fj/template.profile at 8a11bbe68b67

185:8a11bbe68b67

Anton Shestakov <av6@dwimlabs.net>, Sat, 27 Jul 2019 23:39:54 +0800

fj: use more seccomp system call groups by default

next change	186:d270044fbc78
previous change	184:5e3ee9d17ca9

fj/template.profile

Permissions: -rw-r--r--

File Latest Revisions Annotate Diff Comparison

Other formats:

JSON Raw

Feeds:

Atom RSS

include globals.local
#noblacklist ${HOME}/.cache/chromium
# with >=llvm-4 mesa drivers need llvm stuff
noblacklist /usr/lib/llvm*
#mkdir ${HOME}/.cache/chromium
#whitelist ${HOME}/.cache/chromium
include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-interpreters.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/disable-xdg.inc
#apparmor
caps.drop all
ipc-namespace
machine-id
net none
netfilter template.net
#no3d
#nodbus
nodvd
#nogroups
nonewprivs
noroot
#nosound
notv
nou2f
#novideo
protocol unix,netlink
seccomp @module,@swap
shell none
tracelog
#x11 xorg
disable-mnt
private-dev
private-tmp