diff options
author | rusty-snake <print_hello_world+Public@protonmail.com> | 2020-03-19 12:05:14 +0100 |
---|---|---|
committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2020-03-19 12:05:14 +0100 |
commit | 4442aac3f24b9ae8b25b6be29354fcb4f4af04ce (patch) | |
tree | 4a51d29420e526f4b9f33698bd3b3f8c3eed8c22 /etc | |
parent | fix nslookup.profile header (diff) | |
download | firejail-4442aac3f24b9ae8b25b6be29354fcb4f4af04ce.tar.gz firejail-4442aac3f24b9ae8b25b6be29354fcb4f4af04ce.tar.zst firejail-4442aac3f24b9ae8b25b6be29354fcb4f4af04ce.zip |
misc fixes
remove netfilter from profiles with net none
allow Viber to use dig, dig is in its private-bin, so I assume that it
need it.
blacklist resolvectl which can also be used for dns lookups
Diffstat (limited to 'etc')
-rw-r--r-- | etc/2048-qt.profile | 1 | ||||
-rw-r--r-- | etc/Viber.profile | 1 | ||||
-rw-r--r-- | etc/atool.profile | 1 | ||||
-rw-r--r-- | etc/dia.profile | 1 | ||||
-rw-r--r-- | etc/disable-common.inc | 4 | ||||
-rw-r--r-- | etc/fbreader.profile | 1 | ||||
-rw-r--r-- | etc/handbrake.profile | 1 | ||||
-rw-r--r-- | etc/leafpad.profile | 1 | ||||
-rw-r--r-- | etc/lximage-qt.profile | 1 | ||||
-rw-r--r-- | etc/mousepad.profile | 1 | ||||
-rw-r--r-- | etc/openclonk.profile | 1 | ||||
-rw-r--r-- | etc/openttd.profile | 1 | ||||
-rw-r--r-- | etc/ppsspp.profile | 1 | ||||
-rw-r--r-- | etc/terasology.profile | 1 | ||||
-rw-r--r-- | etc/x-terminal-emulator.profile | 1 | ||||
-rw-r--r-- | etc/xcalc.profile | 1 |
16 files changed, 4 insertions, 15 deletions
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index 95d482c22..12268706a 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile | |||
@@ -26,7 +26,6 @@ include whitelist-var-common.inc | |||
26 | apparmor | 26 | apparmor |
27 | caps.drop all | 27 | caps.drop all |
28 | net none | 28 | net none |
29 | netfilter | ||
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
32 | nonewprivs | 31 | nonewprivs |
diff --git a/etc/Viber.profile b/etc/Viber.profile index 925e130de..3195e39fa 100644 --- a/etc/Viber.profile +++ b/etc/Viber.profile | |||
@@ -6,6 +6,7 @@ include Viber.local | |||
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.ViberPC | 8 | noblacklist ${HOME}/.ViberPC |
9 | noblacklist ${PATH}/dig | ||
9 | 10 | ||
10 | include disable-common.inc | 11 | include disable-common.inc |
11 | include disable-devel.inc | 12 | include disable-devel.inc |
diff --git a/etc/atool.profile b/etc/atool.profile index 0250451fc..ff3c81a80 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
@@ -25,7 +25,6 @@ hostname atool | |||
25 | ipc-namespace | 25 | ipc-namespace |
26 | machine-id | 26 | machine-id |
27 | net none | 27 | net none |
28 | netfilter | ||
29 | no3d | 28 | no3d |
30 | nodvd | 29 | nodvd |
31 | nodbus | 30 | nodbus |
diff --git a/etc/dia.profile b/etc/dia.profile index 0bfc249fa..3a8651e2e 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
@@ -18,6 +18,7 @@ include disable-interpreters.inc | |||
18 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | |||
21 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
22 | 23 | ||
23 | apparmor | 24 | apparmor |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 6ff83964d..815e4b13d 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -481,6 +481,4 @@ blacklist ${PATH}/dnswalk | |||
481 | blacklist ${PATH}/dns2tcp | 481 | blacklist ${PATH}/dns2tcp |
482 | blacklist ${PATH}/iodine | 482 | blacklist ${PATH}/iodine |
483 | blacklist ${PATH}/knsupdate | 483 | blacklist ${PATH}/knsupdate |
484 | 484 | blacklist ${PATH}/resolvectl | |
485 | |||
486 | |||
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 49cec85c7..af670cee2 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
@@ -22,7 +22,6 @@ include whitelist-var-common.inc | |||
22 | apparmor | 22 | apparmor |
23 | caps.drop all | 23 | caps.drop all |
24 | net none | 24 | net none |
25 | netfilter | ||
26 | nodvd | 25 | nodvd |
27 | nonewprivs | 26 | nonewprivs |
28 | noroot | 27 | noroot |
diff --git a/etc/handbrake.profile b/etc/handbrake.profile index 5b51bd03c..add3f407c 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile | |||
