mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
Add convert firejail profile
This commit is contained in:
parent
be43330208
commit
92f5234580
1 changed files with 39 additions and 0 deletions
39
services/filestore/firejail/convert.profile
Normal file
39
services/filestore/firejail/convert.profile
Normal file
|
@ -0,0 +1,39 @@
|
|||
# Convert (ImageMagick profile)
|
||||
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
include /etc/firejail/disable-mgmt.inc
|
||||
include /etc/firejail/disable-secret.inc
|
||||
|
||||
read-only /bin
|
||||
blacklist /boot
|
||||
blacklist /dev
|
||||
read-only /etc
|
||||
read-only /home
|
||||
read-only /lib
|
||||
read-only /lib64
|
||||
blacklist /media
|
||||
blacklist /mnt
|
||||
blacklist /opt
|
||||
blacklist /root
|
||||
blacklist /run
|
||||
blacklist /sbin
|
||||
blacklist /selinux
|
||||
blacklist /src
|
||||
blacklist /sys
|
||||
read-only /usr
|
||||
blacklist /var
|
||||
|
||||
caps.drop all
|
||||
noroot
|
||||
nogroups
|
||||
protocol unix
|
||||
net none
|
||||
private-tmp
|
||||
private-dev
|
||||
shell none
|
||||
seccomp.keep access,arch_prctl,brk,chown,clone,close,dup,execve,exit_group,fcntl,fstat,futex,getcwd,getdents,getrlimit,getrusage,lseek,mmap,mprotect,munmap,nanosleep,open,openat,prctl,read,readlink,rt_sigaction,rt_sigprocmask,sched_getaffinity,set_robust_list,set_tid_address,stat,symlink,times,unlink,unshare,wait4,write
|
||||
|
||||
rlimit-fsize 524288000 #500Mb
|
||||
rlimit-nproc 100
|
||||
rlimit-nofile 100
|
Loading…
Reference in a new issue