1 files changed, 16 insertions, 5 deletions
diff --git a/etc/cpio.profile b/etc/cpio.profile
index f10b82962..b0e59c106 100644
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@@ -1,10 +1,21 @@
 # cpio profile
-# testing: find . -print -depth | cpio -ov > tree.cpio
+# /sbin and /usr/sbin are visible inside the sandbox
-include /etc/firejail/default.profile
+# /boot is not visible and /var is heavily modified 
-tracelog
+noblacklist /sbin
+noblacklist /usr/sbin
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+private-dev
+private-tmp
+seccomp
+caps.drop all
 net none
 shell none
-private-bin cpio
+tracelog
-private-dev
+net none

diff --git a/etc/cpio.profile b/etc/cpio.profile index f10b82962..b0e59c106 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile
@@ -1,10 +1,21 @@
1	# cpio profile	1	# cpio profile
2	# testing: find . -print -depth \| cpio -ov > tree.cpio	2	# /sbin and /usr/sbin are visible inside the sandbox
3	include /etc/firejail/default.profile	3	# /boot is not visible and /var is heavily modified
4	tracelog	4
		5	noblacklist /sbin
		6	noblacklist /usr/sbin
		7	include /etc/firejail/disable-common.inc
		8	include /etc/firejail/disable-programs.inc
		9	include /etc/firejail/disable-passwdmgr.inc
		10
		11	private-dev
		12	private-tmp
		13	seccomp
		14	caps.drop all
5	net none	15	net none
6	shell none	16	shell none
7	private-bin cpio	17	tracelog
8	private-dev	18	net none
		19
9		20
10		21