diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/dnscrypt-proxy.profile | 1 | ||||
-rw-r--r-- | etc/dnsmasq.profile | 1 | ||||
-rw-r--r-- | etc/file.profile | 6 | ||||
-rw-r--r-- | etc/gzip.profile | 5 | ||||
-rw-r--r-- | etc/server.profile | 2 | ||||
-rw-r--r-- | etc/tar.profile | 6 | ||||
-rw-r--r-- | etc/unrar.profile | 6 | ||||
-rw-r--r-- | etc/unzip.profile | 6 | ||||
-rw-r--r-- | etc/uudeview.profile | 2 | ||||
-rw-r--r-- | etc/xzdec.profile | 5 |
10 files changed, 34 insertions, 6 deletions
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index 90c244e03..926b8bfcc 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -9,5 +9,6 @@ include /etc/firejail/disable-passwdmgr.inc | |||
9 | private | 9 | private |
10 | private-dev | 10 | private-dev |
11 | nosound | 11 | nosound |
12 | no3d | ||
12 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open | 13 | seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open |
13 | 14 | ||
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index 1c01d44e4..3bd43f144 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile | |||
@@ -12,5 +12,6 @@ nonewprivs | |||
12 | private | 12 | private |
13 | private-dev | 13 | private-dev |
14 | nosound | 14 | nosound |
15 | no3d | ||
15 | protocol unix,inet,inet6,netlink | 16 | protocol unix,inet,inet6,netlink |
16 | seccomp | 17 | seccomp |
diff --git a/etc/file.profile b/etc/file.profile index c2d7b0b0f..860f7b104 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
@@ -7,7 +7,11 @@ tracelog | |||
7 | net none | 7 | net none |
8 | shell none | 8 | shell none |
9 | private-bin file | 9 | private-bin file |
10 | private-dev | ||
11 | private-etc magic.mgc,magic,localtime | 10 | private-etc magic.mgc,magic,localtime |
12 | hostname file | 11 | hostname file |
12 | private-dev | ||
13 | nosound | 13 | nosound |
14 | no3d | ||
15 | private-tmp | ||
16 | blacklist /tmp/.X11-unix | ||
17 | |||
diff --git a/etc/gzip.profile b/etc/gzip.profile index ce4aa3c4b..4843839c5 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
@@ -5,6 +5,9 @@ include /etc/firejail/default.profile | |||
5 | tracelog | 5 | tracelog |
6 | net none | 6 | net none |
7 | shell none | 7 | shell none |
8 | private-dev | ||
9 | private-tmp | 8 | private-tmp |
9 | blacklist /tmp/.X11-unix | ||
10 | private-dev | ||
10 | nosound | 11 | nosound |
12 | no3d | ||
13 | |||
diff --git a/etc/server.profile b/etc/server.profile index 88331d951..22cef0a3c 100644 --- a/etc/server.profile +++ b/etc/server.profile | |||
@@ -9,6 +9,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
9 | private | 9 | private |
10 | private-dev | 10 | private-dev |
11 | nosound | 11 | nosound |
12 | no3d | ||
12 | private-tmp | 13 | private-tmp |
14 | blacklist /tmp/.X11-unix | ||
13 | seccomp | 15 | seccomp |
14 | 16 | ||
diff --git a/etc/tar.profile b/etc/tar.profile index 78bf7ad13..3f6599784 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -10,6 +10,10 @@ shell none | |||
10 | # support compressed archives | 10 | # support compressed archives |
11 | private-bin sh,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop | 11 | private-bin sh,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop |
12 | private-dev | 12 | private-dev |
13 | nosound | ||
14 | no3d | ||
13 | private-etc passwd,group,localtime | 15 | private-etc passwd,group,localtime |
14 | hostname tar | 16 | hostname tar |
15 | nosound | 17 | private-tmp |
18 | blacklist /tmp/.X11-unix | ||
19 | |||
diff --git a/etc/unrar.profile b/etc/unrar.profile index e941a8f2a..f29d1b51b 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile | |||
@@ -8,6 +8,10 @@ net none | |||
8 | shell none | 8 | shell none |
9 | private-bin unrar | 9 | private-bin unrar |
10 | private-dev | 10 | private-dev |
11 | nosound | ||
12 | no3d | ||
11 | private-etc passwd,group,localtime | 13 | private-etc passwd,group,localtime |
12 | hostname unrar | 14 | hostname unrar |
13 | nosound | 15 | private-tmp |
16 | blacklist /tmp/.X11-unix | ||
17 | |||
diff --git a/etc/unzip.profile b/etc/unzip.profile index ab69e932e..957dbdd71 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile | |||
@@ -7,7 +7,11 @@ tracelog | |||
7 | net none | 7 | net none |
8 | shell none | 8 | shell none |
9 | private-bin unzip | 9 | private-bin unzip |
10 | private-dev | ||
11 | private-etc passwd,group,localtime | 10 | private-etc passwd,group,localtime |
12 | hostname unzip | 11 | hostname unzip |
12 | private-dev | ||
13 | nosound | 13 | nosound |
14 | no3d | ||
15 | private-tmp | ||
16 | blacklist /tmp/.X11-unix | ||
17 | |||
diff --git a/etc/uudeview.profile b/etc/uudeview.profile index f6fe0abf1..51e413493 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile | |||
@@ -13,3 +13,5 @@ private-tmp | |||
13 | private-etc nonexisting_fakefile_for_empty_etc | 13 | private-etc nonexisting_fakefile_for_empty_etc |
14 | hostname uudeview | 14 | hostname uudeview |
15 | nosound | 15 | nosound |
16 | uudeview | ||
17 | |||
diff --git a/etc/xzdec.profile b/etc/xzdec.profile index 3692160e6..0647bddeb 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile | |||
@@ -5,6 +5,9 @@ include /etc/firejail/default.profile | |||
5 | tracelog | 5 | tracelog |
6 | net none | 6 | net none |
7 | shell none | 7 | shell none |
8 | private-dev | ||
9 | private-tmp | 8 | private-tmp |
9 | blacklist /tmp/.X11-unix | ||
10 | private-dev | ||
10 | nosound | 11 | nosound |
12 | no3d | ||
13 | |||