Merge pull request #1427 from SpotComms/pr

Unify all profiles
author: Fred Barclay <Fred-Barclay@users.noreply.github.com> 2017-08-07 13:41:08 -0500
committer: GitHub <noreply@github.com> 2017-08-07 13:41:08 -0500
commit: e24b15f8647997dbb26a7152c921af94e36294ce (patch)
tree: 4c98b42844c8c67853643d4b4b7253dbd8764f1e /etc/pithos.profile
parent: merges (diff)
parent: Unify last 8 profiles (diff)
download: firejail-e24b15f8647997dbb26a7152c921af94e36294ce.tar.gz
firejail-e24b15f8647997dbb26a7152c921af94e36294ce.tar.zst
firejail-e24b15f8647997dbb26a7152c921af94e36294ce.zip
1 files changed, 8 insertions, 15 deletions
diff --git a/etc/pithos.profile b/etc/pithos.profile
index c08f27f17..7eea5d8c2 100644
--- a/etc/pithos.profile
+++ b/etc/pithos.profile
@@ -1,25 +1,18 @@
-# Persistent global definitions go here
+# Firejail profile for pithos
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
+# Persistent local customizations
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
 include /etc/firejail/pithos.local
+# Persistent global definitions
+include /etc/firejail/globals.local
-#
-#Profile for pithos
-#
-#Blacklist Paths
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
-include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
 include /etc/firejail/whitelist-common.inc
-#Options
 caps.drop all
-#ipc-namespace
 netfilter
 no3d
 nogroups
@@ -30,9 +23,9 @@ protocol unix,inet,inet6
 seccomp
 shell none
+disable-mnt
 private-dev
 private-tmp
-disable-mnt
 noexec ${HOME}
 noexec /tmp
author	Fred Barclay <Fred-Barclay@users.noreply.github.com>	2017-08-07 13:41:08 -0500
committer	GitHub <noreply@github.com>	2017-08-07 13:41:08 -0500
commit	e24b15f8647997dbb26a7152c921af94e36294ce (patch)
tree	4c98b42844c8c67853643d4b4b7253dbd8764f1e /etc/pithos.profile
parent	merges (diff)
parent	Unify last 8 profiles (diff)
download	firejail-e24b15f8647997dbb26a7152c921af94e36294ce.tar.gz firejail-e24b15f8647997dbb26a7152c921af94e36294ce.tar.zst firejail-e24b15f8647997dbb26a7152c921af94e36294ce.zip

diff --git a/etc/pithos.profile b/etc/pithos.profile index c08f27f17..7eea5d8c2 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile
@@ -1,25 +1,18 @@
1	# Persistent global definitions go here	1	# Firejail profile for pithos
2	include /etc/firejail/globals.local	2	# This file is overwritten after every install/update
3		3	# Persistent local customizations
4	# This file is overwritten during software install.
5	# Persistent customizations should go in a .local file.
6	include /etc/firejail/pithos.local	4	include /etc/firejail/pithos.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
7		7
8	#
9	#Profile for pithos
10	#
11		8
12	#Blacklist Paths
13	include /etc/firejail/disable-common.inc	9	include /etc/firejail/disable-common.inc
14	include /etc/firejail/disable-programs.inc
15	include /etc/firejail/disable-passwdmgr.inc
16	include /etc/firejail/disable-devel.inc	10	include /etc/firejail/disable-devel.inc
17		11	include /etc/firejail/disable-passwdmgr.inc
		12	include /etc/firejail/disable-programs.inc
18	include /etc/firejail/whitelist-common.inc	13	include /etc/firejail/whitelist-common.inc
19		14
20	#Options
21	caps.drop all	15	caps.drop all
22	#ipc-namespace
23	netfilter	16	netfilter
24	no3d	17	no3d
25	nogroups	18	nogroups
@@ -30,9 +23,9 @@ protocol unix,inet,inet6
30	seccomp	23	seccomp
31	shell none	24	shell none
32		25
		26	disable-mnt
33	private-dev	27	private-dev
34	private-tmp	28	private-tmp
35	disable-mnt
36		29
37	noexec ${HOME}	30	noexec ${HOME}
38	noexec /tmp	31	noexec /tmp