diff options
author | smitsohu <smitsohu@gmail.com> | 2017-09-25 15:57:50 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2017-09-25 15:57:50 +0200 |
commit | 9b99215a1eb2ac5ff8fddeff3e43b725fee18ca2 (patch) | |
tree | 632cecd6b845ecc93c5024170671a9894c2cda49 /etc/baloo_file.profile | |
parent | fix nginx and apache2, possible fix for #1534 (diff) | |
download | firejail-9b99215a1eb2ac5ff8fddeff3e43b725fee18ca2.tar.gz firejail-9b99215a1eb2ac5ff8fddeff3e43b725fee18ca2.tar.zst firejail-9b99215a1eb2ac5ff8fddeff3e43b725fee18ca2.zip |
various profile enhancements
* okular needs kdeinit4 for open file dialog since recently
* memory-deny-write-execute should be a safe addition for
desktop use of dnscrypt and unbound
* cleanup works
Diffstat (limited to 'etc/baloo_file.profile')
-rw-r--r-- | etc/baloo_file.profile | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 4e603971f..2c2d70c00 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
@@ -17,6 +17,8 @@ include /etc/firejail/disable-devel.inc | |||
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | ||
21 | |||
20 | caps.drop all | 22 | caps.drop all |
21 | no3d | 23 | no3d |
22 | nodvd | 24 | nodvd |
@@ -29,8 +31,10 @@ novideo | |||
29 | protocol unix | 31 | protocol unix |
30 | # Baloo makes ioprio_set system calls, which are blacklisted by default. | 32 | # Baloo makes ioprio_set system calls, which are blacklisted by default. |
31 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice | 33 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice |
34 | shell none | ||
32 | x11 xorg | 35 | x11 xorg |
33 | 36 | ||
37 | private-bin baloo_file,baloo_file_extractor,kbuildsycoca4 | ||
34 | private-dev | 38 | private-dev |
35 | private-tmp | 39 | private-tmp |
36 | 40 | ||