diff options
author | smitsohu <smitsohu@gmail.com> | 2018-02-11 14:17:02 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-02-11 14:17:02 +0100 |
commit | 058942d16d58eab08aac8ad1b5ce2e1c82ed27c8 (patch) | |
tree | e74170479e4bf6670cb39c5fc2bc98ef47569256 /etc/remmina.profile | |
parent | Add seccomp filters for remmina, from an strace session connecting via RDP (diff) | |
download | firejail-058942d16d58eab08aac8ad1b5ce2e1c82ed27c8.tar.gz firejail-058942d16d58eab08aac8ad1b5ce2e1c82ed27c8.tar.zst firejail-058942d16d58eab08aac8ad1b5ce2e1c82ed27c8.zip |
keep remmina seccomp whitelist opt-in
Diffstat (limited to 'etc/remmina.profile')
-rw-r--r-- | etc/remmina.profile | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/remmina.profile b/etc/remmina.profile index fe429c32c..bef6376c6 100644 --- a/etc/remmina.profile +++ b/etc/remmina.profile | |||
@@ -22,7 +22,8 @@ noroot | |||
22 | notv | 22 | notv |
23 | novideo | 23 | novideo |
24 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
25 | seccomp.keep access,arch_prctl,brk,chmod,clock_getres,clock_gettime,clone,close,connect,dup3,eventfd2,execve,fadvise64,fallocate,fcntl,flock,fstat,fstatfs,fsync,ftruncate,futex,getdents,getegid,geteuid,getgid,getpeername,getpid,getrandom,getresgid,getresuid,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,memfd_create,mmap,mprotect,mremap,munmap,nanosleep,open,openat,pipe,pipe2,poll,prctl,prlimit64,pwrite64,read,readlink,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,sendmmsg,sendmsg,sendto,set_robust_list,setsockopt,set_tid_address,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,tgkill,uname,utimensat,write,writev | 25 | seccomp |
26 | # seccomp.keep access,arch_prctl,brk,chmod,clock_getres,clock_gettime,clone,close,connect,dup3,eventfd2,execve,fadvise64,fallocate,fcntl,flock,fstat,fstatfs,fsync,ftruncate,futex,getdents,getegid,geteuid,getgid,getpeername,getpid,getrandom,getresgid,getresuid,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,memfd_create,mmap,mprotect,mremap,munmap,nanosleep,open,openat,pipe,pipe2,poll,prctl,prlimit64,pwrite64,read,readlink,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,sendmmsg,sendmsg,sendto,set_robust_list,setsockopt,set_tid_address,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,tgkill,uname,utimensat,write,writev | ||
26 | shell none | 27 | shell none |
27 | 28 | ||
28 | private-dev | 29 | private-dev |