Page Menu
Home
WickedGov Phorge
Search
Configure Global Search
Log In
Files
F1426630
firejail.profile
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
1 KB
Referenced Files
None
Subscribers
None
firejail.profile
View Options
# Firejail profile used by MediaWiki when shelling out
# Most rules are applied via command-line flags controlled by the
# Shell::RESTRICTION_* constants.
# Rules added to this file must be compatible with every command that could
# be invoked. If something might need to be disabled, then it should be added
# as a Shell:RESTRICTION_* constant instead so that commands can opt-in/out.
# See <https://firejail.wordpress.com/features-3/man-firejail-profile/> for
# syntax documentation.
# Optionally allow sysadmins to set extra restrictions that apply to their
# MediaWiki setup, e.g. disallowing access to extra private directories.
include /etc/firejail/mediawiki.local
# Include any global firejail customizations.
include /etc/firejail/globals.local
# Drop all capabilities
caps.drop all
# Disallow system directories
blacklist /sbin
blacklist /usr/sbin
blacklist /usr/local/sbin
# Blacklist /run which typically contains many exploitable UNIX sockets. But
# don't blacklist /run/firejail which firejail needs. Using a glob means that
# the files and directories under /run are mounted separately, which allows
# the noblacklist directive to work. (T262364)
noblacklist /run/firejail
blacklist /run/*
# Disallow system files
blacklist /etc/shadow
blacklist /etc/ssh
blacklist /root
# Disallow system management
blacklist ${PATH}/umount
blacklist ${PATH}/mount
blacklist ${PATH}/fusermount
blacklist ${PATH}/su
blacklist ${PATH}/sudo
blacklist ${PATH}/xinput
blacklist ${PATH}/evtest
blacklist ${PATH}/xev
blacklist ${PATH}/strace
blacklist ${PATH}/nc
blacklist ${PATH}/ncat
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, May 16, 13:30 (1 d, 19 h)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
bb/11/42de865bab370ec74d5ef25ae39a
Default Alt Text
firejail.profile (1 KB)
Attached To
Mode
rMWPROD MediaWiki Production
Attached
Detach File
Event Timeline
Log In to Comment