diff options
author | netblue30 <netblue30@yahoo.com> | 2020-03-18 12:28:19 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2020-03-18 12:28:19 -0400 |
commit | a81a8b4539ca52d5b02c37ec95c7fe864b656641 (patch) | |
tree | eb465fa57d2231dcc64fe07795a380bb1fcdbf19 /etc | |
parent | fix mplayer profile (diff) | |
download | firejail-a81a8b4539ca52d5b02c37ec95c7fe864b656641.tar.gz firejail-a81a8b4539ca52d5b02c37ec95c7fe864b656641.tar.zst firejail-a81a8b4539ca52d5b02c37ec95c7fe864b656641.zip |
profile fixes
Diffstat (limited to 'etc')
-rw-r--r-- | etc/bluefish.profile | 1 | ||||
-rw-r--r-- | etc/brasero.profile | 3 | ||||
-rw-r--r-- | etc/curl.profile | 2 | ||||
-rw-r--r-- | etc/deluge.profile | 2 | ||||
-rw-r--r-- | etc/dig.profile | 1 | ||||
-rw-r--r-- | etc/fbreader.profile | 3 | ||||
-rw-r--r-- | etc/freeciv.profile | 1 | ||||
-rw-r--r-- | etc/frozen-bubble.profile | 2 | ||||
-rw-r--r-- | etc/kino.profile | 3 | ||||
-rw-r--r-- | etc/lincity-ng.profile | 1 | ||||
-rw-r--r-- | etc/lximage-qt.profile | 3 | ||||
-rw-r--r-- | etc/lxmusic.profile | 1 | ||||
-rw-r--r-- | etc/open-invaders.profile | 3 | ||||
-rw-r--r-- | etc/opencity.profile | 1 | ||||
-rw-r--r-- | etc/openclonk.profile | 3 | ||||
-rw-r--r-- | etc/openttd.profile | 2 | ||||
-rw-r--r-- | etc/ping.profile | 1 | ||||
-rw-r--r-- | etc/pingus.profile | 3 | ||||
-rw-r--r-- | etc/supertux2.profile | 2 | ||||
-rw-r--r-- | etc/tshark.profile | 1 | ||||
-rw-r--r-- | etc/wget.profile | 1 | ||||
-rw-r--r-- | etc/whois.profile | 1 |
22 files changed, 40 insertions, 1 deletions
diff --git a/etc/bluefish.profile b/etc/bluefish.profile index 412088ba9..a85840d2f 100644 --- a/etc/bluefish.profile +++ b/etc/bluefish.profile | |||
@@ -15,6 +15,7 @@ include disable-programs.inc | |||
15 | 15 | ||
16 | include whitelist-var-common.inc | 16 | include whitelist-var-common.inc |
17 | 17 | ||
18 | apparmor | ||
18 | caps.drop all | 19 | caps.drop all |
19 | net none | 20 | net none |
20 | no3d | 21 | no3d |
diff --git a/etc/brasero.profile b/etc/brasero.profile index 67fc07afb..417a6b3e0 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile | |||
@@ -15,6 +15,9 @@ include disable-interpreters.inc | |||
15 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | 17 | ||
18 | include whitelist-var-common.inc | ||
19 | |||
20 | apparmor | ||
18 | caps.drop all | 21 | caps.drop all |
19 | net none | 22 | net none |
20 | nogroups | 23 | nogroups |
diff --git a/etc/curl.profile b/etc/curl.profile index 3f93e5f7e..a720aca9b 100644 --- a/etc/curl.profile +++ b/etc/curl.profile | |||
@@ -19,7 +19,9 @@ include disable-programs.inc | |||
19 | #include disable-xdg.inc | 19 | #include disable-xdg.inc |
20 | 20 | ||
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | ||
22 | 23 | ||
24 | apparmor | ||
23 | caps.drop all | 25 | caps.drop all |
24 | ipc-namespace | 26 | ipc-namespace |
25 | machine-id | 27 | machine-id |
diff --git a/etc/deluge.profile b/etc/deluge.profile index 8f4f9fbe9..17c5059f5 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
@@ -14,6 +14,7 @@ include allow-python3.inc | |||
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | # include disable-devel.inc | 16 | # include disable-devel.inc |
17 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 20 | include disable-programs.inc |
@@ -24,6 +25,7 @@ whitelist ${HOME}/.config/deluge | |||
24 | include whitelist-common.inc | 25 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
26 | 27 | ||
28 | apparmor | ||
27 | caps.drop all | 29 | caps.drop all |
28 | machine-id | 30 | machine-id |
29 | netfilter | 31 | netfilter |
diff --git a/etc/dig.profile b/etc/dig.profile index 054e4891d..0e1598406 100644 --- a/etc/dig.profile +++ b/etc/dig.profile | |||
@@ -25,6 +25,7 @@ include whitelist-common.inc | |||
25 | include whitelist-usr-share-common.inc | 25 | include whitelist-usr-share-common.inc |
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
28 | apparmor | ||
28 | caps.drop all | 29 | caps.drop all |
29 | ipc-namespace | 30 | ipc-namespace |
30 | machine-id | 31 | machine-id |
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 701f14dce..49cec85c7 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
