diff options
| author |  smitsohu <smitsohu@gmail.com> | 2017-12-10 00:43:09 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2017-12-10 00:43:09 +0100 |
| commit | 15d9ef1ba68914223fcd4a989c9c6df8b7565a1d (patch) | |
| tree | ef8740bff900ca039332c0013c0cac3dd6aa21a9 /etc | |
| parent | remove mutt blacklist redundancies (diff) | |
| download | firejail-15d9ef1ba68914223fcd4a989c9c6df8b7565a1d.tar.gz firejail-15d9ef1ba68914223fcd4a989c9c6df8b7565a1d.tar.zst firejail-15d9ef1ba68914223fcd4a989c9c6df8b7565a1d.zip | |
fix (and harden) kmail - #1541
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/kmail.profile | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/kmail.profile b/etc/kmail.profile index fdc96c97f..7aad57987 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
| @@ -18,10 +18,13 @@ nodvd | |||
| 18 | nogroups | 18 | nogroups |
| 19 | nonewprivs | 19 | nonewprivs |
| 20 | noroot | 20 | noroot |
| 21 | nosound | ||
| 21 | notv | 22 | notv |
| 23 | novideo | ||
| 22 | protocol unix,inet,inet6,netlink | 24 | protocol unix,inet,inet6,netlink |
| 23 | seccomp | 25 | # blacklisting of chroot system calls breaks kmail |
| 24 | tracelog | 26 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
| 27 | # tracelog | ||
| 25 | 28 | ||
| 26 | private-dev | 29 | private-dev |
| 27 | # private-tmp | 30 | # private-tmp |