anonymous@Zerglingman @teratology Temporary firejail config file:
# Firejail profile for epicyon quiet # Persistent global definitions include globals.local whitelist ${HOME}/.cache noblacklist /opt/epicyon noblacklist /media include disable-common.inc include disable-devel.inc include disable-exec.inc #include disable-interpreters.inc include disable-programs.inc include disable-shell.inc include whitelist-common.inc include whitelist-usr-share-common.inc include whitelist-var-common.inc apparmor caps.drop all ipc-namespace machine-id net eth0 no3d nodvd nogroups noinput nonewprivs noroot nosound notv nou2f novideo protocol unix seccomp tracelog x11 none private-dev private-tmp dbus-user none dbus-system none memory-deny-write-execute restrict-namespacesI used whitelist for home as firejail should automatically block other home directories, and blacklisting home and then noblacklisting a sub-directory didn’t work, and it needs ~/.cache. Sub-optimal. If someone thinks of something better, let me know.
I also didn’t blacklist /media because I use it for basically everything. Feel free to remove it if desired.
and updated startup script
#!/bin/sh regs="closed" dom="asdasda" prt=443 prxy=7156 env USER=epicyon firejail --profile=/etc/firejail/epicyon.profile /usr/bin/python3 -u /opt/epicyon/epicyon.py --port $prt --proxy $prxy --domain $dom --registration $regs --log_login_failuresI haven’t tried this out in any extended fashion, so I am unsure if it works and if so how well. So preliminary. But it boots which is all I can care about right now until I can start using it.
There also may be some things I missed, and I tried to follow the service file with little deviation. Feel free to comment with improvements.
All 076萌SNS content and data are available under the