From 3b7882f84aa57c6b928d56e7682a90bfe13445d2 Mon Sep 17 00:00:00 2001 From: smitsohu Date: Wed, 31 Jan 2018 20:51:47 +0100 Subject: unbound fix (writable-var) - #1731 --- etc/unbound.profile | 3 +++ 1 file changed, 3 insertions(+) (limited to 'etc') diff --git a/etc/unbound.profile b/etc/unbound.profile index c03a25752..f3bb4f852 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile @@ -15,6 +15,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +whitelist /var/lib/unbound + caps.keep net_bind_service,setgid,setuid,sys_chroot,sys_resource no3d nodvd @@ -23,6 +25,7 @@ nosound notv novideo seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open +writable-var disable-mnt private -- cgit v1.2.3-70-g09d2