harden bsdtar profile (net none, x11 none)

author: smitsohu <smitsohu@gmail.com> 2019-06-29 14:24:36 +0200
committer: smitsohu <smitsohu@gmail.com> 2019-06-29 14:24:36 +0200
commit: 6adebbf5a6d0be4af503d5b1ef6485bd552b0cb3 (patch)
tree: 726dd23a6433dee42f86904973d053c7880edbee
parent: Merge branch 'master' of https://github.com/netblue30/firejail (diff)
download: firejail-6adebbf5a6d0be4af503d5b1ef6485bd552b0cb3.tar.gz
firejail-6adebbf5a6d0be4af503d5b1ef6485bd552b0cb3.tar.zst
firejail-6adebbf5a6d0be4af503d5b1ef6485bd552b0cb3.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile
index 1f7a02c2b..1411ce7bd 100644
--- a/etc/bsdtar.profile
+++ b/etc/bsdtar.profile
@@ -6,8 +6,6 @@ include bsdtar.local
 # Persistent global definitions
 include globals.local
-blacklist /tmp/.X11-unix
 include disable-common.inc
 # include disable-devel.inc
 include disable-exec.inc
@@ -20,7 +18,7 @@ caps.drop all
 hostname bsdtar
 ipc-namespace
 machine-id
-netfilter
+net none
 no3d
 nodvd
 nodbus
@@ -35,6 +33,7 @@ protocol unix
 seccomp
 shell none
 tracelog
+x11 none
 # support compressed archives
 private-bin bash,bsdcat,bsdcpio,bsdtar,bzip2,compress,gtar,gzip,lbzip2,libarchive,lz4,lzip,lzma,lzop,sh,xz
author	smitsohu <smitsohu@gmail.com>	2019-06-29 14:24:36 +0200
committer	smitsohu <smitsohu@gmail.com>	2019-06-29 14:24:36 +0200
commit	6adebbf5a6d0be4af503d5b1ef6485bd552b0cb3 (patch)
tree	726dd23a6433dee42f86904973d053c7880edbee
parent	Merge branch 'master' of https://github.com/netblue30/firejail (diff)
download	firejail-6adebbf5a6d0be4af503d5b1ef6485bd552b0cb3.tar.gz firejail-6adebbf5a6d0be4af503d5b1ef6485bd552b0cb3.tar.zst firejail-6adebbf5a6d0be4af503d5b1ef6485bd552b0cb3.zip

diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile index 1f7a02c2b..1411ce7bd 100644 --- a/etc/bsdtar.profile +++ b/etc/bsdtar.profile
@@ -6,8 +6,6 @@ include bsdtar.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include globals.local	7	include globals.local
8		8
9	blacklist /tmp/.X11-unix
10
11	include disable-common.inc	9	include disable-common.inc
12	# include disable-devel.inc	10	# include disable-devel.inc
13	include disable-exec.inc	11	include disable-exec.inc
@@ -20,7 +18,7 @@ caps.drop all
20	hostname bsdtar	18	hostname bsdtar
21	ipc-namespace	19	ipc-namespace
22	machine-id	20	machine-id
23	netfilter	21	net none
24	no3d	22	no3d
25	nodvd	23	nodvd
26	nodbus	24	nodbus
@@ -35,6 +33,7 @@ protocol unix
35	seccomp	33	seccomp
36	shell none	34	shell none
37	tracelog	35	tracelog
		36	x11 none
38		37
39	# support compressed archives	38	# support compressed archives
40	private-bin bash,bsdcat,bsdcpio,bsdtar,bzip2,compress,gtar,gzip,lbzip2,libarchive,lz4,lzip,lzma,lzop,sh,xz	39	private-bin bash,bsdcat,bsdcpio,bsdtar,bzip2,compress,gtar,gzip,lbzip2,libarchive,lz4,lzip,lzma,lzop,sh,xz