184
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
include globals.local |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
|
187
187:f88153952d07
fj: more sensible blacklist template
Anton Shestakov <av6@dwimlabs.net>
previous changes: 186:d270044fbc78
line |
diff
|
#noblacklist ${HOME}/.wine-template |
184
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
# with >=llvm-4 mesa drivers need llvm stuff |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
noblacklist /usr/lib/llvm* |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
|
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
include /etc/firejail/disable-common.inc |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
include /etc/firejail/disable-devel.inc |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
include /etc/firejail/disable-interpreters.inc |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
include /etc/firejail/disable-passwdmgr.inc |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
include /etc/firejail/disable-programs.inc |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
include /etc/firejail/disable-xdg.inc |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
|
187
187:f88153952d07
fj: more sensible blacklist template
Anton Shestakov <av6@dwimlabs.net>
previous changes: 186:d270044fbc78
line |
diff
|
#mkdir ${HOME}/.wine-template |
187:f88153952d07
fj: more sensible blacklist template
Anton Shestakov <av6@dwimlabs.net>
previous changes: 186:d270044fbc78
line |
diff
|
#whitelist ${HOME}/.wine-template |
187:f88153952d07
fj: more sensible blacklist template
Anton Shestakov <av6@dwimlabs.net>
previous changes: 186:d270044fbc78
line |
diff
|
#include whitelist-common.inc |
187:f88153952d07
fj: more sensible blacklist template
Anton Shestakov <av6@dwimlabs.net>
previous changes: 186:d270044fbc78
line |
diff
|
|
184
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
#apparmor |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
caps.drop all |
186
186:d270044fbc78
fj: ipc-namespace in practice means no sound
Anton Shestakov <av6@dwimlabs.net>
previous changes: 185:8a11bbe68b67
line |
diff
|
#ipc-namespace |
184
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
machine-id |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
net none |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
netfilter template.net |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
#no3d |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
#nodbus |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
nodvd |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
#nogroups |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
nonewprivs |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
noroot |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
#nosound |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
notv |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
nou2f |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
#novideo |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
protocol unix,netlink |
185
185:8a11bbe68b67
fj: use more seccomp system call groups by default
Anton Shestakov <av6@dwimlabs.net>
previous changes: 184:5e3ee9d17ca9
line |
diff
|
seccomp @module,@swap |
184
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
shell none |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
tracelog |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
#x11 xorg |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
|
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
disable-mnt |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
private-dev |
184:5e3ee9d17ca9
.bashrc: a script to set up sandbox using firejail to run random stuff
Anton Shestakov <av6@dwimlabs.net>
previous changes:
line |
diff
|
private-tmp |