From 018d75775eab4a0f045949a9d069c57686ca2686 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 21 Apr 2020 08:24:28 -0400 Subject: reorganize github etc directory --- etc/profile-m-z/ping.profile | 56 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 etc/profile-m-z/ping.profile (limited to 'etc/profile-m-z/ping.profile') diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile new file mode 100644 index 000000000..3ef8ad64a --- /dev/null +++ b/etc/profile-m-z/ping.profile @@ -0,0 +1,56 @@ +# Firejail profile for ping +# Description: send ICMP ECHO_REQUEST to network hosts +# This file is overwritten after every install/update +quiet +# Persistent local customizations +include ping.local +# Persistent global definitions +include globals.local + +blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* +blacklist ${RUNUSER} + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +include whitelist-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.keep net_raw +ipc-namespace +#net tun0 +#netfilter /etc/firejail/ping.net +netfilter +no3d +nodvd +nogroups +# ping needs to rise privileges, noroot and nonewprivs will kill it +#nonewprivs +#noroot +nosound +notv +nou2f +novideo +# protocol command is built using seccomp; nonewprivs will kill it +#protocol unix,inet,inet6,netlink,packet +# killed by no-new-privs +#seccomp + +disable-mnt +private +#private-bin has mammoth problems with execvp: "No such file or directory" +private-dev +# /etc/hosts is required in private-etc; however, just adding it to the list doesn't solve the problem! +#private-etc ca-certificates,crypto-policies,hosts,pki,resolv.conf,ssl +private-tmp + +# memory-deny-write-execute is built using seccomp; nonewprivs will kill it +#memory-deny-write-execute -- cgit v1.2.3-54-g00ecf