diff options
author | smitsohu <smitsohu@gmail.com> | 2017-08-18 15:32:11 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-08-18 15:32:11 +0200 |
commit | 47dba686e4389d0e8820da52918250ee8f6c9a49 (patch) | |
tree | eb9554ed16c3329108f5bd493617df36ed1a760f /etc/skanlite.profile | |
parent | memory-deny-write-execute testing (diff) | |
download | firejail-47dba686e4389d0e8820da52918250ee8f6c9a49.tar.gz firejail-47dba686e4389d0e8820da52918250ee8f6c9a49.tar.zst firejail-47dba686e4389d0e8820da52918250ee8f6c9a49.zip |
bring back options
Diffstat (limited to 'etc/skanlite.profile')
-rw-r--r-- | etc/skanlite.profile | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/etc/skanlite.profile b/etc/skanlite.profile index 0338bc452..d34d2e92d 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile | |||
@@ -12,18 +12,20 @@ include /etc/firejail/disable-passwdmgr.inc | |||
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | # net none |
16 | nodvd | 16 | nodvd |
17 | nogroups | 17 | nogroups |
18 | nonewprivs | 18 | nonewprivs |
19 | noroot | 19 | noroot |
20 | nosound | 20 | nosound |
21 | notv | 21 | notv |
22 | # protocol unix,inet,inet6 | 22 | novideo |
23 | seccomp | 23 | protocol unix,netlink |
24 | # skanlite makes ioperm system calls, which are blacklisted by default. | ||
25 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,chroot,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | ||
24 | shell none | 26 | shell none |
25 | 27 | ||
26 | # private-bin skanlite | 28 | private-bin skanlite,kbuildsycoca4 |
27 | # private-dev | 29 | # private-dev |
28 | # private-etc | 30 | # private-etc |
29 | # private-tmp | 31 | # private-tmp |