diff options
author | netblue30 <netblue30@yahoo.com> | 2017-04-18 07:23:57 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-04-18 07:23:57 -0400 |
commit | 7d4e6a5d607cd78d4ec5753c0af4463135e387f5 (patch) | |
tree | a0d279d7fd89a9550f8b011eeed42f7d467717ea /etc | |
parent | Merge pull request #1229 from SpotComms/firecfg2 (diff) | |
parent | Harden some more profiles (diff) | |
download | firejail-7d4e6a5d607cd78d4ec5753c0af4463135e387f5.tar.gz firejail-7d4e6a5d607cd78d4ec5753c0af4463135e387f5.tar.zst firejail-7d4e6a5d607cd78d4ec5753c0af4463135e387f5.zip |
Merge pull request #1232 from SpotComms/harden3
Harden more profiles
Diffstat (limited to 'etc')
37 files changed, 65 insertions, 5 deletions
diff --git a/etc/arduino.profile b/etc/arduino.profile index e80222bb6..570006de5 100644 --- a/etc/arduino.profile +++ b/etc/arduino.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | ipc-namespace | ||
15 | netfilter | 16 | netfilter |
16 | no3d | 17 | no3d |
17 | nogroups | 18 | nogroups |
diff --git a/etc/audacity.profile b/etc/audacity.profile index 779cd8cdb..29ea34acf 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
11 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | ipc-namespace | ||
14 | net none | 15 | net none |
15 | netfilter | 16 | netfilter |
16 | no3d | 17 | no3d |
diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index 7ea55f505..fe08de40e 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile | |||
@@ -9,6 +9,7 @@ include /etc/firejail/disable-devel.inc | |||
9 | include /etc/firejail/disable-passwdmgr.inc | 9 | include /etc/firejail/disable-passwdmgr.inc |
10 | 10 | ||
11 | caps.drop all | 11 | caps.drop all |
12 | ipc-namespace | ||
12 | net none | 13 | net none |
13 | netfilter | 14 | netfilter |
14 | no3d | 15 | no3d |
diff --git a/etc/bless.profile b/etc/bless.profile index 869f13cc0..f4b5c2e2f 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-devel.inc | |||
17 | 17 | ||
18 | #Options | 18 | #Options |
19 | caps.drop all | 19 | caps.drop all |
20 | ipc-namespace | ||
20 | net none | 21 | net none |
21 | netfilter | 22 | netfilter |
22 | no3d | 23 | no3d |
diff --git a/etc/brasero.profile b/etc/brasero.profile index 6d84b0ca5..a15a54ddb 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile | |||
@@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | ipc-namespace | ||
15 | net none | ||
14 | nogroups | 16 | nogroups |
15 | nonewprivs | 17 | nonewprivs |
16 | noroot | 18 | noroot |
@@ -22,6 +24,9 @@ shell none | |||
22 | tracelog | 24 | tracelog |
23 | 25 | ||
24 | # private-bin brasero | 26 | # private-bin brasero |
25 | # private-tmp | ||
26 | # private-dev | 27 | # private-dev |
27 | # private-etc fonts | 28 | # private-etc fonts |
29 | # private-tmp | ||
30 | |||
31 | noexec ${HOME} | ||
32 | noexec /tmp | ||
diff --git a/etc/chromium.profile b/etc/chromium.profile index 995c0001b..071c8a18a 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -8,12 +8,8 @@ noblacklist ~/.cache/chromium | |||
8 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
11 | |||
12 | # chromium is distributed with a perl script on Arch | 11 | # chromium is distributed with a perl script on Arch |
13 | # include /etc/firejail/disable-devel.inc | 12 | # include /etc/firejail/disable-devel.inc |
14 | # | ||
15 | |||
16 | netfilter | ||
17 | 13 | ||
18 | whitelist ${DOWNLOADS} | 14 | whitelist ${DOWNLOADS} |
19 | mkdir ~/.config/chromium | 15 | mkdir ~/.config/chromium |
@@ -27,3 +23,14 @@ whitelist ~/.pki | |||
27 | whitelist ~/.config/chromium-flags.conf | 23 | whitelist ~/.config/chromium-flags.conf |
28 | 24 | ||
29 | include /etc/firejail/whitelist-common.inc | 25 | include /etc/firejail/whitelist-common.inc |
26 | |||
27 | ipc-namespace | ||
28 | netfilter | ||
29 | nogroups | ||
30 | shell none | ||
31 | |||
32 | private-dev | ||
33 | private-tmp | ||
34 | |||
35 | noexec ${HOME} | ||
36 | noexec /tmp | ||
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index efd8b463b..8bdc2a8bb 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | ipc-namespace | ||
