Merge pull request #979 from curiosity-seeker/master

Correct skanlite.profile
author: netblue30 <netblue30@yahoo.com> 2016-12-16 12:44:28 -0500
committer: GitHub <noreply@github.com> 2016-12-16 12:44:28 -0500
commit: cbfef7eea581e9c9a8c5c8b22154971043eddb1a (patch)
tree: 0050b1c43923e23c3329e1278147da36b7a6d97b /etc
parent: Merge pull request #978 from Fred-Barclay/keepassx2 (diff)
parent: Update disable-common.inc (diff)
download: firejail-cbfef7eea581e9c9a8c5c8b22154971043eddb1a.tar.gz
firejail-cbfef7eea581e9c9a8c5c8b22154971043eddb1a.tar.zst
firejail-cbfef7eea581e9c9a8c5c8b22154971043eddb1a.zip
4 files changed, 17 insertions, 5 deletions
diff --git a/etc/VirtualBox.profile b/etc/VirtualBox.profile
new file mode 100644
index 000000000..ff0a4b6ef
--- /dev/null
+++ b/etc/VirtualBox.profile
@@ -0,0 +1 @@
+include /etc/firejail/virtualbox.profile
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index 07814a704..efe5c850d 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -191,6 +191,7 @@ blacklist ${PATH}/mount.ecryptfs_private
 # other SUID binaries
 blacklist /usr/lib/virtualbox
+blacklist /usr/lib64/virtualbox
 # prevent lxterminal connecting to an existing lxterminal session
 blacklist /tmp/.lxterminal-socket*
diff --git a/etc/skanlite.profile b/etc/skanlite.profile
index 4dcfa64d9..667b775c8 100644
--- a/etc/skanlite.profile
+++ b/etc/skanlite.profile
@@ -11,10 +11,10 @@ nonewprivs
 noroot
 nosound
 shell none
-#seccomp
+seccomp
-protocol unix,inet,inet6
+# protocol unix,inet,inet6
-private-bin skanlite
+# private-bin skanlite
 # private-dev
 # private-tmp
 # private-etc
diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile
index 36a1e0704..1e765b89b 100644
--- a/etc/virtualbox.profile
+++ b/etc/virtualbox.profile
@@ -1,12 +1,22 @@
-# VirtualBox profile
+# virtualbox profile
 noblacklist ${HOME}/.VirtualBox
 noblacklist ${HOME}/VirtualBox VMs
 noblacklist ${HOME}/.config/VirtualBox
-noblacklist /usr/bin/virtualbox
+mkdir ~/VirtualBox VMs
+whitelist ~/VirtualBox VMs
+mkdir ~/.config/VirtualBox
+whitelist ~/.config/VirtualBox
+# noblacklist /usr/bin/virtualbox
+noblacklist /usr/lib/virtualbox
+noblacklist /usr/lib64/virtualbox
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/whitelist-common.inc
 caps.drop all
+netfilter
author	netblue30 <netblue30@yahoo.com>	2016-12-16 12:44:28 -0500
committer	GitHub <noreply@github.com>	2016-12-16 12:44:28 -0500
commit	cbfef7eea581e9c9a8c5c8b22154971043eddb1a (patch)
tree	0050b1c43923e23c3329e1278147da36b7a6d97b /etc
parent	Merge pull request #978 from Fred-Barclay/keepassx2 (diff)
parent	Update disable-common.inc (diff)
download	firejail-cbfef7eea581e9c9a8c5c8b22154971043eddb1a.tar.gz firejail-cbfef7eea581e9c9a8c5c8b22154971043eddb1a.tar.zst firejail-cbfef7eea581e9c9a8c5c8b22154971043eddb1a.zip

diff --git a/etc/VirtualBox.profile b/etc/VirtualBox.profile new file mode 100644 index 000000000..ff0a4b6ef --- /dev/null +++ b/etc/VirtualBox.profile
@@ -0,0 +1 @@
			include /etc/firejail/virtualbox.profile


diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 07814a704..efe5c850d 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc
@@ -191,6 +191,7 @@ blacklist ${PATH}/mount.ecryptfs_private
191		191
192	# other SUID binaries	192	# other SUID binaries
193	blacklist /usr/lib/virtualbox	193	blacklist /usr/lib/virtualbox
		194	blacklist /usr/lib64/virtualbox
194		195
195	# prevent lxterminal connecting to an existing lxterminal session	196	# prevent lxterminal connecting to an existing lxterminal session
196	blacklist /tmp/.lxterminal-socket*	197	blacklist /tmp/.lxterminal-socket*


diff --git a/etc/skanlite.profile b/etc/skanlite.profile index 4dcfa64d9..667b775c8 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile
@@ -11,10 +11,10 @@ nonewprivs
11	noroot	11	noroot
12	nosound	12	nosound
13	shell none	13	shell none
14	#seccomp	14	seccomp
15	protocol unix,inet,inet6	15	# protocol unix,inet,inet6
16		16
17	private-bin skanlite	17	# private-bin skanlite
18	# private-dev	18	# private-dev
19	# private-tmp	19	# private-tmp
20	# private-etc	20	# private-etc


diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile index 36a1e0704..1e765b89b 100644 --- a/etc/virtualbox.profile +++ b/etc/virtualbox.profile
@@ -1,12 +1,22 @@
1	# VirtualBox profile	1	# virtualbox profile
2	noblacklist ${HOME}/.VirtualBox	2	noblacklist ${HOME}/.VirtualBox
3	noblacklist ${HOME}/VirtualBox VMs	3	noblacklist ${HOME}/VirtualBox VMs
4	noblacklist ${HOME}/.config/VirtualBox	4	noblacklist ${HOME}/.config/VirtualBox
5	noblacklist /usr/bin/virtualbox	5
		6	mkdir ~/VirtualBox VMs
		7	whitelist ~/VirtualBox VMs
		8	mkdir ~/.config/VirtualBox
		9	whitelist ~/.config/VirtualBox
		10
		11	# noblacklist /usr/bin/virtualbox
		12	noblacklist /usr/lib/virtualbox
		13	noblacklist /usr/lib64/virtualbox
6	include /etc/firejail/disable-common.inc	14	include /etc/firejail/disable-common.inc
7	include /etc/firejail/disable-programs.inc	15	include /etc/firejail/disable-programs.inc
8	include /etc/firejail/disable-passwdmgr.inc	16	include /etc/firejail/disable-passwdmgr.inc
		17	include /etc/firejail/whitelist-common.inc
9		18
10	caps.drop all	19	caps.drop all
		20	netfilter
11		21
12		22