diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/brackets.profile | 2 | ||||
-rw-r--r-- | etc/dig.profile | 3 | ||||
-rw-r--r-- | etc/enpass.profile | 2 | ||||
-rw-r--r-- | etc/gpg.profile | 9 | ||||
-rw-r--r-- | etc/mpd.profile | 4 | ||||
-rw-r--r-- | etc/tar.profile | 3 | ||||
-rw-r--r-- | etc/whois.profile | 3 |
7 files changed, 21 insertions, 5 deletions
diff --git a/etc/brackets.profile b/etc/brackets.profile index 1c03b2119..17e742d4b 100644 --- a/etc/brackets.profile +++ b/etc/brackets.profile | |||
@@ -24,7 +24,7 @@ notv | |||
24 | nou2f | 24 | nou2f |
25 | novideo | 25 | novideo |
26 | protocol unix,inet,inet6,netlink | 26 | protocol unix,inet,inet6,netlink |
27 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplic | 27 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
28 | shell none | 28 | shell none |
29 | 29 | ||
30 | private-cache | 30 | private-cache |
diff --git a/etc/dig.profile b/etc/dig.profile index a27ae6be4..e3f25f26e 100644 --- a/etc/dig.profile +++ b/etc/dig.profile | |||
@@ -1,5 +1,6 @@ | |||
1 | quiet | ||
2 | # Firejail profile for dig | 1 | # Firejail profile for dig |
2 | # Description: DNS lookup utility | ||
3 | quiet | ||
3 | # This file is overwritten after every install/update | 4 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 5 | # Persistent local customizations |
5 | include dig.local | 6 | include dig.local |
diff --git a/etc/enpass.profile b/etc/enpass.profile index 3208c9454..5e461bc43 100644 --- a/etc/enpass.profile +++ b/etc/enpass.profile | |||
@@ -1,3 +1,5 @@ | |||
1 | # Firejail profile for enpass | ||
2 | # Description: A multiplatform password manager | ||
1 | # This file is overwritten after every install/update. | 3 | # This file is overwritten after every install/update. |
2 | # Persistent local customisations | 4 | # Persistent local customisations |
3 | include enpass.local | 5 | include enpass.local |
diff --git a/etc/gpg.profile b/etc/gpg.profile index e920b9072..47e6e5265 100644 --- a/etc/gpg.profile +++ b/etc/gpg.profile | |||
@@ -29,9 +29,16 @@ nou2f | |||
29 | novideo | 29 | novideo |
30 | protocol unix,inet,inet6 | 30 | protocol unix,inet,inet6 |
31 | seccomp | 31 | seccomp |
32 | shell none | 32 | # Causes gpg to hang |
33 | #shell none | ||
33 | tracelog | 34 | tracelog |
34 | 35 | ||
35 | # private-bin gpg,gpg-agent | 36 | # private-bin gpg,gpg-agent |
36 | private-cache | 37 | private-cache |
37 | private-dev | 38 | private-dev |
39 | |||
40 | # On Arch 'archlinux-keyring' needs read-write access to /etc/pacman.d/gnupg | ||
41 | # and /usr/share/pacman/keyrings. Although this works, it makes | ||
42 | # installing/upgrading archlinux-keyring extremely slow. | ||
43 | read-write /etc/pacman.d/gnupg | ||
44 | read-write /usr/share/pacman/keyrings | ||
diff --git a/etc/mpd.profile b/etc/mpd.profile index 4f0977c40..e06b83aa9 100644 --- a/etc/mpd.profile +++ b/etc/mpd.profile | |||
@@ -28,7 +28,9 @@ notv | |||
28 | nou2f | 28 | nou2f |
29 | novideo | 29 | novideo |
30 | protocol unix,inet,inet6 | 30 | protocol unix,inet,inet6 |
31 | seccomp | 31 | # blacklisting of ioprio_set system calls breaks auto-updating of |
32 | # MPD's database when files in music_directory are changed | ||
33 | seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice | ||
32 | shell none | 34 | shell none |
33 | 35 | ||
34 | #private-bin mpd,bash | 36 | #private-bin mpd,bash |
diff --git a/etc/tar.profile b/etc/tar.profile index cbf421914..9a5f00f65 100644 --- a/etc/tar.profile +++ b/etc/tar.profile | |||
@@ -29,4 +29,7 @@ private-dev | |||
29 | private-etc passwd,group,localtime | 29 | private-etc passwd,group,localtime |
30 | private-lib | 30 | private-lib |
31 | 31 | ||
32 | # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) | ||
33 | writable-var | ||
34 | |||
32 | include default.profile | 35 | include default.profile |
diff --git a/etc/whois.profile b/etc/whois.profile index 368f8b5bb..78236c02f 100644 --- a/etc/whois.profile +++ b/etc/whois.profile | |||
@@ -1,5 +1,6 @@ | |||
1 | quiet | ||
2 | # Firejail profile for whois | 1 | # Firejail profile for whois |
2 | # Description: Intelligent WHOIS client | ||
3 | quiet | ||
3 | # This file is overwritten after every install/update | 4 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 5 | # Persistent local customizations |
5 | include whois.local | 6 | include whois.local |