Added default seccomp blacklist policies for each profile.

master
dma 10 years ago
parent 1b05e93908
commit 634df96977

@ -23,10 +23,17 @@
, {"path":"${HOME}/.cache/gajim"}
, {"path":"${HOME}/.config/gajim"}
, {"path":"${HOME}/.local/share/keyrings"}
, {"path":"/var/lib/oz/cells.d/gajim.json"}
, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
]
, "blacklist": [
{"path":"/run/user/${UID}/keyring-*/ssh"}
, {"path":"/run/user/${UID}/keyring-*/pkcs11"}
, {"path":"/run/user/${UID}/keyring-*/gpg"}
]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
}

@ -22,6 +22,8 @@
, {"path":"${HOME}/.config/gtk-3.0"}
, {"path":"${HOME}/.config/gtk-2.0"}
, {"path":"/var/lib/oz/cells.d/icedove.json"}
, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
]
, "_blacklist": [
]
@ -30,4 +32,9 @@
, {"name":"GNOME_KEYRING_CONTROL"}
, {"name":"GNOME_KEYRING_PID", "value":"1"}
]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
}

@ -19,9 +19,16 @@
, {"path":"${HOME}/.config/gtk-3.0"}
, {"path":"${HOME}/.config/gtk-2.0"}
, {"path":"/var/lib/oz/cells.d/iceweasel.json"}
, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
]
, "blacklist": [
]
, "environment": [
]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
}

@ -26,4 +26,13 @@
, "networking":{
"type":"empty"
}
, "whitelist": [
{"path":"/var/lib/oz/cells.d/libreoffice.json"}
,{"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
}

@ -25,9 +25,16 @@
, {"path":"${HOME}/.config/dconf"}
, {"path":"${HOME}/.cache/dconf"}
, {"path":"/run/user/${UID}/dconf"}
, {"path":"/var/lib/oz/cells.d/liferea.json"}
, {"path":"/var/lib/oz/cells.d/generic-blacklist.json"}
]
, "blacklist": [
]
, "_environment": [
]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
}

@ -10,9 +10,16 @@
}
, "whitelist": [
{"path":"${HOME}/.purple"}
,{"path":"/var/lib/oz/cells.d/pidgin.json"}
,{"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
]
, "blacklist": [
]
, "environment": [
]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
}

@ -16,6 +16,8 @@
, "whitelist": [
{"path":"${HOME}/.pond"}
, {"path":"/opt/usr/share/gopkgs/pond"}
, {"path":"/var/lib/oz/cells.d/pond.json"}
, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
]
, "blacklist": [
]
@ -25,4 +27,9 @@
, {"name":"TOR_SOCKS_HOST"}
, {"name":"TOR_SOCKS_PORT"}
]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
}

@ -18,6 +18,8 @@
, {"path":"${HOME}/.cache/torbrowser"}
, {"path":"${HOME}/.config/torbrowser"}
, {"path":"${HOME}/Downloads/TorBrowser"}
, {"path":"/var/lib/oz/cells.d/torbrowser-launcher.json"}
, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
]
, "blacklist": [
]
@ -30,4 +32,9 @@
, {"name":"TOR_CONTROL_AUTHENTICATE"}
, {"name":"TOR_CONTROL_COOKIE_AUTH_FILE"}
]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
}

@ -17,7 +17,14 @@
, {"path":"${HOME}/.config/gtk-3.0"}
, {"path":"${HOME}/.config/gtk-2.0"}
, {"path":"/var/lib/oz/cells.d/xchat.json"}
, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
]
, "blacklist": [
]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
}

Loading…
Cancel
Save