Merge branch 'master' of https://github.com/netblue30/firejail

author: smitsohu <smitsohu@gmail.com> 2019-03-20 15:32:00 +0100
committer: smitsohu <smitsohu@gmail.com> 2019-03-20 15:32:00 +0100
commit: 571dbb8fe4728f2baa7b5ec5cfb80da2853cb95e (patch)
tree: a0202d72630fb4c0002faafa221c20262550246e /etc/ostrichriders.profile
parent: hardening: run more code unprivileged (diff)
parent: New profiles: Maelstrom and ostrichrider (diff)
download: firejail-571dbb8fe4728f2baa7b5ec5cfb80da2853cb95e.tar.gz
firejail-571dbb8fe4728f2baa7b5ec5cfb80da2853cb95e.tar.zst
firejail-571dbb8fe4728f2baa7b5ec5cfb80da2853cb95e.zip
1 files changed, 46 insertions, 0 deletions
diff --git a/etc/ostrichriders.profile b/etc/ostrichriders.profile
new file mode 100644
index 000000000..4eedddefd
--- /dev/null
+++ b/etc/ostrichriders.profile
@@ -0,0 +1,46 @@
+# Firejail profile for ostrichriders
+# Description: Knights flying on ostriches compete against other riders
+# This file is overwritten after every install/update
+# Persistent local customizations
+include ostrichriders.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.ostrichriders
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.ostrichriders
+whitelist ${HOME}/.ostrichriders
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+net none
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+# protocol seems to have a huge impact on performance
+#protocol unix
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin ostrichriders
+private-cache
+# private-dev should be commented for controllers
+private-dev
+private-tmp
author	smitsohu <smitsohu@gmail.com>	2019-03-20 15:32:00 +0100
committer	smitsohu <smitsohu@gmail.com>	2019-03-20 15:32:00 +0100
commit	571dbb8fe4728f2baa7b5ec5cfb80da2853cb95e (patch)
tree	a0202d72630fb4c0002faafa221c20262550246e /etc/ostrichriders.profile
parent	hardening: run more code unprivileged (diff)
parent	New profiles: Maelstrom and ostrichrider (diff)
download	firejail-571dbb8fe4728f2baa7b5ec5cfb80da2853cb95e.tar.gz firejail-571dbb8fe4728f2baa7b5ec5cfb80da2853cb95e.tar.zst firejail-571dbb8fe4728f2baa7b5ec5cfb80da2853cb95e.zip

diff --git a/etc/ostrichriders.profile b/etc/ostrichriders.profile new file mode 100644 index 000000000..4eedddefd --- /dev/null +++ b/etc/ostrichriders.profile
@@ -0,0 +1,46 @@
	1	# Firejail profile for ostrichriders
	2	# Description: Knights flying on ostriches compete against other riders
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include ostrichriders.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.ostrichriders
	10
	11	include disable-common.inc
	12	include disable-devel.inc
	13	include disable-exec.inc
	14	include disable-interpreters.inc
	15	include disable-passwdmgr.inc
	16	include disable-programs.inc
	17	include disable-xdg.inc
	18
	19	mkdir ${HOME}/.ostrichriders
	20	whitelist ${HOME}/.ostrichriders
	21	include whitelist-common.inc
	22	include whitelist-var-common.inc
	23
	24	caps.drop all
	25	ipc-namespace
	26	net none
	27	nodbus
	28	nodvd
	29	nogroups
	30	nonewprivs
	31	noroot
	32	notv
	33	nou2f
	34	novideo
	35	# protocol seems to have a huge impact on performance
	36	#protocol unix
	37	seccomp
	38	shell none
	39	tracelog
	40
	41	disable-mnt
	42	private-bin ostrichriders
	43	private-cache
	44	# private-dev should be commented for controllers
	45	private-dev
	46	private-tmp