diff options
author | netblue30 <netblue30@yahoo.com> | 2017-10-18 09:15:19 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-10-18 09:15:19 -0400 |
commit | b4c84b85a03da21179803077616fc77aeb9c8e22 (patch) | |
tree | cd3282447decd09a065c36c8acb49e932a25aaef /etc/clementine.profile | |
parent | remove links for uninstalled programs (diff) | |
download | firejail-b4c84b85a03da21179803077616fc77aeb9c8e22.tar.gz firejail-b4c84b85a03da21179803077616fc77aeb9c8e22.tar.zst firejail-b4c84b85a03da21179803077616fc77aeb9c8e22.zip |
profile updates
Diffstat (limited to 'etc/clementine.profile')
-rw-r--r-- | etc/clementine.profile | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/clementine.profile b/etc/clementine.profile index 1d93e5f2c..619086437 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | ||
16 | |||
15 | caps.drop all | 17 | caps.drop all |
16 | nonewprivs | 18 | nonewprivs |
17 | noroot | 19 | noroot |
@@ -20,3 +22,6 @@ novideo | |||
20 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
21 | # Clementine makes ioprio_set system calls, which are blacklisted by default. | 23 | # Clementine makes ioprio_set system calls, which are blacklisted by default. |
22 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice | 24 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice |
25 | |||
26 | private-dev | ||
27 | private-tmp | ||