From 4d2059df3b50b8eb8897ef66f702f55f0d54eabc Mon Sep 17 00:00:00 2001 From: valoq Date: Fri, 18 Nov 2016 21:23:04 +0100 Subject: various fixes --- etc/empathy.profile | 2 ++ etc/keepass2.profile | 6 ++++++ etc/kmail.profile | 2 +- etc/mupdf.profile | 2 +- etc/qemu-launcher.profile | 20 ++++++++++++++++++++ etc/qemu-system-x86_64.profile | 18 ++++++++++++++++++ 6 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 etc/keepass2.profile create mode 100644 etc/qemu-launcher.profile create mode 100644 etc/qemu-system-x86_64.profile (limited to 'etc') diff --git a/etc/empathy.profile b/etc/empathy.profile index 371100814..2a0a6389c 100644 --- a/etc/empathy.profile +++ b/etc/empathy.profile @@ -6,5 +6,7 @@ include /etc/firejail/disable-devel.inc caps.drop all netfilter nonewprivs +nogroups +noroot protocol unix,inet,inet6 seccomp diff --git a/etc/keepass2.profile b/etc/keepass2.profile new file mode 100644 index 000000000..fd390f7ed --- /dev/null +++ b/etc/keepass2.profile @@ -0,0 +1,6 @@ +# keepass password manager profile + +#noblacklist ${HOME}/.config/KeePass +#noblacklist ${HOME}/.keepass + +include /etc/firejail/keepass.profile diff --git a/etc/kmail.profile b/etc/kmail.profile index bc21ba604..410ff36c6 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile @@ -16,4 +16,4 @@ seccomp tracelog private-dev -private-tmp +# private-tmp diff --git a/etc/mupdf.profile b/etc/mupdf.profile index e022866e8..dc23d5840 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile @@ -16,7 +16,7 @@ net none shell none tracelog -#seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev +#seccomp.keep access,arch_prctl,brk,clone,close,connect,execve,exit_group,fchmod,fchown,fcntl,fstat,futex,getcwd,getpeername,getrlimit,getsockname,getsockopt,lseek,lstat,mlock,mmap,mprotect,mremap,munmap,nanosleep,open,poll,prctl,read,recvfrom,recvmsg,restart_syscall,rt_sigaction,rt_sigprocmask,select,sendmsg,set_robust_list,set_tid_address,setresgid,setresuid,shmat,shmctl,shmget,shutdown,socket,stat,sysinfo,uname,unshare,wait4,write,writev private-bin mupdf private-tmp diff --git a/etc/qemu-launcher.profile b/etc/qemu-launcher.profile new file mode 100644 index 000000000..9fa8a91d4 --- /dev/null +++ b/etc/qemu-launcher.profile @@ -0,0 +1,20 @@ +# qemu-launcher profile + +noblacklist ~/.qemu-launcher + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nogroups +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +private-tmp + diff --git a/etc/qemu-system-x86_64.profile b/etc/qemu-system-x86_64.profile new file mode 100644 index 000000000..3d4587fb1 --- /dev/null +++ b/etc/qemu-system-x86_64.profile @@ -0,0 +1,18 @@ +# qemu profile + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +netfilter +nogroups +nonewprivs +noroot +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +private-tmp + -- cgit v1.2.3-70-g09d2