blob: db4113f9469649e74f287f83a590a3cc18b16e72 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# This is the weakest possible firejail profile.
# If a program still fail with this profile, it is incompatible with firejail.
# (from https://gist.github.com/rusty-snake/bb234cb3e50e1e4e7429f29a7931cc72)
#
# Usage:
# 1. download
# 2. firejail --profile=noprofile.profile /path/to/program
# Keep in mind that even with this profile some things are done
# which can break the program.
# - some env-vars are cleared
# - /etc/firejail/firejail.config can contain options such as 'force-nonewprivs yes'
# - a new private pid-namespace is created
# - a minimal hardcoded blacklist is applied
# - ...
noblacklist /sys/fs
noblacklist /sys/module
allow-debuggers
allusers
keep-config-pulse
keep-dev-shm
keep-fd all
keep-var-tmp
writable-etc
writable-run-user
writable-var
writable-var-log
|