diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2020-12-11 12:09:30 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-11 12:09:30 +0000 |
commit | 5cbbafa6867d85cdf94a266bbbc9965a755189fe (patch) | |
tree | 593d5d56b7b6e42da0794ed5b295c1ea1f096f4f /etc | |
parent | fix audio/video play in yelp.profile (diff) | |
download | firejail-5cbbafa6867d85cdf94a266bbbc9965a755189fe.tar.gz firejail-5cbbafa6867d85cdf94a266bbbc9965a755189fe.tar.zst firejail-5cbbafa6867d85cdf94a266bbbc9965a755189fe.zip |
integrate relevant options into server.profile (#3808)
* integrate relevant options into server.profile
* relax mdwe and dbus-system in server.profile
Diffstat (limited to 'etc')
-rw-r--r-- | etc/profile-m-z/server.profile | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile index 5bc4735ae..d47f1289a 100644 --- a/etc/profile-m-z/server.profile +++ b/etc/profile-m-z/server.profile | |||
@@ -45,10 +45,17 @@ include disable-common.inc | |||
45 | # include disable-interpreters.inc | 45 | # include disable-interpreters.inc |
46 | include disable-passwdmgr.inc | 46 | include disable-passwdmgr.inc |
47 | include disable-programs.inc | 47 | include disable-programs.inc |
48 | # include disable-xdg.inc | 48 | include disable-write-mnt.inc |
49 | include disable-xdg.inc | ||
49 | 50 | ||
51 | # include whitelist-runuser-common.inc | ||
52 | # include whitelist-usr-share-common.inc | ||
53 | # include whitelist-var-common.inc | ||
54 | |||
55 | apparmor | ||
50 | caps | 56 | caps |
51 | # ipc-namespace | 57 | # ipc-namespace |
58 | machine-id | ||
52 | # netfilter /etc/firejail/webserver.net | 59 | # netfilter /etc/firejail/webserver.net |
53 | no3d | 60 | no3d |
54 | nodvd | 61 | nodvd |
@@ -59,19 +66,26 @@ nosound | |||
59 | notv | 66 | notv |
60 | nou2f | 67 | nou2f |
61 | novideo | 68 | novideo |
69 | # protocol unix,inet,inet6,netlink | ||
62 | seccomp | 70 | seccomp |
63 | # shell none | 71 | # shell none |
64 | 72 | ||
65 | # disable-mnt | 73 | disable-mnt |
66 | private | 74 | private |
67 | # private-bin program | 75 | # private-bin program |
68 | # private-cache | 76 | # private-cache |
69 | private-dev | 77 | private-dev |
78 | # see /usr/share/doc/firejail/profile.template for more common private-etc paths. | ||
70 | # private-etc alternatives | 79 | # private-etc alternatives |
71 | # private-lib | 80 | # private-lib |
81 | # private-opt none | ||
72 | private-tmp | 82 | private-tmp |
73 | 83 | ||
74 | # dbus-user none | 84 | dbus-user none |
75 | # dbus-system none | 85 | # dbus-system none |
76 | 86 | ||
77 | # memory-deny-write-execute | 87 | # memory-deny-write-execute |
88 | # read-only ${HOME} | ||
89 | # writable-run-user | ||
90 | # writable-var | ||
91 | # writable-var-log | ||