diff options
| author |  rusty-snake <print_hello_world+Public@protonmail.com> | 2019-06-15 23:11:00 +0200 |
|---|---|---|
| committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-06-15 23:11:00 +0200 |
| commit | a75c99245e323525c1cdc79981541f68f9420779 (patch) | |
| tree | d7e3ee74e9cf500798fea539303c51b46b18c4f2 /etc | |
| parent | More sorting private-etc (#2779) (diff) | |
| download | firejail-a75c99245e323525c1cdc79981541f68f9420779.tar.gz firejail-a75c99245e323525c1cdc79981541f68f9420779.tar.zst firejail-a75c99245e323525c1cdc79981541f68f9420779.zip | |
some profile fixes
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/aria2c.profile | 2 | ||||
| -rw-r--r-- | etc/minetest.profile | 3 | ||||
| -rw-r--r-- | etc/tcpdump.profile | 4 | ||||
| -rw-r--r-- | etc/tshark.profile | 5 |
4 files changed, 7 insertions, 7 deletions
diff --git a/etc/aria2c.profile b/etc/aria2c.profile index b952ac8a6..3b9dfc365 100644 --- a/etc/aria2c.profile +++ b/etc/aria2c.profile | |||
| @@ -38,7 +38,7 @@ private-bin aria2c,gzip | |||
| 38 | # Uncomment the next line (or put 'private-cache' in your aria2c.local) if you don't use Lutris/winetricks (see issue #2772) | 38 | # Uncomment the next line (or put 'private-cache' in your aria2c.local) if you don't use Lutris/winetricks (see issue #2772) |
| 39 | #private-cache | 39 | #private-cache |
| 40 | private-dev | 40 | private-dev |
| 41 | private-etc alternatives,ca-certificates,resolv.conf,ssl | 41 | private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl |
| 42 | private-lib libreadline.so.* | 42 | private-lib libreadline.so.* |
| 43 | private-tmp | 43 | private-tmp |
| 44 | 44 | ||
diff --git a/etc/minetest.profile b/etc/minetest.profile index b3e692446..f656d5a87 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile | |||
| @@ -6,6 +6,7 @@ include minetest.local | |||
| 6 | # Persistent global definitions | 6 | # Persistent global definitions |
| 7 | include globals.local | 7 | include globals.local |
| 8 | 8 | ||
| 9 | noblacklist ${HOME}/.cache/minetest | ||
| 9 | noblacklist ${HOME}/.minetest | 10 | noblacklist ${HOME}/.minetest |
| 10 | 11 | ||
| 11 | include disable-common.inc | 12 | include disable-common.inc |
| @@ -16,7 +17,9 @@ include disable-passwdmgr.inc | |||
| 16 | include disable-programs.inc | 17 | include disable-programs.inc |
| 17 | include disable-xdg.inc | 18 | include disable-xdg.inc |
| 18 | 19 | ||
| 20 | mkdir ${HOME}/.cache/minetest | ||
| 19 | mkdir ${HOME}/.minetest | 21 | mkdir ${HOME}/.minetest |
| 22 | whitelist ${HOME}/.cache/minetest | ||
| 20 | whitelist ${HOME}/.minetest | 23 | whitelist ${HOME}/.minetest |
| 21 | include whitelist-common.inc | 24 | include whitelist-common.inc |
| 22 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
diff --git a/etc/tcpdump.profile b/etc/tcpdump.profile index 7713ac6c0..3c46dfdcb 100644 --- a/etc/tcpdump.profile +++ b/etc/tcpdump.profile | |||
| @@ -8,6 +8,7 @@ include globals.local | |||
| 8 | 8 | ||
| 9 | noblacklist /sbin | 9 | noblacklist /sbin |
| 10 | noblacklist /usr/sbin | 10 | noblacklist /usr/sbin |
| 11 | |||
| 11 | include disable-common.inc | 12 | include disable-common.inc |
| 12 | include disable-devel.inc | 13 | include disable-devel.inc |
| 13 | include disable-exec.inc | 14 | include disable-exec.inc |
| @@ -15,6 +16,7 @@ include disable-interpreters.inc | |||
| 15 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
| 16 | include disable-programs.inc | 17 | include disable-programs.inc |
| 17 | include disable-xdg.inc | 18 | include disable-xdg.inc |
| 19 | |||
| 18 | include whitelist-common.inc | 20 | include whitelist-common.inc |
| 19 | 21 | ||
| 20 | caps.keep net_raw | 22 | caps.keep net_raw |
| @@ -30,7 +32,6 @@ nosound | |||
| 30 | notv | 32 | notv |
| 31 | nou2f | 33 | nou2f |
| 32 | novideo | 34 | novideo |
| 33 | |||
| 34 | protocol unix,inet,inet6,netlink,packet | 35 | protocol unix,inet,inet6,netlink,packet |
| 35 | seccomp | 36 | seccomp |
| 36 | 37 | ||
| @@ -38,7 +39,6 @@ disable-mnt | |||
| 38 | #private | 39 | #private |
| 39 | #private-bin tcpdump | 40 | #private-bin tcpdump |
| 40 | private-dev | 41 | private-dev |
| 41 | #private-etc | ||
| 42 | private-tmp | 42 | private-tmp |
| 43 | 43 | ||
| 44 | memory-deny-write-execute | 44 | memory-deny-write-execute |
diff --git a/etc/tshark.profile b/etc/tshark.profile index 52ee228a3..ea85f4e8a 100644 --- a/etc/tshark.profile +++ b/etc/tshark.profile | |||
| @@ -13,6 +13,7 @@ include disable-interpreters.inc | |||
| 13 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
| 14 | include disable-programs.inc | 14 | include disable-programs.inc |
| 15 | include disable-xdg.inc | 15 | include disable-xdg.inc |
| 16 | |||
| 16 | include whitelist-common.inc | 17 | include whitelist-common.inc |
| 17 | 18 | ||
| 18 | #caps.keep net_raw | 19 | #caps.keep net_raw |
| @@ -29,7 +30,6 @@ nosound | |||
| 29 | notv | 30 | notv |
| 30 | nou2f | 31 | nou2f |
| 31 | novideo | 32 | novideo |
| 32 | |||
| 33 | #protocol unix,inet,inet6,netlink,packet | 33 | #protocol unix,inet,inet6,netlink,packet |
| 34 | #seccomp | 34 | #seccomp |
| 35 | 35 | ||
| @@ -38,7 +38,4 @@ disable-mnt | |||
| 38 | private-cache | 38 | private-cache |
| 39 | #private-bin tshark | 39 | #private-bin tshark |
| 40 | private-dev | 40 | private-dev |
| 41 | #private-etc | ||
| 42 | private-tmp | 41 | private-tmp |
| 43 | |||
| 44 | # memory-deny-write-execute | ||