diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2019-07-01 19:24:14 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-07-01 19:24:14 +0000 |
commit | 73321c5974212b09e6f65313a1291601adaec735 (patch) | |
tree | 2626cae4d13e780cad621dc196c034f9c5542de5 /etc | |
parent | Update wording in templates (#2815) (diff) | |
download | firejail-73321c5974212b09e6f65313a1291601adaec735.tar.gz firejail-73321c5974212b09e6f65313a1291601adaec735.tar.zst firejail-73321c5974212b09e6f65313a1291601adaec735.zip |
Fixes (#2816)
* Unbreak gconf-editor
* Add x11 none to curl.profile
* Add x11 none to wget.profile
* Add x11 none to dnscrypt-proxy.profile
* Add tracelog to ssh-agent.profile
* Add x11 none to aria2c.profile
* Add x11 none to arch-audit.profile
* Add x11 none to archaudit-report.profile
Diffstat (limited to 'etc')
-rw-r--r-- | etc/arch-audit.profile | 1 | ||||
-rw-r--r-- | etc/archaudit-report.profile | 1 | ||||
-rw-r--r-- | etc/aria2c.profile | 2 | ||||
-rw-r--r-- | etc/curl.profile | 3 | ||||
-rw-r--r-- | etc/dnscrypt-proxy.profile | 3 | ||||
-rw-r--r-- | etc/gconf-editor.profile | 4 | ||||
-rw-r--r-- | etc/ssh-agent.profile | 1 | ||||
-rw-r--r-- | etc/wget.profile | 3 |
8 files changed, 11 insertions, 7 deletions
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile index 2f08fa169..7d12df047 100644 --- a/etc/arch-audit.profile +++ b/etc/arch-audit.profile | |||
@@ -35,6 +35,7 @@ novideo | |||
35 | protocol inet,inet6 | 35 | protocol inet,inet6 |
36 | seccomp | 36 | seccomp |
37 | shell none | 37 | shell none |
38 | x11 none | ||
38 | 39 | ||
39 | disable-mnt | 40 | disable-mnt |
40 | private | 41 | private |
diff --git a/etc/archaudit-report.profile b/etc/archaudit-report.profile index 19c37f90e..f79633263 100644 --- a/etc/archaudit-report.profile +++ b/etc/archaudit-report.profile | |||
@@ -30,6 +30,7 @@ novideo | |||
30 | protocol unix,inet,inet6 | 30 | protocol unix,inet,inet6 |
31 | seccomp | 31 | seccomp |
32 | shell none | 32 | shell none |
33 | x11 none | ||
33 | 34 | ||
34 | disable-mnt | 35 | disable-mnt |
35 | private | 36 | private |
diff --git a/etc/aria2c.profile b/etc/aria2c.profile index 3b9dfc365..6db82e9c1 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile | |||
@@ -14,7 +14,6 @@ include disable-exec.inc | |||
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | # include disable-xdg.inc | ||
18 | 17 | ||
19 | caps.drop all | 18 | caps.drop all |
20 | ipc-namespace | 19 | ipc-namespace |
@@ -32,6 +31,7 @@ novideo | |||
32 | protocol unix,inet,inet6,netlink | 31 | protocol unix,inet,inet6,netlink |
33 | seccomp | 32 | seccomp |
34 | shell none | 33 | shell none |
34 | x11 none | ||
35 | 35 | ||
36 | # disable-mnt | 36 | # disable-mnt |
37 | private-bin aria2c,gzip | 37 | private-bin aria2c,gzip |
diff --git a/etc/curl.profile b/etc/curl.profile index d8282b972..3080f05e6 100644 --- a/etc/curl.profile +++ b/etc/curl.profile | |||
@@ -9,8 +9,6 @@ include globals.local | |||
9 | 9 | ||
10 | noblacklist ${HOME}/.curlrc | 10 | noblacklist ${HOME}/.curlrc |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | ||
13 | |||
14 | include disable-common.inc | 12 | include disable-common.inc |
15 | include disable-exec.inc | 13 | include disable-exec.inc |
16 | include disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
@@ -33,6 +31,7 @@ novideo | |||
33 | protocol inet,inet6 | 31 | protocol inet,inet6 |
34 | seccomp | 32 | seccomp |
35 | shell none | 33 | shell none |
34 | x11 none | ||
36 | 35 | ||
37 | # private-bin curl | 36 | # private-bin curl |
38 | private-cache | 37 | private-cache |
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index 169b23f5f..0a5ef6abc 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -9,8 +9,6 @@ include globals.local | |||
9 | noblacklist /sbin | 9 | noblacklist /sbin |
10 | noblacklist /usr/sbin | 10 | noblacklist /usr/sbin |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | ||
13 | |||
14 | include disable-common.inc | 12 | include disable-common.inc |
15 | include disable-devel.inc | 13 | include disable-devel.inc |
16 | include disable-exec.inc | 14 | include disable-exec.inc |
@@ -32,6 +30,7 @@ nou2f | |||
32 | novideo | 30 | novideo |
33 | protocol inet,inet6 | 31 | protocol inet,inet6 |
34 | seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice | 32 | seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice |
33 | x11 none | ||
35 | 34 | ||
36 | disable-mnt | 35 | disable-mnt |
37 | private | 36 | private |
diff --git a/etc/gconf-editor.profile b/etc/gconf-editor.profile index 1b84bf536..8d98eebbc 100644 --- a/etc/gconf-editor.profile +++ b/etc/gconf-editor.profile | |||
@@ -7,5 +7,9 @@ include gconf-editor.local | |||
7 | # added by included profile | 7 | # added by included profile |
8 | #include globals.local | 8 | #include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | |||
12 | ignore x11 none | ||
13 | |||
10 | # Redirect | 14 | # Redirect |
11 | include gconf.profile | 15 | include gconf.profile |
diff --git a/etc/ssh-agent.profile b/etc/ssh-agent.profile index 55df45a87..15e2de9b0 100644 --- a/etc/ssh-agent.profile +++ b/etc/ssh-agent.profile | |||
@@ -27,5 +27,6 @@ notv | |||
27 | protocol unix,inet,inet6 | 27 | protocol unix,inet,inet6 |
28 | seccomp | 28 | seccomp |
29 | shell none | 29 | shell none |
30 | tracelog | ||
30 | 31 | ||
31 | writable-run-user | 32 | writable-run-user |
diff --git a/etc/wget.profile b/etc/wget.profile index 2d5c0c4d6..23c3c46ee 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -10,8 +10,6 @@ include globals.local | |||
10 | noblacklist ${HOME}/.wget-hsts | 10 | noblacklist ${HOME}/.wget-hsts |
11 | noblacklist ${HOME}/.wgetrc | 11 | noblacklist ${HOME}/.wgetrc |
12 | 12 | ||
13 | blacklist /tmp/.X11-unix | ||
14 | |||
15 | include disable-common.inc | 13 | include disable-common.inc |
16 | include disable-exec.inc | 14 | include disable-exec.inc |
17 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
@@ -33,6 +31,7 @@ novideo | |||
33 | protocol unix,inet,inet6 | 31 | protocol unix,inet,inet6 |
34 | seccomp | 32 | seccomp |
35 | shell none | 33 | shell none |
34 | x11 none | ||
36 | 35 | ||
37 | # private-bin wget | 36 | # private-bin wget |
38 | private-dev | 37 | private-dev |