diff options
author | Jose Riha <jose1711@gmail.com> | 2019-06-15 15:56:08 +0200 |
---|---|---|
committer | Jose Riha <jose1711@gmail.com> | 2019-06-17 11:31:18 +0200 |
commit | f97e4fd97064b7f6a6101c1c60d5f88538d89ac6 (patch) | |
tree | e711de6e103f1cbfc7477f2fd21036b338f62f5c /etc | |
parent | Add profile for udiskie (diff) | |
download | firejail-f97e4fd97064b7f6a6101c1c60d5f88538d89ac6.tar.gz firejail-f97e4fd97064b7f6a6101c1c60d5f88538d89ac6.tar.zst firejail-f97e4fd97064b7f6a6101c1c60d5f88538d89ac6.zip |
Apply suggestions from code review
Co-Authored-By: rusty-snake <print_hello_world+GitHub@protonmail.com>
Diffstat (limited to 'etc')
-rw-r--r-- | etc/udiskie.profile | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/etc/udiskie.profile b/etc/udiskie.profile index 37b5d9a64..7960b4bc3 100644 --- a/etc/udiskie.profile +++ b/etc/udiskie.profile | |||
@@ -1,7 +1,6 @@ | |||
1 | # Firejail profile for udiskie | 1 | # Firejail profile for udiskie |
2 | # Description: Removable disk automounter using udisks | 2 | # Description: Removable disk automounter using udisks |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # quiet | ||
5 | # Persistent local customizations | 4 | # Persistent local customizations |
6 | include udiskie.local | 5 | include udiskie.local |
7 | # Persistent global definitions | 6 | # Persistent global definitions |
@@ -14,22 +13,33 @@ include disable-common.inc | |||
14 | include disable-devel.inc | 13 | include disable-devel.inc |
15 | include disable-exec.inc | 14 | include disable-exec.inc |
16 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc include disable-programs.inc | 16 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | ||
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | include whitelist-var-common.inc | ||
21 | |||
20 | caps.drop all | 22 | caps.drop all |
21 | machine-id | 23 | machine-id |
22 | net none | 24 | net none |
25 | no3d | ||
23 | nogroups | 26 | nogroups |
24 | nonewprivs | 27 | nonewprivs |
25 | noroot | 28 | noroot |
29 | nosound | ||
26 | notv | 30 | notv |
27 | nou2f | 31 | nou2f |
28 | novideo | 32 | novideo |
33 | protocol unix | ||
29 | seccomp | 34 | seccomp |
30 | shell none | 35 | shell none |
31 | tracelog | 36 | tracelog |
32 | 37 | ||
38 | private-bin awk,cut,dbus-send,egrep,file,grep,head,python,python3,readlink,sed,sh,udiskie,uname,which,xdg-mime,xdg-open,xprop | ||
39 | # add your configured file browser in udiskie.local, e. g. | ||
40 | # private-bin nautilus | ||
41 | # private-bin thunar | ||
33 | private-cache | 42 | private-cache |
34 | private-dev | 43 | private-dev |
44 | private-etc ld.so.cache,ld.so.preload,ld.so.conf,ld.so.conf.d,locale,locale.alias,locale.conf,localtime,alternatives,mime.types,xdg | ||
35 | private-tmp | 45 | private-tmp |