removed lxterminal support, blacklisting the terminal in disable-common.inc

author: netblue30 <netblue30@yahoo.com> 2017-10-04 08:44:52 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-10-04 08:44:52 -0400
commit: f61820a0a16c5751c96cff154e12d3cfe374ba99 (patch)
tree: 0bcfa62e2ecbdad3dc03959993090c977f5af26d
parent: whitelist /var (diff)
download: firejail-f61820a0a16c5751c96cff154e12d3cfe374ba99.tar.gz
firejail-f61820a0a16c5751c96cff154e12d3cfe374ba99.tar.zst
firejail-f61820a0a16c5751c96cff154e12d3cfe374ba99.zip
2 files changed, 1 insertions, 19 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index d943950d4..021e6349e 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -290,6 +290,7 @@ blacklist /tmp/.lxterminal-socket*
 blacklist /tmp/tmux-*
 # disable terminals running as server resulting in sandbox escape
+blacklist ${PATH}/lxterminal
 blacklist ${PATH}/gnome-terminal
 blacklist ${PATH}/gnome-terminal.wrapper
 blacklist ${PATH}/lilyterm
diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile
deleted file mode 100644
index dbbd1ace0..000000000
--- a/etc/lxterminal.profile
+++ /dev/null
@@ -1,19 +0,0 @@
-# Firejail profile for lxterminal
-# This file is overwritten after every install/update
-# Persistent local customizations
-include /etc/firejail/lxterminal.local
-# Persistent global definitions
-include /etc/firejail/globals.local
-include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-passwdmgr.inc
-include /etc/firejail/disable-programs.inc
-caps.drop all
-netfilter
-# noroot - somehow this breaks on Debian Jessie!
-nodvd
-notv
-protocol unix,inet,inet6
-seccomp
author	netblue30 <netblue30@yahoo.com>	2017-10-04 08:44:52 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-10-04 08:44:52 -0400
commit	f61820a0a16c5751c96cff154e12d3cfe374ba99 (patch)
tree	0bcfa62e2ecbdad3dc03959993090c977f5af26d
parent	whitelist /var (diff)
download	firejail-f61820a0a16c5751c96cff154e12d3cfe374ba99.tar.gz firejail-f61820a0a16c5751c96cff154e12d3cfe374ba99.tar.zst firejail-f61820a0a16c5751c96cff154e12d3cfe374ba99.zip

diff --git a/etc/disable-common.inc b/etc/disable-common.inc index d943950d4..021e6349e 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc
@@ -290,6 +290,7 @@ blacklist /tmp/.lxterminal-socket*
290	blacklist /tmp/tmux-*	290	blacklist /tmp/tmux-*
291		291
292	# disable terminals running as server resulting in sandbox escape	292	# disable terminals running as server resulting in sandbox escape
		293	blacklist ${PATH}/lxterminal
293	blacklist ${PATH}/gnome-terminal	294	blacklist ${PATH}/gnome-terminal
294	blacklist ${PATH}/gnome-terminal.wrapper	295	blacklist ${PATH}/gnome-terminal.wrapper
295	blacklist ${PATH}/lilyterm	296	blacklist ${PATH}/lilyterm


diff --git a/etc/lxterminal.profile b/etc/lxterminal.profile deleted file mode 100644 index dbbd1ace0..000000000 --- a/etc/lxterminal.profile +++ /dev/null
@@ -1,19 +0,0 @@
1	# Firejail profile for lxterminal
2	# This file is overwritten after every install/update
3	# Persistent local customizations
4	include /etc/firejail/lxterminal.local
5	# Persistent global definitions
6	include /etc/firejail/globals.local
7
8
9	include /etc/firejail/disable-common.inc
10	include /etc/firejail/disable-passwdmgr.inc
11	include /etc/firejail/disable-programs.inc
12
13	caps.drop all
14	netfilter
15	# noroot - somehow this breaks on Debian Jessie!
16	nodvd
17	notv
18	protocol unix,inet,inet6
19	seccomp