diff options
author | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2016-07-09 05:27:38 +1000 |
---|---|---|
committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2016-07-09 05:27:38 +1000 |
commit | c99ddd579d823dae018e1f65ad28b3234e8e51bb (patch) | |
tree | ca7bf413aadb264c62071de320ed9302371a117d /etc/0ad.profile | |
parent | missed a file... (diff) | |
download | firejail-c99ddd579d823dae018e1f65ad28b3234e8e51bb.tar.gz firejail-c99ddd579d823dae018e1f65ad28b3234e8e51bb.tar.zst firejail-c99ddd579d823dae018e1f65ad28b3234e8e51bb.zip |
tightened and fixed permissions warning
Diffstat (limited to 'etc/0ad.profile')
-rw-r--r-- | etc/0ad.profile | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile index 3797ae5cd..11fb45463 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile | |||
@@ -1,21 +1,13 @@ | |||
1 | # Firejail profile for 0ad. | 1 | # Firejail profile for 0ad. |
2 | noblacklist ~/.cache/0ad | ||
2 | noblacklist ~/.config/0ad | 3 | noblacklist ~/.config/0ad |
4 | noblacklist ~/.local/share/0ad | ||
3 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-devel.inc | 6 | include /etc/firejail/disable-devel.inc |
5 | include /etc/firejail/disable-passwdmgr.inc | 7 | include /etc/firejail/disable-passwdmgr.inc |
6 | include /etc/firejail/disable-programs.inc | 8 | include /etc/firejail/disable-programs.inc |
7 | 9 | ||
8 | # Call these options | ||
9 | caps.drop all | ||
10 | netfilter | ||
11 | noroot | ||
12 | nonewprivs | ||
13 | protocol unix,inet,inet6,netlink | ||
14 | seccomp | ||
15 | tracelog | ||
16 | |||
17 | # Whitelists | 10 | # Whitelists |
18 | noblacklist ~/.cache/0ad | ||
19 | mkdir ~/.cache | 11 | mkdir ~/.cache |
20 | mkdir ~/.cache/0ad | 12 | mkdir ~/.cache/0ad |
21 | whitelist ~/.cache/0ad | 13 | whitelist ~/.cache/0ad |
@@ -24,8 +16,20 @@ mkdir ~/.config | |||
24 | mkdir ~/.config/0ad | 16 | mkdir ~/.config/0ad |
25 | whitelist ~/.config/0ad | 17 | whitelist ~/.config/0ad |
26 | 18 | ||
27 | noblacklist ~/.local/share/0ad | ||
28 | mkdir ~/.local | 19 | mkdir ~/.local |
29 | mkdir ~/.local/share | 20 | mkdir ~/.local/share |
30 | mkdir ~/.local/share/0ad | 21 | mkdir ~/.local/share/0ad |
31 | whitelist ~/.local/share/0ad | 22 | whitelist ~/.local/share/0ad |
23 | |||
24 | caps.drop all | ||
25 | netfilter | ||
26 | nonewprivs | ||
27 | nogroups | ||
28 | noroot | ||
29 | protocol unix,inet,inet6 | ||
30 | seccomp | ||
31 | shell none | ||
32 | tracelog | ||
33 | |||
34 | private-dev | ||
35 | |||