From 47dba686e4389d0e8820da52918250ee8f6c9a49 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Fri, 18 Aug 2017 15:32:11 +0200
Subject: bring back options

---
 etc/skanlite.profile | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'etc/skanlite.profile')

diff --git a/etc/skanlite.profile b/etc/skanlite.profile
index 0338bc452..d34d2e92d 100644
--- a/etc/skanlite.profile
+++ b/etc/skanlite.profile
@@ -12,18 +12,20 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
 caps.drop all
-netfilter
+# net none
 nodvd
 nogroups
 nonewprivs
 noroot
 nosound
 notv
-# protocol unix,inet,inet6
-seccomp
+novideo
+protocol unix,netlink
+# skanlite makes ioperm system calls, which are blacklisted by default.
+seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,chroot,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice
 shell none
 
-# private-bin skanlite
+private-bin skanlite,kbuildsycoca4
 # private-dev
 # private-etc
 # private-tmp
-- 
cgit v1.2.3-70-g09d2