matth
/
subgraph-oz
mirror of https://github.com/xSmurf/oz.git
1
1
Fork 0
Code Releases Activity

Added default seccomp blacklist policies for each profile.

Browse Source
master
dma 9 years ago
parent 1b05e93908
commit 634df96977
9 changed files with 65 additions and 0 deletions
Show Stats Download Patch File Download Diff File

7
profiles/gajim.json
Unescape View File

@ -23,10 +23,17 @@
, {"path":"${HOME}/.cache/gajim"} , {"path":"${HOME}/.cache/gajim"}
, {"path":"${HOME}/.config/gajim"} , {"path":"${HOME}/.config/gajim"}
, {"path":"${HOME}/.local/share/keyrings"} , {"path":"${HOME}/.local/share/keyrings"}
, {"path":"/var/lib/oz/cells.d/gajim.json"}
, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
] ]
, "blacklist": [ , "blacklist": [
{"path":"/run/user/${UID}/keyring-*/ssh"} {"path":"/run/user/${UID}/keyring-*/ssh"}
, {"path":"/run/user/${UID}/keyring-*/pkcs11"} , {"path":"/run/user/${UID}/keyring-*/pkcs11"}
, {"path":"/run/user/${UID}/keyring-*/gpg"} , {"path":"/run/user/${UID}/keyring-*/gpg"}
] ]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
} }

7
profiles/icedove.json
Unescape View File

@ -22,6 +22,8 @@
, {"path":"${HOME}/.config/gtk-3.0"} , {"path":"${HOME}/.config/gtk-3.0"}
, {"path":"${HOME}/.config/gtk-2.0"} , {"path":"${HOME}/.config/gtk-2.0"}
, {"path":"/var/lib/oz/cells.d/icedove.json"}
, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
] ]
, "_blacklist": [ , "_blacklist": [
] ]
@ -30,4 +32,9 @@
, {"name":"GNOME_KEYRING_CONTROL"} , {"name":"GNOME_KEYRING_CONTROL"}
, {"name":"GNOME_KEYRING_PID", "value":"1"} , {"name":"GNOME_KEYRING_PID", "value":"1"}
] ]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
} }

7
profiles/iceweasel.json
Unescape View File

@ -19,9 +19,16 @@
, {"path":"${HOME}/.config/gtk-3.0"} , {"path":"${HOME}/.config/gtk-3.0"}
, {"path":"${HOME}/.config/gtk-2.0"} , {"path":"${HOME}/.config/gtk-2.0"}
, {"path":"/var/lib/oz/cells.d/iceweasel.json"}
, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
] ]
, "blacklist": [ , "blacklist": [
] ]
, "environment": [ , "environment": [
] ]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
} }

9
profiles/libreoffice.json
Unescape View File

@ -26,4 +26,13 @@
, "networking":{ , "networking":{
"type":"empty" "type":"empty"
} }
, "whitelist": [
{"path":"/var/lib/oz/cells.d/libreoffice.json"}
,{"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
} }

7
profiles/liferea.json
Unescape View File

@ -25,9 +25,16 @@
, {"path":"${HOME}/.config/dconf"} , {"path":"${HOME}/.config/dconf"}
, {"path":"${HOME}/.cache/dconf"} , {"path":"${HOME}/.cache/dconf"}
, {"path":"/run/user/${UID}/dconf"} , {"path":"/run/user/${UID}/dconf"}
, {"path":"/var/lib/oz/cells.d/liferea.json"}
, {"path":"/var/lib/oz/cells.d/generic-blacklist.json"}
] ]
, "blacklist": [ , "blacklist": [
] ]
, "_environment": [ , "_environment": [
] ]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
} }

7
profiles/pidgin.json
Unescape View File

@ -10,9 +10,16 @@
} }
, "whitelist": [ , "whitelist": [
{"path":"${HOME}/.purple"} {"path":"${HOME}/.purple"}
,{"path":"/var/lib/oz/cells.d/pidgin.json"}
,{"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
] ]
, "blacklist": [ , "blacklist": [
] ]
, "environment": [ , "environment": [
] ]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
} }

7
profiles/pond.json
Unescape View File

@ -16,6 +16,8 @@
, "whitelist": [ , "whitelist": [
{"path":"${HOME}/.pond"} {"path":"${HOME}/.pond"}
, {"path":"/opt/usr/share/gopkgs/pond"} , {"path":"/opt/usr/share/gopkgs/pond"}
, {"path":"/var/lib/oz/cells.d/pond.json"}
, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
] ]
, "blacklist": [ , "blacklist": [
] ]
@ -25,4 +27,9 @@
, {"name":"TOR_SOCKS_HOST"} , {"name":"TOR_SOCKS_HOST"}
, {"name":"TOR_SOCKS_PORT"} , {"name":"TOR_SOCKS_PORT"}
] ]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
} }

7
profiles/torbrowser-launcher.json
Unescape View File

@ -18,6 +18,8 @@
, {"path":"${HOME}/.cache/torbrowser"} , {"path":"${HOME}/.cache/torbrowser"}
, {"path":"${HOME}/.config/torbrowser"} , {"path":"${HOME}/.config/torbrowser"}
, {"path":"${HOME}/Downloads/TorBrowser"} , {"path":"${HOME}/Downloads/TorBrowser"}
, {"path":"/var/lib/oz/cells.d/torbrowser-launcher.json"}
, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
] ]
, "blacklist": [ , "blacklist": [
] ]
@ -30,4 +32,9 @@
, {"name":"TOR_CONTROL_AUTHENTICATE"} , {"name":"TOR_CONTROL_AUTHENTICATE"}
, {"name":"TOR_CONTROL_COOKIE_AUTH_FILE"} , {"name":"TOR_CONTROL_COOKIE_AUTH_FILE"}
] ]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
} }

7
profiles/xchat.json
Unescape View File

@ -17,7 +17,14 @@
, {"path":"${HOME}/.config/gtk-3.0"} , {"path":"${HOME}/.config/gtk-3.0"}
, {"path":"${HOME}/.config/gtk-2.0"} , {"path":"${HOME}/.config/gtk-2.0"}
, {"path":"/var/lib/oz/cells.d/xchat.json"}
, {"path":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
] ]
, "blacklist": [ , "blacklist": [
] ]
, "seccomp": {
"mode":"blacklist"
, "enforce": true
, "seccomp_whitelist":""
, "seccomp_blacklist":"/var/lib/oz/cells.d/generic-blacklist.seccomp"}
} }

Write Preview
Loading…
Cancel
Save