diff options
author | smitsohu <smitsohu@gmail.com> | 2019-03-12 23:45:13 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-03-12 23:45:13 +0100 |
commit | 1862d24fd9990bfc61f9ae9710f089b3d8038427 (patch) | |
tree | 5ac042c886e49d7cd975af2b6cdb8b4827270fd1 | |
parent | add disable-exec.inc to all profiles with apparmor (#2576) (diff) | |
download | firejail-1862d24fd9990bfc61f9ae9710f089b3d8038427.tar.gz firejail-1862d24fd9990bfc61f9ae9710f089b3d8038427.tar.zst firejail-1862d24fd9990bfc61f9ae9710f089b3d8038427.zip |
add disable-exec.inc to few more profiles
-rw-r--r-- | etc/baloo_file.profile | 4 | ||||
-rw-r--r-- | etc/default.profile | 4 | ||||
-rw-r--r-- | etc/keepassx.profile | 3 | ||||
-rw-r--r-- | etc/keepassxc.profile | 3 | ||||
-rw-r--r-- | etc/kget.profile | 3 | ||||
-rw-r--r-- | etc/konversation.profile | 3 | ||||
-rw-r--r-- | etc/ktorrent.profile | 3 | ||||
-rw-r--r-- | etc/kwin_x11.profile | 4 | ||||
-rw-r--r-- | etc/mupdf.profile | 1 | ||||
-rw-r--r-- | etc/musescore.profile | 4 | ||||
-rw-r--r-- | etc/qpdfview.profile | 3 | ||||
-rw-r--r-- | etc/torbrowser-launcher.profile | 5 |
12 files changed, 15 insertions, 25 deletions
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index 176d8cae7..f46987cc7 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
@@ -19,6 +19,7 @@ noblacklist ${HOME}/.local/share/baloo | |||
19 | 19 | ||
20 | include disable-common.inc | 20 | include disable-common.inc |
21 | include disable-devel.inc | 21 | include disable-devel.inc |
22 | include disable-exec.inc | ||
22 | include disable-interpreters.inc | 23 | include disable-interpreters.inc |
23 | include disable-passwdmgr.inc | 24 | include disable-passwdmgr.inc |
24 | include disable-programs.inc | 25 | include disable-programs.inc |
@@ -46,6 +47,3 @@ private-bin baloo_file,baloo_file_extractor,baloo_filemetadata_temp_extractor,kb | |||
46 | private-cache | 47 | private-cache |
47 | private-dev | 48 | private-dev |
48 | private-tmp | 49 | private-tmp |
49 | |||
50 | noexec ${HOME} | ||
51 | noexec /tmp | ||
diff --git a/etc/default.profile b/etc/default.profile index 917e42287..efa66d5db 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
@@ -10,11 +10,13 @@ include globals.local | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | # include disable-devel.inc | 12 | # include disable-devel.inc |
13 | # include disable-exec.inc | ||
13 | # include disable-interpreters.inc | 14 | # include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
16 | #include disable-xdg.inc | 17 | #include disable-xdg.inc |
17 | 18 | ||
19 | # apparmor | ||
18 | caps.drop all | 20 | caps.drop all |
19 | # ipc-namespace | 21 | # ipc-namespace |
20 | netfilter | 22 | netfilter |
@@ -42,5 +44,3 @@ seccomp | |||
42 | # private-tmp | 44 | # private-tmp |
43 | 45 | ||
44 | # memory-deny-write-execute | 46 | # memory-deny-write-execute |
45 | # noexec ${HOME} | ||
46 | # noexec /tmp | ||
diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 357eb435d..44e9c67bb 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile | |||
@@ -14,6 +14,7 @@ noblacklist ${DOCUMENTS} | |||
14 | 14 | ||
15 | include disable-common.inc | 15 | include disable-common.inc |
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 20 | include disable-programs.inc |
@@ -45,5 +46,3 @@ private-etc alternatives,fonts,machine-id | |||
45 | private-tmp | 46 | private-tmp |
46 | 47 | ||
47 | memory-deny-write-execute | 48 | memory-deny-write-execute |
48 | noexec ${HOME} | ||
49 | noexec /tmp | ||
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index f0546beda..33b4509b7 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
@@ -16,6 +16,7 @@ noblacklist ${DOCUMENTS} | |||
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | ||
19 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
20 | include disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
21 | include disable-programs.inc | 22 | include disable-programs.inc |
@@ -47,8 +48,6 @@ private-tmp | |||
47 | 48 | ||
48 | # 2.2.4 crashes on database open | 49 | # 2.2.4 crashes on database open |
49 | # memory-deny-write-execute | 50 | # memory-deny-write-execute |
50 | noexec ${HOME} | ||
51 | noexec /tmp | ||
52 | 51 | ||
53 | # Mutex is stored in /tmp by default, which is broken by private-tmp | 52 | # Mutex is stored in /tmp by default, which is broken by private-tmp |
54 | join-or-start keepassxc | 53 | join-or-start keepassxc |
diff --git a/etc/kget.profile b/etc/kget.profile index 2ef84a0ee..485edc1a4 100644 --- a/etc/kget.profile +++ b/etc/kget.profile | |||
@@ -15,6 +15,7 @@ noblacklist ${HOME}/.local/share/kget | |||
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | ||
18 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 21 | include disable-programs.inc |
