diff options
| author |  smitsohu <smitsohu@gmail.com> | 2022-04-10 17:48:29 +0200 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2022-04-10 17:50:28 +0200 |
| commit | af2b81b6129023a94eb23e65f63c3b8c675b779c (patch) | |
| tree | c39edb5961442b16fa9088ee81b092d76e531013 /etc/profile-m-z/unbound.profile | |
| parent | steam: add HotLine Miami (#5097) (diff) | |
| download | firejail-af2b81b6129023a94eb23e65f63c3b8c675b779c.tar.gz firejail-af2b81b6129023a94eb23e65f63c3b8c675b779c.tar.zst firejail-af2b81b6129023a94eb23e65f63c3b8c675b779c.zip | |
unbound: fixes, blacklist all of ${RUNUSER}
Diffstat (limited to 'etc/profile-m-z/unbound.profile')
| -rw-r--r-- | etc/profile-m-z/unbound.profile | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/etc/profile-m-z/unbound.profile b/etc/profile-m-z/unbound.profile index e8424cd7d..ef43ee822 100644 --- a/etc/profile-m-z/unbound.profile +++ b/etc/profile-m-z/unbound.profile | |||
| @@ -10,7 +10,7 @@ noblacklist /sbin | |||
| 10 | noblacklist /usr/sbin | 10 | noblacklist /usr/sbin |
| 11 | 11 | ||
| 12 | blacklist /tmp/.X11-unix | 12 | blacklist /tmp/.X11-unix |
| 13 | blacklist ${RUNUSER}/wayland-* | 13 | blacklist ${RUNUSER} |
| 14 | 14 | ||
| 15 | include disable-common.inc | 15 | include disable-common.inc |
| 16 | include disable-devel.inc | 16 | include disable-devel.inc |
| @@ -19,8 +19,11 @@ include disable-interpreters.inc | |||
| 19 | include disable-programs.inc | 19 | include disable-programs.inc |
| 20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
| 21 | 21 | ||
| 22 | whitelist /usr/share/dns | ||
| 22 | include whitelist-usr-share-common.inc | 23 | include whitelist-usr-share-common.inc |
| 23 | 24 | ||
| 25 | whitelist /var/lib/ca-certificates | ||
| 26 | read-only /var/lib/ca-certificates | ||
| 24 | whitelist /var/lib/unbound | 27 | whitelist /var/lib/unbound |
| 25 | whitelist /var/run | 28 | whitelist /var/run |
| 26 | 29 | ||
| @@ -48,5 +51,4 @@ writable-var | |||
| 48 | dbus-user none | 51 | dbus-user none |
| 49 | dbus-system none | 52 | dbus-system none |
| 50 | 53 | ||
| 51 | # mdwe can break modules/plugins | ||
| 52 | memory-deny-write-execute | 54 | memory-deny-write-execute |