14 | netfilter | 15 | netfilter |
15 | no3d | 16 | no3d |
16 | nogroups | 17 | nogroups |
diff --git a/etc/dino.profile b/etc/dino.profile index 3de858618..5f587ef8a 100644 --- a/etc/dino.profile +++ b/etc/dino.profile | |||
@@ -16,6 +16,7 @@ whitelist ${HOME}/.local/share/dino | |||
16 | include /etc/firejail/whitelist-common.inc | 16 | include /etc/firejail/whitelist-common.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | ipc-namespace | ||
19 | netfilter | 20 | netfilter |
20 | no3d | 21 | no3d |
21 | nogroups | 22 | nogroups |
diff --git a/etc/eog.profile b/etc/eog.profile index 7c2cd557c..32ceebb1d 100644 --- a/etc/eog.profile +++ b/etc/eog.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | ipc-namespace | ||
14 | net none | 15 | net none |
15 | netfilter | 16 | netfilter |
16 | no3d | 17 | no3d |
diff --git a/etc/evince.profile b/etc/evince.profile index ae50425b9..508a0d1a5 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | ipc-namespace | ||
14 | netfilter | 15 | netfilter |
15 | #net none - creates some problems on some distributions | 16 | #net none - creates some problems on some distributions |
16 | no3d | 17 | no3d |
diff --git a/etc/evolution.profile b/etc/evolution.profile index 04bf480ff..6fe58cbf9 100644 --- a/etc/evolution.profile +++ b/etc/evolution.profile | |||
@@ -20,6 +20,7 @@ include /etc/firejail/disable-devel.inc | |||
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | ipc-namespace | ||
23 | netfilter | 24 | netfilter |
24 | no3d | 25 | no3d |
25 | nogroups | 26 | nogroups |
diff --git a/etc/file-roller.profile b/etc/file-roller.profile index a3f687651..6bc74c79d 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile | |||
@@ -9,6 +9,7 @@ include /etc/firejail/disable-devel.inc | |||
9 | include /etc/firejail/disable-passwdmgr.inc | 9 | include /etc/firejail/disable-passwdmgr.inc |
10 | 10 | ||
11 | caps.drop all | 11 | caps.drop all |
12 | ipc-namespace | ||
12 | net none | 13 | net none |
13 | netfilter | 14 | netfilter |
14 | no3d | 15 | no3d |
diff --git a/etc/firefox.profile b/etc/firefox.profile index 4d96c05c8..0013062a5 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -16,7 +16,9 @@ include /etc/firejail/disable-programs.inc | |||
16 | include /etc/firejail/disable-devel.inc | 16 | include /etc/firejail/disable-devel.inc |
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | ipc-namespace | ||
19 | netfilter | 20 | netfilter |
21 | nogroups | ||
20 | nonewprivs | 22 | nonewprivs |
21 | noroot | 23 | noroot |
22 | protocol unix,inet,inet6,netlink | 24 | protocol unix,inet,inet6,netlink |
diff --git a/etc/gedit.profile b/etc/gedit.profile index 07bdb1bbe..2c429c808 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
15 | 15 | ||
16 | caps.drop all | 16 | caps.drop all |
17 | ipc-namespace | ||
17 | netfilter | 18 | netfilter |
18 | net none | 19 | net none |
19 | no3d | 20 | no3d |
diff --git a/etc/gimp.profile b/etc/gimp.profile index 5f8ccb4fb..59d88e9ec 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile | |||
@@ -9,6 +9,7 @@ include /etc/firejail/disable-programs.inc | |||
9 | include /etc/firejail/disable-passwdmgr.inc | 9 | include /etc/firejail/disable-passwdmgr.inc |
10 | 10 | ||
11 | caps.drop all | 11 | caps.drop all |
12 | ipc-namespace | ||
12 | netfilter | 13 | netfilter |
13 | net none | 14 | net none |
14 | nogroups | 15 | nogroups |
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile index e9366f07d..28f0d646c 100644 --- a/etc/gnome-calculator.profile +++ b/etc/gnome-calculator.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/whitelist-common.inc | |||
16 | 16 | ||
17 | #Options | 17 | #Options |
18 | caps.drop all | 18 | caps.drop all |
19 | ipc-namespace | ||
19 | netfilter | 20 | netfilter |
20 | #net none | 21 | #net none |
21 | no3d | 22 | no3d |
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index d24f492d8..18cbcea5c 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc | |||
