diff options
Diffstat (limited to 'etc/baloo_file.profile')
-rw-r--r-- | etc/baloo_file.profile | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 4e603971f..2c2d70c00 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
@@ -17,6 +17,8 @@ include /etc/firejail/disable-devel.inc | |||
17 | include /etc/firejail/disable-passwdmgr.inc | 17 | include /etc/firejail/disable-passwdmgr.inc |
18 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
19 | 19 | ||
20 | include /etc/firejail/whitelist-var-common.inc | ||
21 | |||
20 | caps.drop all | 22 | caps.drop all |
21 | no3d | 23 | no3d |
22 | nodvd | 24 | nodvd |
@@ -29,8 +31,10 @@ novideo | |||
29 | protocol unix | 31 | protocol unix |
30 | # Baloo makes ioprio_set system calls, which are blacklisted by default. | 32 | # Baloo makes ioprio_set system calls, which are blacklisted by default. |
31 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice | 33 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice |
34 | shell none | ||
32 | x11 xorg | 35 | x11 xorg |
33 | 36 | ||
37 | private-bin baloo_file,baloo_file_extractor,kbuildsycoca4 | ||
34 | private-dev | 38 | private-dev |
35 | private-tmp | 39 | private-tmp |
36 | 40 | ||