diff options
author | smitsohu <smitsohu@gmail.com> | 2017-12-10 00:43:09 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2017-12-10 00:43:09 +0100 |
commit | 15d9ef1ba68914223fcd4a989c9c6df8b7565a1d (patch) | |
tree | ef8740bff900ca039332c0013c0cac3dd6aa21a9 | |
parent | remove mutt blacklist redundancies (diff) | |
download | firejail-15d9ef1ba68914223fcd4a989c9c6df8b7565a1d.tar.gz firejail-15d9ef1ba68914223fcd4a989c9c6df8b7565a1d.tar.zst firejail-15d9ef1ba68914223fcd4a989c9c6df8b7565a1d.zip |
fix (and harden) kmail - #1541
-rw-r--r-- | etc/kmail.profile | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/kmail.profile b/etc/kmail.profile index fdc96c97f..7aad57987 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -18,10 +18,13 @@ nodvd | |||
18 | nogroups | 18 | nogroups |
19 | nonewprivs | 19 | nonewprivs |
20 | noroot | 20 | noroot |
21 | nosound | ||
21 | notv | 22 | notv |
23 | novideo | ||
22 | protocol unix,inet,inet6,netlink | 24 | protocol unix,inet,inet6,netlink |
23 | seccomp | 25 | # blacklisting of chroot system calls breaks kmail |
24 | tracelog | 26 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
27 | # tracelog | ||
25 | 28 | ||
26 | private-dev | 29 | private-dev |
27 | # private-tmp | 30 | # private-tmp |