@@ -11,6 +11,7 @@ noblacklist ${DOCUMENTS} | |||
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | ||
14 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 17 | include disable-programs.inc |
@@ -18,7 +19,9 @@ include disable-xdg.inc | |||
18 | 19 | ||
19 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
20 | 21 | ||
22 | apparmor | ||
21 | caps.drop all | 23 | caps.drop all |
24 | net none | ||
22 | netfilter | 25 | netfilter |
23 | nodvd | 26 | nodvd |
24 | nonewprivs | 27 | nonewprivs |
diff --git a/etc/freeciv.profile b/etc/freeciv.profile index fa115d325..379c5eca9 100644 --- a/etc/freeciv.profile +++ b/etc/freeciv.profile | |||
@@ -21,6 +21,7 @@ whitelist ${HOME}/.freeciv | |||
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | apparmor | ||
24 | caps.drop all | 25 | caps.drop all |
25 | ipc-namespace | 26 | ipc-namespace |
26 | netfilter | 27 | netfilter |
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile index 6cef181c8..c089d2e35 100644 --- a/etc/frozen-bubble.profile +++ b/etc/frozen-bubble.profile | |||
@@ -13,6 +13,7 @@ include allow-perl.inc | |||
13 | 13 | ||
14 | include disable-common.inc | 14 | include disable-common.inc |
15 | include disable-devel.inc | 15 | include disable-devel.inc |
16 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
18 | include disable-programs.inc | 19 | include disable-programs.inc |
@@ -22,6 +23,7 @@ whitelist ${HOME}/.frozen-bubble | |||
22 | include whitelist-common.inc | 23 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
24 | 25 | ||
26 | apparmor | ||
25 | caps.drop all | 27 | caps.drop all |
26 | net none | 28 | net none |
27 | nodbus | 29 | nodbus |
diff --git a/etc/kino.profile b/etc/kino.profile index 9e8d61391..b3ade0dd9 100644 --- a/etc/kino.profile +++ b/etc/kino.profile | |||
@@ -16,6 +16,9 @@ include disable-interpreters.inc | |||
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | include whitelist-var-common.inc | ||
20 | |||
21 | apparmor | ||
19 | caps.drop all | 22 | caps.drop all |
20 | netfilter | 23 | netfilter |
21 | nogroups | 24 | nogroups |
diff --git a/etc/lincity-ng.profile b/etc/lincity-ng.profile index b55ac9a15..748d38221 100644 --- a/etc/lincity-ng.profile +++ b/etc/lincity-ng.profile | |||
@@ -21,6 +21,7 @@ whitelist ${HOME}/.lincity-ng | |||
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | apparmor | ||
24 | caps.drop all | 25 | caps.drop all |
25 | ipc-namespace | 26 | ipc-namespace |
26 | net none | 27 | net none |
diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index 74adb7a67..c1135d859 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile | |||
@@ -14,8 +14,11 @@ include disable-exec.inc | |||
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include whitelist-var-common.inc | ||
17 | 18 | ||
19 | apparmor | ||
18 | caps.drop all | 20 | caps.drop all |
21 | net none | ||
19 | netfilter | 22 | netfilter |
20 | no3d | 23 | no3d |
21 | nodvd | 24 | nodvd |
diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index e1a37343e..9094f4377 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile | |||
@@ -20,6 +20,7 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
23 | apparmor | ||
23 | caps.drop all | 24 | caps.drop all |
24 | netfilter | 25 | netfilter |
25 | no3d | 26 | no3d |
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile index 5925ccc09..0ba9451d8 100644 --- a/etc/open-invaders.profile +++ b/etc/open-invaders.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.openinvaders | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -17,7 +18,9 @@ include disable-programs.inc | |||
17 | mkdir ${HOME}/.openinvaders | 18 | mkdir ${HOME}/.openinvaders |
18 | whitelist ${HOME}/.openinvaders | 19 | whitelist ${HOME}/.openinvaders |
19 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-var-common.inc | ||
20 | 22 | ||
23 | apparmor | ||
21 | caps.drop all | 24 | caps.drop all |
22 | net none | 25 | net none |
23 | nodbus | 26 | nodbus |
diff --git a/etc/opencity.profile b/etc/opencity.profile index 6a27c8095..b0192c947 100644 --- a/etc/opencity.profile +++ b/etc/opencity.profile | |||
@@ -21,6 +21,7 @@ whitelist ${HOME}/.opencity | |||
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | apparmor | ||
