Added noexec for home and tmp, spotify profile.

This might break special cases when an addon (like blockify) is installed in home. We'll need to keep an eye on this.
author: Fred Barclay <Fred-Barclay@users.noreply.github.com> 2017-04-25 22:23:16 -0500
committer: Fred Barclay <Fred-Barclay@users.noreply.github.com> 2017-04-25 22:23:16 -0500
commit: 50e3096b3c1c50bc9a040be3dab1374c146cc7ac (patch)
tree: 867332db43d70b111be17bac116d36255b2140a2
parent: noexec /home/fred and /tmp for gpredict (diff)
download: firejail-50e3096b3c1c50bc9a040be3dab1374c146cc7ac.tar.gz
firejail-50e3096b3c1c50bc9a040be3dab1374c146cc7ac.tar.zst
firejail-50e3096b3c1c50bc9a040be3dab1374c146cc7ac.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/spotify.profile b/etc/spotify.profile
index 8261fe0fb..bfc074c28 100644
--- a/etc/spotify.profile
+++ b/etc/spotify.profile
@@ -28,6 +28,9 @@ protocol unix,inet,inet6,netlink
 seccomp
 shell none
+noexec ${HOME}
+noexec /tmp
 private-bin spotify,bash,sh
 private-etc fonts,machine-id,pulse,resolv.conf
 private-dev
author	Fred Barclay <Fred-Barclay@users.noreply.github.com>	2017-04-25 22:23:16 -0500
committer	Fred Barclay <Fred-Barclay@users.noreply.github.com>	2017-04-25 22:23:16 -0500
commit	50e3096b3c1c50bc9a040be3dab1374c146cc7ac (patch)
tree	867332db43d70b111be17bac116d36255b2140a2
parent	noexec /home/fred and /tmp for gpredict (diff)
download	firejail-50e3096b3c1c50bc9a040be3dab1374c146cc7ac.tar.gz firejail-50e3096b3c1c50bc9a040be3dab1374c146cc7ac.tar.zst firejail-50e3096b3c1c50bc9a040be3dab1374c146cc7ac.zip

diff --git a/etc/spotify.profile b/etc/spotify.profile index 8261fe0fb..bfc074c28 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile
@@ -28,6 +28,9 @@ protocol unix,inet,inet6,netlink
28	seccomp	28	seccomp
29	shell none	29	shell none
30		30
		31	noexec ${HOME}
		32	noexec /tmp
		33
31	private-bin spotify,bash,sh	34	private-bin spotify,bash,sh
32	private-etc fonts,machine-id,pulse,resolv.conf	35	private-etc fonts,machine-id,pulse,resolv.conf
33	private-dev	36	private-dev