diff options
author | valoq <valoq@mailbox.org> | 2016-11-18 21:23:04 +0100 |
---|---|---|
committer | valoq <valoq@mailbox.org> | 2016-11-18 21:23:04 +0100 |
commit | 4d2059df3b50b8eb8897ef66f702f55f0d54eabc (patch) | |
tree | a7ca3334e6f9b477517cc5a27f915e20e55524be /etc | |
parent | fixed order and missing profiles (diff) | |
download | firejail-4d2059df3b50b8eb8897ef66f702f55f0d54eabc.tar.gz firejail-4d2059df3b50b8eb8897ef66f702f55f0d54eabc.tar.zst firejail-4d2059df3b50b8eb8897ef66f702f55f0d54eabc.zip |
various fixes
Diffstat (limited to 'etc')
-rw-r--r-- | etc/empathy.profile | 2 | ||||
-rw-r--r-- | etc/keepass2.profile | 6 | ||||
-rw-r--r-- | etc/kmail.profile | 2 | ||||
-rw-r--r-- | etc/mupdf.profile | 2 | ||||
-rw-r--r-- | etc/qemu-launcher.profile | 20 | ||||
-rw-r--r-- | etc/qemu-system-x86_64.profile | 18 |
6 files changed, 48 insertions, 2 deletions
diff --git a/etc/empathy.profile b/etc/empathy.profile index 371100814..2a0a6389c 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
@@ -6,5 +6,7 @@ include /etc/firejail/disable-devel.inc | |||
6 | caps.drop all | 6 | caps.drop all |
7 | netfilter | 7 | netfilter |
8 | nonewprivs | 8 | nonewprivs |
9 | nogroups | ||
10 | noroot | ||
9 | protocol unix,inet,inet6 | 11 | protocol unix,inet,inet6 |
10 | seccomp | 12 | seccomp |
diff --git a/etc/keepass2.profile b/etc/keepass2.profile new file mode 100644 index 000000000..fd390f7ed --- /dev/null +++ b/etc/keepass2.profile | |||
@@ -0,0 +1,6 @@ | |||
1 | # keepass password manager profile | ||
2 | |||
3 | #noblacklist ${HOME}/.config/KeePass | ||
4 | #noblacklist ${HOME}/.keepass | ||
5 | |||
6 | include /etc/firejail/keepass.profile | ||
diff --git a/etc/kmail.profile b/etc/kmail.profile index bc21ba604..410ff36c6 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -16,4 +16,4 @@ seccomp | |||
16 | tracelog | 16 | tracelog |
17 | 17 | ||
18 | private-dev | 18 | private-dev |
19 | private-tmp | 19 | # private-tmp |
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index e022866e8..dc23d5840 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
@@ -16,7 +16,7 @@ net none | |||
16 | shell none | 16 | shell none |
17 | tracelog | 17 | tracelog |
18 | 18 | ||
19 | #seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev | 19 | #seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,mremap,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev |
20 | 20 | ||
21 | private-bin mupdf | 21 | private-bin mupdf |
22 | private-tmp | 22 | private-tmp |
diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile new file mode 100644 index 000000000..9fa8a91d4 --- /dev/null +++ b/etc/qemu-launcher.profile | |||
@@ -0,0 +1,20 @@ | |||
1 | # qemu-launcher profile | ||
2 | |||
3 | noblacklist ~/.qemu-launcher | ||
4 | |||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-passwdmgr.inc | ||
8 | |||
9 | caps.drop all | ||
10 | netfilter | ||
11 | nogroups | ||
12 | nonewprivs | ||
13 | noroot | ||
14 | protocol unix,inet,inet6 | ||
15 | seccomp | ||
16 | shell none | ||
17 | tracelog | ||
18 | |||
19 | private-tmp | ||
20 | |||
diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile new file mode 100644 index 000000000..3d4587fb1 --- /dev/null +++ b/etc/qemu-system-x86_64.profile | |||
@@ -0,0 +1,18 @@ | |||
1 | # qemu profile | ||
2 | |||
3 | include /etc/firejail/disable-common.inc | ||
4 | include /etc/firejail/disable-programs.inc | ||
5 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | |||
7 | caps.drop all | ||
8 | netfilter | ||
9 | nogroups | ||
10 | nonewprivs | ||
11 | noroot | ||
12 | protocol unix,inet,inet6 | ||
13 | seccomp | ||
14 | shell none | ||
15 | tracelog | ||
16 | |||
17 | private-tmp | ||
18 | |||