diff options
| author |  smitsohu <smitsohu@gmail.com> | 2017-09-14 16:36:04 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2017-09-14 16:36:04 +0200 |
| commit | a5df0070fff2771ff2821e07fca9b57801079146 (patch) | |
| tree | ccc732767a999ac3dce6165a4fbc44b43560be7c /etc/goobox.profile | |
| parent | --writable-run-user man page (diff) | |
| download | firejail-a5df0070fff2771ff2821e07fca9b57801079146.tar.gz firejail-a5df0070fff2771ff2821e07fca9b57801079146.tar.zst firejail-a5df0070fff2771ff2821e07fca9b57801079146.zip | |
goobox enhancements (permit metadata retrieval)
1) We should permit internet access, as Goobox retrieves metadata via cddb-slave2 2) We can safely enable private-dev after the introduction of nodvd
Diffstat (limited to 'etc/goobox.profile')
| -rw-r--r-- | etc/goobox.profile | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/etc/goobox.profile b/etc/goobox.profile index 60ffe0594..98514ce8d 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile | |||
| @@ -13,17 +13,18 @@ include /etc/firejail/disable-programs.inc | |||
| 13 | 13 | ||
| 14 | caps.drop all | 14 | caps.drop all |
| 15 | netfilter | 15 | netfilter |
| 16 | no3d | ||
| 16 | nogroups | 17 | nogroups |
| 17 | nonewprivs | 18 | nonewprivs |
| 18 | noroot | 19 | noroot |
| 19 | notv | 20 | notv |
| 20 | novideo | 21 | novideo |
| 21 | protocol unix | 22 | protocol unix,inet,inet6 |
| 22 | seccomp | 23 | seccomp |
| 23 | shell none | 24 | shell none |
| 24 | tracelog | 25 | tracelog |
| 25 | 26 | ||
| 26 | # private-bin goobox | 27 | # private-bin goobox |
| 27 | # private-dev | 28 | private-dev |
| 28 | # private-etc fonts | 29 | # private-etc fonts |
| 29 | # private-tmp | 30 | # private-tmp |