ced197d18f
This copies all of the non-Wikimedia specific entries from Wikimedia's firejail profile, incluing disallowing access to /sbin and its variants, important system files and various system utilities. Notably it blocks access to /run which typically has UNIX sockets that allow for sandbox escape. The one entry not copied over is disallowing /home because firejail does that already, and it can cause problems if your development setup is inside /home, but FirejailCommand already handles all of that appropriately. Change-Id: I4fd1d3005f18c249b45c9b9a72dff2bef6542b61 |
||
|---|---|---|
| .. | ||
| Hook | ||
| Command.php | ||
| CommandFactory.php | ||
| firejail.profile | ||
| FirejailCommand.php | ||
| limit.sh | ||
| Result.php | ||
| Shell.php | ||