281:866cafced685 · candolint

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/check-in-firejail.sh	Tue Aug 22 13:39:22 2017 +0800
@@ -0,0 +1,7 @@
+#!/bin/sh
+set -eu
+
+IFOUT=eth0
+
+firejail --profile=checker.profile --net=$IFOUT \
+    -- python -u checker.py "$@" 2>&1

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/checker.profile	Tue Aug 22 13:39:22 2017 +0800
@@ -0,0 +1,36 @@
+quiet
+
+noblacklist ${HOME}/.cache/pip/
+noblacklist ${HOME}/.cache/luarocks/
+noblacklist ${HOME}/.npm/
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+whitelist ${HOME}/candolint
+read-only ${HOME}/candolint
+
+mkdir ${HOME}/.cache/pip/
+mkdir ${HOME}/.cache/luarocks/
+mkdir ${HOME}/.npm/
+whitelist ${HOME}/.cache/pip/
+whitelist ${HOME}/.cache/luarocks/
+whitelist ${HOME}/.npm/
+
+caps.drop all
+netfilter
+nonewprivs
+nogroups
+noroot
+nosound
+no3d
+protocol inet,inet6,netlink
+seccomp
+shell none
+
+dns 8.8.4.4
+dns 8.8.8.8
+
+private-dev
+private-tmp

child	282:99b534a9b1f5
parent	280:a8cf28692145

check-in-firejail.sh		file \| annotate \| diff \| comparison \| revisions
checker.profile		file \| annotate \| diff \| comparison \| revisions