diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2019-06-16 01:26:18 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-06-16 01:26:18 +0000 |
commit | 0a9beba3c6b1058b045993e2bc2ba711bfef70a9 (patch) | |
tree | dd0c033b00d8aa65ecc52b300dd38165064685a3 /etc | |
parent | Merge branch 'master' of github.com:netblue30/firejail (diff) | |
download | firejail-0a9beba3c6b1058b045993e2bc2ba711bfef70a9.tar.gz firejail-0a9beba3c6b1058b045993e2bc2ba711bfef70a9.tar.zst firejail-0a9beba3c6b1058b045993e2bc2ba711bfef70a9.zip |
Sort caps.keep and seccomp.drop options (#2780)
* Sort seccomp.drop in unbound.profile
* Sort caps.keep in tor.profile
* Sort seccomp.drop in qgjs.profile
* Sort seccomp.drop in dnscrypt-proxy.profile
* Sort caps.keep in chromium-common.profile
Diffstat (limited to 'etc')
-rw-r--r-- | etc/chromium-common.profile | 2 | ||||
-rw-r--r-- | etc/dnscrypt-proxy.profile | 2 | ||||
-rw-r--r-- | etc/qgis.profile | 2 | ||||
-rw-r--r-- | etc/tor.profile | 2 | ||||
-rw-r--r-- | etc/unbound.profile | 2 |
5 files changed, 5 insertions, 5 deletions
diff --git a/etc/chromium-common.profile b/etc/chromium-common.profile index b64fc820a..b227ba9ef 100644 --- a/etc/chromium-common.profile +++ b/etc/chromium-common.profile | |||
@@ -27,7 +27,7 @@ include whitelist-common.inc | |||
27 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
28 | 28 | ||
29 | apparmor | 29 | apparmor |
30 | caps.keep sys_chroot,sys_admin | 30 | caps.keep sys_admin,sys_chroot |
31 | netfilter | 31 | netfilter |
32 | # nodbus - prevents access to passwords saved in GNOME Keyring, also breaks Gnome connector | 32 | # nodbus - prevents access to passwords saved in GNOME Keyring, also breaks Gnome connector |
33 | nodvd | 33 | nodvd |
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index ffced747b..ae248f2e8 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -26,7 +26,7 @@ nosound | |||
26 | notv | 26 | notv |
27 | nou2f | 27 | nou2f |
28 | novideo | 28 | novideo |
29 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open | 29 | seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice |
30 | 30 | ||
31 | disable-mnt | 31 | disable-mnt |
32 | private | 32 | private |
diff --git a/etc/qgis.profile b/etc/qgis.profile index 15ef4c22a..80a10efce 100644 --- a/etc/qgis.profile +++ b/etc/qgis.profile | |||
@@ -45,7 +45,7 @@ notv | |||
45 | nou2f | 45 | nou2f |
46 | novideo | 46 | novideo |
47 | # blacklisting of mbind system calls breaks old version | 47 | # blacklisting of mbind system calls breaks old version |
48 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,set_mempolicy,migrate_pages,move_pages,open_by_handle_at,name_to_handle_at,ioprio_set,ni_syscall,syslog,fanotify_init,kcmp,add_key,request_key,keyctl,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,vmsplice,umount,userfaultfd,mincore | 48 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,migrate_pages,mincore,move_pages,name_to_handle_at,ni_syscall,open_by_handle_at,remap_file_pages,request_key,set_mempolicy,syslog,umount,userfaultfd,vmsplice |
49 | protocol unix,inet,inet6,netlink | 49 | protocol unix,inet,inet6,netlink |
50 | shell none | 50 | shell none |
51 | tracelog | 51 | tracelog |
diff --git a/etc/tor.profile b/etc/tor.profile index 4aebe0a1e..8d6622241 100644 --- a/etc/tor.profile +++ b/etc/tor.profile | |||
@@ -25,7 +25,7 @@ include disable-passwdmgr.inc | |||
25 | include disable-programs.inc | 25 | include disable-programs.inc |
26 | include disable-xdg.inc | 26 | include disable-xdg.inc |
27 | 27 | ||
28 | caps.keep setuid,setgid,net_bind_service,dac_read_search | 28 | caps.keep dac_read_search,net_bind_service,setgid,setuid |
29 | ipc-namespace | 29 | ipc-namespace |
30 | machine-id | 30 | machine-id |
31 | netfilter | 31 | netfilter |
diff --git a/etc/unbound.profile b/etc/unbound.profile index 8e7a4a8a8..50304d223 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -29,7 +29,7 @@ nosound | |||
29 | notv | 29 | notv |
30 | nou2f | 30 | nou2f |
31 | novideo | 31 | novideo |
32 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open | 32 | seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice |
33 | writable-var | 33 | writable-var |
34 | 34 | ||
35 | disable-mnt | 35 | disable-mnt |