diff options
Diffstat (limited to 'etc/profile-m-z/noprofile.profile')
| -rw-r--r-- | etc/profile-m-z/noprofile.profile | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/etc/profile-m-z/noprofile.profile b/etc/profile-m-z/noprofile.profile new file mode 100644 index 000000000..560ee9db3 --- /dev/null +++ b/etc/profile-m-z/noprofile.profile | |||
| @@ -0,0 +1,28 @@ | |||
| 1 | # This is the weakest possible firejail profile. | ||
| 2 | # If a program still fail with this profile, it is incompatible with firejail. | ||
| 3 | # (from https://gist.github.com/rusty-snake/bb234cb3e50e1e4e7429f29a7931cc72) | ||
| 4 | # | ||
| 5 | # Usage: | ||
| 6 | # 1. download | ||
| 7 | # 2. firejail --profile=noprofile.profile /path/to/program | ||
| 8 | |||
| 9 | # Keep in mind that even with this profile some things are done | ||
| 10 | # which can break the program. | ||
| 11 | # - some env-vars are cleared | ||
| 12 | # - /etc/firejail/firejail.config can contain options such as 'force-nonewprivs yes' | ||
| 13 | # - a new private pid-namespace is created | ||
| 14 | # - a minimal hardcoded blacklist is applied | ||
| 15 | # - ... | ||
| 16 | |||
| 17 | noblacklist /sys/fs | ||
| 18 | noblacklist /sys/module | ||
| 19 | |||
| 20 | allow-debuggers | ||
| 21 | allusers | ||
| 22 | keep-config-pulse | ||
| 23 | keep-dev-shm | ||
| 24 | keep-var-tmp | ||
| 25 | writable-etc | ||
| 26 | writable-run-user | ||
| 27 | writable-var | ||
| 28 | writable-var-log | ||