Add a profile for xmr-stak-cpu

- Add list of new profiles to README.md - Update firecfg - Further restrict silentarmy
author: Tad <tad@spotco.us> 2017-09-18 18:22:54 -0400
committer: Tad <tad@spotco.us> 2017-09-18 18:22:54 -0400
commit: f493dee7e78bfc387dbb0d70af1dd85f148975fe (patch)
tree: eb23b04832b75df77d7193123e0969f346d83506 /etc/xmr-stak-cpu.profile
parent: Add a profile for clamdscan, clamdtop, and freshclam (diff)
download: firejail-f493dee7e78bfc387dbb0d70af1dd85f148975fe.tar.gz
firejail-f493dee7e78bfc387dbb0d70af1dd85f148975fe.tar.zst
firejail-f493dee7e78bfc387dbb0d70af1dd85f148975fe.zip
1 files changed, 42 insertions, 0 deletions
diff --git a/etc/xmr-stak-cpu.profile b/etc/xmr-stak-cpu.profile
new file mode 100644
index 000000000..9cc6e0c1f
--- /dev/null
+++ b/etc/xmr-stak-cpu.profile
@@ -0,0 +1,42 @@
+# Firejail profile for xmr-stak-cpu
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/xmr-stak-cpu.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private
+private-bin xmr-stak-cpu
+private-dev
+private-etc xmr-stak-cpu.json
+private-lib
+private-opt none
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
author	Tad <tad@spotco.us>	2017-09-18 18:22:54 -0400
committer	Tad <tad@spotco.us>	2017-09-18 18:22:54 -0400
commit	f493dee7e78bfc387dbb0d70af1dd85f148975fe (patch)
tree	eb23b04832b75df77d7193123e0969f346d83506 /etc/xmr-stak-cpu.profile
parent	Add a profile for clamdscan, clamdtop, and freshclam (diff)
download	firejail-f493dee7e78bfc387dbb0d70af1dd85f148975fe.tar.gz firejail-f493dee7e78bfc387dbb0d70af1dd85f148975fe.tar.zst firejail-f493dee7e78bfc387dbb0d70af1dd85f148975fe.zip

diff --git a/etc/xmr-stak-cpu.profile b/etc/xmr-stak-cpu.profile new file mode 100644 index 000000000..9cc6e0c1f --- /dev/null +++ b/etc/xmr-stak-cpu.profile
@@ -0,0 +1,42 @@
	1	# Firejail profile for xmr-stak-cpu
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/xmr-stak-cpu.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8
	9	include /etc/firejail/disable-common.inc
	10	include /etc/firejail/disable-devel.inc
	11	include /etc/firejail/disable-passwdmgr.inc
	12	include /etc/firejail/disable-programs.inc
	13
	14	include /etc/firejail/whitelist-var-common.inc
	15
	16	caps.drop all
	17	ipc-namespace
	18	netfilter
	19	no3d
	20	nodvd
	21	nogroups
	22	nonewprivs
	23	noroot
	24	nosound
	25	notv
	26	novideo
	27	protocol unix,inet,inet6
	28	seccomp
	29	shell none
	30
	31	disable-mnt
	32	private
	33	private-bin xmr-stak-cpu
	34	private-dev
	35	private-etc xmr-stak-cpu.json
	36	private-lib
	37	private-opt none
	38	private-tmp
	39
	40	memory-deny-write-execute
	41	noexec ${HOME}
	42	noexec /tmp