diff options
| -rw-r--r-- | RELNOTES | 9 | ||||
| -rw-r--r-- | etc/audacious.profile | 5 | ||||
| -rw-r--r-- | etc/clementine.profile | 5 | ||||
| -rw-r--r-- | etc/deadbeef.profile | 5 | ||||
| -rw-r--r-- | etc/deluge.profile | 5 | ||||
| -rw-r--r-- | etc/disable-common.inc | 4 | ||||
| -rw-r--r-- | etc/disable-secret.inc | 1 | ||||
| -rw-r--r-- | etc/dropbox.profile | 5 | ||||
| -rw-r--r-- | etc/empathy.profile | 1 | ||||
| -rw-r--r-- | etc/evince.profile | 5 | ||||
| -rw-r--r-- | etc/fbreader.profile | 5 | ||||
| -rw-r--r-- | etc/filezilla.profile | 1 | ||||
| -rw-r--r-- | etc/generic.profile | 5 | ||||
| -rw-r--r-- | etc/gnome-mplayer.profile | 5 | ||||
| -rw-r--r-- | etc/pidgin.profile | 1 | ||||
| -rw-r--r-- | etc/qbittorrent.profile | 5 | ||||
| -rw-r--r-- | etc/quassel.profile | 1 | ||||
| -rw-r--r-- | etc/rhythmbox.profile | 5 | ||||
| -rw-r--r-- | etc/totem.profile | 5 | ||||
| -rw-r--r-- | etc/transmission-gtk.profile | 5 | ||||
| -rw-r--r-- | etc/transmission-qt.profile | 7 | ||||
| -rw-r--r-- | etc/vlc.profile | 5 | ||||
| -rw-r--r-- | etc/xchat.profile | 1 |
23 files changed, 89 insertions, 7 deletions
| @@ -1,11 +1,12 @@ | |||
| 1 | ffirejail (0.9.31) baseline; urgency=low | 1 | firejail (0.9.31) baseline; urgency=low |
| 2 | * disable X11 autostart folders in default profiles | 2 | * lots of security profile changes |
| 3 | * disable subversion and git config files in home directory | ||
| 4 | * added FBReader default profile | 3 | * added FBReader default profile |
| 4 | * added --interface option | ||
| 5 | * bugfixes | ||
| 5 | -- netblue30 <netblue30@yahoo.com> current development | 6 | -- netblue30 <netblue30@yahoo.com> current development |
| 6 | 7 | ||
| 7 | 8 | ||
| 8 | irejail (0.9.30) baseline; urgency=low | 9 | firejail (0.9.30) baseline; urgency=low |
| 9 | * added a disable-history.inc profile as a result of Firefox PDF.js exploit; | 10 | * added a disable-history.inc profile as a result of Firefox PDF.js exploit; |
| 10 | disable-history.inc included in all default profiles | 11 | disable-history.inc included in all default profiles |
| 11 | * Firefox PDF.js exploit (CVE-2015-4495) fixes | 12 | * Firefox PDF.js exploit (CVE-2015-4495) fixes |
diff --git a/etc/audacious.profile b/etc/audacious.profile index 923b70184..a55398648 100644 --- a/etc/audacious.profile +++ b/etc/audacious.profile | |||
| @@ -3,6 +3,11 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | blacklist ${HOME}/.pki/nssdb | ||
| 7 | blacklist ${HOME}/.lastpass | ||
| 8 | blacklist ${HOME}/.keepassx | ||
| 9 | blacklist ${HOME}/.password-store | ||
| 10 | blacklist ${HOME}/.wine | ||
| 6 | caps.drop all | 11 | caps.drop all |
| 7 | seccomp | 12 | seccomp |
| 8 | noroot | 13 | noroot |
diff --git a/etc/clementine.profile b/etc/clementine.profile index 47c40506a..779eb902b 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
| @@ -3,6 +3,11 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | blacklist ${HOME}/.pki/nssdb | ||
| 7 | blacklist ${HOME}/.lastpass | ||
| 8 | blacklist ${HOME}/.keepassx | ||
| 9 | blacklist ${HOME}/.password-store | ||
| 10 | blacklist ${HOME}/.wine | ||
| 6 | caps.drop all | 11 | caps.drop all |
| 7 | seccomp | 12 | seccomp |
| 8 | noroot | 13 | noroot |
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index 68027bd7c..a64968a7e 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
| @@ -3,6 +3,11 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | blacklist ${HOME}/.pki/nssdb | ||
