diff options
Diffstat (limited to 'etc/server.profile')
-rw-r--r-- | etc/server.profile | 30 |
1 files changed, 21 insertions, 9 deletions
diff --git a/etc/server.profile b/etc/server.profile index 2d79fa1c8..b0dd13f80 100644 --- a/etc/server.profile +++ b/etc/server.profile | |||
@@ -1,25 +1,37 @@ | |||
1 | # Persistent global definitions go here | 1 | # Firejail profile for server |
2 | include /etc/firejail/globals.local | 2 | # This file is overwritten after every install/update |
3 | 3 | # Persistent local customizations | |
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/server.local | 4 | include /etc/firejail/server.local |
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | 7 | ||
8 | # generic server profile | 8 | # generic server profile |
9 | # it allows /sbin and /usr/sbin directories - this is where servers are installed | 9 | # it allows /sbin and /usr/sbin directories - this is where servers are installed |
10 | # depending on your usage, you can enable some of the commands below: | ||
11 | |||
12 | blacklist /tmp/.X11-unix | ||
13 | |||
10 | noblacklist /sbin | 14 | noblacklist /sbin |
11 | noblacklist /usr/sbin | 15 | noblacklist /usr/sbin |
16 | |||
12 | include /etc/firejail/disable-common.inc | 17 | include /etc/firejail/disable-common.inc |
13 | include /etc/firejail/disable-programs.inc | 18 | # include /etc/firejail/disable-devel.inc |
14 | include /etc/firejail/disable-passwdmgr.inc | 19 | include /etc/firejail/disable-passwdmgr.inc |
20 | include /etc/firejail/disable-programs.inc | ||
15 | 21 | ||
16 | blacklist /tmp/.X11-unix | 22 | caps |
17 | |||
18 | no3d | 23 | no3d |
19 | nosound | 24 | nosound |
20 | seccomp | 25 | seccomp |
21 | caps | ||
22 | 26 | ||
27 | # disable-mnt | ||
23 | private | 28 | private |
29 | # private-bin program | ||
24 | private-dev | 30 | private-dev |
31 | # private-etc none | ||
32 | # private-lib | ||
25 | private-tmp | 33 | private-tmp |
34 | |||
35 | # memory-deny-write-execute | ||
36 | # noexec ${HOME} | ||
37 | # noexec /tmp | ||