fix nginx and apache2, possible fix for #1534

author: netblue30 <netblue30@yahoo.com> 2017-09-25 09:12:37 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-09-25 09:12:37 -0400
commit: 94bb78856bb3f953fc79684622a28552d02b9d11 (patch)
tree: e1be67e8a345af8bc233bbaf7e9eb2e62477302e /etc
parent: disable DBus activation in firecfg (diff)
download: firejail-94bb78856bb3f953fc79684622a28552d02b9d11.tar.gz
firejail-94bb78856bb3f953fc79684622a28552d02b9d11.tar.zst
firejail-94bb78856bb3f953fc79684622a28552d02b9d11.zip
2 files changed, 4 insertions, 2 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index abce0fe57..d943950d4 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -120,7 +120,8 @@ blacklist /var/lib/mysql/mysql.sock
 blacklist /var/lib/mysqld/mysql.sock
 blacklist /var/lib/pacman
 blacklist /var/lib/upower
-blacklist /var/log
+# blacklist /var/log - a virtual /var/log directory (mostly empty) is buid up by default for
+#          every sandbox, unless --writeble-var-log switch is activated
 blacklist /var/mail
 blacklist /var/opt
 blacklist /var/run/acpid.socket
diff --git a/etc/server.profile b/etc/server.profile
index edd4666e1..860e0056d 100644
--- a/etc/server.profile
+++ b/etc/server.profile
@@ -13,7 +13,6 @@ blacklist /tmp/.X11-unix
 noblacklist /sbin
 noblacklist /usr/sbin
-# noblacklist /var/log
 # noblacklist /var/opt
 include /etc/firejail/disable-common.inc
@@ -29,6 +28,8 @@ notv
 novideo
 seccomp
+# netfilter /etc/firejail/webserver.net
 # disable-mnt
 private
 # private-bin program
author	netblue30 <netblue30@yahoo.com>	2017-09-25 09:12:37 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-09-25 09:12:37 -0400
commit	94bb78856bb3f953fc79684622a28552d02b9d11 (patch)
tree	e1be67e8a345af8bc233bbaf7e9eb2e62477302e /etc
parent	disable DBus activation in firecfg (diff)
download	firejail-94bb78856bb3f953fc79684622a28552d02b9d11.tar.gz firejail-94bb78856bb3f953fc79684622a28552d02b9d11.tar.zst firejail-94bb78856bb3f953fc79684622a28552d02b9d11.zip

diff --git a/etc/disable-common.inc b/etc/disable-common.inc index abce0fe57..d943950d4 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc
@@ -120,7 +120,8 @@ blacklist /var/lib/mysql/mysql.sock
120	blacklist /var/lib/mysqld/mysql.sock	120	blacklist /var/lib/mysqld/mysql.sock
121	blacklist /var/lib/pacman	121	blacklist /var/lib/pacman
122	blacklist /var/lib/upower	122	blacklist /var/lib/upower
123	blacklist /var/log	123	# blacklist /var/log - a virtual /var/log directory (mostly empty) is buid up by default for
		124	# every sandbox, unless --writeble-var-log switch is activated
124	blacklist /var/mail	125	blacklist /var/mail
125	blacklist /var/opt	126	blacklist /var/opt
126	blacklist /var/run/acpid.socket	127	blacklist /var/run/acpid.socket


diff --git a/etc/server.profile b/etc/server.profile index edd4666e1..860e0056d 100644 --- a/etc/server.profile +++ b/etc/server.profile
@@ -13,7 +13,6 @@ blacklist /tmp/.X11-unix
13		13
14	noblacklist /sbin	14	noblacklist /sbin
15	noblacklist /usr/sbin	15	noblacklist /usr/sbin
16	# noblacklist /var/log
17	# noblacklist /var/opt	16	# noblacklist /var/opt
18		17
19	include /etc/firejail/disable-common.inc	18	include /etc/firejail/disable-common.inc
@@ -29,6 +28,8 @@ notv
29	novideo	28	novideo
30	seccomp	29	seccomp
31		30
		31	# netfilter /etc/firejail/webserver.net
		32
32	# disable-mnt	33	# disable-mnt
33	private	34	private
34	# private-bin program	35	# private-bin program