diff options
author | 2019-06-16 13:04:28 +0200 | |
---|---|---|
committer | 2019-06-16 13:04:28 +0200 | |
commit | 4c935269605f9b53578b66b9d9c5596ccb886f0d (patch) | |
tree | a33b75b9d60169b5278cd66473db5a8ee30e3ea4 /etc/ping.profile | |
parent | Sort comented private-{bin,etc} lines (diff) | |
download | firejail-4c935269605f9b53578b66b9d9c5596ccb886f0d.tar.gz firejail-4c935269605f9b53578b66b9d9c5596ccb886f0d.tar.zst firejail-4c935269605f9b53578b66b9d9c5596ccb886f0d.zip |
many profile cleanup (4)
containing:
- files forgotten in 4beaf8f9
- workarounds for #903
- commented useless private-etc lines removed
- remove commented seccomp.keep lines
- much more
Diffstat (limited to 'etc/ping.profile')
-rw-r--r-- | etc/ping.profile | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/etc/ping.profile b/etc/ping.profile index 66574bab5..00ac45c5a 100644 --- a/etc/ping.profile +++ b/etc/ping.profile | |||
@@ -30,10 +30,8 @@ nosound | |||
30 | notv | 30 | notv |
31 | nou2f | 31 | nou2f |
32 | novideo | 32 | novideo |
33 | |||
34 | # protocol command is built using seccomp; nonewprivs will kill it | 33 | # protocol command is built using seccomp; nonewprivs will kill it |
35 | #protocol unix,inet,inet6,netlink,packet | 34 | #protocol unix,inet,inet6,netlink,packet |
36 | |||
37 | # killed by no-new-privs | 35 | # killed by no-new-privs |
38 | #seccomp | 36 | #seccomp |
39 | 37 | ||
@@ -42,7 +40,7 @@ private | |||
42 | #private-bin has mammoth problems with execvp: "No such file or directory" | 40 | #private-bin has mammoth problems with execvp: "No such file or directory" |
43 | private-dev | 41 | private-dev |
44 | # /etc/hosts is required in private-etc; however, just adding it to the list doesn't solve the problem! | 42 | # /etc/hosts is required in private-etc; however, just adding it to the list doesn't solve the problem! |
45 | #private-etc resolv.conf,hosts,ca-certificates,ssl,pki,crypto-policies | 43 | #private-etc ca-certificates,crypto-policies,hosts,pki,resolv.conf,ssl |
46 | private-tmp | 44 | private-tmp |
47 | 45 | ||
48 | # memory-deny-write-execute is built using seccomp; nonewprivs will kill it | 46 | # memory-deny-write-execute is built using seccomp; nonewprivs will kill it |