diff options
author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2021-07-04 02:37:18 -0700 |
---|---|---|
committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2021-07-04 02:37:18 -0700 |
commit | 96dd956c01e734e8aec007e9e0c13d6908f5fc11 (patch) | |
tree | c8885c806981cada98ddd5a1d52f52fbda2507aa /profiles/poi.profile | |
parent | Add kristall profile (diff) | |
download | firejail-profiles-96dd956c01e734e8aec007e9e0c13d6908f5fc11.tar.xz |
Many updates for firejail 0.9.66
Diffstat (limited to 'profiles/poi.profile')
-rw-r--r-- | profiles/poi.profile | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/profiles/poi.profile b/profiles/poi.profile index 5bfb9b4..6b133ae 100644 --- a/profiles/poi.profile +++ b/profiles/poi.profile @@ -15,6 +15,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-interpreters.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-shell.inc +include /etc/firejail/disable-write-mnt.inc include /etc/firejail/disable-xdg.inc mkdir ${HOME}/.cache/smolbote @@ -52,6 +54,9 @@ nodvd ## nogroups - The program can only see the current user's main group. Always applied if the program is run as root. nogroups +## noinput - Disable access to /dev/input devices. ie, accelerometers, controllers, joysticks, infrared receivers, etc. +noinput + ## nownewprivs - Prevents Child processes from requesting additional priviledges. If --seccomp is enabled, --nonewprivs is redundant. nonewprivs @@ -90,7 +95,7 @@ disable-mnt # breaks if installed to /usr/local private-bin bash,poi -## private-dev - Create a virtual /dev directory. Only dri, null, full, zero, tty, pts, ptmx, random, snd, urandom, video, log and shm devices are available. +## private-dev - Create a virtual /dev directory. Only dri, full, log, input, null, ptmx, pts, random, shm, snd, tty, urandom, video, and zero devices are available. private-dev ## private-etc - Creates a virtual /etc directory containing only temporary copies of the following files and directories. |