diff options
author | netblue30 <netblue30@yahoo.com> | 2019-01-23 11:48:39 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2019-01-23 11:48:39 -0500 |
commit | d69d2968066b8be3434864c7bbe7d6ead6ae41d3 (patch) | |
tree | 2a7cc6478dbb654384569b9571008ccd197aaa53 /etc | |
parent | improve gwenview and dolphin profiles - #2306 #2348 (diff) | |
download | firejail-d69d2968066b8be3434864c7bbe7d6ead6ae41d3.tar.gz firejail-d69d2968066b8be3434864c7bbe7d6ead6ae41d3.tar.zst firejail-d69d2968066b8be3434864c7bbe7d6ead6ae41d3.zip |
removed mincore syscall from default seccomp filter
Diffstat (limited to 'etc')
-rw-r--r-- | etc/clementine.profile | 2 | ||||
-rw-r--r-- | etc/firefox-common.profile | 2 | ||||
-rw-r--r-- | etc/kmail.profile | 2 | ||||
-rw-r--r-- | etc/mpd.profile | 2 | ||||
-rw-r--r-- | etc/qutebrowser.profile | 2 | ||||
-rw-r--r-- | etc/torbrowser-launcher.profile | 2 |
6 files changed, 6 insertions, 6 deletions
diff --git a/etc/clementine.profile b/etc/clementine.profile index 1cf478ead..147b0de4b 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
@@ -27,7 +27,7 @@ nou2f | |||
27 | novideo | 27 | novideo |
28 | protocol unix,inet,inet6 | 28 | protocol unix,inet,inet6 |
29 | # blacklisting of ioprio_set system calls breaks clementine | 29 | # blacklisting of ioprio_set system calls breaks clementine |
30 | seccomp.drop mincore,@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice | 30 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice |
31 | 31 | ||
32 | private-dev | 32 | private-dev |
33 | private-tmp | 33 | private-tmp |
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 288afa8a2..ad8a0a0b7 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
@@ -40,7 +40,7 @@ noroot | |||
40 | notv | 40 | notv |
41 | ?BROWSER_DISABLE_U2F: nou2f | 41 | ?BROWSER_DISABLE_U2F: nou2f |
42 | protocol unix,inet,inet6,netlink | 42 | protocol unix,inet,inet6,netlink |
43 | seccomp.drop mincore,@clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | 43 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
44 | shell none | 44 | shell none |
45 | #disable tracelog, it breaks or causes major issues with many firefox based browsers, see github issue #1930 | 45 | #disable tracelog, it breaks or causes major issues with many firefox based browsers, see github issue #1930 |
46 | #tracelog | 46 | #tracelog |
diff --git a/etc/kmail.profile b/etc/kmail.profile index 85eb74998..1f8403ef1 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile | |||
@@ -50,7 +50,7 @@ nou2f | |||
50 | novideo | 50 | novideo |
51 | protocol unix,inet,inet6,netlink | 51 | protocol unix,inet,inet6,netlink |
52 | # we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls | 52 | # we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls |
53 | seccomp.drop mincore,@clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | 53 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
54 | # tracelog | 54 | # tracelog |
55 | # writable-run-user is needed for signing and encrypting emails | 55 | # writable-run-user is needed for signing and encrypting emails |
56 | writable-run-user | 56 | writable-run-user |
diff --git a/etc/mpd.profile b/etc/mpd.profile index c532edeb2..e06b83aa9 100644 --- a/etc/mpd.profile +++ b/etc/mpd.profile | |||
@@ -30,7 +30,7 @@ novideo | |||
30 | protocol unix,inet,inet6 | 30 | protocol unix,inet,inet6 |
31 | # blacklisting of ioprio_set system calls breaks auto-updating of | 31 | # blacklisting of ioprio_set system calls breaks auto-updating of |
32 | # MPD's database when files in music_directory are changed | 32 | # MPD's database when files in music_directory are changed |
33 | seccomp.drop mincore,@cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice | 33 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice |
34 | shell none | 34 | shell none |
35 | 35 | ||
36 | #private-bin mpd,bash | 36 | #private-bin mpd,bash |
diff --git a/etc/qutebrowser.profile b/etc/qutebrowser.profile index 7193a04ed..ac9f9bfd9 100644 --- a/etc/qutebrowser.profile +++ b/etc/qutebrowser.profile | |||
@@ -41,5 +41,5 @@ noroot | |||
41 | notv | 41 | notv |
42 | protocol unix,inet,inet6,netlink | 42 | protocol unix,inet,inet6,netlink |
43 | # blacklisting of chroot system calls breaks qt webengine | 43 | # blacklisting of chroot system calls breaks qt webengine |
44 | seccomp.drop mincore,@clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | 44 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
45 | # tracelog | 45 | # tracelog |
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index dd444103e..a9244683f 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile | |||
@@ -41,7 +41,7 @@ notv | |||
41 | nou2f | 41 | nou2f |
42 | novideo | 42 | novideo |
43 | protocol unix,inet,inet6 | 43 | protocol unix,inet,inet6 |
44 | seccomp.drop mincore,@clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | 44 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
45 | shell none | 45 | shell none |
46 | # tracelog may cause issues, see github issue #1930 | 46 | # tracelog may cause issues, see github issue #1930 |
47 | #tracelog | 47 | #tracelog |