diff options
| author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2021-08-26 00:26:50 -0700 |
|---|---|---|
| committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2021-08-26 00:26:50 -0700 |
| commit | 9d8afb4590cfb85e0da393dc6640c69243b89b33 (patch) | |
| tree | 084e1f63ecada9133c7ac471c7cdf57a115f1253 /profiles/hg.profile | |
| parent | Fix renpy.profile by ignoring disable-shell.inc (diff) | |
| download | firejail-profiles-9d8afb4590cfb85e0da393dc6640c69243b89b33.tar.xz | |
Update hg, renpy profiles
Add fallout for wine profile
Diffstat (limited to 'profiles/hg.profile')
| -rw-r--r-- | profiles/hg.profile | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/profiles/hg.profile b/profiles/hg.profile index ac5943d..c72365f 100644 --- a/profiles/hg.profile +++ b/profiles/hg.profile @@ -17,12 +17,17 @@ noblacklist ${HOME}/.oh-my-zsh noblacklist ${HOME}/.vim noblacklist ${HOME}/.viminfo +# Allow ssh (blacklisted by disable-common.inc) +include allow-ssh.inc + +blacklist /tmp/.X11-unix +blacklist ${RUNUSER}/wayland-* + include disable-common.inc +include disable-exec.inc include disable-passwdmgr.inc include disable-programs.inc -blacklist /tmp/.X11-unix - whitelist ${HOME}/.config/nano whitelist ${HOME}/.emacs whitelist ${HOME}/.emacs.d @@ -40,15 +45,18 @@ whitelist ${HOME}/build whitelist ${HOME}/workspace caps.drop all +ipc-namespace machine-id netfilter no3d nodvd nogroups +noinput nonewprivs noroot nosound notv +nou2f novideo protocol inet,inet6 #protocol unix,inet,inet6 @@ -56,4 +64,8 @@ seccomp shell none private-bin hg,python2 +private-cache private-dev + +memory-deny-write-execute + |