diff options
author | Lockdis <45907176+Lockdis@users.noreply.github.com> | 2019-01-24 18:59:08 +0100 |
---|---|---|
committer | Lockdis <45907176+Lockdis@users.noreply.github.com> | 2019-01-24 18:59:08 +0100 |
commit | 8c8a62f238feba0151f780d8a788b1f01aa33b42 (patch) | |
tree | 53a9aebe33fe1404ab392f9d5628ad99b29e8e5b /etc/nyx.profile | |
parent | add crow (diff) | |
download | firejail-8c8a62f238feba0151f780d8a788b1f01aa33b42.tar.gz firejail-8c8a62f238feba0151f780d8a788b1f01aa33b42.tar.zst firejail-8c8a62f238feba0151f780d8a788b1f01aa33b42.zip |
Update nyx.profile, crow.profile
Diffstat (limited to 'etc/nyx.profile')
-rw-r--r-- | etc/nyx.profile | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/etc/nyx.profile b/etc/nyx.profile index aa3275a00..d5e1e1f84 100644 --- a/etc/nyx.profile +++ b/etc/nyx.profile | |||
@@ -1,20 +1,18 @@ | |||
1 | # Firejail profile for nyx | 1 | # Firejail profile for nyx |
2 | # Description: Command-line status monitor for tor | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 4 | # Persistent local customizations |
4 | include nyx.local | 5 | include nyx.local |
5 | # Persistent global definitions | 6 | # Persistent global definitions |
6 | include globals.local | 7 | include globals.local |
7 | 8 | ||
9 | noblacklist ${PATH}/python2* | ||
8 | noblacklist ${PATH}/python3* | 10 | noblacklist ${PATH}/python3* |
9 | noblacklist /usr/include/python3* | 11 | noblacklist /usr/lib/python2* |
10 | noblacklist /usr/lib/python3* | 12 | noblacklist /usr/lib/python3* |
11 | noblacklist /usr/local/lib/python3* | ||
12 | noblacklist /usr/share/python3* | ||
13 | 13 | ||
14 | noblacklist ${HOME}/.nyx | 14 | noblacklist ${HOME}/.nyx |
15 | |||
16 | mkdir ${HOME}/.nyx | 15 | mkdir ${HOME}/.nyx |
17 | |||
18 | whitelist ${HOME}/.nyx | 16 | whitelist ${HOME}/.nyx |
19 | 17 | ||
20 | include disable-common.inc | 18 | include disable-common.inc |
@@ -24,9 +22,8 @@ include disable-passwdmgr.inc | |||
24 | include disable-programs.inc | 22 | include disable-programs.inc |
25 | include disable-xdg.inc | 23 | include disable-xdg.inc |
26 | 24 | ||
27 | # apparmor | ||
28 | caps.drop all | 25 | caps.drop all |
29 | # ipc-namespace | 26 | ipc-namespace |
30 | netfilter | 27 | netfilter |
31 | no3d | 28 | no3d |
32 | nodbus | 29 | nodbus |
@@ -41,18 +38,15 @@ novideo | |||
41 | protocol unix,inet,inet6 | 38 | protocol unix,inet,inet6 |
42 | seccomp | 39 | seccomp |
43 | shell none | 40 | shell none |
44 | # tracelog | ||
45 | 41 | ||
46 | disable-mnt | 42 | disable-mnt |
47 | private-bin nyx,python | 43 | private-bin nyx,python* |
48 | private-cache | 44 | private-cache |
49 | private-dev | 45 | private-dev |
50 | private-etc passwd,tor | 46 | private-etc passwd,tor,fonts |
51 | # private-lib | ||
52 | private-opt none | 47 | private-opt none |
53 | private-srv none | 48 | private-srv none |
54 | private-tmp | 49 | private-tmp |
55 | 50 | ||
56 | # memory-deny-write-execute | ||
57 | noexec ${HOME} | 51 | noexec ${HOME} |
58 | noexec /tmp | 52 | noexec /tmp |