mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-21 06:45:29 -06:00
0060b5105b
That is, make "X11" lowercase so that the order of the includes in the
disable- section remain the same when sorted with `LC_ALL=C`, as is the
case for most of the other sections. That is also likely to be the
default in text editors (such as in vim on Arch), so this should make
the disable- section more consistent and easier to sort when editing the
profile.
Also, keep the old include as a redirect to the new one for now to avoid
breakage.
Commands used to search and replace:
git mv etc/inc/disable-X11.inc etc/inc/disable-x11.inc
git grep -Ilz 'disable-X11' -- etc | xargs -0 \
perl -pi -e 's/disable-X11/disable-x11/'
Relates to #4462 #4854 #6070 #6289.
This is a follow-up to #6286.
72 lines
1.6 KiB
Text
72 lines
1.6 KiB
Text
# Firejail profile for ping
|
|
# Description: send ICMP ECHO_REQUEST to network hosts
|
|
# This file is overwritten after every install/update
|
|
quiet
|
|
# Persistent local customizations
|
|
include ping.local
|
|
# Persistent global definitions
|
|
include globals.local
|
|
|
|
blacklist ${RUNUSER}
|
|
|
|
include disable-common.inc
|
|
include disable-devel.inc
|
|
include disable-exec.inc
|
|
include disable-interpreters.inc
|
|
include disable-proc.inc
|
|
include disable-programs.inc
|
|
include disable-x11.inc
|
|
include disable-xdg.inc
|
|
|
|
#include whitelist-common.inc # see #903
|
|
include whitelist-run-common.inc
|
|
include whitelist-runuser-common.inc
|
|
include whitelist-usr-share-common.inc
|
|
include whitelist-var-common.inc
|
|
|
|
# If your kernel allows the creation of user namespaces by unprivileged users
|
|
# (for example, if running `unshare -U echo enabled` prints "enabled"), you
|
|
# can add the next line to your ping.local.
|
|
#include ping-hardened.inc.profile
|
|
|
|
apparmor
|
|
caps.keep net_raw
|
|
ipc-namespace
|
|
machine-id
|
|
#net tun0
|
|
#netfilter /etc/firejail/ping.net
|
|
netfilter
|
|
no3d
|
|
nodvd
|
|
nogroups
|
|
noinput
|
|
# ping needs to raise privileges, nonewprivs and noroot will kill it
|
|
#nonewprivs
|
|
noprinters
|
|
#noroot
|
|
nosound
|
|
notv
|
|
nou2f
|
|
novideo
|
|
# protocol command is built using seccomp; nonewprivs will kill it
|
|
#protocol unix,inet,inet6,netlink,packet
|
|
#seccomp
|
|
tracelog
|
|
|
|
disable-mnt
|
|
private
|
|
#private-bin ping # has mammoth problems with execvp: "No such file or directory"
|
|
private-cache
|
|
private-dev
|
|
private-etc @tls-ca
|
|
private-lib
|
|
private-tmp
|
|
|
|
# memory-deny-write-execute is built using seccomp; nonewprivs will kill it
|
|
#memory-deny-write-execute
|
|
|
|
dbus-user none
|
|
dbus-system none
|
|
|
|
read-only ${HOME}
|
|
#restrict-namespaces
|