diff options
Diffstat (limited to 'profiles/poi.profile')
| -rw-r--r-- | profiles/poi.profile | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/profiles/poi.profile b/profiles/poi.profile index 5bfb9b4..6b133ae 100644 --- a/profiles/poi.profile +++ b/profiles/poi.profile @@ -15,6 +15,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-interpreters.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-shell.inc +include /etc/firejail/disable-write-mnt.inc include /etc/firejail/disable-xdg.inc mkdir ${HOME}/.cache/smolbote @@ -52,6 +54,9 @@ nodvd ## nogroups - The program can only see the current user's main group. Always applied if the program is run as root. nogroups +## noinput - Disable access to /dev/input devices. ie, accelerometers, controllers, joysticks, infrared receivers, etc. +noinput + ## nownewprivs - Prevents Child processes from requesting additional priviledges. If --seccomp is enabled, --nonewprivs is redundant. nonewprivs @@ -90,7 +95,7 @@ disable-mnt # breaks if installed to /usr/local private-bin bash,poi -## private-dev - Create a virtual /dev directory. Only dri, null, full, zero, tty, pts, ptmx, random, snd, urandom, video, log and shm devices are available. +## private-dev - Create a virtual /dev directory. Only dri, full, log, input, null, ptmx, pts, random, shm, snd, tty, urandom, video, and zero devices are available. private-dev ## private-etc - Creates a virtual /etc directory containing only temporary copies of the following files and directories. |