diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/cpio.profile | 21 | ||||
-rw-r--r-- | etc/gzip.profile | 1 | ||||
-rw-r--r-- | etc/strings.profile | 1 | ||||
-rw-r--r-- | etc/xz.profile | 2 | ||||
-rw-r--r-- | etc/xzdec.profile | 4 |
5 files changed, 22 insertions, 7 deletions
diff --git a/etc/cpio.profile b/etc/cpio.profile index f10b82962..b0e59c106 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile | |||
@@ -1,10 +1,21 @@ | |||
1 | # cpio profile | 1 | # cpio profile |
2 | # testing: find . -print -depth | cpio -ov > tree.cpio | 2 | # /sbin and /usr/sbin are visible inside the sandbox |
3 | include /etc/firejail/default.profile | 3 | # /boot is not visible and /var is heavily modified |
4 | tracelog | 4 | |
5 | noblacklist /sbin | ||
6 | noblacklist /usr/sbin | ||
7 | include /etc/firejail/disable-common.inc | ||
8 | include /etc/firejail/disable-programs.inc | ||
9 | include /etc/firejail/disable-passwdmgr.inc | ||
10 | |||
11 | private-dev | ||
12 | private-tmp | ||
13 | seccomp | ||
14 | caps.drop all | ||
5 | net none | 15 | net none |
6 | shell none | 16 | shell none |
7 | private-bin cpio | 17 | tracelog |
8 | private-dev | 18 | net none |
19 | |||
9 | 20 | ||
10 | 21 | ||
diff --git a/etc/gzip.profile b/etc/gzip.profile index 3c9e8a9bf..8d35c9f66 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
@@ -4,3 +4,4 @@ tracelog | |||
4 | net none | 4 | net none |
5 | shell none | 5 | shell none |
6 | private-dev | 6 | private-dev |
7 | private-tmp | ||
diff --git a/etc/strings.profile b/etc/strings.profile index 8be9a5719..9bc67cfb8 100644 --- a/etc/strings.profile +++ b/etc/strings.profile | |||
@@ -4,3 +4,4 @@ tracelog | |||
4 | net none | 4 | net none |
5 | shell none | 5 | shell none |
6 | private-dev | 6 | private-dev |
7 | private-tmp | ||
diff --git a/etc/xz.profile b/etc/xz.profile new file mode 100644 index 000000000..709585acd --- /dev/null +++ b/etc/xz.profile | |||
@@ -0,0 +1,2 @@ | |||
1 | # xz profile | ||
2 | include /etc/firejail/cpio.profile | ||
diff --git a/etc/xzdec.profile b/etc/xzdec.profile index ade46dddd..1bff66965 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile | |||
@@ -1,7 +1,7 @@ | |||
1 | # XZ decompressor profile | 1 | # xzdec profile |
2 | include /etc/firejail/default.profile | 2 | include /etc/firejail/default.profile |
3 | tracelog | 3 | tracelog |
4 | net none | 4 | net none |
5 | shell none | 5 | shell none |
6 | private-dev | 6 | private-dev |
7 | 7 | private-tmp | |