From 9e3ba319be6b9546d7e8f450ca419ee2f3f4040b Mon Sep 17 00:00:00 2001 From: Tad Date: Mon, 7 Aug 2017 01:22:08 -0400 Subject: Unify all profiles --- etc/wireshark.profile | 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) (limited to 'etc/wireshark.profile') diff --git a/etc/wireshark.profile b/etc/wireshark.profile index d5f3b8c4b..0c4bc8029 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile @@ -1,39 +1,35 @@ -# Persistent global definitions go here -include /etc/firejail/globals.local - -# This file is overwritten during software install. -# Persistent customizations should go in a .local file. +# Firejail profile for wireshark +# This file is overwritten after every install/update +# Persistent local customizations include /etc/firejail/wireshark.local +# Persistent global definitions +include /etc/firejail/globals.local -# Firejail profile for noblacklist ${HOME}/.config/wireshark include /etc/firejail/disable-common.inc -include /etc/firejail/disable-programs.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc -# -# The profile allows users to run wireshark as root -# -#caps.drop all -#noroot -#protocol unix,inet,inet6,netlink - -#ipc-namespace netfilter no3d -# nogroups - breaks unprivileged wireshark usage -# nonewprivs - breaks unprivileged wireshark usage nosound -# seccomp - breaks unprivileged wireshark usage shell none tracelog -#private-bin wireshark -# private-etc fonts,group,hosts,machine-id,passwd +# private-bin wireshark private-dev +# private-etc fonts,group,hosts,machine-id,passwd private-tmp noexec ${HOME} noexec /tmp + +# CLOBBERED COMMENTS +# caps.drop all +# nogroups - breaks unprivileged wireshark usage +# nonewprivs - breaks unprivileged wireshark usage +# noroot +# protocol unix,inet,inet6,netlink +# seccomp - breaks unprivileged wireshark usage -- cgit v1.2.3-70-g09d2