Commit 5660c175 authored by Nong Hoang Tu's avatar Nong Hoang Tu
Browse files

disable private-etc (vbox crashes before run) and add sys_admin for host_only network

parent c4509b8b
......@@ -35,7 +35,7 @@ include whitelist-var-common.inc
# For host-only network sys_admin is needed. See https://github.com/netblue30/firejail/issues/2868#issuecomment-518647630
apparmor
caps.keep net_raw,sys_nice
caps.keep net_raw,sys_nice,sys_admin
netfilter
nodvd
#nogroups
......@@ -46,7 +46,7 @@ tracelog
#disable-mnt
#private-bin awk,basename,bash,env,gawk,grep,ps,readlink,sh,virtualbox,VirtualBox,VBox*,vbox*,whoami
private-cache
private-etc alsa,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,hostname,hosts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl
#private-etc alsa,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,hostname,hosts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl
private-tmp
dbus-user none
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment