1 files changed, 9 insertions, 8 deletions
diff --git a/etc/unbound.profile b/etc/unbound.profile
index 5bc350e8d..6e4b5ed1c 100644
--- a/etc/unbound.profile
+++ b/etc/unbound.profile
@@ -2,21 +2,21 @@
 # Description: Validating, recursive, caching DNS resolver
 # This file is overwritten after every install/update
 # Persistent local customizations
-include /etc/firejail/unbound.local
+include unbound.local
 # Persistent global definitions
-include /etc/firejail/globals.local
+include globals.local
 blacklist /tmp/.X11-unix
 noblacklist /sbin
 noblacklist /usr/sbin
-include /etc/firejail/disable-common.inc
+include disable-common.inc
-include /etc/firejail/disable-devel.inc
+include disable-devel.inc
-include /etc/firejail/disable-interpreters.inc
+include disable-interpreters.inc
-include /etc/firejail/disable-passwdmgr.inc
+include disable-passwdmgr.inc
-include /etc/firejail/disable-programs.inc
+include disable-programs.inc
-include /etc/firejail/disable-xdg.inc
+include disable-xdg.inc
 whitelist /var/lib/unbound
 whitelist /var/run
@@ -27,6 +27,7 @@ nodvd
 nonewprivs
 nosound
 notv
+nou2f
 novideo
 seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open
 writable-var

diff --git a/etc/unbound.profile b/etc/unbound.profile index 5bc350e8d..6e4b5ed1c 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile
@@ -2,21 +2,21 @@
2	# Description: Validating, recursive, caching DNS resolver	2	# Description: Validating, recursive, caching DNS resolver
3	# This file is overwritten after every install/update	3	# This file is overwritten after every install/update
4	# Persistent local customizations	4	# Persistent local customizations
5	include /etc/firejail/unbound.local	5	include unbound.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include /etc/firejail/globals.local	7	include globals.local
8		8
9	blacklist /tmp/.X11-unix	9	blacklist /tmp/.X11-unix
10		10
11	noblacklist /sbin	11	noblacklist /sbin
12	noblacklist /usr/sbin	12	noblacklist /usr/sbin
13		13
14	include /etc/firejail/disable-common.inc	14	include disable-common.inc
15	include /etc/firejail/disable-devel.inc	15	include disable-devel.inc
16	include /etc/firejail/disable-interpreters.inc	16	include disable-interpreters.inc
17	include /etc/firejail/disable-passwdmgr.inc	17	include disable-passwdmgr.inc
18	include /etc/firejail/disable-programs.inc	18	include disable-programs.inc
19	include /etc/firejail/disable-xdg.inc	19	include disable-xdg.inc
20		20
21	whitelist /var/lib/unbound	21	whitelist /var/lib/unbound
22	whitelist /var/run	22	whitelist /var/run
@@ -27,6 +27,7 @@ nodvd
27	nonewprivs	27	nonewprivs
28	nosound	28	nosound
29	notv	29	notv
		30	nou2f
30	novideo	31	novideo
31	seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open	32	seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open
32	writable-var	33	writable-var