summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJean Guyomarc'h <jean@guyomarch.bzh>2016-10-01 19:35:55 +0200
committerJean Guyomarc'h <jean@guyomarch.bzh>2016-10-01 19:35:55 +0200
commit5d7959c696f67ab3ab8dff7d528f04f6d7c037ec (patch)
tree67109900f9a63607b8095b127016ab16f2b4e068
parent5e729a994e28b16db4c14f46ad2e28a20892729d (diff)
noopt: always ignore /usr/local
-rw-r--r--noopt.sb7
1 files changed, 7 insertions, 0 deletions
diff --git a/noopt.sb b/noopt.sb
index daf0a85..b764006 100644
--- a/noopt.sb
+++ b/noopt.sb
@@ -4,6 +4,7 @@
4 4
5(deny process-exec 5(deny process-exec
6 (subpath "/opt") 6 (subpath "/opt")
7 (subpath "/usr/local")
7 ) 8 )
8 9
9;(deny process-fork 10;(deny process-fork
@@ -12,26 +13,32 @@
12 13
13(deny file* 14(deny file*
14 (subpath "/opt") 15 (subpath "/opt")
16 (subpath "/usr/local")
15 ) 17 )
16 18
17(deny file-read* 19(deny file-read*
18 (subpath "/opt") 20 (subpath "/opt")
21 (subpath "/usr/local")
19 ) 22 )
20 23
21(deny file-read-data 24(deny file-read-data
22 (subpath "/opt") 25 (subpath "/opt")
26 (subpath "/usr/local")
23 ) 27 )
24 28
25(deny file-read-metadata 29(deny file-read-metadata
26 (subpath "/opt") 30 (subpath "/opt")
31 (subpath "/usr/local")
27 ) 32 )
28 33
29(deny file-write* 34(deny file-write*
30 (subpath "/opt") 35 (subpath "/opt")
36 (subpath "/usr/local")
31 ) 37 )
32 38
33(deny file-write-data 39(deny file-write-data
34 (subpath "/opt") 40 (subpath "/opt")
41 (subpath "/usr/local")
35 ) 42 )
36 43
37(debug all) 44(debug all)