1 files changed, 52 insertions, 0 deletions
diff --git a/etc/fdns.profile b/etc/fdns.profile
new file mode 100644
index 000000000..2ab69cd5b
--- /dev/null
+++ b/etc/fdns.profile
@@ -0,0 +1,52 @@
+# Firejail profile for server
+# This file is overwritten after every install/update
+# Persistent local customizations
+include server.local
+# Persistent global definitions
+include globals.local
+# generic server profile
+# it allows /sbin and /usr/sbin directories - this is where servers are installed
+# depending on your usage, you can enable some of the commands below:
+#
+noblacklist /sbin
+noblacklist /usr/sbin
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+caps.keep chown,kill,setgid,setuid,net_bind_service,net_admin,sys_chroot,sys_admin,syslog
+ipc-namespace
+# netfilter /etc/firejail/webserver.net
+no3d
+nodvd
+nogroups
+nonewprivs
+# noroot
+nosound
+notv
+nou2f
+novideo
+#seccomp
+#shell none
+disable-mnt
+private
+private-bin fdns,bash,sh
+# private-cache
+private-dev
+# private-etc alternatives
+# private-lib
+private-tmp
+protocol unix,inet,inet6
+memory-deny-write-execute

diff --git a/etc/fdns.profile b/etc/fdns.profile new file mode 100644 index 000000000..2ab69cd5b --- /dev/null +++ b/etc/fdns.profile
@@ -0,0 +1,52 @@
	1	# Firejail profile for server
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include server.local
	5	# Persistent global definitions
	6	include globals.local
	7
	8	# generic server profile
	9	# it allows /sbin and /usr/sbin directories - this is where servers are installed
	10	# depending on your usage, you can enable some of the commands below:
	11	#
	12	noblacklist /sbin
	13	noblacklist /usr/sbin
	14
	15	blacklist /tmp/.X11-unix
	16	blacklist ${RUNUSER}/wayland-*
	17
	18	include disable-common.inc
	19	include disable-devel.inc
	20	include disable-exec.inc
	21	include disable-interpreters.inc
	22	include disable-passwdmgr.inc
	23	include disable-programs.inc
	24	include disable-xdg.inc
	25
	26	caps.keep chown,kill,setgid,setuid,net_bind_service,net_admin,sys_chroot,sys_admin,syslog
	27
	28	ipc-namespace
	29	# netfilter /etc/firejail/webserver.net
	30	no3d
	31	nodvd
	32	nogroups
	33	nonewprivs
	34	# noroot
	35	nosound
	36	notv
	37	nou2f
	38	novideo
	39	#seccomp
	40	#shell none
	41
	42	disable-mnt
	43	private
	44	private-bin fdns,bash,sh
	45	# private-cache
	46	private-dev
	47	# private-etc alternatives
	48	# private-lib
	49	private-tmp
	50
	51	protocol unix,inet,inet6
	52	memory-deny-write-execute