aboutsummaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorLibravatar Fred Barclay <Fred-Barclay@users.noreply.github.com>2017-08-18 16:29:28 -0500
committerLibravatar GitHub <noreply@github.com>2017-08-18 16:29:28 -0500
commit5cbcdf42efc6a97234bb127fe80dbd8ebcff1642 (patch)
treeaf8e29ead4b15b1955f56bf47f57d5701c5466b3 /etc
parentnew MuseScore profile (#1477) (diff)
parentbring back netfilter (diff)
downloadfirejail-5cbcdf42efc6a97234bb127fe80dbd8ebcff1642.tar.gz
firejail-5cbcdf42efc6a97234bb127fe80dbd8ebcff1642.tar.zst
firejail-5cbcdf42efc6a97234bb127fe80dbd8ebcff1642.zip
Merge pull request #1475 from smitsohu/patch-2
some fixes and enhancements
Diffstat (limited to 'etc')
-rw-r--r--etc/cvlc.profile2
-rw-r--r--etc/konversation.profile3
-rw-r--r--etc/skanlite.profile9
-rw-r--r--etc/tracker.profile1
-rw-r--r--etc/tuxguitar.profile1
5 files changed, 11 insertions, 5 deletions
diff --git a/etc/cvlc.profile b/etc/cvlc.profile
index ee1346617..460966321 100644
--- a/etc/cvlc.profile
+++ b/etc/cvlc.profile
@@ -14,11 +14,9 @@ include /etc/firejail/disable-programs.inc
14 14
15caps.drop all 15caps.drop all
16netfilter 16netfilter
17nodvd
18nogroups 17nogroups
19nonewprivs 18nonewprivs
20noroot 19noroot
21notv
22protocol unix,inet,inet6,netlink 20protocol unix,inet,inet6,netlink
23seccomp 21seccomp
24shell none 22shell none
diff --git a/etc/konversation.profile b/etc/konversation.profile
index 8bc263d4d..212aa8817 100644
--- a/etc/konversation.profile
+++ b/etc/konversation.profile
@@ -15,9 +15,12 @@ caps.drop all
15netfilter 15netfilter
16nodvd 16nodvd
17nogroups 17nogroups
18nonewprivs
18noroot 19noroot
19notv 20notv
21novideo
20protocol unix,inet,inet6 22protocol unix,inet,inet6
21seccomp 23seccomp
24tracelog
22 25
23private-tmp 26private-tmp
diff --git a/etc/skanlite.profile b/etc/skanlite.profile
index 0338bc452..1d590a142 100644
--- a/etc/skanlite.profile
+++ b/etc/skanlite.profile
@@ -12,6 +12,7 @@ include /etc/firejail/disable-passwdmgr.inc
12include /etc/firejail/disable-programs.inc 12include /etc/firejail/disable-programs.inc
13 13
14caps.drop all 14caps.drop all
15# net none
15netfilter 16netfilter
16nodvd 17nodvd
17nogroups 18nogroups
@@ -19,11 +20,13 @@ nonewprivs
19noroot 20noroot
20nosound 21nosound
21notv 22notv
22# protocol unix,inet,inet6 23novideo
23seccomp 24protocol unix,netlink
25# skanlite makes ioperm system calls, which are blacklisted by default.
26seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,chroot,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
24shell none 27shell none
25 28
26# private-bin skanlite 29# private-bin skanlite,kbuildsycoca4
27# private-dev 30# private-dev
28# private-etc 31# private-etc
29# private-tmp 32# private-tmp
diff --git a/etc/tracker.profile b/etc/tracker.profile
index ded2ae2e5..f3dfb2d4e 100644
--- a/etc/tracker.profile
+++ b/etc/tracker.profile
@@ -23,6 +23,7 @@ nonewprivs
23noroot 23noroot
24nosound 24nosound
25notv 25notv
26novideo
26protocol unix 27protocol unix
27seccomp 28seccomp
28shell none 29shell none
diff --git a/etc/tuxguitar.profile b/etc/tuxguitar.profile
index ddbcce3f6..5b6a257f6 100644
--- a/etc/tuxguitar.profile
+++ b/etc/tuxguitar.profile
@@ -14,6 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include /etc/firejail/disable-programs.inc
15 15
16caps.drop all 16caps.drop all
17netfilter
17no3d 18no3d
18nodvd 19nodvd
19nonewprivs 20nonewprivs
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 20:47:14 +0000