profile updates

author: netblue30 <netblue30@yahoo.com> 2017-10-18 09:15:19 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-10-18 09:15:19 -0400
commit: b4c84b85a03da21179803077616fc77aeb9c8e22 (patch)
tree: cd3282447decd09a065c36c8acb49e932a25aaef /etc/clementine.profile
parent: remove links for uninstalled programs (diff)
download: firejail-b4c84b85a03da21179803077616fc77aeb9c8e22.tar.gz
firejail-b4c84b85a03da21179803077616fc77aeb9c8e22.tar.zst
firejail-b4c84b85a03da21179803077616fc77aeb9c8e22.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/clementine.profile b/etc/clementine.profile
index 1d93e5f2c..619086437 100644
--- a/etc/clementine.profile
+++ b/etc/clementine.profile
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 nonewprivs
 noroot
@@ -20,3 +22,6 @@ novideo
 protocol unix,inet,inet6
 # Clementine makes ioprio_set system calls, which are blacklisted by default.
 seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
+private-dev
+private-tmp
author	netblue30 <netblue30@yahoo.com>	2017-10-18 09:15:19 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-10-18 09:15:19 -0400
commit	b4c84b85a03da21179803077616fc77aeb9c8e22 (patch)
tree	cd3282447decd09a065c36c8acb49e932a25aaef /etc/clementine.profile
parent	remove links for uninstalled programs (diff)
download	firejail-b4c84b85a03da21179803077616fc77aeb9c8e22.tar.gz firejail-b4c84b85a03da21179803077616fc77aeb9c8e22.tar.zst firejail-b4c84b85a03da21179803077616fc77aeb9c8e22.zip

diff --git a/etc/clementine.profile b/etc/clementine.profile index 1d93e5f2c..619086437 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile
@@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc
12	include /etc/firejail/disable-passwdmgr.inc	12	include /etc/firejail/disable-passwdmgr.inc
13	include /etc/firejail/disable-programs.inc	13	include /etc/firejail/disable-programs.inc
14		14
		15	include /etc/firejail/whitelist-var-common.inc
		16
15	caps.drop all	17	caps.drop all
16	nonewprivs	18	nonewprivs
17	noroot	19	noroot
@@ -20,3 +22,6 @@ novideo
20	protocol unix,inet,inet6	22	protocol unix,inet,inet6
21	# Clementine makes ioprio_set system calls, which are blacklisted by default.	23	# Clementine makes ioprio_set system calls, which are blacklisted by default.
22	seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice	24	seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice
		25
		26	private-dev
		27	private-tmp