diff options
author | Austin S. Hemmelgarn <ahferroin7@gmail.com> | 2017-02-15 07:52:22 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-02-15 07:52:22 -0500 |
commit | fe45ca43c468a21e225a05beda867f93db88f897 (patch) | |
tree | c0de91accafefb2d1cc40694b0d99133e9d0dd7b /etc/unbound.profile | |
parent | merge #1100 from zackw: rework DISPLAY environment parsing, rework masking X... (diff) | |
download | firejail-fe45ca43c468a21e225a05beda867f93db88f897.tar.gz firejail-fe45ca43c468a21e225a05beda867f93db88f897.tar.zst firejail-fe45ca43c468a21e225a05beda867f93db88f897.zip |
Update unbound profile to block 3D acceleration.
There is no legitimate reason for a caching DNS resolver to need 3D acceleration. Unbound adheres to this already, so any attempts to access GPU hardware from it are by definition either bugs or the result of an exploit, so let's just block access to the GPU.
Diffstat (limited to 'etc/unbound.profile')
-rw-r--r-- | etc/unbound.profile | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/etc/unbound.profile b/etc/unbound.profile index af8d7b374..0bd46b7f4 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -13,5 +13,6 @@ include /etc/firejail/disable-passwdmgr.inc | |||
13 | private | 13 | private |
14 | private-dev | 14 | private-dev |
15 | nosound | 15 | nosound |
16 | no3d | ||
16 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open | 17 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open |
17 | 18 | ||