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | ipc-namespace | ||
15 | netfilter | 16 | netfilter |
16 | no3d | 17 | no3d |
17 | nogroups | 18 | nogroups |
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 6ff618187..61841e2c5 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/disable-devel.inc | |||
16 | 16 | ||
17 | #Options | 17 | #Options |
18 | caps.drop all | 18 | caps.drop all |
19 | ipc-namespace | ||
19 | net none | 20 | net none |
20 | netfilter | 21 | netfilter |
21 | no3d | 22 | no3d |
diff --git a/etc/keepass.profile b/etc/keepass.profile index abe52eca3..9cfe63d42 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | ipc-namespace | ||
18 | netfilter | 19 | netfilter |
19 | no3d | 20 | no3d |
20 | nogroups | 21 | nogroups |
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index 369d4a5ae..7180cab95 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
15 | 15 | ||
16 | # To use KeePassHTTP, comment out `net none` | 16 | # To use KeePassHTTP, comment out `net none` |
17 | caps.drop all | 17 | caps.drop all |
18 | ipc-namespace | ||
18 | net none | 19 | net none |
19 | no3d | 20 | no3d |
20 | nogroups | 21 | nogroups |
diff --git a/etc/kodi.profile b/etc/kodi.profile index b81b010bf..75098e908 100644 --- a/etc/kodi.profile +++ b/etc/kodi.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-programs.inc | |||
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | ipc-namespace | ||
14 | netfilter | 15 | netfilter |
15 | nogroups | 16 | nogroups |
16 | nonewprivs | 17 | nonewprivs |
diff --git a/etc/lollypop.profile b/etc/lollypop.profile index e84118b9e..d6d2cdd73 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-devel.inc | |||
17 | 17 | ||
18 | #Options | 18 | #Options |
19 | caps.drop all | 19 | caps.drop all |
20 | ipc-namespace | ||
20 | netfilter | 21 | netfilter |
21 | no3d | 22 | no3d |
22 | nogroups | 23 | nogroups |
diff --git a/etc/meld.profile b/etc/meld.profile index 4b95b866d..c87358671 100644 --- a/etc/meld.profile +++ b/etc/meld.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
11 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | ipc-namespace | ||
14 | net none | 15 | net none |
15 | netfilter | 16 | netfilter |
16 | no3d | 17 | no3d |
diff --git a/etc/multimc5.profile b/etc/multimc5.profile index 12a7646ae..4b561405b 100644 --- a/etc/multimc5.profile +++ b/etc/multimc5.profile | |||
@@ -25,6 +25,7 @@ include /etc/firejail/whitelist-common.inc | |||
25 | 25 | ||
26 | #Options | 26 | #Options |
27 | caps.drop all | 27 | caps.drop all |
28 | ipc-namespace | ||
28 | netfilter | 29 | netfilter |
29 | nogroups | 30 | nogroups |
30 | nonewprivs | 31 | nonewprivs |
diff --git a/etc/mumble.profile b/etc/mumble.profile index c5c6a4d1a..19d7a131a 100644 --- a/etc/mumble.profile +++ b/etc/mumble.profile | |||
@@ -17,6 +17,7 @@ whitelist ${HOME}/.local/share/data/Mumble | |||
17 | include /etc/firejail/whitelist-common.inc | 17 | include /etc/firejail/whitelist-common.inc |
18 | 18 | ||
19 | caps.drop all | 19 | caps.drop all |
20 | ipc-namespace | ||
20 | netfilter | 21 | netfilter |
21 | no3d | 22 | no3d |
22 | nonewprivs | 23 | nonewprivs |
diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index dfe463c98..db8aacaa5 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile | |||
@@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc | |||
14 | 14 | ||
15 | #Options | 15 | #Options |
16 | caps.drop all | 16 | caps.drop all |
17 | ipc-namespace | ||
17 | net none | 18 | net none |
18 | netfilter | 19 | netfilter |
19 | no3d | 20 | no3d |
diff --git a/etc/pithos.profile b/etc/pithos.profile index c25b5772b..f599283fb 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile | |||
@@ -16,6 +16,7 @@ include /etc/firejail/whitelist-common.inc | |||
16 | 16 | ||
17 | #Options | 17 | #Options |
18 | caps.drop all | 18 | caps.drop all |
19 | ipc-namespace | ||
19 | netfilter | 20 | netfilter |
20 | no3d | 21 | no3d |
21 | nogroups | 22 | nogroups |
