diff options
author | Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2018-03-17 15:55:48 +0100 |
---|---|---|
committer | Vincent43 <31109921+Vincent43@users.noreply.github.com> | 2018-03-17 15:55:48 +0100 |
commit | d8b4a633202a13a13c75779d1f40a99d6cc51dfb (patch) | |
tree | 03b35f4385984d147ac4fe175edb28bd2ab39b6b /etc | |
parent | apparmor deployment (diff) | |
download | firejail-d8b4a633202a13a13c75779d1f40a99d6cc51dfb.tar.gz firejail-d8b4a633202a13a13c75779d1f40a99d6cc51dfb.tar.zst firejail-d8b4a633202a13a13c75779d1f40a99d6cc51dfb.zip |
more apparmor deployment
Diffstat (limited to 'etc')
-rw-r--r-- | etc/ark.profile | 1 | ||||
-rw-r--r-- | etc/digikam.profile | 1 | ||||
-rw-r--r-- | etc/electron.profile | 1 | ||||
-rw-r--r-- | etc/kate.profile | 1 | ||||
-rw-r--r-- | etc/kodi.profile | 1 | ||||
-rw-r--r-- | etc/kwrite.profile | 1 | ||||
-rw-r--r-- | etc/libreoffice.profile | 1 | ||||
-rw-r--r-- | etc/okular.profile | 1 | ||||
-rw-r--r-- | etc/smplayer.profile | 1 |
9 files changed, 9 insertions, 0 deletions
diff --git a/etc/ark.profile b/etc/ark.profile index 43c61f940..f3e366854 100644 --- a/etc/ark.profile +++ b/etc/ark.profile | |||
@@ -29,6 +29,7 @@ novideo | |||
29 | protocol unix | 29 | protocol unix |
30 | seccomp | 30 | seccomp |
31 | shell none | 31 | shell none |
32 | apparmor | ||
32 | 33 | ||
33 | private-dev | 34 | private-dev |
34 | private-tmp | 35 | private-tmp |
diff --git a/etc/digikam.profile b/etc/digikam.profile index 5557e5457..179204036 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile | |||
@@ -28,6 +28,7 @@ protocol unix,inet,inet6,netlink | |||
28 | seccomp | 28 | seccomp |
29 | # seccomp.keep fallocate,getrusage,openat,access,arch_prctl,bind,brk,chdir,chmod,clock_getres,clone,close,connect,dup2,dup3,eventfd2,execve,fadvise64,fcntl,fdatasync,flock,fstat,fstatfs,ftruncate,futex,getcwd,getdents,getegid,geteuid,getgid,getpeername,getpgrp,getpid,getppid,getrandom,getresgid,getresuid,getrlimit,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,mbind,memfd_create,mkdir,mmap,mprotect,msync,munmap,nanosleep,open,pipe,pipe2,poll,ppoll,prctl,pread64,pwrite64,read,readlink,readlinkat,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,rt_sigreturn,sched_getaffinity,sched_getparam,sched_get_priority_max,sched_get_priority_min,sched_getscheduler,sched_setscheduler,sched_yield,sendmsg,sendto,setgid,setresgid,setresuid,set_robust_list,setsid,setsockopt,set_tid_address,setuid,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,timerfd_create,umask,uname,unlink,wait4,waitid,write,writev,fchmod,fchown,unshare,exit,exit_group | 29 | # seccomp.keep fallocate,getrusage,openat,access,arch_prctl,bind,brk,chdir,chmod,clock_getres,clone,close,connect,dup2,dup3,eventfd2,execve,fadvise64,fcntl,fdatasync,flock,fstat,fstatfs,ftruncate,futex,getcwd,getdents,getegid,geteuid,getgid,getpeername,getpgrp,getpid,getppid,getrandom,getresgid,getresuid,getrlimit,getsockname,getsockopt,gettid,getuid,inotify_add_watch,inotify_init,inotify_init1,inotify_rm_watch,ioctl,lseek,lstat,madvise,mbind,memfd_create,mkdir,mmap,mprotect,msync,munmap,nanosleep,open,pipe,pipe2,poll,ppoll,prctl,pread64,pwrite64,read,readlink,readlinkat,recvfrom,recvmsg,rename,rt_sigaction,rt_sigprocmask,rt_sigreturn,sched_getaffinity,sched_getparam,sched_get_priority_max,sched_get_priority_min,sched_getscheduler,sched_setscheduler,sched_yield,sendmsg,sendto,setgid,setresgid,setresuid,set_robust_list,setsid,setsockopt,set_tid_address,setuid,shmat,shmctl,shmdt,shmget,shutdown,socket,stat,statfs,sysinfo,timerfd_create,umask,uname,unlink,wait4,waitid,write,writev,fchmod,fchown,unshare,exit,exit_group |
