diff options
Diffstat (limited to 'etc/cpio.profile')
| -rw-r--r-- | etc/cpio.profile | 27 |
1 files changed, 13 insertions, 14 deletions
diff --git a/etc/cpio.profile b/etc/cpio.profile index fe1dc0408..c5d7680a3 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile | |||
| @@ -1,28 +1,27 @@ | |||
| 1 | # Firejail profile for cpio | ||
| 2 | # This file is overwritten after every install/update | ||
| 1 | quiet | 3 | quiet |
| 2 | # Persistent global definitions go here | 4 | # Persistent local customizations |
| 5 | include /etc/firejail/cpio.local | ||
| 6 | # Persistent global definitions | ||
| 3 | include /etc/firejail/globals.local | 7 | include /etc/firejail/globals.local |
| 4 | 8 | ||
| 5 | # This file is overwritten during software install. | 9 | blacklist /tmp/.X11-unix |
| 6 | # Persistent customizations should go in a .local file. | ||
| 7 | include /etc/firejail/cpio.local | ||
| 8 | 10 | ||
| 9 | # cpio profile | ||
| 10 | # /sbin and /usr/sbin are visible inside the sandbox | ||
| 11 | # /boot is not visible and /var is heavily modified | ||
| 12 | noblacklist /sbin | 11 | noblacklist /sbin |
| 13 | noblacklist /usr/sbin | 12 | noblacklist /usr/sbin |
| 13 | |||
| 14 | include /etc/firejail/disable-common.inc | 14 | include /etc/firejail/disable-common.inc |
| 15 | include /etc/firejail/disable-programs.inc | ||
| 16 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | ||
| 17 | 17 | ||
| 18 | private-dev | ||
| 19 | seccomp | ||
| 20 | caps.drop all | 18 | caps.drop all |
| 21 | net none | 19 | net none |
| 22 | shell none | ||
| 23 | tracelog | ||
| 24 | net none | 20 | net none |
| 25 | nosound | ||
| 26 | no3d | 21 | no3d |
| 22 | nosound | ||
| 23 | seccomp | ||
| 24 | shell none | ||
| 25 | tracelog | ||
| 27 | 26 | ||
| 28 | blacklist /tmp/.X11-unix | 27 | private-dev |