diff options
| author |  Jose Riha <jose1711@gmail.com> | 2019-06-15 15:56:08 +0200 |
|---|---|---|
| committer | Jose Riha <jose1711@gmail.com> | 2019-06-17 11:31:18 +0200 |
| commit | f97e4fd97064b7f6a6101c1c60d5f88538d89ac6 (patch) | |
| tree | e711de6e103f1cbfc7477f2fd21036b338f62f5c | |
| parent | Add profile for udiskie (diff) | |
| download | firejail-f97e4fd97064b7f6a6101c1c60d5f88538d89ac6.tar.gz firejail-f97e4fd97064b7f6a6101c1c60d5f88538d89ac6.tar.zst firejail-f97e4fd97064b7f6a6101c1c60d5f88538d89ac6.zip | |
Apply suggestions from code review
Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
| -rw-r--r-- | etc/udiskie.profile | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/etc/udiskie.profile b/etc/udiskie.profile index 37b5d9a64..7960b4bc3 100644 --- a/etc/udiskie.profile +++ b/etc/udiskie.profile | |||
| @@ -1,7 +1,6 @@ | |||
| 1 | # Firejail profile for udiskie | 1 | # Firejail profile for udiskie |
| 2 | # Description: Removable disk automounter using udisks | 2 | # Description: Removable disk automounter using udisks |
| 3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 4 | # quiet | ||
| 5 | # Persistent local customizations | 4 | # Persistent local customizations |
| 6 | include udiskie.local | 5 | include udiskie.local |
| 7 | # Persistent global definitions | 6 | # Persistent global definitions |
| @@ -14,22 +13,33 @@ include disable-common.inc | |||
| 14 | include disable-devel.inc | 13 | include disable-devel.inc |
| 15 | include disable-exec.inc | 14 | include disable-exec.inc |
| 16 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
| 17 | include disable-passwdmgr.inc include disable-programs.inc | 16 | include disable-passwdmgr.inc |
| 17 | include disable-programs.inc | ||
| 18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | 19 | ||
| 20 | include whitelist-var-common.inc | ||
| 21 | |||
| 20 | caps.drop all | 22 | caps.drop all |
| 21 | machine-id | 23 | machine-id |
| 22 | net none | 24 | net none |
| 25 | no3d | ||
| 23 | nogroups | 26 | nogroups |
| 24 | nonewprivs | 27 | nonewprivs |
| 25 | noroot | 28 | noroot |
| 29 | nosound | ||
| 26 | notv | 30 | notv |
| 27 | nou2f | 31 | nou2f |
| 28 | novideo | 32 | novideo |
| 33 | protocol unix | ||
| 29 | seccomp | 34 | seccomp |
| 30 | shell none | 35 | shell none |
| 31 | tracelog | 36 | tracelog |
| 32 | 37 | ||
| 38 | private-bin awk,cut,dbus-send,egrep,file,grep,head,python,python3,readlink,sed,sh,udiskie,uname,which,xdg-mime,xdg-open,xprop | ||
| 39 | # add your configured file browser in udiskie.local, e. g. | ||
| 40 | # private-bin nautilus | ||
| 41 | # private-bin thunar | ||
| 33 | private-cache | 42 | private-cache |
| 34 | private-dev | 43 | private-dev |
| 44 | private-etc ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,alternatives,mime.types,xdg | ||
| 35 | private-tmp | 45 | private-tmp |