2 files changed, 22 insertions, 7 deletions
diff --git a/etc/default.profile b/etc/default.profile
index a2de72695..487e80c64 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -5,11 +5,17 @@ include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
-#blacklist ${HOME}/.wine
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
+shell none
+# private-bin program
+# private-etc none
+# private-dev
+# private-tmp
diff --git a/etc/file.profile b/etc/file.profile
index 199a97fad..f709e7f0c 100644
--- a/etc/file.profile
+++ b/etc/file.profile
@@ -1,16 +1,25 @@
 # file profile
-ignore noroot
+include /etc/firejail/disable-common.inc
-include /etc/firejail/default.profile
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
-blacklist /tmp/.X11-unix
+caps.drop all
 hostname file
+netfilter
 net none
 no3d
+nogroups
+nonewprivs
+#noroot
 nosound
-quiet
+protocol unix
+seccomp
 shell none
 tracelog
+quiet
+x11 none
+blacklist /tmp/.X11-unix
 private-dev
 private-bin file

diff --git a/etc/default.profile b/etc/default.profile index a2de72695..487e80c64 100644 --- a/etc/default.profile +++ b/etc/default.profile
@@ -5,11 +5,17 @@ include /etc/firejail/disable-common.inc
5	include /etc/firejail/disable-programs.inc	5	include /etc/firejail/disable-programs.inc
6	include /etc/firejail/disable-passwdmgr.inc	6	include /etc/firejail/disable-passwdmgr.inc
7		7
8	#blacklist ${HOME}/.wine
9
10	caps.drop all	8	caps.drop all
11	netfilter	9	netfilter
		10	nogroups
12	nonewprivs	11	nonewprivs
13	noroot	12	noroot
14	protocol unix,inet,inet6	13	protocol unix,inet,inet6
15	seccomp	14	seccomp
		15	shell none
		16
		17	# private-bin program
		18	# private-etc none
		19	# private-dev
		20	# private-tmp
		21


diff --git a/etc/file.profile b/etc/file.profile index 199a97fad..f709e7f0c 100644 --- a/etc/file.profile +++ b/etc/file.profile
@@ -1,16 +1,25 @@
1	# file profile	1	# file profile
2	ignore noroot	2	include /etc/firejail/disable-common.inc
3	include /etc/firejail/default.profile	3	include /etc/firejail/disable-programs.inc
4		4	include /etc/firejail/disable-passwdmgr.inc
5	blacklist /tmp/.X11-unix
6		5
		6	caps.drop all
7	hostname file	7	hostname file
		8	netfilter
8	net none	9	net none
9	no3d	10	no3d
		11	nogroups
		12	nonewprivs
		13	#noroot
10	nosound	14	nosound
11	quiet	15	protocol unix
		16	seccomp
12	shell none	17	shell none
13	tracelog	18	tracelog
		19	quiet
		20	x11 none
		21
		22	blacklist /tmp/.X11-unix
14		23
15	private-dev	24	private-dev
16	private-bin file	25	private-bin file