many profile cleanups (2)

author: rusty-snake <print_hello_world+Public@protonmail.com> 2019-06-02 17:36:19 +0200
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2019-06-02 17:36:19 +0200
commit: f413040c5e4c052b4bc81706b9f12e5dcf0fa5b3 (patch)
tree: 840dd9d781a13c611b0b61e25161e9f6aef86779 /etc/tar.profile
parent: Add pandoc.profile (diff)
download: firejail-f413040c5e4c052b4bc81706b9f12e5dcf0fa5b3.tar.gz
firejail-f413040c5e4c052b4bc81706b9f12e5dcf0fa5b3.tar.zst
firejail-f413040c5e4c052b4bc81706b9f12e5dcf0fa5b3.zip
1 files changed, 10 insertions, 7 deletions
diff --git a/etc/tar.profile b/etc/tar.profile
index 14fc00d21..b6a874217 100644
--- a/etc/tar.profile
+++ b/etc/tar.profile
@@ -5,17 +5,19 @@ quiet
 # Persistent local customizations
 include tar.local
 # Persistent global definitions
-# added by included profile
+include globals.local
-#include globals.local
 blacklist /tmp/.X11-unix
+include disable-common.inc
+include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
+include disable-passwdmgr.inc
-ignore noroot
+include disable-programs.inc
 apparmor
+caps.drop all
 hostname tar
 ipc-namespace
 machine-id
@@ -24,10 +26,14 @@ no3d
 nodbus
 nodvd
 nogroups
+nonewprivs
+#noroot
 nosound
 notv
 nou2f
 novideo
+protocol unix
+seccomp
 shell none
 tracelog
@@ -39,8 +45,5 @@ private-etc alternatives,passwd,group,localtime
 private-lib libfakeroot
 memory-deny-write-execute
 # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic)
 writable-var
-include default.profile
author	rusty-snake <print_hello_world+Public@protonmail.com>	2019-06-02 17:36:19 +0200
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2019-06-02 17:36:19 +0200
commit	f413040c5e4c052b4bc81706b9f12e5dcf0fa5b3 (patch)
tree	840dd9d781a13c611b0b61e25161e9f6aef86779 /etc/tar.profile
parent	Add pandoc.profile (diff)
download	firejail-f413040c5e4c052b4bc81706b9f12e5dcf0fa5b3.tar.gz firejail-f413040c5e4c052b4bc81706b9f12e5dcf0fa5b3.tar.zst firejail-f413040c5e4c052b4bc81706b9f12e5dcf0fa5b3.zip

diff --git a/etc/tar.profile b/etc/tar.profile index 14fc00d21..b6a874217 100644 --- a/etc/tar.profile +++ b/etc/tar.profile
@@ -5,17 +5,19 @@ quiet
5	# Persistent local customizations	5	# Persistent local customizations
6	include tar.local	6	include tar.local
7	# Persistent global definitions	7	# Persistent global definitions
8	# added by included profile	8	include globals.local
9	#include globals.local
10		9
11	blacklist /tmp/.X11-unix	10	blacklist /tmp/.X11-unix
12		11
		12	include disable-common.inc
		13	include disable-devel.inc
13	include disable-exec.inc	14	include disable-exec.inc
14	include disable-interpreters.inc	15	include disable-interpreters.inc
15		16	include disable-passwdmgr.inc
16	ignore noroot	17	include disable-programs.inc
17		18
18	apparmor	19	apparmor
		20	caps.drop all
19	hostname tar	21	hostname tar
20	ipc-namespace	22	ipc-namespace
21	machine-id	23	machine-id
@@ -24,10 +26,14 @@ no3d
24	nodbus	26	nodbus
25	nodvd	27	nodvd
26	nogroups	28	nogroups
		29	nonewprivs
		30	#noroot
27	nosound	31	nosound
28	notv	32	notv
29	nou2f	33	nou2f
30	novideo	34	novideo
		35	protocol unix
		36	seccomp
31	shell none	37	shell none
32	tracelog	38	tracelog
33		39
@@ -39,8 +45,5 @@ private-etc alternatives,passwd,group,localtime
39	private-lib libfakeroot	45	private-lib libfakeroot
40		46
41	memory-deny-write-execute	47	memory-deny-write-execute
42
43	# Debian based distributions need this for 'dpkg --unpack' (incl. synaptic)	48	# Debian based distributions need this for 'dpkg --unpack' (incl. synaptic)
44	writable-var	49	writable-var
45
46	include default.profile