diff options
author | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2018-04-07 18:35:47 -0500 |
---|---|---|
committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2018-04-07 18:35:47 -0500 |
commit | 052081416736808e6ec0dbd59aa01097c86c359e (patch) | |
tree | 58a6117995217466065187e63b3b66b4a0f0211e /etc | |
parent | Merge branch 'master' of http://github.com/netblue30/firejail (diff) | |
download | firejail-052081416736808e6ec0dbd59aa01097c86c359e.tar.gz firejail-052081416736808e6ec0dbd59aa01097c86c359e.tar.zst firejail-052081416736808e6ec0dbd59aa01097c86c359e.zip |
Diffstat (limited to 'etc')
-rw-r--r-- | etc/basilisk.profile | 5 | ||||
-rw-r--r-- | etc/firefox-common.profile | 5 | ||||
-rw-r--r-- | etc/firejail-default | 1 | ||||
-rw-r--r-- | etc/palemoon.profile | 5 |
4 files changed, 14 insertions, 2 deletions
diff --git a/etc/basilisk.profile b/etc/basilisk.profile index ac7f30c04..fe63a59f1 100644 --- a/etc/basilisk.profile +++ b/etc/basilisk.profile | |||
@@ -14,6 +14,11 @@ whitelist ${DOWNLOADS} | |||
14 | whitelist ${HOME}/.cache/moonchild productions/basilisk | 14 | whitelist ${HOME}/.cache/moonchild productions/basilisk |
15 | whitelist ${HOME}/.moonchild productions | 15 | whitelist ${HOME}/.moonchild productions |
16 | 16 | ||
17 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) | ||
18 | ignore seccomp.drop | ||
19 | seccomp | ||
20 | shell none | ||
21 | |||
17 | #private-bin basilisk | 22 | #private-bin basilisk |
18 | # private-etc must first be enabled in firefox-common.profile | 23 | # private-etc must first be enabled in firefox-common.profile |
19 | #private-etc basilisk | 24 | #private-etc basilisk |
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 3fe83eda0..843f41fee 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
@@ -33,8 +33,9 @@ nonewprivs | |||
33 | noroot | 33 | noroot |
34 | notv | 34 | notv |
35 | protocol unix,inet,inet6,netlink | 35 | protocol unix,inet,inet6,netlink |
36 | seccomp | 36 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
37 | shell none | 37 | # shell none breaks firefox>=60, see issue #1765 |
38 | # shell none | ||
38 | tracelog | 39 | tracelog |
39 | 40 | ||
40 | disable-mnt | 41 | disable-mnt |
diff --git a/etc/firejail-default b/etc/firejail-default index 5d116fbbc..ad3fdd718 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -72,6 +72,7 @@ owner /run/firejail/mnt/oroot/{run,dev}/shm/** rmwk, | |||
72 | ########## | 72 | ########## |
73 | /proc/ r, | 73 | /proc/ r, |
74 | /proc/** r, | 74 | /proc/** r, |
75 | owner /proc/[0-9]*/{uid_map,gid_map,setgroups} w, | ||
75 | # Uncomment to silence all denied write warnings | 76 | # Uncomment to silence all denied write warnings |
76 | #deny /proc/** w, | 77 | #deny /proc/** w, |
77 | deny /proc/@{PID}/oom_adj w, | 78 | deny /proc/@{PID}/oom_adj w, |
diff --git a/etc/palemoon.profile b/etc/palemoon.profile index ff7087e55..c68574df5 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile | |||
@@ -13,6 +13,11 @@ mkdir ${HOME}/.moonchild productions | |||
13 | whitelist ${HOME}/.cache/moonchild productions/pale moon | 13 | whitelist ${HOME}/.cache/moonchild productions/pale moon |
14 | whitelist ${HOME}/.moonchild productions | 14 | whitelist ${HOME}/.moonchild productions |
15 | 15 | ||
16 | # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60) | ||
17 | ignore seccomp.drop | ||
18 | seccomp | ||
19 | shell none | ||
20 | |||
16 | #private-bin palemoon | 21 | #private-bin palemoon |
17 | # private-etc must first be enabled in firefox-common.profile | 22 | # private-etc must first be enabled in firefox-common.profile |
18 | #private-etc palemoon | 23 | #private-etc palemoon |