diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2021-04-06 09:26:30 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-06 09:26:30 +0000 |
commit | 91185bbc4a8e9e8791f297bb731b23a8e80aaf9b (patch) | |
tree | 4875fd73f59fcabcb145bef7f4d55273f4fc0d46 /etc/profile-a-l/hasher-common.profile | |
parent | Merge pull request #4161 from glitsj16/signal-desktop (diff) | |
download | firejail-91185bbc4a8e9e8791f297bb731b23a8e80aaf9b.tar.gz firejail-91185bbc4a8e9e8791f297bb731b23a8e80aaf9b.tar.zst firejail-91185bbc4a8e9e8791f297bb731b23a8e80aaf9b.zip |
Encourage making overrides in *.local files (#4165)
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
* refactor local override comments
Diffstat (limited to 'etc/profile-a-l/hasher-common.profile')
-rw-r--r-- | etc/profile-a-l/hasher-common.profile | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/etc/profile-a-l/hasher-common.profile b/etc/profile-a-l/hasher-common.profile index 2f684349d..1633cc3ee 100644 --- a/etc/profile-a-l/hasher-common.profile +++ b/etc/profile-a-l/hasher-common.profile | |||
@@ -6,24 +6,23 @@ include hasher-common.local | |||
6 | 6 | ||
7 | blacklist ${RUNUSER} | 7 | blacklist ${RUNUSER} |
8 | 8 | ||
9 | # WARNING: | 9 | # Comment/uncomment the relevant include file(s) in your hasher-common.local |
10 | # Users can (un)restrict file access for **all** hashers by commenting/uncommenting the needed | 10 | # to (un)restrict file access for **all** hashers. Another option is to do this **per hasher** |
11 | # include file(s) here or by putting those into hasher-common.local. | 11 | # in the relevant <hasher>.local. Beware that things tend to break when overtightening |
12 | # Another option is to do this **per hasher** in the relevant <hasher>.local. | 12 | # profiles. For example, because you only need to hash/check files in ${DOWNLOADS}, |
13 | # Just beware that things tend to break when overtightening profiles. For example, because you only | 13 | # other applications may need access to ${HOME}/.local/share. |
14 | # need to hash/check files in ${DOWNLOADS}, other applications may need access to ${HOME}/.local/share. | 14 | |
15 | 15 | # Add the next line to your hasher-common.local if you don't need to hash files in disable-common.inc. | |
16 | # Uncomment the next line (or put it into your hasher-common.local) if you don't need to hash files in disable-common.inc. | ||
17 | #include disable-common.inc | 16 | #include disable-common.inc |
18 | include disable-devel.inc | 17 | include disable-devel.inc |
19 | include disable-exec.inc | 18 | include disable-exec.inc |
20 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
22 | # Uncomment the next line (or put it into your hasher-common.local) if you don't need to hash files in disable-programs.inc. | 21 | # Add the next line to your hasher-common.local if you don't need to hash files in disable-programs.inc. |
23 | #include disable-programs.inc | 22 | #include disable-programs.inc |
24 | include disable-shell.inc | 23 | include disable-shell.inc |
25 | include disable-write-mnt.inc | 24 | include disable-write-mnt.inc |
26 | # Uncomment the next line (or put it into your hasher-common.local) if you don't need to hash files in disable-xdg.inc. | 25 | # Add the next line to your hasher-common.local if you don't need to hash files in disable-xdg.inc. |
27 | #include disable-xdg.inc | 26 | #include disable-xdg.inc |
28 | 27 | ||
29 | apparmor | 28 | apparmor |
@@ -47,10 +46,10 @@ shell none | |||
47 | tracelog | 46 | tracelog |
48 | x11 none | 47 | x11 none |
49 | 48 | ||
50 | # Uncomment the next line (or put it into your hasher-common.local) if you don't need to hash files in /tmp. | 49 | # Add the next line to your hasher-common.local if you don't need to hash files in ~/.cache. |
51 | #private-cache | 50 | #private-cache |
52 | private-dev | 51 | private-dev |
53 | # Uncomment the next line (or put it into your hasher-common.local) if you don't need to hash files in /tmp. | 52 | # Add the next line to your hasher-common.local if you don't need to hash files in /tmp. |
54 | #private-tmp | 53 | #private-tmp |
55 | 54 | ||
56 | dbus-user none | 55 | dbus-user none |