Unify all profiles

author: Tad <tad@spotco.us> 2017-08-07 01:22:08 -0400
committer: Tad <tad@spotco.us> 2017-08-07 01:22:08 -0400
commit: 9e3ba319be6b9546d7e8f450ca419ee2f3f4040b (patch)
tree: 0aebe82de78a61877c267f4dcb2ebcc13a2e37c9 /etc/cpio.profile
parent: various profile fixes (#1433) (diff)
download: firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.gz
firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.zst
firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.zip
1 files changed, 17 insertions, 14 deletions
diff --git a/etc/cpio.profile b/etc/cpio.profile
index fe1dc0408..cd9b9ad7c 100644
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@@ -1,28 +1,31 @@
+# Firejail profile for cpio
+# This file is overwritten after every install/update
 quiet
-# Persistent global definitions go here
+# Persistent local customizations
+include /etc/firejail/cpio.local
+# Persistent global definitions
 include /etc/firejail/globals.local
-# This file is overwritten during software install.
+blacklist /tmp/.X11-unix
-# Persistent customizations should go in a .local file.
-include /etc/firejail/cpio.local
-# cpio profile
-# /sbin and /usr/sbin are visible inside the sandbox
-# /boot is not visible and /var is heavily modified
 noblacklist /sbin
 noblacklist /usr/sbin
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
-private-dev
-seccomp
 caps.drop all
 net none
-shell none
-tracelog
 net none
-nosound
 no3d
+nosound
+seccomp
+shell none
+tracelog
-blacklist /tmp/.X11-unix
+private-dev
+# CLOBBERED COMMENTS
+# /boot is not visible and /var is heavily modified
+# /sbin and /usr/sbin are visible inside the sandbox
author	Tad <tad@spotco.us>	2017-08-07 01:22:08 -0400
committer	Tad <tad@spotco.us>	2017-08-07 01:22:08 -0400
commit	9e3ba319be6b9546d7e8f450ca419ee2f3f4040b (patch)
tree	0aebe82de78a61877c267f4dcb2ebcc13a2e37c9 /etc/cpio.profile
parent	various profile fixes (#1433) (diff)
download	firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.gz firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.zst firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.zip

diff --git a/etc/cpio.profile b/etc/cpio.profile index fe1dc0408..cd9b9ad7c 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile
@@ -1,28 +1,31 @@
		1	# Firejail profile for cpio
		2	# This file is overwritten after every install/update
1	quiet	3	quiet
2	# Persistent global definitions go here	4	# Persistent local customizations
		5	include /etc/firejail/cpio.local
		6	# Persistent global definitions
3	include /etc/firejail/globals.local	7	include /etc/firejail/globals.local
4		8
5	# This file is overwritten during software install.	9	blacklist /tmp/.X11-unix
6	# Persistent customizations should go in a .local file.
7	include /etc/firejail/cpio.local
8		10
9	# cpio profile
10	# /sbin and /usr/sbin are visible inside the sandbox
11	# /boot is not visible and /var is heavily modified
12	noblacklist /sbin	11	noblacklist /sbin
13	noblacklist /usr/sbin	12	noblacklist /usr/sbin
		13
14	include /etc/firejail/disable-common.inc	14	include /etc/firejail/disable-common.inc
15	include /etc/firejail/disable-programs.inc
16	include /etc/firejail/disable-passwdmgr.inc	15	include /etc/firejail/disable-passwdmgr.inc
		16	include /etc/firejail/disable-programs.inc
17		17
18	private-dev
19	seccomp
20	caps.drop all	18	caps.drop all
21	net none	19	net none
22	shell none
23	tracelog
24	net none	20	net none
25	nosound
26	no3d	21	no3d
		22	nosound
		23	seccomp
		24	shell none
		25	tracelog
27		26
28	blacklist /tmp/.X11-unix	27	private-dev
		28
		29	# CLOBBERED COMMENTS
		30	# /boot is not visible and /var is heavily modified
		31	# /sbin and /usr/sbin are visible inside the sandbox