diff --git a/etc/polari.profile b/etc/polari.profile index 834a8b3d6..db5fc9487 100644 --- a/etc/polari.profile +++ b/etc/polari.profile | |||
@@ -23,7 +23,18 @@ include /etc/firejail/whitelist-common.inc | |||
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
26 | no3d | ||
27 | nogroups | ||
26 | nonewprivs | 28 | nonewprivs |
27 | noroot | 29 | noroot |
30 | nosound | ||
28 | protocol unix,inet,inet6 | 31 | protocol unix,inet,inet6 |
29 | seccomp | 32 | seccomp |
33 | shell none | ||
34 | tracelog | ||
35 | |||
36 | private-dev | ||
37 | private-tmp | ||
38 | |||
39 | noexec ${HOME} | ||
40 | noexec /tmp | ||
diff --git a/etc/ssh.profile b/etc/ssh.profile index 425841399..f9750972f 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc | |||
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | ipc-namespace | ||
16 | netfilter | 17 | netfilter |
17 | no3d | 18 | no3d |
18 | nogroups | 19 | nogroups |
diff --git a/etc/steam.profile b/etc/steam.profile index 536588e4b..eef91a0d5 100644 --- a/etc/steam.profile +++ b/etc/steam.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | ipc-namespace | ||
14 | netfilter | 15 | netfilter |
15 | nogroups | 16 | nogroups |
16 | nonewprivs | 17 | nonewprivs |
diff --git a/etc/totem.profile b/etc/totem.profile index fadfbb00b..d280296f0 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | ipc-namespace | ||
15 | netfilter | 16 | netfilter |
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
diff --git a/etc/viking.profile b/etc/viking.profile index 2b68d731c..3eec5d823 100644 --- a/etc/viking.profile +++ b/etc/viking.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | ipc-namespace | ||
16 | netfilter | 17 | netfilter |
17 | no3d | 18 | no3d |
18 | nogroups | 19 | nogroups |
diff --git a/etc/vlc.profile b/etc/vlc.profile index 21282dfbd..5d759ffd4 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | ipc-namespace | ||
14 | netfilter | 15 | netfilter |
15 | # nogroups | 16 | # nogroups |
16 | nonewprivs | 17 | nonewprivs |
diff --git a/etc/wget.profile b/etc/wget.profile index 3ba97d95d..52c8b68a1 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -9,6 +9,7 @@ include /etc/firejail/disable-programs.inc | |||
9 | include /etc/firejail/disable-passwdmgr.inc | 9 | include /etc/firejail/disable-passwdmgr.inc |
10 | 10 | ||
11 | caps.drop all | 11 | caps.drop all |
12 | ipc-namespace | ||
12 | netfilter | 13 | netfilter |
13 | no3d | 14 | no3d |
14 | nogroups | 15 | nogroups |
diff --git a/etc/wireshark.profile b/etc/wireshark.profile index dc224b31c..45ccfb89a 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile | |||
@@ -17,6 +17,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
17 | #noroot | 17 | #noroot |
18 | #protocol unix,inet,inet6,netlink | 18 | #protocol unix,inet,inet6,netlink |
19 | 19 | ||
20 | ipc-namespace | ||
20 | netfilter | 21 | netfilter |
21 | no3d | 22 | no3d |
22 | nogroups | 23 | nogroups |
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index 6bfb26484..0bf372fc6 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
@@ -22,6 +22,7 @@ include /etc/firejail/whitelist-common.inc | |||
22 | 22 | ||
23 | #Options | 23 | #Options |
24 | caps.drop all | 24 | caps.drop all |
25 | ipc-namespace | ||
25 | netfilter | 26 | netfilter |
26 | nogroups | 27 | nogroups |
27 | nonewprivs | 28 | nonewprivs |
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index 720a27af2..2ba74105d 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile | |||
@@ -10,6 +10,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
11 | 11 | ||
12 | caps.drop all | 12 | caps.drop all |
13 | ipc-namespace | ||
13 | netfilter | 14 | netfilter |
14 | no3d | 15 | no3d |
15 | nogroups | 16 | nogroups |
@@ -19,6 +20,8 @@ nosound | |||
19 | protocol unix,inet,inet6 | 20 | protocol unix,inet,inet6 |
20 | seccomp | 21 | seccomp |
21 | shell none | 22 | shell none |
23 | tracelog | ||
24 | quiet | ||
22 | 25 | ||
23 | private-dev | 26 | private-dev |
24 | 27 | ||