diff options
| author |  Tad <tad@spotco.us> | 2017-09-18 14:27:58 -0400 |
|---|---|---|
| committer | Tad <tad@spotco.us> | 2017-09-18 14:27:58 -0400 |
| commit | ae5948cb84bd1327ab9f6f0577fd75bfe9a74787 (patch) | |
| tree | ee6f8a1bd5659453c8ecf24036adaef8f11bee3b /etc/clamav.profile | |
| parent | Add a profile for ClamAV's clamscan (diff) | |
| download | firejail-ae5948cb84bd1327ab9f6f0577fd75bfe9a74787.tar.gz firejail-ae5948cb84bd1327ab9f6f0577fd75bfe9a74787.tar.zst firejail-ae5948cb84bd1327ab9f6f0577fd75bfe9a74787.zip | |
Add a profile for clamdscan, clamdtop, and freshclam
Diffstat (limited to 'etc/clamav.profile')
| -rw-r--r-- | etc/clamav.profile | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/etc/clamav.profile b/etc/clamav.profile new file mode 100644 index 000000000..a5aacc1d5 --- /dev/null +++ b/etc/clamav.profile | |||
| @@ -0,0 +1,32 @@ | |||
| 1 | # Firejail profile for clamav | ||
| 2 | # This file is overwritten after every install/update | ||
| 3 | quiet | ||
| 4 | # Persistent local customizations | ||
| 5 | include /etc/firejail/clamav.local | ||
| 6 | # Persistent global definitions | ||
| 7 | include /etc/firejail/globals.local | ||
| 8 | |||
| 9 | |||
| 10 | caps.drop all | ||
| 11 | ipc-namespace | ||
| 12 | net none | ||
| 13 | no3d | ||
| 14 | nodvd | ||
| 15 | nogroups | ||
| 16 | nonewprivs | ||
| 17 | noroot | ||
| 18 | nosound | ||
| 19 | notv | ||
| 20 | novideo | ||
| 21 | protocol unix | ||
| 22 | seccomp | ||
| 23 | shell none | ||
| 24 | tracelog | ||
| 25 | x11 none | ||
| 26 | |||
| 27 | private-dev | ||
| 28 | read-only ${HOME} | ||
| 29 | |||
| 30 | memory-deny-write-execute | ||
| 31 | noexec ${HOME} | ||
| 32 | noexec /tmp | ||