diff options
Diffstat (limited to 'etc/clementine.profile')
| -rw-r--r-- | etc/clementine.profile | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/clementine.profile b/etc/clementine.profile index 1d93e5f2c..619086437 100644 --- a/etc/clementine.profile +++ b/etc/clementine.profile | |||
| @@ -12,6 +12,8 @@ include /etc/firejail/disable-devel.inc | |||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
| 14 | 14 | ||
| 15 | include /etc/firejail/whitelist-var-common.inc | ||
| 16 | |||
| 15 | caps.drop all | 17 | caps.drop all |
| 16 | nonewprivs | 18 | nonewprivs |
| 17 | noroot | 19 | noroot |
| @@ -20,3 +22,6 @@ novideo | |||
| 20 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
| 21 | # Clementine makes ioprio_set system calls, which are blacklisted by default. | 23 | # Clementine makes ioprio_set system calls, which are blacklisted by default. |
| 22 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice | 24 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice |
| 25 | |||
| 26 | private-dev | ||
| 27 | private-tmp | ||