mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-21 06:45:29 -06:00
b18f42ab02
- mdwe breaks most vm-based languages so python/java/javascript and some mono programs are not compatible - mdwe also breaks most 3d accelerated programs such as 3d games - mdwe is similar to PaX's mprotect meaning PaX flag managers can be used as reference -- See https://github.com/copperhead/paxd-archive/blob/master/paxd.conf -- See https://github.com/nning/linux-pax-flags
40 lines
897 B
Text
40 lines
897 B
Text
# Persistent global definitions go here
|
|
include /etc/firejail/globals.local
|
|
|
|
# This file is overwritten during software install.
|
|
# Persistent customizations should go in a .local file.
|
|
include /etc/firejail/mumble.local
|
|
|
|
# mumble profile
|
|
noblacklist ${HOME}/.config/Mumble
|
|
noblacklist ${HOME}/.local/share/data/Mumble
|
|
include /etc/firejail/disable-common.inc
|
|
include /etc/firejail/disable-programs.inc
|
|
include /etc/firejail/disable-devel.inc
|
|
include /etc/firejail/disable-passwdmgr.inc
|
|
|
|
mkdir ${HOME}/.config/Mumble
|
|
mkdir ${HOME}/.local/share/data/Mumble
|
|
whitelist ${HOME}/.config/Mumble
|
|
whitelist ${HOME}/.local/share/data/Mumble
|
|
include /etc/firejail/whitelist-common.inc
|
|
|
|
caps.drop all
|
|
#ipc-namespace
|
|
netfilter
|
|
no3d
|
|
nonewprivs
|
|
nogroups
|
|
noroot
|
|
protocol unix,inet,inet6
|
|
seccomp
|
|
shell none
|
|
tracelog
|
|
|
|
private-bin mumble
|
|
private-tmp
|
|
disable-mnt
|
|
|
|
memory-deny-write-execute
|
|
noexec ${HOME}
|
|
noexec /tmp
|