Commit 845bd066 authored by The Fox in the Shell's avatar The Fox in the Shell

profiles: Add nonewprivs where sensible

parent 4125505f
......@@ -12,6 +12,7 @@ protocol unix,inet,inet6,netlink
netfilter
tracelog
noroot
nonewprivs
# Whitelists
noblacklist ~/.cache/0ad
......
......@@ -16,4 +16,5 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
seccomp
nonewprivs
noroot
......@@ -11,6 +11,7 @@ seccomp
protocol unix,inet,inet6,netlink
netfilter
tracelog
nonewprivs
noroot
whitelist ${DOWNLOADS}
......
......@@ -9,6 +9,7 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
tracelog
netfilter
......@@ -7,4 +7,5 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
......@@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc
# Call these options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
......
......@@ -9,3 +9,4 @@ private
private-dev
seccomp
netfilter
nonewprivs
......@@ -19,6 +19,7 @@ seccomp
protocol unix,inet,inet6,netlink
netfilter
tracelog
nonewprivs
noroot
include /etc/firejail/whitelist-common.inc
nosound
......@@ -7,4 +7,5 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
......@@ -10,6 +10,7 @@ caps.drop all
seccomp
protocol unix,inet,inet6
netfilter
nonewprivs
noroot
private-bin cmus
......
......@@ -7,6 +7,7 @@ caps.drop all
seccomp
protocol unix,inet,inet6
netfilter
nonewprivs
noroot
whitelist ~/.conkeror.mozdev.org
......
......@@ -11,6 +11,7 @@ seccomp
protocol unix,inet,inet6,netlink
netfilter
tracelog
nonewprivs
noroot
whitelist ${DOWNLOADS}
......
......@@ -9,4 +9,5 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
......@@ -11,5 +11,6 @@ caps.drop all
seccomp
protocol unix,inet,inet6
netfilter
nonewprivs
noroot
......@@ -9,5 +9,6 @@ caps.drop all
seccomp
protocol unix,inet,inet6
netfilter
nonewprivs
noroot
nosound
......@@ -11,6 +11,7 @@ seccomp
protocol unix,inet,inet6
netfilter
tracelog
nonewprivs
noroot
whitelist ${DOWNLOADS}
......
......@@ -11,3 +11,4 @@ protocol unix,inet,inet6,netlink
netfilter
private
private-dev
nonewprivs
......@@ -6,4 +6,5 @@ include /etc/firejail/disable-passwdmgr.inc
caps
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
......@@ -7,3 +7,4 @@ caps.drop all
seccomp
protocol unix,inet,inet6
netfilter
nonewprivs
......@@ -23,4 +23,4 @@ caps.drop all
seccomp
protocol unix,inet,inet6
netfilter
nonewprivs
......@@ -7,5 +7,6 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
nosound
......@@ -10,5 +10,6 @@ caps.drop all
seccomp
protocol unix,inet,inet6
netfilter
nonewprivs
noroot
nosound
......@@ -9,6 +9,7 @@ include /etc/firejail/disable-devel.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
netfilter
nosound
......@@ -11,6 +11,7 @@ seccomp
protocol unix,inet,inet6,netlink
netfilter
tracelog
nonewprivs
noroot
whitelist ${DOWNLOADS}
......
......@@ -18,6 +18,7 @@ caps.drop all
seccomp
protocol unix,inet,inet6,netlink
netfilter
nonewprivs
noroot
whitelist ${DOWNLOADS}
......
......@@ -7,4 +7,5 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
......@@ -9,6 +9,7 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
seccomp
protocol unix,inet,inet6,netlink
nonewprivs
noroot
netfilter
......
......@@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc
# Call these options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
......
......@@ -8,6 +8,7 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
seccomp
protocol unix
nonewprivs
noroot
nogroups
private-dev
......
......@@ -7,6 +7,7 @@ include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
caps.drop all
nonewprivs
noroot
private-dev
seccomp
......
......@@ -9,6 +9,7 @@ include /etc/firejail/disable-devel.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
netfilter
......
......@@ -10,5 +10,6 @@ caps.drop all
seccomp
protocol unix,inet,inet6,netlink
netfilter
nonewprivs
noroot
tracelog
......@@ -11,6 +11,7 @@ caps.drop all
seccomp
protocol inet,inet6
netfilter
nonewprivs
noroot
private-bin mcabber
......
......@@ -16,6 +16,7 @@ mkdir ${HOME}/.config
mkdir ${HOME}/.config/mupen64plus
whitelist ${HOME}/.config/mupen64plus/
nonewprivs
noroot
caps.drop all
seccomp
......
