bring back options

1 files changed, 6 insertions, 4 deletions

diff --git a/etc/skanlite.profile b/etc/skanlite.profile
index 0338bc452..d34d2e92d 100644
--- a/etc/skanlite.profile
+++ b/etc/skanlite.profile
@@ -12,18 +12,20 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
 caps.drop all
-netfilter
+# net none
 nodvd
 nogroups
 nonewprivs
 noroot
 nosound
 notv
-# protocol unix,inet,inet6
-seccomp
+novideo
+protocol unix,netlink
+# skanlite makes ioperm system calls, which are blacklisted by default.
+seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,chroot,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
 shell none
 
-# private-bin skanlite
+private-bin skanlite,kbuildsycoca4
 # private-dev
 # private-etc
 # private-tmp