| 7 | blacklist ${HOME}/.lastpass | ||
| 8 | blacklist ${HOME}/.keepassx | ||
| 9 | blacklist ${HOME}/.password-store | ||
| 10 | blacklist ${HOME}/.wine | ||
| 6 | caps.drop all | 11 | caps.drop all |
| 7 | seccomp | 12 | seccomp |
| 8 | noroot | 13 | noroot |
diff --git a/etc/deluge.profile b/etc/deluge.profile index 24a082099..3e499bbf4 100644 --- a/etc/deluge.profile +++ b/etc/deluge.profile | |||
| @@ -3,6 +3,11 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | blacklist ${HOME}/.pki/nssdb | ||
| 7 | blacklist ${HOME}/.lastpass | ||
| 8 | blacklist ${HOME}/.keepassx | ||
| 9 | blacklist ${HOME}/.password-store | ||
| 10 | blacklist ${HOME}/.wine | ||
| 6 | caps.drop all | 11 | caps.drop all |
| 7 | seccomp | 12 | seccomp |
| 8 | netfilter | 13 | netfilter |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index fc069dd2a..cc9ba0032 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
| @@ -38,6 +38,10 @@ blacklist ${HOME}/.fluxbox/startup | |||
| 38 | blacklist ${HOME}/.config/openbox/autostart | 38 | blacklist ${HOME}/.config/openbox/autostart |
| 39 | blacklist ${HOME}/.config/openbox/environment | 39 | blacklist ${HOME}/.config/openbox/environment |
| 40 | 40 | ||
| 41 | # VirtualBox | ||
| 42 | blacklist ${HOME}/.VirtualBox | ||
| 43 | blacklist ${HOME}/VirtualBox VMs | ||
| 44 | |||
| 41 | # git, subversion | 45 | # git, subversion |
| 42 | blacklist ${HOME}/.subversion | 46 | blacklist ${HOME}/.subversion |
| 43 | blacklist ${HOME}/.gitconfig | 47 | blacklist ${HOME}/.gitconfig |
diff --git a/etc/disable-secret.inc b/etc/disable-secret.inc index 8ac1b3792..1042582a0 100644 --- a/etc/disable-secret.inc +++ b/etc/disable-secret.inc | |||
| @@ -4,6 +4,5 @@ tmpfs ${HOME}/.gnome2_private | |||
| 4 | blacklist ${HOME}/.gnome2/keyrings | 4 | blacklist ${HOME}/.gnome2/keyrings |
| 5 | blacklist ${HOME}/kde4/share/apps/kwallet | 5 | blacklist ${HOME}/kde4/share/apps/kwallet |
| 6 | blacklist ${HOME}/kde/share/apps/kwallet | 6 | blacklist ${HOME}/kde/share/apps/kwallet |
| 7 | blacklist ${HOME}/.pki/nssdb | ||
| 8 | blacklist ${HOME}/.gnupg | 7 | blacklist ${HOME}/.gnupg |
| 9 | blacklist ${HOME}/.local/share/recently-used.xbel | 8 | blacklist ${HOME}/.local/share/recently-used.xbel |
diff --git a/etc/dropbox.profile b/etc/dropbox.profile index 008660f77..76367e13a 100644 --- a/etc/dropbox.profile +++ b/etc/dropbox.profile | |||
| @@ -3,6 +3,11 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | blacklist ${HOME}/.pki/nssdb | ||
| 7 | blacklist ${HOME}/.lastpass | ||
| 8 | blacklist ${HOME}/.keepassx | ||
| 9 | blacklist ${HOME}/.password-store | ||
| 10 | blacklist ${HOME}/.wine | ||
| 6 | caps | 11 | caps |
| 7 | seccomp | 12 | seccomp |
| 8 | noroot | 13 | noroot |
diff --git a/etc/empathy.profile b/etc/empathy.profile index 7a9e53b86..24ba457d9 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile | |||
| @@ -3,5 +3,6 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | blacklist ${HOME}/.wine | ||
| 6 | caps.drop all | 7 | caps.drop all |
| 7 | seccomp | 8 | seccomp |
diff --git a/etc/evince.profile b/etc/evince.profile index 023fd2444..1dc4f2b7a 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
| @@ -3,6 +3,11 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | blacklist ${HOME}/.pki/nssdb | ||
| 7 | blacklist ${HOME}/.lastpass | ||
| 8 | blacklist ${HOME}/.keepassx | ||
| 9 | blacklist ${HOME}/.password-store | ||
| 10 | blacklist ${HOME}/.wine | ||
| 6 | caps.drop all | 11 | caps.drop all |
