diff options
author | netblue30 <netblue30@yahoo.com> | 2017-09-25 09:12:37 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-09-25 09:12:37 -0400 |
commit | 94bb78856bb3f953fc79684622a28552d02b9d11 (patch) | |
tree | e1be67e8a345af8bc233bbaf7e9eb2e62477302e | |
parent | disable DBus activation in firecfg (diff) | |
download | firejail-94bb78856bb3f953fc79684622a28552d02b9d11.tar.gz firejail-94bb78856bb3f953fc79684622a28552d02b9d11.tar.zst firejail-94bb78856bb3f953fc79684622a28552d02b9d11.zip |
fix nginx and apache2, possible fix for #1534
-rw-r--r-- | etc/disable-common.inc | 3 | ||||
-rw-r--r-- | etc/server.profile | 3 |
2 files changed, 4 insertions, 2 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index abce0fe57..d943950d4 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -120,7 +120,8 @@ blacklist /var/lib/mysql/mysql.sock | |||
120 | blacklist /var/lib/mysqld/mysql.sock | 120 | blacklist /var/lib/mysqld/mysql.sock |
121 | blacklist /var/lib/pacman | 121 | blacklist /var/lib/pacman |
122 | blacklist /var/lib/upower | 122 | blacklist /var/lib/upower |
123 | blacklist /var/log | 123 | # blacklist /var/log - a virtual /var/log directory (mostly empty) is buid up by default for |
124 | # every sandbox, unless --writeble-var-log switch is activated | ||
124 | blacklist /var/mail | 125 | blacklist /var/mail |
125 | blacklist /var/opt | 126 | blacklist /var/opt |
126 | blacklist /var/run/acpid.socket | 127 | blacklist /var/run/acpid.socket |
diff --git a/etc/server.profile b/etc/server.profile index edd4666e1..860e0056d 100644 --- a/etc/server.profile +++ b/etc/server.profile | |||
@@ -13,7 +13,6 @@ blacklist /tmp/.X11-unix | |||
13 | 13 | ||
14 | noblacklist /sbin | 14 | noblacklist /sbin |
15 | noblacklist /usr/sbin | 15 | noblacklist /usr/sbin |
16 | # noblacklist /var/log | ||
17 | # noblacklist /var/opt | 16 | # noblacklist /var/opt |
18 | 17 | ||
19 | include /etc/firejail/disable-common.inc | 18 | include /etc/firejail/disable-common.inc |
@@ -29,6 +28,8 @@ notv | |||
29 | novideo | 28 | novideo |
30 | seccomp | 29 | seccomp |
31 | 30 | ||
31 | # netfilter /etc/firejail/webserver.net | ||
32 | |||
32 | # disable-mnt | 33 | # disable-mnt |
33 | private | 34 | private |
34 | # private-bin program | 35 | # private-bin program |