diff options
author | smitsohu <smitsohu@gmail.com> | 2022-04-10 17:48:29 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2022-04-10 17:50:28 +0200 |
commit | af2b81b6129023a94eb23e65f63c3b8c675b779c (patch) | |
tree | c39edb5961442b16fa9088ee81b092d76e531013 /etc/profile-m-z/unbound.profile | |
parent | steam: add HotLine Miami (#5097) (diff) | |
download | firejail-af2b81b6129023a94eb23e65f63c3b8c675b779c.tar.gz firejail-af2b81b6129023a94eb23e65f63c3b8c675b779c.tar.zst firejail-af2b81b6129023a94eb23e65f63c3b8c675b779c.zip |
unbound: fixes, blacklist all of ${RUNUSER}
Diffstat (limited to 'etc/profile-m-z/unbound.profile')
-rw-r--r-- | etc/profile-m-z/unbound.profile | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/etc/profile-m-z/unbound.profile b/etc/profile-m-z/unbound.profile index e8424cd7d..ef43ee822 100644 --- a/etc/profile-m-z/unbound.profile +++ b/etc/profile-m-z/unbound.profile | |||
@@ -10,7 +10,7 @@ noblacklist /sbin | |||
10 | noblacklist /usr/sbin | 10 | noblacklist /usr/sbin |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
13 | blacklist ${RUNUSER}/wayland-* | 13 | blacklist ${RUNUSER} |
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
@@ -19,8 +19,11 @@ include disable-interpreters.inc | |||
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | 21 | ||
22 | whitelist /usr/share/dns | ||
22 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
23 | 24 | ||
25 | whitelist /var/lib/ca-certificates | ||
26 | read-only /var/lib/ca-certificates | ||
24 | whitelist /var/lib/unbound | 27 | whitelist /var/lib/unbound |
25 | whitelist /var/run | 28 | whitelist /var/run |
26 | 29 | ||
@@ -48,5 +51,4 @@ writable-var | |||
48 | dbus-user none | 51 | dbus-user none |
49 | dbus-system none | 52 | dbus-system none |
50 | 53 | ||
51 | # mdwe can break modules/plugins | ||
52 | memory-deny-write-execute | 54 | memory-deny-write-execute |