diff options
author | Tad <tad@spotco.us> | 2018-03-17 15:56:06 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2018-03-17 15:56:06 -0400 |
commit | 68fd00cfe4033a0299c481825373df696b7acdb5 (patch) | |
tree | 12024f283fcf8a54dfe7750df69f90b420d1c512 /etc/digikam.profile | |
parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
download | firejail-68fd00cfe4033a0299c481825373df696b7acdb5.tar.gz firejail-68fd00cfe4033a0299c481825373df696b7acdb5.tar.zst firejail-68fd00cfe4033a0299c481825373df696b7acdb5.zip |
Move apparmor option to the top of the options list in all profiles
Diffstat (limited to 'etc/digikam.profile')
-rw-r--r-- | etc/digikam.profile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/digikam.profile b/etc/digikam.profile index 179204036..516876c6b 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-programs.inc | |||
17 | 17 | ||
18 | include /etc/firejail/whitelist-var-common.inc | 18 | include /etc/firejail/whitelist-var-common.inc |
19 | 19 | ||
20 | apparmor | ||
20 | caps.drop all | 21 | caps.drop all |
21 | netfilter | 22 | netfilter |
22 | nodvd | 23 | nodvd |
@@ -28,7 +29,6 @@ protocol unix,inet,inet6,netlink | |||
28 | seccomp | 29 | seccomp |
29 | # seccomp.keep fallocate,getrusage,openat,access,arch_prctl,bind,brk,chdir,chmod,clock_getres,clone,close,connect,dup2,dup3,eventfd2,execve,fadvise64,fcntl,fdatasync,flock,fstat,fstatfs,ftruncate,futex,getcwd,getdents,getegid,geteuid,getgid,getpeername,getpgrp,getpid,getppid,getrandom,getresgid,getresuid,getrlimit,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,mbind,memfd_create,mkdir,mmap,mprotect,msync,munmap,nanosleep,open,pipe,pipe2,poll,ppoll,prctl,pread64,pwrite64,read,readlink,readlinkat,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,rt_sigreturn,sched_getaffinity,sched_getparam,sched_get_priority_max,sched_get_priority_min,sched_getscheduler,sched_setscheduler,sched_yield,sendmsg,sendto,setgid,setresgid,setresuid,set_robust_list,setsid,setsockopt,set_tid_address,setuid,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,timerfd_create,umask,uname,unlink,wait4,waitid,write,writev,fchmod,fchown,unshare,exit,exit_group | 30 | # seccomp.keep fallocate,getrusage,openat,access,arch_prctl,bind,brk,chdir,chmod,clock_getres,clone,close,connect,dup2,dup3,eventfd2,execve,fadvise64,fcntl,fdatasync,flock,fstat,fstatfs,ftruncate,futex,getcwd,getdents,getegid,geteuid,getgid,getpeername,getpgrp,getpid,getppid,getrandom,getresgid,getresuid,getrlimit,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,mbind,memfd_create,mkdir,mmap,mprotect,msync,munmap,nanosleep,open,pipe,pipe2,poll,ppoll,prctl,pread64,pwrite64,read,readlink,readlinkat,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,rt_sigreturn,sched_getaffinity,sched_getparam,sched_get_priority_max,sched_get_priority_min,sched_getscheduler,sched_setscheduler,sched_yield,sendmsg,sendto,setgid,setresgid,setresuid,set_robust_list,setsid,setsockopt,set_tid_address,setuid,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,timerfd_create,umask,uname,unlink,wait4,waitid,write,writev,fchmod,fchown,unshare,exit,exit_group |
30 | shell none | 31 | shell none |
31 | apparmor | ||
32 | 32 | ||
33 | # private-bin program | 33 | # private-bin program |
34 | # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device | 34 | # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device |