ssh.profile 700 Bytes
Newer Older
Tad's avatar
Tad committed
1
# Firejail profile for ssh
2
# Description: Secure shell client and server
Tad's avatar
Tad committed
3
# This file is overwritten after every install/update
netblue30's avatar
netblue30 committed
4
quiet
Tad's avatar
Tad committed
5
# Persistent local customizations
6
include ssh.local
Tad's avatar
Tad committed
7
# Persistent global definitions
8
include globals.local
9

netblue30's avatar
netblue30 committed
10
noblacklist /etc/ssh
Tad's avatar
Tad committed
11
noblacklist /tmp/ssh-*
12
noblacklist ${HOME}/.ssh
13

14 15 16
include disable-common.inc
include disable-passwdmgr.inc
include disable-programs.inc
17

netblue30's avatar
netblue30 committed
18
caps.drop all
Tad's avatar
Tad committed
19
ipc-namespace
netblue30's avatar
netblue30 committed
20
netfilter
Tad's avatar
Tad committed
21
no3d
Tad's avatar
Tad committed
22
nodvd
Tad's avatar
Tad committed
23
nogroups
24
nonewprivs
25
# noroot - see issue #1543
Tad's avatar
Tad committed
26
nosound
Tad's avatar
Tad committed
27
notv
28
nou2f
29 30
protocol unix,inet,inet6
seccomp
Tad's avatar
Tad committed
31 32 33
shell none
tracelog

34
private-cache
Tad's avatar
Tad committed
35
private-dev
Tad's avatar
Tad committed
36
# private-tmp # Breaks when exiting
Tad's avatar
Tad committed
37

38
memory-deny-write-execute
Tad's avatar
Tad committed
39 40
noexec ${HOME}
noexec /tmp
41
writable-run-user