From ae5948cb84bd1327ab9f6f0577fd75bfe9a74787 Mon Sep 17 00:00:00 2001 From: Tad Date: Mon, 18 Sep 2017 14:27:58 -0400 Subject: Add a profile for clamdscan, clamdtop, and freshclam --- etc/freshclam.profile | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 etc/freshclam.profile (limited to 'etc/freshclam.profile') diff --git a/etc/freshclam.profile b/etc/freshclam.profile new file mode 100644 index 000000000..08eac5595 --- /dev/null +++ b/etc/freshclam.profile @@ -0,0 +1,34 @@ +# Firejail profile for freshclam +# This file is overwritten after every install/update +quiet +# Persistent local customizations +include /etc/firejail/clamav.local +# Persistent global definitions +include /etc/firejail/globals.local + + +caps.keep setgid,setuid +ipc-namespace +netfilter +no3d +nodvd +nogroups +nonewprivs +nosound +notv +novideo +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +disable-mnt +private +private-dev +private-tmp +writable-var +writable-var-log + +memory-deny-write-execute +noexec ${HOME} +noexec /tmp -- cgit v1.2.3-54-g00ecf