diff options
| author |  rusty-snake <print_hello_world+Public@protonmail.com> | 2019-08-26 10:29:45 +0200 |
|---|---|---|
| committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-08-30 21:01:10 +0200 |
| commit | 3d8f587cd8e2604df928be21c4dd201bd0b818fc (patch) | |
| tree | 461bf8b0d24c7503d9b25d5130cbf6c08862feac /etc | |
| parent | Use new seccomp syntax from #2926 in more profiles (diff) | |
| download | firejail-3d8f587cd8e2604df928be21c4dd201bd0b818fc.tar.gz firejail-3d8f587cd8e2604df928be21c4dd201bd0b818fc.tar.zst firejail-3d8f587cd8e2604df928be21c4dd201bd0b818fc.zip | |
Use new seccomp syntax (#2926) in more profiles
Rules for redirecting profiles:
- add exceptions: just add 'seccomp !SYSCALL'
- remove exception:
```
seccomp
ignore seccomp
```
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/basilisk.profile | 2 | ||||
| -rw-r--r-- | etc/palemoon.profile | 2 | ||||
| -rw-r--r-- | etc/riot-desktop.profile | 3 |
3 files changed, 3 insertions, 4 deletions
diff --git a/etc/basilisk.profile b/etc/basilisk.profile index 5bc91dc74..8dc3847a0 100644 --- a/etc/basilisk.profile +++ b/etc/basilisk.profile | |||
| @@ -14,8 +14,8 @@ whitelist ${HOME}/.cache/moonchild productions/basilisk | |||
| 14 | whitelist ${HOME}/.moonchild productions | 14 | whitelist ${HOME}/.moonchild productions |
| 15 | 15 | ||
| 16 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) | 16 | # Basilisk can use the full firejail seccomp filter (unlike firefox >= 60) |
| 17 | ignore seccomp.drop | ||
| 18 | seccomp | 17 | seccomp |
| 18 | ignore seccomp | ||
| 19 | 19 | ||
| 20 | #private-bin basilisk | 20 | #private-bin basilisk |
| 21 | # private-etc must first be enabled in firefox-common.profile | 21 | # private-etc must first be enabled in firefox-common.profile |
diff --git a/etc/palemoon.profile b/etc/palemoon.profile index 11464e6cf..acb2ce176 100644 --- a/etc/palemoon.profile +++ b/etc/palemoon.profile | |||
| @@ -14,8 +14,8 @@ whitelist ${HOME}/.cache/moonchild productions/pale moon | |||
| 14 | whitelist ${HOME}/.moonchild productions | 14 | whitelist ${HOME}/.moonchild productions |
| 15 | 15 | ||
| 16 | # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60) | 16 | # Palemoon can use the full firejail seccomp filter (unlike firefox >= 60) |
| 17 | ignore seccomp.drop | ||
| 18 | seccomp | 17 | seccomp |
| 18 | ignore seccomp | ||
| 19 | 19 | ||
| 20 | #private-bin palemoon | 20 | #private-bin palemoon |
| 21 | # private-etc must first be enabled in firefox-common.profile | 21 | # private-etc must first be enabled in firefox-common.profile |
diff --git a/etc/riot-desktop.profile b/etc/riot-desktop.profile index e6af4c2cb..4372fabe1 100644 --- a/etc/riot-desktop.profile +++ b/etc/riot-desktop.profile | |||
| @@ -7,8 +7,7 @@ include riot-desktop.local | |||
| 7 | # added by included profile | 7 | # added by included profile |
| 8 | #include globals.local | 8 | #include globals.local |
| 9 | 9 | ||
| 10 | ignore seccomp | 10 | seccomp !chroot |
| 11 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mincore,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pivot_root,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | ||
| 12 | 11 | ||
| 13 | # Redirect | 12 | # Redirect |
| 14 | include riot-web.profile | 13 | include riot-web.profile |