libvirt dnsmasq fix (#5089)

author: smitsohu <smitsohu@gmail.com> 2022-04-10 17:55:48 +0200
committer: smitsohu <smitsohu@gmail.com> 2022-04-10 18:03:35 +0200
commit: ce6f792efd0af09b95050864b71f79c46359fa49 (patch)
tree: 9670725f5cb8d014b09b1a271060e0f933bc1d36 /etc/profile-a-l
parent: unbound: fixes, blacklist all of ${RUNUSER} (diff)
download: firejail-ce6f792efd0af09b95050864b71f79c46359fa49.tar.gz
firejail-ce6f792efd0af09b95050864b71f79c46359fa49.tar.zst
firejail-ce6f792efd0af09b95050864b71f79c46359fa49.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile
index 2db1548a4..71b960311 100644
--- a/etc/profile-a-l/dnsmasq.profile
+++ b/etc/profile-a-l/dnsmasq.profile
@@ -19,6 +19,9 @@ include disable-interpreters.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /var/lib/libvirt/dnsmasq
+whitelist /var/run
 caps.keep net_admin,net_bind_service,net_raw,setgid,setuid
 no3d
 nodvd
@@ -35,3 +38,4 @@ disable-mnt
 private
 private-cache
 private-dev
+writable-var
author	smitsohu <smitsohu@gmail.com>	2022-04-10 17:55:48 +0200
committer	smitsohu <smitsohu@gmail.com>	2022-04-10 18:03:35 +0200
commit	ce6f792efd0af09b95050864b71f79c46359fa49 (patch)
tree	9670725f5cb8d014b09b1a271060e0f933bc1d36 /etc/profile-a-l
parent	unbound: fixes, blacklist all of ${RUNUSER} (diff)
download	firejail-ce6f792efd0af09b95050864b71f79c46359fa49.tar.gz firejail-ce6f792efd0af09b95050864b71f79c46359fa49.tar.zst firejail-ce6f792efd0af09b95050864b71f79c46359fa49.zip

diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile index 2db1548a4..71b960311 100644 --- a/etc/profile-a-l/dnsmasq.profile +++ b/etc/profile-a-l/dnsmasq.profile
@@ -19,6 +19,9 @@ include disable-interpreters.inc
19	include disable-programs.inc	19	include disable-programs.inc
20	include disable-xdg.inc	20	include disable-xdg.inc
21		21
		22	whitelist /var/lib/libvirt/dnsmasq
		23	whitelist /var/run
		24
22	caps.keep net_admin,net_bind_service,net_raw,setgid,setuid	25	caps.keep net_admin,net_bind_service,net_raw,setgid,setuid
23	no3d	26	no3d
24	nodvd	27	nodvd
@@ -35,3 +38,4 @@ disable-mnt
35	private	38	private
36	private-cache	39	private-cache
37	private-dev	40	private-dev
		41	writable-var