Fixup 17a2edf9be3d1144db1a262c5358bf190c9b272b

author: Tad <tad@spotco.us> 2017-09-21 08:07:48 -0400
committer: Tad <tad@spotco.us> 2017-09-21 08:07:48 -0400
commit: e1af15d8e713d53aa9b7d7eeb7cee4336a8323f5 (patch)
tree: b34a659a387f964335b17404d5e882caa374eb81 /etc
parent: Add a profile for arch-audit (diff)
download: firejail-e1af15d8e713d53aa9b7d7eeb7cee4336a8323f5.tar.gz
firejail-e1af15d8e713d53aa9b7d7eeb7cee4336a8323f5.tar.zst
firejail-e1af15d8e713d53aa9b7d7eeb7cee4336a8323f5.zip
1 files changed, 40 insertions, 0 deletions
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile
new file mode 100644
index 000000000..d8ed64811
--- /dev/null
+++ b/etc/arch-audit.profile
@@ -0,0 +1,40 @@
+# Firejail profile for arch-audit
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/arch-audit.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist /var/lib/pacman
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private
+private-bin arch-audit
+private-dev
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
author	Tad <tad@spotco.us>	2017-09-21 08:07:48 -0400
committer	Tad <tad@spotco.us>	2017-09-21 08:07:48 -0400
commit	e1af15d8e713d53aa9b7d7eeb7cee4336a8323f5 (patch)
tree	b34a659a387f964335b17404d5e882caa374eb81 /etc
parent	Add a profile for arch-audit (diff)
download	firejail-e1af15d8e713d53aa9b7d7eeb7cee4336a8323f5.tar.gz firejail-e1af15d8e713d53aa9b7d7eeb7cee4336a8323f5.tar.zst firejail-e1af15d8e713d53aa9b7d7eeb7cee4336a8323f5.zip

diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile new file mode 100644 index 000000000..d8ed64811 --- /dev/null +++ b/etc/arch-audit.profile
@@ -0,0 +1,40 @@
	1	# Firejail profile for arch-audit
	2	# This file is overwritten after every install/update
	3	quiet
	4	# Persistent local customizations
	5	include /etc/firejail/arch-audit.local
	6	# Persistent global definitions
	7	include /etc/firejail/globals.local
	8
	9
	10	noblacklist /var/lib/pacman
	11
	12	include /etc/firejail/disable-common.inc
	13	include /etc/firejail/disable-devel.inc
	14	include /etc/firejail/disable-passwdmgr.inc
	15	include /etc/firejail/disable-programs.inc
	16
	17	caps.drop all
	18	ipc-namespace
	19	netfilter
	20	no3d
	21	nodvd
	22	nogroups
	23	nonewprivs
	24	noroot
	25	nosound
	26	notv
	27	novideo
	28	protocol unix,inet,inet6
	29	seccomp
	30	shell none
	31
	32	disable-mnt
	33	private
	34	private-bin arch-audit
	35	private-dev
	36	private-tmp
	37
	38	memory-deny-write-execute
	39	noexec ${HOME}
	40	noexec /tmp