tightened and fixed permissions warning

author: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2016-07-09 05:27:38 +1000
committer: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2016-07-09 05:27:38 +1000
commit: c99ddd579d823dae018e1f65ad28b3234e8e51bb (patch)
tree: ca7bf413aadb264c62071de320ed9302371a117d /etc
parent: missed a file... (diff)
download: firejail-c99ddd579d823dae018e1f65ad28b3234e8e51bb.tar.gz
firejail-c99ddd579d823dae018e1f65ad28b3234e8e51bb.tar.zst
firejail-c99ddd579d823dae018e1f65ad28b3234e8e51bb.zip
1 files changed, 15 insertions, 11 deletions
diff --git a/etc/0ad.profile b/etc/0ad.profile
index 3797ae5cd..11fb45463 100644
--- a/etc/0ad.profile
+++ b/etc/0ad.profile
@@ -1,21 +1,13 @@
 # Firejail profile for 0ad.
+noblacklist ~/.cache/0ad
 noblacklist ~/.config/0ad
+noblacklist ~/.local/share/0ad
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
-# Call these options
-caps.drop all
-netfilter
-noroot
-nonewprivs
-protocol unix,inet,inet6,netlink
-seccomp
-tracelog
 # Whitelists
-noblacklist ~/.cache/0ad
 mkdir ~/.cache
 mkdir ~/.cache/0ad
 whitelist ~/.cache/0ad
@@ -24,8 +16,20 @@ mkdir ~/.config
 mkdir ~/.config/0ad
 whitelist ~/.config/0ad
-noblacklist ~/.local/share/0ad
 mkdir ~/.local
 mkdir ~/.local/share
 mkdir ~/.local/share/0ad
 whitelist ~/.local/share/0ad
+caps.drop all
+netfilter
+nonewprivs
+nogroups
+noroot
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+private-dev
author	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2016-07-09 05:27:38 +1000
committer	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2016-07-09 05:27:38 +1000
commit	c99ddd579d823dae018e1f65ad28b3234e8e51bb (patch)
tree	ca7bf413aadb264c62071de320ed9302371a117d /etc
parent	missed a file... (diff)
download	firejail-c99ddd579d823dae018e1f65ad28b3234e8e51bb.tar.gz firejail-c99ddd579d823dae018e1f65ad28b3234e8e51bb.tar.zst firejail-c99ddd579d823dae018e1f65ad28b3234e8e51bb.zip

diff --git a/etc/0ad.profile b/etc/0ad.profile index 3797ae5cd..11fb45463 100644 --- a/etc/0ad.profile +++ b/etc/0ad.profile
@@ -1,21 +1,13 @@
1	# Firejail profile for 0ad.	1	# Firejail profile for 0ad.
		2	noblacklist ~/.cache/0ad
2	noblacklist ~/.config/0ad	3	noblacklist ~/.config/0ad
		4	noblacklist ~/.local/share/0ad
3	include /etc/firejail/disable-common.inc	5	include /etc/firejail/disable-common.inc
4	include /etc/firejail/disable-devel.inc	6	include /etc/firejail/disable-devel.inc
5	include /etc/firejail/disable-passwdmgr.inc	7	include /etc/firejail/disable-passwdmgr.inc
6	include /etc/firejail/disable-programs.inc	8	include /etc/firejail/disable-programs.inc
7		9
8	# Call these options
9	caps.drop all
10	netfilter
11	noroot
12	nonewprivs
13	protocol unix,inet,inet6,netlink
14	seccomp
15	tracelog
16
17	# Whitelists	10	# Whitelists
18	noblacklist ~/.cache/0ad
19	mkdir ~/.cache	11	mkdir ~/.cache
20	mkdir ~/.cache/0ad	12	mkdir ~/.cache/0ad
21	whitelist ~/.cache/0ad	13	whitelist ~/.cache/0ad
@@ -24,8 +16,20 @@ mkdir ~/.config
24	mkdir ~/.config/0ad	16	mkdir ~/.config/0ad
25	whitelist ~/.config/0ad	17	whitelist ~/.config/0ad
26		18
27	noblacklist ~/.local/share/0ad
28	mkdir ~/.local	19	mkdir ~/.local
29	mkdir ~/.local/share	20	mkdir ~/.local/share
30	mkdir ~/.local/share/0ad	21	mkdir ~/.local/share/0ad
31	whitelist ~/.local/share/0ad	22	whitelist ~/.local/share/0ad
		23
		24	caps.drop all
		25	netfilter
		26	nonewprivs
		27	nogroups
		28	noroot
		29	protocol unix,inet,inet6
		30	seccomp
		31	shell none
		32	tracelog
		33
		34	private-dev
		35