From 9b99215a1eb2ac5ff8fddeff3e43b725fee18ca2 Mon Sep 17 00:00:00 2001 From: smitsohu Date: Mon, 25 Sep 2017 15:57:50 +0200 Subject: various profile enhancements * okular needs kdeinit4 for open file dialog since recently * memory-deny-write-execute should be a safe addition for desktop use of dnscrypt and unbound * cleanup works --- etc/baloo_file.profile | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'etc/baloo_file.profile') diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 4e603971f..2c2d70c00 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile @@ -17,6 +17,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/whitelist-var-common.inc + caps.drop all no3d nodvd @@ -29,8 +31,10 @@ novideo protocol unix # Baloo makes ioprio_set system calls, which are blacklisted by default. seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,kcmp,keyctl,name_to_handle_at,ni_syscall,open_by_handle_at,personality,process_vm_readv,ptrace,remap_file_pages,request_key,syslog,umount,userfaultfd,vmsplice +shell none x11 xorg +private-bin baloo_file,baloo_file_extractor,kbuildsycoca4 private-dev private-tmp -- cgit v1.2.3-70-g09d2