cleanup

cin profile: 'protocol unix' implies nonewprivs
author: smitsohu <smitsohu@gmail.com> 2018-05-01 21:23:35 +0200
committer: smitsohu <smitsohu@gmail.com> 2018-05-01 21:23:35 +0200
commit: ce2b96e2e3bdae0e664fa967171e75fd8fda340b (patch)
tree: f0a387b4f382c5a8e8d748254b9df10ae73f3c21 /etc
parent: Merge branch 'master' of http://github.com/netblue30/firejail (diff)
download: firejail-ce2b96e2e3bdae0e664fa967171e75fd8fda340b.tar.gz
firejail-ce2b96e2e3bdae0e664fa967171e75fd8fda340b.tar.zst
firejail-ce2b96e2e3bdae0e664fa967171e75fd8fda340b.zip
3 files changed, 5 insertions, 5 deletions
diff --git a/etc/cin.profile b/etc/cin.profile
index 356509da0..e2410e3a5 100644
--- a/etc/cin.profile
+++ b/etc/cin.profile
@@ -19,7 +19,7 @@ net none
 nodbus
 nodvd
 #nogroups
-#nonewprivs
+nonewprivs
 notv
 noroot
 protocol unix
diff --git a/etc/natron.profile b/etc/natron.profile
index e7c597fe2..76e909f83 100644
--- a/etc/natron.profile
+++ b/etc/natron.profile
@@ -18,7 +18,7 @@ noblacklist /opt/natron
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
-#include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
diff --git a/etc/vlc.profile b/etc/vlc.profile
index 9ccbb7310..bda027aaa 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -20,8 +20,8 @@ include /etc/firejail/whitelist-var-common.inc
 #apparmor - on Ubuntu 18.04 it refuses to start without dbus access
 caps.drop all
 netfilter
-# nodbus - problems with KDE
+#nodbus
-# nogroups
+#nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6,netlink
@@ -33,6 +33,6 @@ private-dev
 private-tmp
 # mdwe is disabled due to breaking hardware accelerated decoding
-# memory-deny-write-execute
+#memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
author	smitsohu <smitsohu@gmail.com>	2018-05-01 21:23:35 +0200
committer	smitsohu <smitsohu@gmail.com>	2018-05-01 21:23:35 +0200
commit	ce2b96e2e3bdae0e664fa967171e75fd8fda340b (patch)
tree	f0a387b4f382c5a8e8d748254b9df10ae73f3c21 /etc
parent	Merge branch 'master' of http://github.com/netblue30/firejail (diff)
download	firejail-ce2b96e2e3bdae0e664fa967171e75fd8fda340b.tar.gz firejail-ce2b96e2e3bdae0e664fa967171e75fd8fda340b.tar.zst firejail-ce2b96e2e3bdae0e664fa967171e75fd8fda340b.zip

diff --git a/etc/cin.profile b/etc/cin.profile index 356509da0..e2410e3a5 100644 --- a/etc/cin.profile +++ b/etc/cin.profile
@@ -19,7 +19,7 @@ net none
19	nodbus	19	nodbus
20	nodvd	20	nodvd
21	#nogroups	21	#nogroups
22	#nonewprivs	22	nonewprivs
23	notv	23	notv
24	noroot	24	noroot
25	protocol unix	25	protocol unix


diff --git a/etc/natron.profile b/etc/natron.profile index e7c597fe2..76e909f83 100644 --- a/etc/natron.profile +++ b/etc/natron.profile
@@ -18,7 +18,7 @@ noblacklist /opt/natron
18		18
19	include /etc/firejail/disable-common.inc	19	include /etc/firejail/disable-common.inc
20	include /etc/firejail/disable-devel.inc	20	include /etc/firejail/disable-devel.inc
21	#include /etc/firejail/disable-interpreters.inc	21	include /etc/firejail/disable-interpreters.inc
22	include /etc/firejail/disable-passwdmgr.inc	22	include /etc/firejail/disable-passwdmgr.inc
23	include /etc/firejail/disable-programs.inc	23	include /etc/firejail/disable-programs.inc
24		24


diff --git a/etc/vlc.profile b/etc/vlc.profile index 9ccbb7310..bda027aaa 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile
@@ -20,8 +20,8 @@ include /etc/firejail/whitelist-var-common.inc
20	#apparmor - on Ubuntu 18.04 it refuses to start without dbus access	20	#apparmor - on Ubuntu 18.04 it refuses to start without dbus access
21	caps.drop all	21	caps.drop all
22	netfilter	22	netfilter
23	# nodbus - problems with KDE	23	#nodbus
24	# nogroups	24	#nogroups
25	nonewprivs	25	nonewprivs
26	noroot	26	noroot
27	protocol unix,inet,inet6,netlink	27	protocol unix,inet,inet6,netlink
@@ -33,6 +33,6 @@ private-dev
33	private-tmp	33	private-tmp
34		34
35	# mdwe is disabled due to breaking hardware accelerated decoding	35	# mdwe is disabled due to breaking hardware accelerated decoding
36	# memory-deny-write-execute	36	#memory-deny-write-execute
37	noexec ${HOME}	37	noexec ${HOME}
38	noexec /tmp	38	noexec /tmp