diff options
Diffstat (limited to 'etc/nyx.profile')
-rw-r--r-- | etc/nyx.profile | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/etc/nyx.profile b/etc/nyx.profile index aa3275a00..d5e1e1f84 100644 --- a/etc/nyx.profile +++ b/etc/nyx.profile | |||
@@ -1,20 +1,18 @@ | |||
1 | # Firejail profile for nyx | 1 | # Firejail profile for nyx |
2 | # Description: Command-line status monitor for tor | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 4 | # Persistent local customizations |
4 | include nyx.local | 5 | include nyx.local |
5 | # Persistent global definitions | 6 | # Persistent global definitions |
6 | include globals.local | 7 | include globals.local |
7 | 8 | ||
9 | noblacklist ${PATH}/python2* | ||
8 | noblacklist ${PATH}/python3* | 10 | noblacklist ${PATH}/python3* |
9 | noblacklist /usr/include/python3* | 11 | noblacklist /usr/lib/python2* |
10 | noblacklist /usr/lib/python3* | 12 | noblacklist /usr/lib/python3* |
11 | noblacklist /usr/local/lib/python3* | ||
12 | noblacklist /usr/share/python3* | ||
13 | 13 | ||
14 | noblacklist ${HOME}/.nyx | 14 | noblacklist ${HOME}/.nyx |
15 | |||
16 | mkdir ${HOME}/.nyx | 15 | mkdir ${HOME}/.nyx |
17 | |||
18 | whitelist ${HOME}/.nyx | 16 | whitelist ${HOME}/.nyx |
19 | 17 | ||
20 | include disable-common.inc | 18 | include disable-common.inc |
@@ -24,9 +22,8 @@ include disable-passwdmgr.inc | |||
24 | include disable-programs.inc | 22 | include disable-programs.inc |
25 | include disable-xdg.inc | 23 | include disable-xdg.inc |
26 | 24 | ||
27 | # apparmor | ||
28 | caps.drop all | 25 | caps.drop all |
29 | # ipc-namespace | 26 | ipc-namespace |
30 | netfilter | 27 | netfilter |
31 | no3d | 28 | no3d |
32 | nodbus | 29 | nodbus |
@@ -41,18 +38,15 @@ novideo | |||
41 | protocol unix,inet,inet6 | 38 | protocol unix,inet,inet6 |
42 | seccomp | 39 | seccomp |
43 | shell none | 40 | shell none |
44 | # tracelog | ||
45 | 41 | ||
46 | disable-mnt | 42 | disable-mnt |
47 | private-bin nyx,python | 43 | private-bin nyx,python* |
48 | private-cache | 44 | private-cache |
49 | private-dev | 45 | private-dev |
50 | private-etc passwd,tor | 46 | private-etc passwd,tor,fonts |
51 | # private-lib | ||
52 | private-opt none | 47 | private-opt none |
53 | private-srv none | 48 | private-srv none |
54 | private-tmp | 49 | private-tmp |
55 | 50 | ||
56 | # memory-deny-write-execute | ||
57 | noexec ${HOME} | 51 | noexec ${HOME} |
58 | noexec /tmp | 52 | noexec /tmp |