35 lines
598 B
Plaintext
35 lines
598 B
Plaintext
include /etc/firejail/disable-common.inc
|
|
include /etc/firejail/disable-devel.inc
|
|
# include /etc/firejail/disable-mgmt.inc ## removed in 0.9.40
|
|
# include /etc/firejail/disable-secret.inc ## removed in 0.9.40
|
|
|
|
read-only /bin
|
|
blacklist /boot
|
|
blacklist /dev
|
|
read-only /etc
|
|
blacklist /home # blacklisted for synctex
|
|
read-only /lib
|
|
read-only /lib64
|
|
blacklist /media
|
|
blacklist /mnt
|
|
blacklist /opt
|
|
blacklist /root
|
|
read-only /run
|
|
blacklist /sbin
|
|
blacklist /selinux
|
|
blacklist /src
|
|
blacklist /sys
|
|
read-only /usr
|
|
|
|
caps.drop all
|
|
noroot
|
|
nogroups
|
|
net none
|
|
private-tmp
|
|
private-dev
|
|
shell none
|
|
seccomp
|
|
nonewprivs
|
|
|
|
|