diff options
author | smitsohu <smitsohu@gmail.com> | 2018-01-31 20:51:47 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-31 20:51:47 +0100 |
commit | 3b7882f84aa57c6b928d56e7682a90bfe13445d2 (patch) | |
tree | 89dc43f032c7f29db74009407ce3104174c6d61d /etc/unbound.profile | |
parent | overlay fixes and additional hardening (diff) | |
download | firejail-3b7882f84aa57c6b928d56e7682a90bfe13445d2.tar.gz firejail-3b7882f84aa57c6b928d56e7682a90bfe13445d2.tar.zst firejail-3b7882f84aa57c6b928d56e7682a90bfe13445d2.zip |
unbound fix (writable-var) - #1731
Diffstat (limited to 'etc/unbound.profile')
-rw-r--r-- | etc/unbound.profile | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/unbound.profile b/etc/unbound.profile index c03a25752..f3bb4f852 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -15,6 +15,8 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | 17 | ||
18 | whitelist /var/lib/unbound | ||
19 | |||
18 | caps.keep net_bind_service,setgid,setuid,sys_chroot,sys_resource | 20 | caps.keep net_bind_service,setgid,setuid,sys_chroot,sys_resource |
19 | no3d | 21 | no3d |
20 | nodvd | 22 | nodvd |
@@ -23,6 +25,7 @@ nosound | |||
23 | notv | 25 | notv |
24 | novideo | 26 | novideo |
25 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open | 27 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open |
28 | writable-var | ||
26 | 29 | ||
27 | disable-mnt | 30 | disable-mnt |
28 | private | 31 | private |