diff options
author | smitsohu <smitsohu@gmail.com> | 2017-10-31 02:24:39 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2017-10-31 02:24:39 +0100 |
commit | 871dfe351fd8cf19c8c7f330187c994b911ec995 (patch) | |
tree | fc7839dff34b0b14e92a0cd87d45f56f744d45cd /etc/ark.profile | |
parent | fix --ignore=quiet (diff) | |
download | firejail-871dfe351fd8cf19c8c7f330187c994b911ec995.tar.gz firejail-871dfe351fd8cf19c8c7f330187c994b911ec995.tar.zst firejail-871dfe351fd8cf19c8c7f330187c994b911ec995.zip |
harden kde
and whitelist kioslaverc because we don't know if kdeinit
will run outside or inside the sandbox.
Diffstat (limited to 'etc/ark.profile')
-rw-r--r-- | etc/ark.profile | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/ark.profile b/etc/ark.profile index ba9cb1134..404206992 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/ark.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ~/.config/arkrc | 10 | noblacklist ~/.config/arkrc |
9 | 11 | ||
10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
@@ -15,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
15 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
16 | 18 | ||
17 | caps.drop all | 19 | caps.drop all |
20 | # net none | ||
18 | netfilter | 21 | netfilter |
19 | nodvd | 22 | nodvd |
20 | nogroups | 23 | nogroups |