blob: 7d0e01d98ae08676eea715e1168a77d352266b3f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
# This is the weakest possible firejail profile.
# If a program still fails with this profile, it is incompatible with firejail.
# (from https://gist.github.com/rusty-snake/bb234cb3e50e1e4e7429f29a7931cc72)
#
# Usage:
# $ firejail --profile=noprofile.profile /path/to/program
# Keep in mind that even with this profile some things are done
# which can break the program:
# - some env-vars are cleared;
# - /etc/firejail/firejail.config can contain options such as 'force-nonewprivs yes';
# - a new private pid-namespace is created;
# - a minimal hardcoded blacklist is applied;
# - ...
noblacklist /sys/fs
noblacklist /sys/module
allow-debuggers
allusers
keep-config-pulse
keep-dev-shm
keep-fd all
keep-var-tmp
writable-etc
writable-run-user
writable-var
writable-var-log
|
