diff options
author | smitsohu <smitsohu@gmail.com> | 2018-04-09 17:04:05 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2018-04-09 17:04:05 +0200 |
commit | d555463c624081d94b27abf67aa8b739fddf2162 (patch) | |
tree | 8bfd935078d51914115877890308ba29eecc9f83 /etc | |
parent | noroot uid/gid/supplementary group fixes; problems found by smitsohu (diff) | |
download | firejail-d555463c624081d94b27abf67aa8b739fddf2162.tar.gz firejail-d555463c624081d94b27abf67aa8b739fddf2162.tar.zst firejail-d555463c624081d94b27abf67aa8b739fddf2162.zip |
add back shell=none to firefox-common
Diffstat (limited to 'etc')
-rw-r--r-- | etc/basilisk.profile | 1 | ||||
-rw-r--r-- | etc/firefox-common.profile | 3 | ||||
-rw-r--r-- | etc/palemoon.profile | 1 |
3 files changed, 1 insertions, 4 deletions
diff --git a/etc/basilisk.profile b/etc/basilisk.profile index fe63a59f1..43ba5adcb 100644 --- a/etc/basilisk.profile +++ b/etc/basilisk.profile | |||
@@ -17,7 +17,6 @@ whitelist ${HOME}/.moonchild productions | |||
17 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) | 17 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) |
18 | ignore seccomp.drop | 18 | ignore seccomp.drop |
19 | seccomp | 19 | seccomp |
20 | shell none | ||
21 | 20 | ||
22 | #private-bin basilisk | 21 | #private-bin basilisk |
23 | # private-etc must first be enabled in firefox-common.profile | 22 | # private-etc must first be enabled in firefox-common.profile |
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 843f41fee..9ebcdba6c 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
@@ -34,8 +34,7 @@ noroot | |||
34 | notv | 34 | notv |
35 | protocol unix,inet,inet6,netlink | 35 | protocol unix,inet,inet6,netlink |
36 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | 36 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
37 | # shell none breaks firefox>=60, see issue #1765 | 37 | shell none |
38 | # shell none | ||
39 | tracelog | 38 | tracelog |
40 | 39 | ||
41 | disable-mnt | 40 | disable-mnt |
diff --git a/etc/palemoon.profile b/etc/palemoon.profile index c68574df5..1104acff4 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile | |||
@@ -16,7 +16,6 @@ whitelist ${HOME}/.moonchild productions | |||
16 | # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60) | 16 | # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60) |
17 | ignore seccomp.drop | 17 | ignore seccomp.drop |
18 | seccomp | 18 | seccomp |
19 | shell none | ||
20 | 19 | ||
21 | #private-bin palemoon | 20 | #private-bin palemoon |
22 | # private-etc must first be enabled in firefox-common.profile | 21 | # private-etc must first be enabled in firefox-common.profile |