diff options
Diffstat (limited to 'profiles/poi.profile')
| -rw-r--r-- | profiles/poi.profile | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/profiles/poi.profile b/profiles/poi.profile index f9369dd..1835413 100644 --- a/profiles/poi.profile +++ b/profiles/poi.profile @@ -74,6 +74,9 @@ novideo ## protocol - Only allows sockets of the following types. Not supported on i386 architecture. protocol unix,inet,inet6,netlink +## restrict-namespaces - Install a seccomp filter that blocks attempts to create new cgroup, ipc, net, mount, pid, time, user or uts namespaces. +restrict-namespaces + ## seccomp - Blacklists a large swath of syscalls from being accessible. # QtWebEngine require chroot syscall on AMD CPUS and/or ATI Graphics for some bizarre reason seccomp !name_to_handle_at,!chroot |