From 39dc3c893b5d895ed9db9071dd47b3de7b28f2fd Mon Sep 17 00:00:00 2001 From: Tad Date: Mon, 7 Aug 2017 14:24:51 -0400 Subject: Unify last 8 profiles --- etc/server.profile | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) (limited to 'etc/server.profile') diff --git a/etc/server.profile b/etc/server.profile index 2d79fa1c8..b0dd13f80 100644 --- a/etc/server.profile +++ b/etc/server.profile @@ -1,25 +1,37 @@ -# Persistent global definitions go here -include /etc/firejail/globals.local - -# This file is overwritten during software install. -# Persistent customizations should go in a .local file. +# Firejail profile for server +# This file is overwritten after every install/update +# Persistent local customizations include /etc/firejail/server.local +# Persistent global definitions +include /etc/firejail/globals.local # generic server profile # it allows /sbin and /usr/sbin directories - this is where servers are installed +# depending on your usage, you can enable some of the commands below: + +blacklist /tmp/.X11-unix + noblacklist /sbin noblacklist /usr/sbin + include /etc/firejail/disable-common.inc -include /etc/firejail/disable-programs.inc +# include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc -blacklist /tmp/.X11-unix - +caps no3d nosound seccomp -caps +# disable-mnt private +# private-bin program private-dev +# private-etc none +# private-lib private-tmp + +# memory-deny-write-execute +# noexec ${HOME} +# noexec /tmp -- cgit v1.2.3-54-g00ecf