Add network functionality in sqlitebrowser.profile (#2525)

author: glitsj16 <glitsj16@users.noreply.github.com> 2019-03-06 04:25:41 +0000
committer: GitHub <noreply@github.com> 2019-03-06 04:25:41 +0000
commit: f40cdf7ae36db8c14d5bf7ec8c2797ca7721316e (patch)
tree: 8f935eac1476f43b4b942c2d89305ee128a24f0d
parent: Add dirname to private-bin in spectre-meltdown-checker (#2524) (diff)
download: firejail-f40cdf7ae36db8c14d5bf7ec8c2797ca7721316e.tar.gz
firejail-f40cdf7ae36db8c14d5bf7ec8c2797ca7721316e.tar.zst
firejail-f40cdf7ae36db8c14d5bf7ec8c2797ca7721316e.zip
1 files changed, 7 insertions, 5 deletions
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile
index 6bdd437cd..8122079e1 100644
--- a/etc/sqlitebrowser.profile
+++ b/etc/sqlitebrowser.profile
@@ -18,10 +18,11 @@ include disable-xdg.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
-net none
+ipc-namespace
-no3d
+netfilter
-nodbus
+# nodbus - breaks proxy creation
 nodvd
 nogroups
 nonewprivs
@@ -30,15 +31,16 @@ nosound
 notv
 nou2f
 novideo
-protocol unix
+protocol unix,inet,inet6,netlink
 seccomp
 shell none
 private-bin sqlitebrowser
 private-cache
 private-dev
+private-etc alternatives,ca-certificates,crypto-policies,fonts,group,machine-id,passwd,pki,ssl
 private-tmp
-# memory-deny-write-execute - breaks on Arch
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
author	glitsj16 <glitsj16@users.noreply.github.com>	2019-03-06 04:25:41 +0000
committer	GitHub <noreply@github.com>	2019-03-06 04:25:41 +0000
commit	f40cdf7ae36db8c14d5bf7ec8c2797ca7721316e (patch)
tree	8f935eac1476f43b4b942c2d89305ee128a24f0d
parent	Add dirname to private-bin in spectre-meltdown-checker (#2524) (diff)
download	firejail-f40cdf7ae36db8c14d5bf7ec8c2797ca7721316e.tar.gz firejail-f40cdf7ae36db8c14d5bf7ec8c2797ca7721316e.tar.zst firejail-f40cdf7ae36db8c14d5bf7ec8c2797ca7721316e.zip

diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index 6bdd437cd..8122079e1 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile
@@ -18,10 +18,11 @@ include disable-xdg.inc
18		18
19	include whitelist-var-common.inc	19	include whitelist-var-common.inc
20		20
		21	apparmor
21	caps.drop all	22	caps.drop all
22	net none	23	ipc-namespace
23	no3d	24	netfilter
24	nodbus	25	# nodbus - breaks proxy creation
25	nodvd	26	nodvd
26	nogroups	27	nogroups
27	nonewprivs	28	nonewprivs
@@ -30,15 +31,16 @@ nosound
30	notv	31	notv
31	nou2f	32	nou2f
32	novideo	33	novideo
33	protocol unix	34	protocol unix,inet,inet6,netlink
34	seccomp	35	seccomp
35	shell none	36	shell none
36		37
37	private-bin sqlitebrowser	38	private-bin sqlitebrowser
38	private-cache	39	private-cache
39	private-dev	40	private-dev
		41	private-etc alternatives,ca-certificates,crypto-policies,fonts,group,machine-id,passwd,pki,ssl
40	private-tmp	42	private-tmp
41		43
42	# memory-deny-write-execute - breaks on Arch	44	memory-deny-write-execute
43	noexec ${HOME}	45	noexec ${HOME}
44	noexec /tmp	46	noexec /tmp