| 7 | seccomp | 12 | seccomp |
| 8 | noroot | 13 | noroot |
diff --git a/etc/fbreader.profile b/etc/fbreader.profile index 97baa2a3e..e42dc6084 100644 --- a/etc/fbreader.profile +++ b/etc/fbreader.profile | |||
| @@ -4,6 +4,11 @@ include /etc/firejail/disable-mgmt.inc | |||
| 4 | include /etc/firejail/disable-secret.inc | 4 | include /etc/firejail/disable-secret.inc |
| 5 | include /etc/firejail/disable-common.inc | 5 | include /etc/firejail/disable-common.inc |
| 6 | include /etc/firejail/disable-history.inc | 6 | include /etc/firejail/disable-history.inc |
| 7 | blacklist ${HOME}/.pki/nssdb | ||
| 8 | blacklist ${HOME}/.lastpass | ||
| 9 | blacklist ${HOME}/.keepassx | ||
| 10 | blacklist ${HOME}/.password-store | ||
| 11 | blacklist ${HOME}/.wine | ||
| 7 | caps.drop all | 12 | caps.drop all |
| 8 | seccomp | 13 | seccomp |
| 9 | netfilter | 14 | netfilter |
diff --git a/etc/filezilla.profile b/etc/filezilla.profile index 437fa6d43..df89574f1 100644 --- a/etc/filezilla.profile +++ b/etc/filezilla.profile | |||
| @@ -5,6 +5,7 @@ include /etc/firejail/disable-mgmt.inc | |||
| 5 | include /etc/firejail/disable-secret.inc | 5 | include /etc/firejail/disable-secret.inc |
| 6 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
| 7 | include /etc/firejail/disable-history.inc | 7 | include /etc/firejail/disable-history.inc |
| 8 | blacklist ${HOME}/.wine | ||
| 8 | caps.drop all | 9 | caps.drop all |
| 9 | seccomp | 10 | seccomp |
| 10 | noroot | 11 | noroot |
diff --git a/etc/generic.profile b/etc/generic.profile index f1c6af30d..18fb4ebc6 100644 --- a/etc/generic.profile +++ b/etc/generic.profile | |||
| @@ -5,7 +5,10 @@ include /etc/firejail/disable-mgmt.inc | |||
| 5 | include /etc/firejail/disable-secret.inc | 5 | include /etc/firejail/disable-secret.inc |
| 6 | include /etc/firejail/disable-common.inc | 6 | include /etc/firejail/disable-common.inc |
| 7 | include /etc/firejail/disable-history.inc | 7 | include /etc/firejail/disable-history.inc |
| 8 | 8 | blacklist ${HOME}/.pki/nssdb | |
| 9 | blacklist ${HOME}/.lastpass | ||
| 10 | blacklist ${HOME}/.keepassx | ||
| 11 | blacklist ${HOME}/.password-store | ||
| 9 | caps.drop all | 12 | caps.drop all |
| 10 | seccomp | 13 | seccomp |
| 11 | netfilter | 14 | netfilter |
diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile index 4be1c1093..b3578c38c 100644 --- a/etc/gnome-mplayer.profile +++ b/etc/gnome-mplayer.profile | |||
| @@ -3,6 +3,11 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | blacklist ${HOME}/.pki/nssdb | ||
| 7 | blacklist ${HOME}/.lastpass | ||
| 8 | blacklist ${HOME}/.keepassx | ||
| 9 | blacklist ${HOME}/.password-store | ||
| 10 | blacklist ${HOME}/.wine | ||
| 6 | caps.drop all | 11 | caps.drop all |
| 7 | seccomp | 12 | seccomp |
| 8 | noroot | 13 | noroot |
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 3574e4d66..ba45487e6 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
| @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | blacklist ${HOME}/.wine | ||
| 6 | caps.drop all | 7 | caps.drop all |
| 7 | seccomp | 8 | seccomp |
| 8 | noroot | 9 | noroot |
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index dd7be997c..d6ed092f2 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
| @@ -3,6 +3,11 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | blacklist ${HOME}/.pki/nssdb | ||
| 7 | blacklist ${HOME}/.lastpass | ||
| 8 | blacklist ${HOME}/.keepassx | ||
| 9 | blacklist ${HOME}/.password-store | ||
