From 36b17bbdeecdefcd7c92b46d2f9c13609c0f9c17 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sat, 23 Jan 2016 10:25:46 -0500 Subject: tightening unbound and dnscrypt-proxy profiles --- etc/dnscrypt-proxy.profile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'etc/dnscrypt-proxy.profile') diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index fc6b614fd..d13bab06b 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile @@ -4,7 +4,8 @@ noblacklist /usr/sbin include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-secret.incprivate +include /etc/firejail/disable-secret.inc +private private-dev seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open -- cgit v1.2.3-54-g00ecf