diff options
-rw-r--r-- | etc/VirtualBox.profile | 1 | ||||
-rw-r--r-- | etc/disable-common.inc | 1 | ||||
-rw-r--r-- | etc/skanlite.profile | 6 | ||||
-rw-r--r-- | etc/virtualbox.profile | 14 |
4 files changed, 17 insertions, 5 deletions
diff --git a/etc/VirtualBox.profile b/etc/VirtualBox.profile new file mode 100644 index 000000000..ff0a4b6ef --- /dev/null +++ b/etc/VirtualBox.profile | |||
@@ -0,0 +1 @@ | |||
include /etc/firejail/virtualbox.profile | |||
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 07814a704..efe5c850d 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -191,6 +191,7 @@ blacklist ${PATH}/mount.ecryptfs_private | |||
191 | 191 | ||
192 | # other SUID binaries | 192 | # other SUID binaries |
193 | blacklist /usr/lib/virtualbox | 193 | blacklist /usr/lib/virtualbox |
194 | blacklist /usr/lib64/virtualbox | ||
194 | 195 | ||
195 | # prevent lxterminal connecting to an existing lxterminal session | 196 | # prevent lxterminal connecting to an existing lxterminal session |
196 | blacklist /tmp/.lxterminal-socket* | 197 | blacklist /tmp/.lxterminal-socket* |
diff --git a/etc/skanlite.profile b/etc/skanlite.profile index 4dcfa64d9..667b775c8 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile | |||
@@ -11,10 +11,10 @@ nonewprivs | |||
11 | noroot | 11 | noroot |
12 | nosound | 12 | nosound |
13 | shell none | 13 | shell none |
14 | #seccomp | 14 | seccomp |
15 | protocol unix,inet,inet6 | 15 | # protocol unix,inet,inet6 |
16 | 16 | ||
17 | private-bin skanlite | 17 | # private-bin skanlite |
18 | # private-dev | 18 | # private-dev |
19 | # private-tmp | 19 | # private-tmp |
20 | # private-etc | 20 | # private-etc |
diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile index 36a1e0704..1e765b89b 100644 --- a/etc/virtualbox.profile +++ b/etc/virtualbox.profile | |||
@@ -1,12 +1,22 @@ | |||
1 | # VirtualBox profile | 1 | # virtualbox profile |
2 | noblacklist ${HOME}/.VirtualBox | 2 | noblacklist ${HOME}/.VirtualBox |
3 | noblacklist ${HOME}/VirtualBox VMs | 3 | noblacklist ${HOME}/VirtualBox VMs |
4 | noblacklist ${HOME}/.config/VirtualBox | 4 | noblacklist ${HOME}/.config/VirtualBox |
5 | noblacklist /usr/bin/virtualbox | 5 | |
6 | mkdir ~/VirtualBox VMs | ||
7 | whitelist ~/VirtualBox VMs | ||
8 | mkdir ~/.config/VirtualBox | ||
9 | whitelist ~/.config/VirtualBox | ||
10 | |||
11 | # noblacklist /usr/bin/virtualbox | ||
12 | noblacklist /usr/lib/virtualbox | ||
13 | noblacklist /usr/lib64/virtualbox | ||
6 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
7 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
8 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
17 | include /etc/firejail/whitelist-common.inc | ||
9 | 18 | ||
10 | caps.drop all | 19 | caps.drop all |
20 | netfilter | ||
11 | 21 | ||
12 | 22 | ||