From 863e09e7c9e964b6feb760f7642ee629b29a5702 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 10 Nov 2015 07:56:29 -0500 Subject: added dnscrypt-proxy and unbound profiles --- etc/dnscrypt-proxy.profile | 8 ++++++++ etc/unbound.profile | 8 ++++++++ 2 files changed, 16 insertions(+) create mode 100644 etc/dnscrypt-proxy.profile create mode 100644 etc/unbound.profile (limited to 'etc') diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile new file mode 100644 index 000000000..e0c5c93a3 --- /dev/null +++ b/etc/dnscrypt-proxy.profile @@ -0,0 +1,8 @@ +# security profile for dnscrypt-proxy +noblacklist /sbin +noblacklist /usr/sbin +include /etc/firejail/disable-mgmt.inc +private +private-dev +seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open + diff --git a/etc/unbound.profile b/etc/unbound.profile new file mode 100644 index 000000000..4dd00178b --- /dev/null +++ b/etc/unbound.profile @@ -0,0 +1,8 @@ +# security profile for unbound (https://unbound.net) +noblacklist /sbin +noblacklist /usr/sbin +include /etc/firejail/disable-mgmt.inc +private +private-dev +seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,open_by_handle_at,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,perf_event_open + -- cgit v1.2.3-54-g00ecf