30 | shell none | 30 | shell none |
31 | apparmor | ||
31 | 32 | ||
32 | # private-bin program | 33 | # private-bin program |
33 | # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device | 34 | # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device |
diff --git a/etc/electron.profile b/etc/electron.profile index 91e5cd3df..2ff61914e 100644 --- a/etc/electron.profile +++ b/etc/electron.profile | |||
@@ -20,3 +20,4 @@ noroot | |||
20 | notv | 20 | notv |
21 | protocol unix,inet,inet6,netlink | 21 | protocol unix,inet,inet6,netlink |
22 | seccomp | 22 | seccomp |
23 | apparmor | ||
diff --git a/etc/kate.profile b/etc/kate.profile index 917be2b4c..d1cfef49b 100644 --- a/etc/kate.profile +++ b/etc/kate.profile | |||
@@ -35,6 +35,7 @@ protocol unix | |||
35 | seccomp | 35 | seccomp |
36 | shell none | 36 | shell none |
37 | tracelog | 37 | tracelog |
38 | apparmor | ||
38 | 39 | ||
39 | # private-bin kate | 40 | # private-bin kate |
40 | private-dev | 41 | private-dev |
diff --git a/etc/kodi.profile b/etc/kodi.profile index 06db44132..4eb2c9df1 100644 --- a/etc/kodi.profile +++ b/etc/kodi.profile | |||
@@ -21,6 +21,7 @@ protocol unix,inet,inet6,netlink | |||
21 | seccomp | 21 | seccomp |
22 | shell none | 22 | shell none |
23 | tracelog | 23 | tracelog |
24 | apparmor | ||
24 | 25 | ||
25 | private-dev | 26 | private-dev |
26 | private-tmp | 27 | private-tmp |
diff --git a/etc/kwrite.profile b/etc/kwrite.profile index 4fbb8aad4..386ef142c 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile | |||
@@ -36,6 +36,7 @@ protocol unix | |||
36 | seccomp | 36 | seccomp |
37 | shell none | 37 | shell none |
38 | tracelog | 38 | tracelog |
39 | apparmor | ||
39 | 40 | ||
40 | private-bin kwrite,kbuildsycoca4,kdeinit4 | 41 | private-bin kwrite,kbuildsycoca4,kdeinit4 |
41 | private-dev | 42 | private-dev |
diff --git a/etc/libreoffice.profile b/etc/libreoffice.profile index 220e0f02c..a67fafa30 100644 --- a/etc/libreoffice.profile +++ b/etc/libreoffice.profile | |||
@@ -28,6 +28,7 @@ protocol unix,inet,inet6 | |||
28 | seccomp | 28 | seccomp |
29 | shell none | 29 | shell none |
30 | tracelog | 30 | tracelog |
31 | apparmor | ||
31 | 32 | ||
32 | private-dev | 33 | private-dev |
33 | private-tmp | 34 | private-tmp |
diff --git a/etc/okular.profile b/etc/okular.profile index b26c3ab31..016316b29 100644 --- a/etc/okular.profile +++ b/etc/okular.profile | |||
@@ -40,6 +40,7 @@ protocol unix | |||
40 | seccomp | 40 | seccomp |
41 | shell none | 41 | shell none |
42 | tracelog | 42 | tracelog |
43 | apparmor | ||
43 | 44 | ||
44 | private-bin okular,kbuildsycoca4,kdeinit4,lpr | 45 | private-bin okular,kbuildsycoca4,kdeinit4,lpr |
45 | private-dev | 46 | private-dev |
diff --git a/etc/smplayer.profile b/etc/smplayer.profile index 8c68cda1e..d0180e185 100644 --- a/etc/smplayer.profile +++ b/etc/smplayer.profile | |||
@@ -23,6 +23,7 @@ noroot | |||
23 | protocol unix,inet,inet6,netlink | 23 | protocol unix,inet,inet6,netlink |
24 | seccomp | 24 | seccomp |
25 | shell none | 25 | shell none |
26 | apparmor | ||
26 | 27 | ||
27 | private-bin smplayer,smtube,mplayer,mpv | 28 | private-bin smplayer,smtube,mplayer,mpv |
28 | private-dev | 29 | private-dev |