| 10 | blacklist ${HOME}/.wine | ||
| 6 | caps.drop all | 11 | caps.drop all |
| 7 | seccomp | 12 | seccomp |
| 8 | netfilter | 13 | netfilter |
diff --git a/etc/quassel.profile b/etc/quassel.profile index 931debc95..08d90df34 100644 --- a/etc/quassel.profile +++ b/etc/quassel.profile | |||
| @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | blacklist ${HOME}/.wine | ||
| 6 | caps.drop all | 7 | caps.drop all |
| 7 | seccomp | 8 | seccomp |
| 8 | noroot | 9 | noroot |
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index f2870d543..adfa94dbd 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
| @@ -3,6 +3,11 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | blacklist ${HOME}/.pki/nssdb | ||
| 7 | blacklist ${HOME}/.lastpass | ||
| 8 | blacklist ${HOME}/.keepassx | ||
| 9 | blacklist ${HOME}/.password-store | ||
| 10 | blacklist ${HOME}/.wine | ||
| 6 | caps.drop all | 11 | caps.drop all |
| 7 | seccomp | 12 | seccomp |
| 8 | noroot | 13 | noroot |
diff --git a/etc/totem.profile b/etc/totem.profile index 6b26a4e0e..f6730ce5a 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
| @@ -3,6 +3,11 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | blacklist ${HOME}/.pki/nssdb | ||
| 7 | blacklist ${HOME}/.lastpass | ||
| 8 | blacklist ${HOME}/.keepassx | ||
| 9 | blacklist ${HOME}/.password-store | ||
| 10 | blacklist ${HOME}/.wine | ||
| 6 | caps.drop all | 11 | caps.drop all |
| 7 | seccomp | 12 | seccomp |
| 8 | noroot | 13 | noroot |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index dc1d9d524..4d9d491bd 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
| @@ -3,6 +3,11 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | blacklist ${HOME}/.pki/nssdb | ||
| 7 | blacklist ${HOME}/.lastpass | ||
| 8 | blacklist ${HOME}/.keepassx | ||
| 9 | blacklist ${HOME}/.password-store | ||
| 10 | blacklist ${HOME}/.wine | ||
| 6 | caps.drop all | 11 | caps.drop all |
| 7 | seccomp | 12 | seccomp |
| 8 | netfilter | 13 | netfilter |
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 64c2ba8ad..4369f3992 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
| @@ -3,7 +3,12 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | caps.drop all | 6 | cblacklist ${HOME}/.pki/nssdb |
| 7 | blacklist ${HOME}/.lastpass | ||
| 8 | blacklist ${HOME}/.keepassx | ||
| 9 | blacklist ${HOME}/.password-store | ||
| 10 | blacklist ${HOME}/.wine | ||
| 11 | aps.drop all | ||
| 7 | seccomp | 12 | seccomp |
| 8 | netfilter | 13 | netfilter |
| 9 | noroot | 14 | noroot |
diff --git a/etc/vlc.profile b/etc/vlc.profile index 365ea838a..ef64873b8 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
| @@ -3,6 +3,11 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | blacklist ${HOME}/.pki/nssdb | ||
| 7 | blacklist ${HOME}/.lastpass | ||
| 8 | blacklist ${HOME}/.keepassx | ||
| 9 | blacklist ${HOME}/.password-store | ||
| 10 | blacklist ${HOME}/.wine | ||
| 6 | caps.drop all | 11 | caps.drop all |
| 7 | seccomp | 12 | seccomp |
| 8 | noroot | 13 | noroot |
diff --git a/etc/xchat.profile b/etc/xchat.profile index 45f0f15ba..dc7e84e12 100644 --- a/etc/xchat.profile +++ b/etc/xchat.profile | |||
| @@ -3,6 +3,7 @@ include /etc/firejail/disable-mgmt.inc | |||
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
| 5 | include /etc/firejail/disable-history.inc | 5 | include /etc/firejail/disable-history.inc |
| 6 | blacklist ${HOME}/.wine | ||
| 6 | caps.drop all | 7 | caps.drop all |
| 7 | seccomp | 8 | seccomp |
| 8 | noroot | 9 | noroot |