diff options
| author |  rusty-snake <print_hello_world+Public@protonmail.com> | 2019-05-12 12:53:46 +0200 |
|---|---|---|
| committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-05-12 12:53:46 +0200 |
| commit | da2a3fd0d1780fe7751f33cd9628879a78669118 (patch) | |
| tree | 0b752daf243495e1d7ffaf070ee3f205f651b3d7 | |
| parent | Update keepassxc.profile (#2687) (diff) | |
| download | firejail-da2a3fd0d1780fe7751f33cd9628879a78669118.tar.gz firejail-da2a3fd0d1780fe7751f33cd9628879a78669118.tar.zst firejail-da2a3fd0d1780fe7751f33cd9628879a78669118.zip | |
harden & fix xiphos.profile
| -rw-r--r-- | README | 4 | ||||
| -rw-r--r-- | etc/xiphos.profile | 8 |
2 files changed, 9 insertions, 3 deletions
| @@ -560,11 +560,11 @@ rusty-snake (https://github.com/rusty-snake) | |||
| 560 | - fixed profiles: freeoffice-textmaker, code, newsboat, aosp, clion | 560 | - fixed profiles: freeoffice-textmaker, code, newsboat, aosp, clion |
| 561 | - fixed profiles: android-studio, git, gitg, github-desktop, idea.sh | 561 | - fixed profiles: android-studio, git, gitg, github-desktop, idea.sh |
| 562 | - fixed profiles: ffmpeg, thunderbird, gnome-system-log, file-roller | 562 | - fixed profiles: ffmpeg, thunderbird, gnome-system-log, file-roller |
| 563 | - fixed profiles: eog, eom | 563 | - fixed profiles: eog, eom, xiphos |
| 564 | - hardened profiles: disable-common.inc, disable-programs.inc | 564 | - hardened profiles: disable-common.inc, disable-programs.inc |
| 565 | - hardened profiles: gajim, evince, ffmpeg, feh-network.inc, qtox | 565 | - hardened profiles: gajim, evince, ffmpeg, feh-network.inc, qtox |
| 566 | - hardened profiles: gnome-clocks, meld, minetest, youtube-dl | 566 | - hardened profiles: gnome-clocks, meld, minetest, youtube-dl |
| 567 | - hardened profiles: bibletime, whois, etr, display, feh, mpv | 567 | - hardened profiles: bibletime, whois, etr, display, feh, mpv, xiphos |
| 568 | - gnome-mpv was renamed to celluloid | 568 | - gnome-mpv was renamed to celluloid |
| 569 | - some typo fixes | 569 | - some typo fixes |
| 570 | Salvo 'LtWorf' Tomaselli (https://github.com/ltworf) | 570 | Salvo 'LtWorf' Tomaselli (https://github.com/ltworf) |
diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 3ad03e2c6..33056395e 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile | |||
| @@ -13,6 +13,7 @@ noblacklist ${HOME}/.xiphos | |||
| 13 | 13 | ||
| 14 | include disable-common.inc | 14 | include disable-common.inc |
| 15 | include disable-devel.inc | 15 | include disable-devel.inc |
| 16 | include disable-exec.inc | ||
| 16 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
| 17 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
| 18 | include disable-programs.inc | 19 | include disable-programs.inc |
| @@ -20,8 +21,11 @@ include disable-programs.inc | |||
| 20 | whitelist ${HOME}/.sword | 21 | whitelist ${HOME}/.sword |
| 21 | whitelist ${HOME}/.xiphos | 22 | whitelist ${HOME}/.xiphos |
| 22 | include whitelist-common.inc | 23 | include whitelist-common.inc |
| 24 | include whitelist-var-common.inc | ||
| 23 | 25 | ||
| 26 | apparmor | ||
| 24 | caps.drop all | 27 | caps.drop all |
| 28 | machine-id | ||
| 25 | netfilter | 29 | netfilter |
| 26 | nodvd | 30 | nodvd |
| 27 | nogroups | 31 | nogroups |
| @@ -36,7 +40,9 @@ seccomp | |||
| 36 | shell none | 40 | shell none |
| 37 | tracelog | 41 | tracelog |
| 38 | 42 | ||
| 43 | disable-mnt | ||
| 39 | private-bin xiphos | 44 | private-bin xiphos |
| 45 | private-cache | ||
| 40 | private-dev | 46 | private-dev |
| 41 | private-etc alternatives,fonts,resolv.conf,sword,ca-certificates,ssl,pki,crypto-policies | 47 | private-etc alternatives,fonts,resolv.conf,sword,ca-certificates,ssli,sword.conf,pki,crypto-policies |
| 42 | private-tmp | 48 | private-tmp |