diff options
author | valoq <valoq@mailbox.org> | 2016-11-06 20:44:32 +0100 |
---|---|---|
committer | valoq <valoq@mailbox.org> | 2016-11-06 20:44:32 +0100 |
commit | cf2c9e6436f16c727d09b433c1ac821849d3daa1 (patch) | |
tree | 8a57806636d3671eabfe2fd4a577c40691725c97 /etc | |
parent | adopted wire profile to recent changes (diff) | |
parent | seccomp rework (diff) | |
download | firejail-cf2c9e6436f16c727d09b433c1ac821849d3daa1.tar.gz firejail-cf2c9e6436f16c727d09b433c1ac821849d3daa1.tar.zst firejail-cf2c9e6436f16c727d09b433c1ac821849d3daa1.zip |
Merge remote-tracking branch 'upstream/master'
Diffstat (limited to 'etc')
-rw-r--r-- | etc/evince.profile | 2 | ||||
-rw-r--r-- | etc/firefox.profile | 5 | ||||
-rw-r--r-- | etc/mupdf.profile | 2 | ||||
-rw-r--r-- | etc/zoom.profile | 23 |
4 files changed, 27 insertions, 5 deletions
diff --git a/etc/evince.profile b/etc/evince.profile index 9a9113c70..cbb2083f4 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -6,7 +6,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
6 | 6 | ||
7 | caps.drop all | 7 | caps.drop all |
8 | netfilter | 8 | netfilter |
9 | net none | 9 | #net none - creates some problems on some distributions |
10 | nogroups | 10 | nogroups |
11 | nonewprivs | 11 | nonewprivs |
12 | noroot | 12 | noroot |
diff --git a/etc/firefox.profile b/etc/firefox.profile index 7875ca6b9..7862bd010 100644 --- a/etc/firefox.profile +++ b/etc/firefox.profile | |||
@@ -47,8 +47,7 @@ whitelist ~/.config/pipelight-silverlight5.1 | |||
47 | include /etc/firejail/whitelist-common.inc | 47 | include /etc/firejail/whitelist-common.inc |
48 | 48 | ||
49 | # experimental features | 49 | # experimental features |
50 | 50 | #private-bin firefox,which,sh,dbus-launch,dbus-send,env | |
51 | private-bin firefox,which,sh,dbus-launch,dbus-send,env | 51 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse |
52 | private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse | ||
53 | private-dev | 52 | private-dev |
54 | private-tmp | 53 | private-tmp |
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 65e6a8978..e022866e8 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
@@ -16,7 +16,7 @@ net none | |||
16 | shell none | 16 | shell none |
17 | tracelog | 17 | tracelog |
18 | 18 | ||
19 | seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev | 19 | #seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev |
20 | 20 | ||
21 | private-bin mupdf | 21 | private-bin mupdf |
22 | private-tmp | 22 | private-tmp |
diff --git a/etc/zoom.profile b/etc/zoom.profile new file mode 100644 index 000000000..f5831dd88 --- /dev/null +++ b/etc/zoom.profile | |||
@@ -0,0 +1,23 @@ | |||
1 | # Firejail profile for zoom.us | ||
2 | |||
3 | noblacklist ~/.config/zoomus.conf | ||
4 | |||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-programs.inc | ||
7 | include /etc/firejail/disable-devel.inc | ||
8 | |||
9 | |||
10 | # Whitelists | ||
11 | |||
12 | mkdir ~/.zoom | ||
13 | whitelist ~/.zoom | ||
14 | |||
15 | |||
16 | caps.drop all | ||
17 | netfilter | ||
18 | nonewprivs | ||
19 | noroot | ||
20 | protocol unix,inet,inet6 | ||
21 | seccomp | ||
22 | |||
23 | private-tmp | ||