aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2020-10-28 09:18:18 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2020-10-28 09:18:18 -0400
commit65911742d70fbe287fc9d0e6f2c9a92e2b6657de (patch)
tree3e896a6d85513059c3c6322865e3f0200b28613b /etc
parentprofile fixes (diff)
downloadfirejail-65911742d70fbe287fc9d0e6f2c9a92e2b6657de.tar.gz
firejail-65911742d70fbe287fc9d0e6f2c9a92e2b6657de.tar.zst
firejail-65911742d70fbe287fc9d0e6f2c9a92e2b6657de.zip
added bluetooth to the list of protocols allowed by seccomp
Diffstat (limited to 'etc')
-rw-r--r--etc/apparmor/firejail-default3
-rw-r--r--etc/profile-m-z/tcpdump.profile2
-rw-r--r--etc/profile-m-z/tshark.profile44
-rw-r--r--etc/profile-m-z/wireshark.profile4
4 files changed, 7 insertions, 46 deletions
diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default
index e396ae7d9..ec87f1d2d 100644
--- a/etc/apparmor/firejail-default
+++ b/etc/apparmor/firejail-default
@@ -112,7 +112,8 @@ network inet6,
112network unix, 112network unix,
113network netlink, 113network netlink,
114network raw, 114network raw,
115# needed for wireshark 115# needed for wireshark, tcpdump etc
116network bluetooth,
116network packet, 117network packet,
117 118
118########## 119##########
diff --git a/etc/profile-m-z/tcpdump.profile b/etc/profile-m-z/tcpdump.profile
index 881fbf49e..7984702f3 100644
--- a/etc/profile-m-z/tcpdump.profile
+++ b/etc/profile-m-z/tcpdump.profile
@@ -33,7 +33,7 @@ nosound
33notv 33notv
34nou2f 34nou2f
35novideo 35novideo
36protocol unix,inet,inet6,netlink,packet 36protocol unix,inet,inet6,netlink,packet,bluetooth
37seccomp 37seccomp
38 38
39disable-mnt 39disable-mnt
diff --git a/etc/profile-m-z/tshark.profile b/etc/profile-m-z/tshark.profile
index 684a9491d..a5cefb47a 100644
--- a/etc/profile-m-z/tshark.profile
+++ b/etc/profile-m-z/tshark.profile
@@ -1,46 +1,6 @@
1# Firejail profile for tshark 1# Firejail profile for tshark
2# This file is overwritten after every install/update 2# This file is overwritten after every install/update
3quiet 3quiet
4# Persistent local customizations
5include tshark.local
6# Persistent global definitions
7include globals.local
8 4
9include disable-common.inc 5# Redirect
10include disable-devel.inc 6include wireshark.profile
11include disable-exec.inc
12include disable-interpreters.inc
13include disable-passwdmgr.inc
14include disable-programs.inc
15include disable-xdg.inc
16
17whitelist /usr/share/wireshark
18include whitelist-common.inc
19include whitelist-runuser-common.inc
20include whitelist-usr-share-common.inc
21include whitelist-var-common.inc
22
23apparmor
24#caps.keep net_raw
25caps.keep dac_override,net_admin,net_raw
26ipc-namespace
27#net tun0
28netfilter
29no3d
30nodvd
31# nogroups - breaks network traffic capture for unprivileged users
32# nonewprivs - breaks network traffic capture for unprivileged users
33# noroot
34nosound
35notv
36nou2f
37novideo
38#protocol unix,inet,inet6,netlink,packet
39#seccomp
40
41disable-mnt
42#private
43private-cache
44#private-bin tshark
45private-dev
46private-tmp
diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile
index a30cb43d5..6a84246e1 100644
--- a/etc/profile-m-z/wireshark.profile
+++ b/etc/profile-m-z/wireshark.profile
@@ -38,8 +38,8 @@ nosound
38notv 38notv
39nou2f 39nou2f
40novideo 40novideo
41# protocol unix,inet,inet6,netlink 41# protocol unix,inet,inet6,netlink,packet,bluetooth - commented out in case they bring in new protocols
42# seccomp - breaks network traffic capture for unprivileged users 42seccomp
43shell none 43shell none
44tracelog 44tracelog
45 45
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 03:27:26 +0000