@@ -23,7 +23,6 @@ include whitelist-var-common.inc | |||
23 | apparmor | 23 | apparmor |
24 | caps.drop all | 24 | caps.drop all |
25 | net none | 25 | net none |
26 | netfilter | ||
27 | nodbus | 26 | nodbus |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
diff --git a/etc/leafpad.profile b/etc/leafpad.profile index 1c917b9e7..c456541aa 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile | |||
@@ -20,7 +20,6 @@ include whitelist-var-common.inc | |||
20 | apparmor | 20 | apparmor |
21 | caps.drop all | 21 | caps.drop all |
22 | net none | 22 | net none |
23 | netfilter | ||
24 | no3d | 23 | no3d |
25 | nodvd | 24 | nodvd |
26 | nogroups | 25 | nogroups |
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index c1135d859..a33ddab78 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile | |||
@@ -19,7 +19,6 @@ include whitelist-var-common.inc | |||
19 | apparmor | 19 | apparmor |
20 | caps.drop all | 20 | caps.drop all |
21 | net none | 21 | net none |
22 | netfilter | ||
23 | no3d | 22 | no3d |
24 | nodvd | 23 | nodvd |
25 | nogroups | 24 | nogroups |
diff --git a/etc/mousepad.profile b/etc/mousepad.profile index 9ba6f6376..868313c40 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile | |||
@@ -20,7 +20,6 @@ include whitelist-var-common.inc | |||
20 | apparmor | 20 | apparmor |
21 | caps.drop all | 21 | caps.drop all |
22 | net none | 22 | net none |
23 | netfilter | ||
24 | nodvd | 23 | nodvd |
25 | nogroups | 24 | nogroups |
26 | nonewprivs | 25 | nonewprivs |
diff --git a/etc/openclonk.profile b/etc/openclonk.profile index 8921bc460..20b2a9626 100644 --- a/etc/openclonk.profile +++ b/etc/openclonk.profile | |||
@@ -25,6 +25,7 @@ apparmor | |||
25 | caps.drop all | 25 | caps.drop all |
26 | ipc-namespace | 26 | ipc-namespace |
27 | # net none - networked game | 27 | # net none - networked game |
28 | netfilter | ||
28 | nodbus | 29 | nodbus |
29 | nodvd | 30 | nodvd |
30 | nogroups | 31 | nogroups |
diff --git a/etc/openttd.profile b/etc/openttd.profile index 507a18e1c..10f2f39c3 100644 --- a/etc/openttd.profile +++ b/etc/openttd.profile | |||
@@ -25,7 +25,6 @@ apparmor | |||
25 | caps.drop all | 25 | caps.drop all |
26 | ipc-namespace | 26 | ipc-namespace |
27 | net none | 27 | net none |
28 | netfilter | ||
29 | nodbus | 28 | nodbus |
30 | nodvd | 29 | nodvd |
31 | nogroups | 30 | nogroups |
diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile index 970290002..0b5da661a 100644 --- a/etc/ppsspp.profile +++ b/etc/ppsspp.profile | |||
@@ -21,7 +21,6 @@ include whitelist-var-common.inc | |||
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | ipc-namespace | 23 | ipc-namespace |
24 | netfilter | ||
25 | net none | 24 | net none |
26 | nodbus | 25 | nodbus |
27 | nodvd | 26 | nodvd |
diff --git a/etc/terasology.profile b/etc/terasology.profile index 9a8426435..3324a18be 100644 --- a/etc/terasology.profile +++ b/etc/terasology.profile | |||
@@ -28,7 +28,6 @@ include whitelist-common.inc | |||
28 | caps.drop all | 28 | caps.drop all |
29 | ipc-namespace | 29 | ipc-namespace |
30 | net none | 30 | net none |
31 | netfilter | ||
32 | nodbus | 31 | nodbus |
33 | nodvd | 32 | nodvd |
34 | nogroups | 33 | nogroups |
diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile index e21b74030..b6424f342 100644 --- a/etc/x-terminal-emulator.profile +++ b/etc/x-terminal-emulator.profile | |||
@@ -8,7 +8,6 @@ include globals.local | |||
8 | caps.drop all | 8 | caps.drop all |
9 | ipc-namespace | 9 | ipc-namespace |
10 | net none | 10 | net none |
11 | netfilter | ||
12 | nodbus | 11 | nodbus |
13 | nogroups | 12 | nogroups |
14 | noroot | 13 | noroot |
diff --git a/etc/xcalc.profile b/etc/xcalc.profile index 0ad423d30..a096f803c 100644 --- a/etc/xcalc.profile +++ b/etc/xcalc.profile | |||
@@ -17,7 +17,6 @@ include whitelist-var-common.inc | |||
17 | 17 | ||
18 | caps.drop all | 18 | caps.drop all |
19 | net none | 19 | net none |
20 | netfilter | ||
21 | no3d | 20 | no3d |
22 | nodbus | 21 | nodbus |
23 | nodvd | 22 | nodvd |