From 743df7f3d87ce74772418b74e4b6ac93aa4479f6 Mon Sep 17 00:00:00 2001 From: curiosity-seeker Date: Thu, 15 Dec 2016 13:00:43 +0100 Subject: Update skanlite.profile --- etc/skanlite.profile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/skanlite.profile b/etc/skanlite.profile index 4dcfa64d9..667b775c8 100644 --- a/etc/skanlite.profile +++ b/etc/skanlite.profile @@ -11,10 +11,10 @@ nonewprivs noroot nosound shell none -#seccomp -protocol unix,inet,inet6 +seccomp +# protocol unix,inet,inet6 -private-bin skanlite +# private-bin skanlite # private-dev # private-tmp # private-etc -- cgit v1.2.3-70-g09d2 From 0366efbeb5a0ebdec1d1e3368afcafb86e8d7148 Mon Sep 17 00:00:00 2001 From: curiosity-seeker Date: Thu, 15 Dec 2016 13:41:10 +0100 Subject: Update virtualbox.profile --- etc/virtualbox.profile | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/etc/virtualbox.profile b/etc/virtualbox.profile index 36a1e0704..1e765b89b 100644 --- a/etc/virtualbox.profile +++ b/etc/virtualbox.profile @@ -1,12 +1,22 @@ -# VirtualBox profile +# virtualbox profile noblacklist ${HOME}/.VirtualBox noblacklist ${HOME}/VirtualBox VMs noblacklist ${HOME}/.config/VirtualBox -noblacklist /usr/bin/virtualbox + +mkdir ~/VirtualBox VMs +whitelist ~/VirtualBox VMs +mkdir ~/.config/VirtualBox +whitelist ~/.config/VirtualBox + +# noblacklist /usr/bin/virtualbox +noblacklist /usr/lib/virtualbox +noblacklist /usr/lib64/virtualbox include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/whitelist-common.inc caps.drop all +netfilter -- cgit v1.2.3-70-g09d2 From 3d2673a8b96a13cd134842e4e25e3d4f7382bc1b Mon Sep 17 00:00:00 2001 From: curiosity-seeker Date: Thu, 15 Dec 2016 13:42:23 +0100 Subject: Create VirtualBox.profile --- etc/VirtualBox.profile | 1 + 1 file changed, 1 insertion(+) create mode 100644 etc/VirtualBox.profile diff --git a/etc/VirtualBox.profile b/etc/VirtualBox.profile new file mode 100644 index 000000000..ff0a4b6ef --- /dev/null +++ b/etc/VirtualBox.profile @@ -0,0 +1 @@ +include /etc/firejail/virtualbox.profile -- cgit v1.2.3-70-g09d2 From ff9c5c2d16fa743b63342627c6e85729a07e646d Mon Sep 17 00:00:00 2001 From: curiosity-seeker Date: Thu, 15 Dec 2016 13:43:23 +0100 Subject: Update disable-common.inc --- etc/disable-common.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/etc/disable-common.inc b/etc/disable-common.inc index b86c6f998..2da44a67c 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc @@ -191,6 +191,7 @@ blacklist ${PATH}/mount.ecryptfs_private # other SUID binaries blacklist /usr/lib/virtualbox +blacklist /usr/lib64/virtualbox # prevent lxterminal connecting to an existing lxterminal session blacklist /tmp/.lxterminal-socket* -- cgit v1.2.3-70-g09d2