From 8f5e1884b73dfd6accdce32678801742610033b3 Mon Sep 17 00:00:00 2001 From: Neo00001 <40570803+Neo00001@users.noreply.github.com> Date: Wed, 22 Jul 2020 16:11:30 +0000 Subject: [PATCH 1/6] Update virtualbox.profile --- etc/profile-m-z/virtualbox.profile | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile index c0dbc9116b8..d27761525a8 100644 --- a/etc/profile-m-z/virtualbox.profile +++ b/etc/profile-m-z/virtualbox.profile @@ -14,9 +14,12 @@ noblacklist /usr/lib/virtualbox noblacklist /usr/lib64/virtualbox include disable-common.inc +include disable-devel.inc include disable-exec.inc +include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc +include disable-xdg.inc mkdir ${HOME}/.config/VirtualBox mkdir ${HOME}/VirtualBox VMs @@ -24,9 +27,22 @@ whitelist ${HOME}/.config/VirtualBox whitelist ${HOME}/VirtualBox VMs whitelist ${DOWNLOADS} include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc include whitelist-var-common.inc -caps.keep net_raw,sys_admin,sys_nice +caps.keep net_raw,sys_nice netfilter nodvd +#nogroups notv +shell none +tracelog + +#disable-mnt + +private-cache +private-etc alsa,asound.conf,ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,pulse,localtime,machine-id,conf.d,resolv.conf,ssl,X11 + +dbus-user none +dbus-system none From 8e6d00b04323141f67212d55d1f50b884eaba67d Mon Sep 17 00:00:00 2001 From: Neo00001 <40570803+Neo00001@users.noreply.github.com> Date: Wed, 22 Jul 2020 16:14:05 +0000 Subject: [PATCH 2/6] Update virtualbox.profile --- etc/profile-m-z/virtualbox.profile | 1 - 1 file changed, 1 deletion(-) diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile index d27761525a8..3c17ad22da0 100644 --- a/etc/profile-m-z/virtualbox.profile +++ b/etc/profile-m-z/virtualbox.profile @@ -40,7 +40,6 @@ shell none tracelog #disable-mnt - private-cache private-etc alsa,asound.conf,ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,pulse,localtime,machine-id,conf.d,resolv.conf,ssl,X11 From 00490fd445c4c5a2d08d2b8a2d53a8233bfc7a13 Mon Sep 17 00:00:00 2001 From: Neo00001 <40570803+Neo00001@users.noreply.github.com> Date: Wed, 22 Jul 2020 16:42:33 +0000 Subject: [PATCH 3/6] Update virtualbox.profile --- etc/profile-m-z/virtualbox.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile index 3c17ad22da0..df0da2a479a 100644 --- a/etc/profile-m-z/virtualbox.profile +++ b/etc/profile-m-z/virtualbox.profile @@ -41,7 +41,7 @@ tracelog #disable-mnt private-cache -private-etc alsa,asound.conf,ca-certificates,dconf,fonts,hostname,hosts,ld.so.cache,pulse,localtime,machine-id,conf.d,resolv.conf,ssl,X11 +private-etc alsa,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,hostname,hosts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl,X11 dbus-user none dbus-system none From 3f7ede794f30ff43311637b63aa454702d649c6f Mon Sep 17 00:00:00 2001 From: Neo00001 <40570803+Neo00001@users.noreply.github.com> Date: Wed, 22 Jul 2020 17:38:47 +0000 Subject: [PATCH 4/6] Update virtualbox.profile --- etc/profile-m-z/virtualbox.profile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile index df0da2a479a..78ab990209f 100644 --- a/etc/profile-m-z/virtualbox.profile +++ b/etc/profile-m-z/virtualbox.profile @@ -31,6 +31,8 @@ include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc +# caps.keep net_raw,sys_nice works for the default NAT networks.But,for host-only network sys_admin is needed. See https://github.com/netblue30/firejail/issues/2868#issuecomment-518647630 + caps.keep net_raw,sys_nice netfilter nodvd From 3a9bd6ba46867b3b5f2b2d36195b90947b634ee3 Mon Sep 17 00:00:00 2001 From: Neo00001 <40570803+Neo00001@users.noreply.github.com> Date: Wed, 22 Jul 2020 17:42:38 +0000 Subject: [PATCH 5/6] Update virtualbox.profile --- etc/profile-m-z/virtualbox.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile index 78ab990209f..d151f12710d 100644 --- a/etc/profile-m-z/virtualbox.profile +++ b/etc/profile-m-z/virtualbox.profile @@ -31,7 +31,7 @@ include whitelist-runuser-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc -# caps.keep net_raw,sys_nice works for the default NAT networks.But,for host-only network sys_admin is needed. See https://github.com/netblue30/firejail/issues/2868#issuecomment-518647630 +# For host-only network sys_admin is needed. See https://github.com/netblue30/firejail/issues/2868#issuecomment-518647630 caps.keep net_raw,sys_nice netfilter From 9c88aafb338b1ab09c4278d243020ef9802e4dcc Mon Sep 17 00:00:00 2001 From: Neo00001 <40570803+Neo00001@users.noreply.github.com> Date: Wed, 22 Jul 2020 23:43:54 +0000 Subject: [PATCH 6/6] Update virtualbox.profile --- etc/profile-m-z/virtualbox.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/profile-m-z/virtualbox.profile b/etc/profile-m-z/virtualbox.profile index d151f12710d..12bef5d1ff1 100644 --- a/etc/profile-m-z/virtualbox.profile +++ b/etc/profile-m-z/virtualbox.profile @@ -43,7 +43,7 @@ tracelog #disable-mnt private-cache -private-etc alsa,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,hostname,hosts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl,X11 +private-etc alsa,asound.conf,ca-certificates,conf.d,crypto-policies,dconf,fonts,hostname,hosts,ld.so.cache,localtime,machine-id,pki,pulse,resolv.conf,ssl dbus-user none dbus-system none