diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/apparmor/firejail-default | 3 | ||||
-rw-r--r-- | etc/profile-m-z/tcpdump.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/tshark.profile | 44 | ||||
-rw-r--r-- | etc/profile-m-z/wireshark.profile | 4 |
4 files changed, 7 insertions, 46 deletions
diff --git a/etc/apparmor/firejail-default b/etc/apparmor/firejail-default index e396ae7d9..ec87f1d2d 100644 --- a/etc/apparmor/firejail-default +++ b/etc/apparmor/firejail-default | |||
@@ -112,7 +112,8 @@ network inet6, | |||
112 | network unix, | 112 | network unix, |
113 | network netlink, | 113 | network netlink, |
114 | network raw, | 114 | network raw, |
115 | # needed for wireshark | 115 | # needed for wireshark, tcpdump etc |
116 | network bluetooth, | ||
116 | network packet, | 117 | network packet, |
117 | 118 | ||
118 | ########## | 119 | ########## |
diff --git a/etc/profile-m-z/tcpdump.profile b/etc/profile-m-z/tcpdump.profile index 881fbf49e..7984702f3 100644 --- a/etc/profile-m-z/tcpdump.profile +++ b/etc/profile-m-z/tcpdump.profile | |||
@@ -33,7 +33,7 @@ nosound | |||
33 | notv | 33 | notv |
34 | nou2f | 34 | nou2f |
35 | novideo | 35 | novideo |
36 | protocol unix,inet,inet6,netlink,packet | 36 | protocol unix,inet,inet6,netlink,packet,bluetooth |
37 | seccomp | 37 | seccomp |
38 | 38 | ||
39 | disable-mnt | 39 | disable-mnt |
diff --git a/etc/profile-m-z/tshark.profile b/etc/profile-m-z/tshark.profile index 684a9491d..a5cefb47a 100644 --- a/etc/profile-m-z/tshark.profile +++ b/etc/profile-m-z/tshark.profile | |||
@@ -1,46 +1,6 @@ | |||
1 | # Firejail profile for tshark | 1 | # Firejail profile for tshark |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | quiet | 3 | quiet |
4 | # Persistent local customizations | ||
5 | include tshark.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | 4 | ||
9 | include disable-common.inc | 5 | # Redirect |
10 | include disable-devel.inc | 6 | include wireshark.profile |
11 | include disable-exec.inc | ||
12 | include disable-interpreters.inc | ||
13 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | ||
15 | include disable-xdg.inc | ||
16 | |||
17 | whitelist /usr/share/wireshark | ||
18 | include whitelist-common.inc | ||
19 | include whitelist-runuser-common.inc | ||
20 | include whitelist-usr-share-common.inc | ||
21 | include whitelist-var-common.inc | ||
22 | |||
23 | apparmor | ||
24 | #caps.keep net_raw | ||
25 | caps.keep dac_override,net_admin,net_raw | ||
26 | ipc-namespace | ||
27 | #net tun0 | ||
28 | netfilter | ||
29 | no3d | ||
30 | nodvd | ||
31 | # nogroups - breaks network traffic capture for unprivileged users | ||
32 | # nonewprivs - breaks network traffic capture for unprivileged users | ||
33 | # noroot | ||
34 | nosound | ||
35 | notv | ||
36 | nou2f | ||
37 | novideo | ||
38 | #protocol unix,inet,inet6,netlink,packet | ||
39 | #seccomp | ||
40 | |||
41 | disable-mnt | ||
42 | #private | ||
43 | private-cache | ||
44 | #private-bin tshark | ||
45 | private-dev | ||
46 | private-tmp | ||
diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile index a30cb43d5..6a84246e1 100644 --- a/etc/profile-m-z/wireshark.profile +++ b/etc/profile-m-z/wireshark.profile | |||
@@ -38,8 +38,8 @@ nosound | |||
38 | notv | 38 | notv |
39 | nou2f | 39 | nou2f |
40 | novideo | 40 | novideo |
41 | # protocol unix,inet,inet6,netlink | 41 | # protocol unix,inet,inet6,netlink,packet,bluetooth - commented out in case they bring in new protocols |
42 | # seccomp - breaks network traffic capture for unprivileged users | 42 | seccomp |
43 | shell none | 43 | shell none |
44 | tracelog | 44 | tracelog |
45 | 45 | ||