24 | caps.drop all | 25 | caps.drop all |
25 | ipc-namespace | 26 | ipc-namespace |
26 | net none | 27 | net none |
diff --git a/etc/openclonk.profile b/etc/openclonk.profile index da60006b3..8921bc460 100644 --- a/etc/openclonk.profile +++ b/etc/openclonk.profile | |||
@@ -21,9 +21,10 @@ whitelist ${HOME}/.clonk | |||
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | apparmor | ||
24 | caps.drop all | 25 | caps.drop all |
25 | ipc-namespace | 26 | ipc-namespace |
26 | net none | 27 | # net none - networked game |
27 | nodbus | 28 | nodbus |
28 | nodvd | 29 | nodvd |
29 | nogroups | 30 | nogroups |
diff --git a/etc/openttd.profile b/etc/openttd.profile index 5de4d325d..507a18e1c 100644 --- a/etc/openttd.profile +++ b/etc/openttd.profile | |||
@@ -21,8 +21,10 @@ whitelist ${HOME}/.openttd | |||
21 | include whitelist-common.inc | 21 | include whitelist-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | apparmor | ||
24 | caps.drop all | 25 | caps.drop all |
25 | ipc-namespace | 26 | ipc-namespace |
27 | net none | ||
26 | netfilter | 28 | netfilter |
27 | nodbus | 29 | nodbus |
28 | nodvd | 30 | nodvd |
diff --git a/etc/ping.profile b/etc/ping.profile index 5f68ee011..75ad0ee31 100644 --- a/etc/ping.profile +++ b/etc/ping.profile | |||
@@ -19,6 +19,7 @@ include whitelist-common.inc | |||
19 | include whitelist-usr-share-common.inc | 19 | include whitelist-usr-share-common.inc |
20 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | apparmor | ||
22 | caps.keep net_raw | 23 | caps.keep net_raw |
23 | ipc-namespace | 24 | ipc-namespace |
24 | #net tun0 | 25 | #net tun0 |
diff --git a/etc/pingus.profile b/etc/pingus.profile index a3adc55a2..8e77a26d0 100644 --- a/etc/pingus.profile +++ b/etc/pingus.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.pingus | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -17,7 +18,9 @@ include disable-programs.inc | |||
17 | mkdir ${HOME}/.pingus | 18 | mkdir ${HOME}/.pingus |
18 | whitelist ${HOME}/.pingus | 19 | whitelist ${HOME}/.pingus |
19 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | include whitelist-var-common.inc | ||
20 | 22 | ||
23 | apparmor | ||
21 | caps.drop all | 24 | caps.drop all |
22 | net none | 25 | net none |
23 | nodbus | 26 | nodbus |
diff --git a/etc/supertux2.profile b/etc/supertux2.profile index 4c64ee766..a702faa9e 100644 --- a/etc/supertux2.profile +++ b/etc/supertux2.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${HOME}/.local/share/supertux2 | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
@@ -19,6 +20,7 @@ whitelist ${HOME}/.local/share/supertux2 | |||
19 | include whitelist-common.inc | 20 | include whitelist-common.inc |
20 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
21 | 22 | ||
23 | apparmor | ||
22 | caps.drop all | 24 | caps.drop all |
23 | net none | 25 | net none |
24 | nodbus | 26 | nodbus |
diff --git a/etc/tshark.profile b/etc/tshark.profile index 22ced5d8a..211f59f29 100644 --- a/etc/tshark.profile +++ b/etc/tshark.profile | |||
@@ -19,6 +19,7 @@ include whitelist-common.inc | |||
19 | include whitelist-usr-share-common.inc | 19 | include whitelist-usr-share-common.inc |
20 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | apparmor | ||
22 | #caps.keep net_raw | 23 | #caps.keep net_raw |
23 | caps.keep dac_override,net_admin,net_raw | 24 | caps.keep dac_override,net_admin,net_raw |
24 | ipc-namespace | 25 | ipc-namespace |
diff --git a/etc/wget.profile b/etc/wget.profile index 401926e2d..d402316e9 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -26,6 +26,7 @@ include disable-programs.inc | |||
26 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
29 | apparmor | ||
29 | caps.drop all | 30 | caps.drop all |
30 | ipc-namespace | 31 | ipc-namespace |
31 | machine-id | 32 | machine-id |
diff --git a/etc/whois.profile b/etc/whois.profile index 0e60e18ab..9af6d6843 100644 --- a/etc/whois.profile +++ b/etc/whois.profile | |||
@@ -21,6 +21,7 @@ include disable-xdg.inc | |||
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | apparmor | ||
24 | caps.drop all | 25 | caps.drop all |
25 | hostname whois | 26 | hostname whois |
26 | ipc-namespace | 27 | ipc-namespace |