keep remmina seccomp whitelist opt-in

author: smitsohu <smitsohu@gmail.com> 2018-02-11 14:17:02 +0100
committer: GitHub <noreply@github.com> 2018-02-11 14:17:02 +0100
commit: 058942d16d58eab08aac8ad1b5ce2e1c82ed27c8 (patch)
tree: e74170479e4bf6670cb39c5fc2bc98ef47569256 /etc/remmina.profile
parent: Add seccomp filters for remmina, from an strace session connecting via RDP (diff)
download: firejail-058942d16d58eab08aac8ad1b5ce2e1c82ed27c8.tar.gz
firejail-058942d16d58eab08aac8ad1b5ce2e1c82ed27c8.tar.zst
firejail-058942d16d58eab08aac8ad1b5ce2e1c82ed27c8.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/remmina.profile b/etc/remmina.profile
index fe429c32c..bef6376c6 100644
--- a/etc/remmina.profile
+++ b/etc/remmina.profile
@@ -22,7 +22,8 @@ noroot
 notv
 novideo
 protocol unix,inet,inet6
-seccomp.keep access,arch_prctl,brk,chmod,clock_getres,clock_gettime,clone,close,connect,dup3,eventfd2,execve,fadvise64,fallocate,fcntl,flock,fstat,fstatfs,fsync,ftruncate,futex,getdents,getegid,geteuid,getgid,getpeername,getpid,getrandom,getresgid,getresuid,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,memfd_create,mmap,mprotect,mremap,munmap,nanosleep,open,openat,pipe,pipe2,poll,prctl,prlimit64,pwrite64,read,readlink,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,sendmmsg,sendmsg,sendto,set_robust_list,setsockopt,set_tid_address,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,tgkill,uname,utimensat,write,writev
+seccomp
+# seccomp.keep access,arch_prctl,brk,chmod,clock_getres,clock_gettime,clone,close,connect,dup3,eventfd2,execve,fadvise64,fallocate,fcntl,flock,fstat,fstatfs,fsync,ftruncate,futex,getdents,getegid,geteuid,getgid,getpeername,getpid,getrandom,getresgid,getresuid,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,memfd_create,mmap,mprotect,mremap,munmap,nanosleep,open,openat,pipe,pipe2,poll,prctl,prlimit64,pwrite64,read,readlink,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,sendmmsg,sendmsg,sendto,set_robust_list,setsockopt,set_tid_address,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,tgkill,uname,utimensat,write,writev
 shell none
 private-dev
author	smitsohu <smitsohu@gmail.com>	2018-02-11 14:17:02 +0100
committer	GitHub <noreply@github.com>	2018-02-11 14:17:02 +0100
commit	058942d16d58eab08aac8ad1b5ce2e1c82ed27c8 (patch)
tree	e74170479e4bf6670cb39c5fc2bc98ef47569256 /etc/remmina.profile
parent	Add seccomp filters for remmina, from an strace session connecting via RDP (diff)
download	firejail-058942d16d58eab08aac8ad1b5ce2e1c82ed27c8.tar.gz firejail-058942d16d58eab08aac8ad1b5ce2e1c82ed27c8.tar.zst firejail-058942d16d58eab08aac8ad1b5ce2e1c82ed27c8.zip

diff --git a/etc/remmina.profile b/etc/remmina.profile index fe429c32c..bef6376c6 100644 --- a/etc/remmina.profile +++ b/etc/remmina.profile
@@ -22,7 +22,8 @@ noroot
22	notv	22	notv
23	novideo	23	novideo
24	protocol unix,inet,inet6	24	protocol unix,inet,inet6
25	seccomp.keep access,arch_prctl,brk,chmod,clock_getres,clock_gettime,clone,close,connect,dup3,eventfd2,execve,fadvise64,fallocate,fcntl,flock,fstat,fstatfs,fsync,ftruncate,futex,getdents,getegid,geteuid,getgid,getpeername,getpid,getrandom,getresgid,getresuid,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,memfd_create,mmap,mprotect,mremap,munmap,nanosleep,open,openat,pipe,pipe2,poll,prctl,prlimit64,pwrite64,read,readlink,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,sendmmsg,sendmsg,sendto,set_robust_list,setsockopt,set_tid_address,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,tgkill,uname,utimensat,write,writev	25	seccomp
		26	# seccomp.keep access,arch_prctl,brk,chmod,clock_getres,clock_gettime,clone,close,connect,dup3,eventfd2,execve,fadvise64,fallocate,fcntl,flock,fstat,fstatfs,fsync,ftruncate,futex,getdents,getegid,geteuid,getgid,getpeername,getpid,getrandom,getresgid,getresuid,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,memfd_create,mmap,mprotect,mremap,munmap,nanosleep,open,openat,pipe,pipe2,poll,prctl,prlimit64,pwrite64,read,readlink,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,sendmmsg,sendmsg,sendto,set_robust_list,setsockopt,set_tid_address,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,tgkill,uname,utimensat,write,writev
26	shell none	27	shell none
27		28
28	private-dev	29	private-dev