Add a profile for ClamAV's clamscan

author: Tad <tad@spotco.us> 2017-09-18 12:19:15 -0400
committer: Tad <tad@spotco.us> 2017-09-18 12:19:15 -0400
commit: dcfb4b9522cf0cc074c36d73bf5eb108a658eee7 (patch)
tree: f7aea4f87d277e5c71c05f2d64afc05b562cf181 /etc/clamscan.profile
parent: whitelist /var (diff)
download: firejail-dcfb4b9522cf0cc074c36d73bf5eb108a658eee7.tar.gz
firejail-dcfb4b9522cf0cc074c36d73bf5eb108a658eee7.tar.zst
firejail-dcfb4b9522cf0cc074c36d73bf5eb108a658eee7.zip
1 files changed, 32 insertions, 0 deletions
diff --git a/etc/clamscan.profile b/etc/clamscan.profile
new file mode 100644
index 000000000..2fd10171f
--- /dev/null
+++ b/etc/clamscan.profile
@@ -0,0 +1,32 @@
+# Firejail profile for clamscan
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/clamscan.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+x11 none
+private-dev
+read-only ${HOME}
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
author	Tad <tad@spotco.us>	2017-09-18 12:19:15 -0400
committer	Tad <tad@spotco.us>	2017-09-18 12:19:15 -0400
commit	dcfb4b9522cf0cc074c36d73bf5eb108a658eee7 (patch)
tree	f7aea4f87d277e5c71c05f2d64afc05b562cf181 /etc/clamscan.profile
parent	whitelist /var (diff)
download	firejail-dcfb4b9522cf0cc074c36d73bf5eb108a658eee7.tar.gz firejail-dcfb4b9522cf0cc074c36d73bf5eb108a658eee7.tar.zst firejail-dcfb4b9522cf0cc074c36d73bf5eb108a658eee7.zip

diff --git a/etc/clamscan.profile b/etc/clamscan.profile new file mode 100644 index 000000000..2fd10171f --- /dev/null +++ b/etc/clamscan.profile
@@ -0,0 +1,32 @@
	1	# Firejail profile for clamscan
	2	# This file is overwritten after every install/update
	3	quiet
	4	# Persistent local customizations
	5	include /etc/firejail/clamscan.local
	6	# Persistent global definitions
	7	include /etc/firejail/globals.local
	8
	9
	10	caps.drop all
	11	ipc-namespace
	12	net none
	13	no3d
	14	nodvd
	15	nogroups
	16	nonewprivs
	17	noroot
	18	nosound
	19	notv
	20	novideo
	21	protocol unix
	22	seccomp
	23	shell none
	24	tracelog
	25	x11 none
	26
	27	private-dev
	28	read-only ${HOME}
	29
	30	memory-deny-write-execute
	31	noexec ${HOME}
	32	noexec /tmp