@@ -38,5 +39,3 @@ private-dev | |||
38 | private-tmp | 39 | private-tmp |
39 | 40 | ||
40 | # memory-deny-write-execute | 41 | # memory-deny-write-execute |
41 | noexec ${HOME} | ||
42 | noexec /tmp | ||
diff --git a/etc/konversation.profile b/etc/konversation.profile index 03c51ccce..19174459c 100644 --- a/etc/konversation.profile +++ b/etc/konversation.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.kde4/share/config/konversationrc | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -39,5 +40,3 @@ private-dev | |||
39 | private-tmp | 40 | private-tmp |
40 | 41 | ||
41 | # memory-deny-write-execute | 42 | # memory-deny-write-execute |
42 | noexec ${HOME} | ||
43 | noexec /tmp | ||
diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile index 7b7571176..f30a1b7e6 100644 --- a/etc/ktorrent.profile +++ b/etc/ktorrent.profile | |||
@@ -15,6 +15,7 @@ noblacklist ${HOME}/.local/share/ktorrent | |||
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | ||
18 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 21 | include disable-programs.inc |
@@ -57,5 +58,3 @@ private-dev | |||
57 | private-tmp | 58 | private-tmp |
58 | 59 | ||
59 | # memory-deny-write-execute | 60 | # memory-deny-write-execute |
60 | noexec ${HOME} | ||
61 | noexec /tmp | ||
diff --git a/etc/kwin_x11.profile b/etc/kwin_x11.profile index 834f6f2dd..ee07636d3 100644 --- a/etc/kwin_x11.profile +++ b/etc/kwin_x11.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${HOME}/.local/share/kwin | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -39,6 +40,3 @@ private-bin kwin_x11 | |||
39 | private-dev | 40 | private-dev |
40 | private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,machine-id,xdg | 41 | private-etc alternatives,drirc,fonts,kde5rc,ld.so.cache,machine-id,xdg |
41 | private-tmp | 42 | private-tmp |
42 | |||
43 | noexec ${HOME} | ||
44 | noexec /tmp | ||
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index c1d4f2cbe..1f2afa5f0 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
@@ -10,6 +10,7 @@ noblacklist ${DOCUMENTS} | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
diff --git a/etc/musescore.profile b/etc/musescore.profile index 5f009c681..9750a31f4 100644 --- a/etc/musescore.profile +++ b/etc/musescore.profile | |||
@@ -15,6 +15,7 @@ noblacklist ${MUSIC} | |||
15 | 15 | ||
16 | include disable-common.inc | 16 | include disable-common.inc |
17 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | ||
18 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 21 | include disable-programs.inc |
@@ -38,6 +39,3 @@ tracelog | |||
38 | 39 | ||
39 | # private-bin musescore,mscore | 40 | # private-bin musescore,mscore |
40 | private-tmp | 41 | private-tmp |
41 | |||
42 | noexec ${HOME} | ||
43 | noexec /tmp | ||
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index 06598c769..6cb3fe4cd 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile | |||
@@ -12,6 +12,7 @@ noblacklist ${DOCUMENTS} | |||
12 | 12 | ||
13 | include disable-common.inc | 13 | include disable-common.inc |
14 | include disable-devel.inc | 14 | include disable-devel.inc |
15 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
16 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 18 | include disable-programs.inc |
@@ -39,5 +40,3 @@ private-dev | |||
39 | private-tmp | 40 | private-tmp |
40 | 41 | ||
41 | memory-deny-write-execute | 42 | memory-deny-write-execute |
42 | noexec ${HOME} | ||
43 | noexec /tmp | ||
diff --git a/etc/torbrowser-launcher.profile b/etc/torbrowser-launcher.profile index 2b1cc6549..e45b335c8 100644 --- a/etc/torbrowser-launcher.profile +++ b/etc/torbrowser-launcher.profile | |||
@@ -6,6 +6,8 @@ include torbrowser-launcher.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | ignore noexec ${HOME} | ||
10 | |||
9 | noblacklist ${HOME}/.config/torbrowser | 11 | noblacklist ${HOME}/.config/torbrowser |
10 | noblacklist ${HOME}/.local/share/torbrowser | 12 | noblacklist ${HOME}/.local/share/torbrowser |
11 | 13 | ||
@@ -17,6 +19,7 @@ noblacklist /usr/lib/python3* | |||
17 | 19 | ||
18 | include disable-common.inc | 20 | include disable-common.inc |
19 | include disable-devel.inc | 21 | include disable-devel.inc |
22 | include disable-exec.inc | ||
20 | include disable-interpreters.inc | 23 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | 24 | include disable-passwdmgr.inc |
22 | include disable-programs.inc | 25 | include disable-programs.inc |
@@ -51,5 +54,3 @@ private-bin bash,cp,dirname,env,expr,file,getconf,gpg,grep,id,ln,mkdir,python*,r | |||
51 | private-dev | 54 | private-dev |
52 | private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache | 55 | private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache |
53 | private-tmp | 56 | private-tmp |
54 | |||
55 | noexec /tmp | ||