diff options
author | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-06-02 17:36:19 +0200 |
---|---|---|
committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-06-02 17:36:19 +0200 |
commit | f413040c5e4c052b4bc81706b9f12e5dcf0fa5b3 (patch) | |
tree | 840dd9d781a13c611b0b61e25161e9f6aef86779 /etc/tar.profile | |
parent | Add pandoc.profile (diff) | |
download | firejail-f413040c5e4c052b4bc81706b9f12e5dcf0fa5b3.tar.gz firejail-f413040c5e4c052b4bc81706b9f12e5dcf0fa5b3.tar.zst firejail-f413040c5e4c052b4bc81706b9f12e5dcf0fa5b3.zip |
many profile cleanups (2)
Diffstat (limited to 'etc/tar.profile')
-rw-r--r-- | etc/tar.profile | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/etc/tar.profile b/etc/tar.profile index 14fc00d21..b6a874217 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -5,17 +5,19 @@ quiet | |||
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include tar.local | 6 | include tar.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | # added by included profile | 8 | include globals.local |
9 | #include globals.local | ||
10 | 9 | ||
11 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
12 | 11 | ||
12 | include disable-common.inc | ||
13 | include disable-devel.inc | ||
13 | include disable-exec.inc | 14 | include disable-exec.inc |
14 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
15 | 16 | include disable-passwdmgr.inc | |
16 | ignore noroot | 17 | include disable-programs.inc |
17 | 18 | ||
18 | apparmor | 19 | apparmor |
20 | caps.drop all | ||
19 | hostname tar | 21 | hostname tar |
20 | ipc-namespace | 22 | ipc-namespace |
21 | machine-id | 23 | machine-id |
@@ -24,10 +26,14 @@ no3d | |||
24 | nodbus | 26 | nodbus |
25 | nodvd | 27 | nodvd |
26 | nogroups | 28 | nogroups |
29 | nonewprivs | ||
30 | #noroot | ||
27 | nosound | 31 | nosound |
28 | notv | 32 | notv |
29 | nou2f | 33 | nou2f |
30 | novideo | 34 | novideo |
35 | protocol unix | ||
36 | seccomp | ||
31 | shell none | 37 | shell none |
32 | tracelog | 38 | tracelog |
33 | 39 | ||
@@ -39,8 +45,5 @@ private-etc alternatives,passwd,group,localtime | |||
39 | private-lib libfakeroot | 45 | private-lib libfakeroot |
40 | 46 | ||
41 | memory-deny-write-execute | 47 | memory-deny-write-execute |
42 | |||
43 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) | 48 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) |
44 | writable-var | 49 | writable-var |
45 | |||
46 | include default.profile | ||