diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2019-02-24 21:53:50 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-02-24 21:53:50 +0000 |
commit | e80b99934977a623d8090eee678fac34b2de1950 (patch) | |
tree | e9904e5879cdf88d8797e1aafc2d56a2f396ec46 | |
parent | Harden gnome-maps.profile (#2462) (diff) | |
download | firejail-e80b99934977a623d8090eee678fac34b2de1950.tar.gz firejail-e80b99934977a623d8090eee678fac34b2de1950.tar.zst firejail-e80b99934977a623d8090eee678fac34b2de1950.zip |
Harden gucharmap.profile (#2463)
-rw-r--r-- | etc/gucharmap.profile | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index 13db746f8..c85424de9 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile | |||
@@ -14,8 +14,10 @@ include disable-passwdmgr.inc | |||
14 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | include disable-xdg.inc | 15 | include disable-xdg.inc |
16 | 16 | ||
17 | apparmor | ||
17 | caps.drop all | 18 | caps.drop all |
18 | netfilter | 19 | machine-id |
20 | net none | ||
19 | no3d | 21 | no3d |
20 | nodvd | 22 | nodvd |
21 | nogroups | 23 | nogroups |
@@ -30,10 +32,15 @@ seccomp | |||
30 | shell none | 32 | shell none |
31 | 33 | ||
32 | disable-mnt | 34 | disable-mnt |
35 | # for GTK theme support comment 'private' | ||
33 | private | 36 | private |
34 | private-cache | 37 | private-cache |
35 | private-dev | 38 | private-dev |
36 | private-tmp | 39 | private-tmp |
37 | 40 | ||
41 | memory-deny-write-execute | ||
38 | noexec ${HOME} | 42 | noexec ${HOME} |
39 | noexec /tmp | 43 | noexec /tmp |
44 | |||
45 | # gucharmap will never write anything | ||
46 | read-only ${HOME} | ||