diff options
author | netblue30 <netblue30@protonmail.com> | 2021-10-30 08:35:09 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-10-30 08:35:09 -0400 |
commit | 41427b8f62358344d45197fb674786d1a4dd11bf (patch) | |
tree | 62bf87ce050b99bb76d53c1972cf092a8b3b93a0 /etc/profile-m-z | |
parent | Merge pull request #4643 from rusty-snake/profile-checks (diff) | |
download | firejail-41427b8f62358344d45197fb674786d1a4dd11bf.tar.gz firejail-41427b8f62358344d45197fb674786d1a4dd11bf.tar.zst firejail-41427b8f62358344d45197fb674786d1a4dd11bf.zip |
adding noprofile.profile from rusty-snake
Diffstat (limited to 'etc/profile-m-z')
-rw-r--r-- | etc/profile-m-z/noprofile.profile | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/etc/profile-m-z/noprofile.profile b/etc/profile-m-z/noprofile.profile new file mode 100644 index 000000000..560ee9db3 --- /dev/null +++ b/etc/profile-m-z/noprofile.profile | |||
@@ -0,0 +1,28 @@ | |||
1 | # This is the weakest possible firejail profile. | ||
2 | # If a program still fail with this profile, it is incompatible with firejail. | ||
3 | # (from https://gist.github.com/rusty-snake/bb234cb3e50e1e4e7429f29a7931cc72) | ||
4 | # | ||
5 | # Usage: | ||
6 | # 1. download | ||
7 | # 2. firejail --profile=noprofile.profile /path/to/program | ||
8 | |||
9 | # Keep in mind that even with this profile some things are done | ||
10 | # which can break the program. | ||
11 | # - some env-vars are cleared | ||
12 | # - /etc/firejail/firejail.config can contain options such as 'force-nonewprivs yes' | ||
13 | # - a new private pid-namespace is created | ||
14 | # - a minimal hardcoded blacklist is applied | ||
15 | # - ... | ||
16 | |||
17 | noblacklist /sys/fs | ||
18 | noblacklist /sys/module | ||
19 | |||
20 | allow-debuggers | ||
21 | allusers | ||
22 | keep-config-pulse | ||
23 | keep-dev-shm | ||
24 | keep-var-tmp | ||
25 | writable-etc | ||
26 | writable-run-user | ||
27 | writable-var | ||
28 | writable-var-log | ||