diff options
| author |  smitsohu <smitsohu@gmail.com> | 2017-10-31 02:24:39 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2017-10-31 02:24:39 +0100 |
| commit | 871dfe351fd8cf19c8c7f330187c994b911ec995 (patch) | |
| tree | fc7839dff34b0b14e92a0cd87d45f56f744d45cd /etc/ark.profile | |
| parent | fix --ignore=quiet (diff) | |
| download | firejail-871dfe351fd8cf19c8c7f330187c994b911ec995.tar.gz firejail-871dfe351fd8cf19c8c7f330187c994b911ec995.tar.zst firejail-871dfe351fd8cf19c8c7f330187c994b911ec995.zip | |
harden kde
and whitelist kioslaverc because we don't know if kdeinit
will run outside or inside the sandbox.
Diffstat (limited to 'etc/ark.profile')
| -rw-r--r-- | etc/ark.profile | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/ark.profile b/etc/ark.profile index ba9cb1134..404206992 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
| @@ -5,6 +5,8 @@ include /etc/firejail/ark.local | |||
| 5 | # Persistent global definitions | 5 | # Persistent global definitions |
| 6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
| 7 | 7 | ||
| 8 | # blacklist /run/user/*/bus | ||
| 9 | |||
| 8 | noblacklist ~/.config/arkrc | 10 | noblacklist ~/.config/arkrc |
| 9 | 11 | ||
| 10 | include /etc/firejail/disable-common.inc | 12 | include /etc/firejail/disable-common.inc |
| @@ -15,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
| 15 | include /etc/firejail/whitelist-var-common.inc | 17 | include /etc/firejail/whitelist-var-common.inc |
| 16 | 18 | ||
| 17 | caps.drop all | 19 | caps.drop all |
| 20 | # net none | ||
| 18 | netfilter | 21 | netfilter |
| 19 | nodvd | 22 | nodvd |
| 20 | nogroups | 23 | nogroups |