diff options
Diffstat (limited to 'etc/nyx.profile')
| -rw-r--r-- | etc/nyx.profile | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/etc/nyx.profile b/etc/nyx.profile index aa3275a00..d5e1e1f84 100644 --- a/etc/nyx.profile +++ b/etc/nyx.profile | |||
| @@ -1,20 +1,18 @@ | |||
| 1 | # Firejail profile for nyx | 1 | # Firejail profile for nyx |
| 2 | # Description: Command-line status monitor for tor | ||
| 2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
| 3 | # Persistent local customizations | 4 | # Persistent local customizations |
| 4 | include nyx.local | 5 | include nyx.local |
| 5 | # Persistent global definitions | 6 | # Persistent global definitions |
| 6 | include globals.local | 7 | include globals.local |
| 7 | 8 | ||
| 9 | noblacklist ${PATH}/python2* | ||
| 8 | noblacklist ${PATH}/python3* | 10 | noblacklist ${PATH}/python3* |
| 9 | noblacklist /usr/include/python3* | 11 | noblacklist /usr/lib/python2* |
| 10 | noblacklist /usr/lib/python3* | 12 | noblacklist /usr/lib/python3* |
| 11 | noblacklist /usr/local/lib/python3* | ||
| 12 | noblacklist /usr/share/python3* | ||
| 13 | 13 | ||
| 14 | noblacklist ${HOME}/.nyx | 14 | noblacklist ${HOME}/.nyx |
| 15 | |||
| 16 | mkdir ${HOME}/.nyx | 15 | mkdir ${HOME}/.nyx |
| 17 | |||
| 18 | whitelist ${HOME}/.nyx | 16 | whitelist ${HOME}/.nyx |
| 19 | 17 | ||
| 20 | include disable-common.inc | 18 | include disable-common.inc |
| @@ -24,9 +22,8 @@ include disable-passwdmgr.inc | |||
| 24 | include disable-programs.inc | 22 | include disable-programs.inc |
| 25 | include disable-xdg.inc | 23 | include disable-xdg.inc |
| 26 | 24 | ||
| 27 | # apparmor | ||
| 28 | caps.drop all | 25 | caps.drop all |
| 29 | # ipc-namespace | 26 | ipc-namespace |
| 30 | netfilter | 27 | netfilter |
| 31 | no3d | 28 | no3d |
| 32 | nodbus | 29 | nodbus |
| @@ -41,18 +38,15 @@ novideo | |||
| 41 | protocol unix,inet,inet6 | 38 | protocol unix,inet,inet6 |
| 42 | seccomp | 39 | seccomp |
| 43 | shell none | 40 | shell none |
| 44 | # tracelog | ||
| 45 | 41 | ||
| 46 | disable-mnt | 42 | disable-mnt |
| 47 | private-bin nyx,python | 43 | private-bin nyx,python* |
| 48 | private-cache | 44 | private-cache |
| 49 | private-dev | 45 | private-dev |
| 50 | private-etc passwd,tor | 46 | private-etc passwd,tor,fonts |
| 51 | # private-lib | ||
| 52 | private-opt none | 47 | private-opt none |
| 53 | private-srv none | 48 | private-srv none |
| 54 | private-tmp | 49 | private-tmp |
| 55 | 50 | ||
| 56 | # memory-deny-write-execute | ||
| 57 | noexec ${HOME} | 51 | noexec ${HOME} |
| 58 | noexec /tmp | 52 | noexec /tmp |