summaryrefslogtreecommitdiff
path: root/profiles/poi.profile
diff options
context:
space:
mode:
authorjc_gargma <jc_gargma@iserlohn-fortress.net>2021-07-04 02:37:18 -0700
committerjc_gargma <jc_gargma@iserlohn-fortress.net>2021-07-04 02:37:18 -0700
commit96dd956c01e734e8aec007e9e0c13d6908f5fc11 (patch)
treec8885c806981cada98ddd5a1d52f52fbda2507aa /profiles/poi.profile
parentAdd kristall profile (diff)
downloadfirejail-profiles-96dd956c01e734e8aec007e9e0c13d6908f5fc11.tar.xz
Many updates for firejail 0.9.66
Diffstat (limited to 'profiles/poi.profile')
-rw-r--r--profiles/poi.profile7
1 files changed, 6 insertions, 1 deletions
diff --git a/profiles/poi.profile b/profiles/poi.profile
index 5bfb9b4..6b133ae 100644
--- a/profiles/poi.profile
+++ b/profiles/poi.profile
@@ -15,6 +15,8 @@ include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-interpreters.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-shell.inc
+include /etc/firejail/disable-write-mnt.inc
include /etc/firejail/disable-xdg.inc
mkdir ${HOME}/.cache/smolbote
@@ -52,6 +54,9 @@ nodvd
## nogroups - The program can only see the current user's main group. Always applied if the program is run as root.
nogroups
+## noinput - Disable access to /dev/input devices. ie, accelerometers, controllers, joysticks, infrared receivers, etc.
+noinput
+
## nownewprivs - Prevents Child processes from requesting additional priviledges. If --seccomp is enabled, --nonewprivs is redundant.
nonewprivs
@@ -90,7 +95,7 @@ disable-mnt
# breaks if installed to /usr/local
private-bin bash,poi
-## private-dev - Create a virtual /dev directory. Only dri, null, full, zero, tty, pts, ptmx, random, snd, urandom, video, log and shm devices are available.
+## private-dev - Create a virtual /dev directory. Only dri, full, log, input, null, ptmx, pts, random, shm, snd, tty, urandom, video, and zero devices are available.
private-dev
## private-etc - Creates a virtual /etc directory containing only temporary copies of the following files and directories.