
4 | include /etc/firejail/disable-mgmt.inc | ||
5 | include /etc/firejail/disable-secret.inc | ||
6 | include /etc/firejail/disable-common.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | |||
9 | caps.drop all | ||
10 | seccomp | ||
11 | tracelog | 3 | tracelog |
12 | noroot | 4 | net none |
13 | shell none | 5 | shell none |
6 | private-dev | ||
7 | |||