diff options
Diffstat (limited to 'etc/fdns.profile')
-rw-r--r-- | etc/fdns.profile | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/etc/fdns.profile b/etc/fdns.profile index 4b266f7f8..179540806 100644 --- a/etc/fdns.profile +++ b/etc/fdns.profile | |||
@@ -1,14 +1,10 @@ | |||
1 | # Firejail profile for server | 1 | # Firejail profile for server |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 3 | # Persistent local customizations |
4 | include server.local | 4 | include fdns.local |
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | # generic server profile | ||
9 | # it allows /sbin and /usr/sbin directories - this is where servers are installed | ||
10 | # depending on your usage, you can enable some of the commands below: | ||
11 | # | ||
12 | noblacklist /sbin | 8 | noblacklist /sbin |
13 | noblacklist /usr/sbin | 9 | noblacklist /usr/sbin |
14 | 10 | ||
@@ -23,8 +19,10 @@ include disable-passwdmgr.inc | |||
23 | include disable-programs.inc | 19 | include disable-programs.inc |
24 | include disable-xdg.inc | 20 | include disable-xdg.inc |
25 | 21 | ||
26 | caps.keep chown,kill,net_admin,net_bind_service,setgid,setuid,sys_admin,sys_chroot,syslog | 22 | #include whitelist-usr-share-common.inc |
23 | #include whitelist-var-common.inc | ||
27 | 24 | ||
25 | caps.keep kill,net_bind_service,setgid,setuid,sys_admin,sys_chroot | ||
28 | ipc-namespace | 26 | ipc-namespace |
29 | # netfilter /etc/firejail/webserver.net | 27 | # netfilter /etc/firejail/webserver.net |
30 | no3d | 28 | no3d |
@@ -36,6 +34,7 @@ nosound | |||
36 | notv | 34 | notv |
37 | nou2f | 35 | nou2f |
38 | novideo | 36 | novideo |
37 | protocol unix,inet,inet6 | ||
39 | #seccomp | 38 | #seccomp |
40 | #shell none | 39 | #shell none |
41 | 40 | ||
@@ -44,9 +43,8 @@ private | |||
44 | private-bin bash,fdns,sh | 43 | private-bin bash,fdns,sh |
45 | # private-cache | 44 | # private-cache |
46 | private-dev | 45 | private-dev |
47 | # private-etc alternatives | 46 | private-etc ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pki,ssl |
48 | # private-lib | 47 | # private-lib |
49 | private-tmp | 48 | private-tmp |
50 | 49 | ||
51 | protocol unix,inet,inet6 | ||
52 | memory-deny-write-execute | 50 | memory-deny-write-execute |