Unify last 8 profiles

author: Tad <tad@spotco.us> 2017-08-07 14:24:51 -0400
committer: Tad <tad@spotco.us> 2017-08-07 14:29:40 -0400
commit: 39dc3c893b5d895ed9db9071dd47b3de7b28f2fd (patch)
tree: b76dbe39efe41bded67e3fe95d030b277d4a0236 /etc/server.profile
parent: Fix comments in 88 profiles (diff)
download: firejail-39dc3c893b5d895ed9db9071dd47b3de7b28f2fd.tar.gz
firejail-39dc3c893b5d895ed9db9071dd47b3de7b28f2fd.tar.zst
firejail-39dc3c893b5d895ed9db9071dd47b3de7b28f2fd.zip
1 files changed, 21 insertions, 9 deletions
diff --git a/etc/server.profile b/etc/server.profile
index 2d79fa1c8..b0dd13f80 100644
--- a/etc/server.profile
+++ b/etc/server.profile
@@ -1,25 +1,37 @@
-# Persistent global definitions go here
+# Firejail profile for server
-include /etc/firejail/globals.local
+# This file is overwritten after every install/update
+# Persistent local customizations
-# This file is overwritten during software install.
-# Persistent customizations should go in a .local file.
 include /etc/firejail/server.local
+# Persistent global definitions
+include /etc/firejail/globals.local
 # generic server profile
 # it allows /sbin and /usr/sbin directories - this is where servers are installed
+# depending on your usage, you can enable some of the commands below:
+blacklist /tmp/.X11-unix
 noblacklist /sbin
 noblacklist /usr/sbin
 include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-programs.inc
+# include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
-blacklist /tmp/.X11-unix
+caps
 no3d
 nosound
 seccomp
-caps
+# disable-mnt
 private
+# private-bin program
 private-dev
+# private-etc none
+# private-lib
 private-tmp
+# memory-deny-write-execute
+# noexec ${HOME}
+# noexec /tmp
author	Tad <tad@spotco.us>	2017-08-07 14:24:51 -0400
committer	Tad <tad@spotco.us>	2017-08-07 14:29:40 -0400
commit	39dc3c893b5d895ed9db9071dd47b3de7b28f2fd (patch)
tree	b76dbe39efe41bded67e3fe95d030b277d4a0236 /etc/server.profile
parent	Fix comments in 88 profiles (diff)
download	firejail-39dc3c893b5d895ed9db9071dd47b3de7b28f2fd.tar.gz firejail-39dc3c893b5d895ed9db9071dd47b3de7b28f2fd.tar.zst firejail-39dc3c893b5d895ed9db9071dd47b3de7b28f2fd.zip

diff --git a/etc/server.profile b/etc/server.profile index 2d79fa1c8..b0dd13f80 100644 --- a/etc/server.profile +++ b/etc/server.profile
@@ -1,25 +1,37 @@
1	# Persistent global definitions go here	1	# Firejail profile for server
2	include /etc/firejail/globals.local	2	# This file is overwritten after every install/update
3		3	# Persistent local customizations
4	# This file is overwritten during software install.
5	# Persistent customizations should go in a .local file.
6	include /etc/firejail/server.local	4	include /etc/firejail/server.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
7		7
8	# generic server profile	8	# generic server profile
9	# it allows /sbin and /usr/sbin directories - this is where servers are installed	9	# it allows /sbin and /usr/sbin directories - this is where servers are installed
		10	# depending on your usage, you can enable some of the commands below:
		11
		12	blacklist /tmp/.X11-unix
		13
10	noblacklist /sbin	14	noblacklist /sbin
11	noblacklist /usr/sbin	15	noblacklist /usr/sbin
		16
12	include /etc/firejail/disable-common.inc	17	include /etc/firejail/disable-common.inc
13	include /etc/firejail/disable-programs.inc	18	# include /etc/firejail/disable-devel.inc
14	include /etc/firejail/disable-passwdmgr.inc	19	include /etc/firejail/disable-passwdmgr.inc
		20	include /etc/firejail/disable-programs.inc
15		21
16	blacklist /tmp/.X11-unix	22	caps
17
18	no3d	23	no3d
19	nosound	24	nosound
20	seccomp	25	seccomp
21	caps
22		26
		27	# disable-mnt
23	private	28	private
		29	# private-bin program
24	private-dev	30	private-dev
		31	# private-etc none
		32	# private-lib
25	private-tmp	33	private-tmp
		34
		35	# memory-deny-write-execute
		36	# noexec ${HOME}
		37	# noexec /tmp