1 files changed, 50 insertions, 0 deletions
diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile
new file mode 100644
index 000000000..179540806
--- /dev/null
+++ b/etc/profile-a-l/fdns.profile
@@ -0,0 +1,50 @@
+# Firejail profile for server
+# This file is overwritten after every install/update
+# Persistent local customizations
+include fdns.local
+# Persistent global definitions
+include globals.local
+noblacklist /sbin
+noblacklist /usr/sbin
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+#include whitelist-usr-share-common.inc
+#include whitelist-var-common.inc
+caps.keep kill,net_bind_service,setgid,setuid,sys_admin,sys_chroot
+ipc-namespace
+# netfilter /etc/firejail/webserver.net
+no3d
+nodvd
+nogroups
+nonewprivs
+# noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+#seccomp
+#shell none
+disable-mnt
+private
+private-bin bash,fdns,sh
+# private-cache
+private-dev
+private-etc ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pki,ssl
+# private-lib
+private-tmp
+memory-deny-write-execute

diff --git a/etc/profile-a-l/fdns.profile b/etc/profile-a-l/fdns.profile new file mode 100644 index 000000000..179540806 --- /dev/null +++ b/etc/profile-a-l/fdns.profile
@@ -0,0 +1,50 @@
	1	# Firejail profile for server
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include fdns.local
	5	# Persistent global definitions
	6	include globals.local
	7
	8	noblacklist /sbin
	9	noblacklist /usr/sbin
	10
	11	blacklist /tmp/.X11-unix
	12	blacklist ${RUNUSER}/wayland-*
	13
	14	include disable-common.inc
	15	include disable-devel.inc
	16	include disable-exec.inc
	17	include disable-interpreters.inc
	18	include disable-passwdmgr.inc
	19	include disable-programs.inc
	20	include disable-xdg.inc
	21
	22	#include whitelist-usr-share-common.inc
	23	#include whitelist-var-common.inc
	24
	25	caps.keep kill,net_bind_service,setgid,setuid,sys_admin,sys_chroot
	26	ipc-namespace
	27	# netfilter /etc/firejail/webserver.net
	28	no3d
	29	nodvd
	30	nogroups
	31	nonewprivs
	32	# noroot
	33	nosound
	34	notv
	35	nou2f
	36	novideo
	37	protocol unix,inet,inet6
	38	#seccomp
	39	#shell none
	40
	41	disable-mnt
	42	private
	43	private-bin bash,fdns,sh
	44	# private-cache
	45	private-dev
	46	private-etc ca-certificates,crypto-policies,fdns,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pki,ssl
	47	# private-lib
	48	private-tmp
	49
	50	memory-deny-write-execute