......@@ -11,6 +11,7 @@ seccomp
protocol unix,inet,inet6,netlink
netfilter
tracelog
nonewprivs
noroot
whitelist ${DOWNLOADS}
......
......@@ -9,6 +9,7 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
seccomp
protocol unix
nonewprivs
noroot
nogroups
private-dev
......
......@@ -16,6 +16,7 @@ seccomp
protocol unix,inet,inet6,netlink
netfilter
tracelog
nonewprivs
noroot
whitelist ${DOWNLOADS}
......
......@@ -11,5 +11,6 @@ caps.drop all
seccomp
protocol unix,inet,inet6
netfilter
nonewprivs
noroot
shell none
......@@ -8,4 +8,5 @@ include /etc/firejail/disable-devel.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
......@@ -24,6 +24,7 @@ include /etc/firejail/whitelist-common.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
netfilter
......@@ -8,5 +8,6 @@ caps.drop all
seccomp
protocol unix,inet,inet6
netfilter
nonewprivs
noroot
nosound
......@@ -12,4 +12,5 @@ include /etc/firejail/whitelist-common.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
......@@ -6,5 +6,6 @@ include /etc/firejail/disable-devel.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
netfilter
......@@ -20,6 +20,7 @@ seccomp
protocol unix,inet,inet6
netfilter
tracelog
nonewprivs
noroot
nogroups
shell none
......
......@@ -11,6 +11,7 @@ seccomp
protocol unix,inet,inet6,netlink
netfilter
tracelog
nonewprivs
noroot
whitelist ${DOWNLOADS}
......
......@@ -7,5 +7,6 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
netfilter
......@@ -8,5 +8,6 @@ caps.drop all
seccomp
protocol unix,inet,inet6
netfilter
nonewprivs
noroot
nosound
......@@ -10,6 +10,7 @@ seccomp
protocol unix,inet,inet6,netlink
netfilter
tracelog
nonewprivs
noroot
whitelist ${DOWNLOADS}
......
......@@ -6,6 +6,7 @@ include /etc/firejail/disable-devel.inc
caps.drop all
netfilter
nonewprivs
noroot
seccomp
protocol unix,inet,inet6
......@@ -26,5 +26,6 @@ caps.drop all
seccomp
protocol unix,inet,inet6,netlink
netfilter
nonewprivs
noroot
......@@ -9,4 +9,5 @@ caps.drop all
seccomp
protocol unix,inet,inet6
netfilter
nonewprivs
noroot
......@@ -8,6 +8,7 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
netfilter
nonewprivs
noroot
seccomp
protocol unix,inet,inet6
......@@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc
# Call these options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
......
......@@ -7,6 +7,7 @@ include /etc/firejail/disable-devel.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
netfilter
......
......@@ -10,5 +10,6 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
netfilter
......@@ -11,6 +11,7 @@ caps.drop all
seccomp
protocol unix,inet,inet6
netfilter
nonewprivs
noroot
tracelog
nosound
......@@ -11,6 +11,7 @@ caps.drop all
seccomp
protocol unix,inet,inet6
netfilter
nonewprivs
noroot
tracelog
nosound
......@@ -9,6 +9,7 @@ caps.drop all
seccomp
protocol unix,inet,inet6
netfilter
nonewprivs
noroot
whitelist ${DOWNLOADS}
......
......@@ -6,6 +6,7 @@ include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-devel.inc
netfilter
nonewprivs
whitelist ${DOWNLOADS}
mkdir ~/.config
......
......@@ -9,5 +9,6 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
netfilter
......@@ -9,6 +9,7 @@ include /etc/firejail/disable-programs.inc
# Call these options
caps.drop all
netfilter
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
......
......@@ -7,5 +7,6 @@ caps.drop all
seccomp
protocol unix,inet,inet6
netfilter
nonewprivs
noroot
netfilter
......@@ -11,6 +11,7 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
private-dev
......
......@@ -9,5 +9,6 @@ include /etc/firejail/disable-devel.inc
caps.drop all
netfilter
nonewprivs
noroot
seccomp
......@@ -8,4 +8,5 @@ include /etc/firejail/disable-devel.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
......@@ -10,6 +10,7 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
tracelog
netfilter
......@@ -11,6 +11,7 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
seccomp
protocol unix,inet,inet6
nonewprivs
noroot
tracelog
netfilter
......@@ -9,5 +9,6 @@ caps.drop all
seccomp
protocol unix,inet,inet6
noroot
nonewprivs
tracelog
netfilter
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment