diff options
author | netblue30 <netblue30@yahoo.com> | 2020-03-16 15:55:52 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2020-03-16 15:55:52 -0400 |
commit | b7e4f402f4102b105ac428fe0b2f615431388477 (patch) | |
tree | fa1f2cd7d2404f9978999c3c5b19d419ac731bea | |
parent | some profile hardening (diff) | |
download | firejail-b7e4f402f4102b105ac428fe0b2f615431388477.tar.gz firejail-b7e4f402f4102b105ac428fe0b2f615431388477.tar.zst firejail-b7e4f402f4102b105ac428fe0b2f615431388477.zip |
profile fixes
-rw-r--r-- | etc/2048-qt.profile | 2 | ||||
-rw-r--r-- | etc/calibre.profile | 1 | ||||
-rw-r--r-- | etc/dia.profile | 2 | ||||
-rw-r--r-- | etc/handbrake.profile | 1 | ||||
-rw-r--r-- | etc/mate-calc.profile | 1 | ||||
-rw-r--r-- | etc/midori.profile | 1 | ||||
-rw-r--r-- | etc/mplayer.profile | 2 | ||||
-rw-r--r-- | etc/musescore.profile | 1 | ||||
-rw-r--r-- | etc/qpdfview.profile | 1 | ||||
-rw-r--r-- | etc/scribus.profile | 1 | ||||
-rw-r--r-- | etc/sol.profile | 1 | ||||
-rw-r--r-- | etc/tcpdump.profile | 1 | ||||
-rw-r--r-- | etc/warzone2100.profile | 1 | ||||
-rw-r--r-- | etc/xpdf.profile | 3 |
14 files changed, 18 insertions, 1 deletions
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index 2347039a6..95d482c22 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile | |||
@@ -23,7 +23,9 @@ whitelist ${HOME}/.config/xiaoyong | |||
23 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
26 | apparmor | ||
26 | caps.drop all | 27 | caps.drop all |
28 | net none | ||
27 | netfilter | 29 | netfilter |
28 | nodvd | 30 | nodvd |
29 | nogroups | 31 | nogroups |
diff --git a/etc/calibre.profile b/etc/calibre.profile index ad6f0aa0d..d17cfa85f 100644 --- a/etc/calibre.profile +++ b/etc/calibre.profile | |||
@@ -19,6 +19,7 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | apparmor | ||
22 | caps.drop all | 23 | caps.drop all |
23 | netfilter | 24 | netfilter |
24 | nodvd | 25 | nodvd |
diff --git a/etc/dia.profile b/etc/dia.profile index bd79797b7..0bfc249fa 100644 --- a/etc/dia.profile +++ b/etc/dia.profile | |||
@@ -18,7 +18,9 @@ include disable-interpreters.inc | |||
18 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-xdg.inc | 20 | include disable-xdg.inc |
21 | include whitelist-var-common.inc | ||
21 | 22 | ||
23 | apparmor | ||
22 | caps.drop all | 24 | caps.drop all |
23 | net none | 25 | net none |
24 | no3d | 26 | no3d |
diff --git a/etc/handbrake.profile b/etc/handbrake.profile index 324c629e3..5b51bd03c 100644 --- a/etc/handbrake.profile +++ b/etc/handbrake.profile | |||
@@ -22,6 +22,7 @@ include whitelist-var-common.inc | |||
22 | 22 | ||
23 | apparmor | 23 | apparmor |
24 | caps.drop all | 24 | caps.drop all |
25 | net none | ||
25 | netfilter | 26 | netfilter |
26 | nodbus | 27 | nodbus |
27 | nogroups | 28 | nogroups |
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index 966aa0a13..8bd62ae0b 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile | |||
@@ -22,6 +22,7 @@ whitelist ${HOME}/.cache/mate-calc | |||
22 | whitelist ${HOME}/.config/caja | 22 | whitelist ${HOME}/.config/caja |
23 | whitelist ${HOME}/.config/mate-menu | 23 | whitelist ${HOME}/.config/mate-menu |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | include whitelist-var-common.inc | ||
25 | 26 | ||
26 | apparmor | 27 | apparmor |
27 | caps.drop all | 28 | caps.drop all |
diff --git a/etc/midori.profile b/etc/midori.profile index 648ce7738..e15259608 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
@@ -48,6 +48,7 @@ whitelist ${HOME}/.local/share/webkitgtk | |||
48 | whitelist ${HOME}/.pki | 48 | whitelist ${HOME}/.pki |
49 | whitelist ${HOME}/.local/share/pki | 49 | whitelist ${HOME}/.local/share/pki |
50 | include whitelist-common.inc | 50 | include whitelist-common.inc |
51 | include whitelist-var-common.inc | ||
51 | 52 | ||
52 | apparmor | 53 | apparmor |
53 | caps.drop all | 54 | caps.drop all |
diff --git a/etc/mplayer.profile b/etc/mplayer.profile index 9ab4f8c7f..82877d9d4 100644 --- a/etc/mplayer.profile +++ b/etc/mplayer.profile | |||
@@ -21,7 +21,9 @@ include disable-xdg.inc | |||
21 | include whitelist-usr-share-common.inc | 21 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 22 | include whitelist-var-common.inc |
23 | 23 | ||
24 | apparmor | ||
24 | caps.drop all | 25 | caps.drop all |
26 | net none | ||
25 | netfilter | 27 | netfilter |
26 | # nogroups | 28 | # nogroups |
27 | nonewprivs | 29 | nonewprivs |
diff --git a/etc/musescore.profile b/etc/musescore.profile index b3693c956..679e82ae8 100644 --- a/etc/musescore.profile +++ b/etc/musescore.profile | |||
@@ -23,6 +23,7 @@ include disable-xdg.inc | |||
23 | 23 | ||
24 | include whitelist-var-common.inc | 24 | include whitelist-var-common.inc |
25 | 25 | ||
26 | apparmor | ||
26 | caps.drop all | 27 | caps.drop all |
27 | netfilter | 28 | netfilter |
28 | no3d | 29 | no3d |
diff --git a/etc/qpdfview.profile b/etc/qpdfview.profile index 863f57ba4..dace1634f 100644 --- a/etc/qpdfview.profile +++ b/etc/qpdfview.profile | |||
@@ -20,6 +20,7 @@ include disable-xdg.inc | |||
20 | 20 | ||
21 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
22 | 22 | ||
23 | apparmor | ||
23 | caps.drop all | 24 | caps.drop all |
24 | machine-id | 25 | machine-id |
25 | # needs D-Bus when started from a file manager | 26 | # needs D-Bus when started from a file manager |
diff --git a/etc/scribus.profile b/etc/scribus.profile index e20cd1b5a..e7faccea1 100644 --- a/etc/scribus.profile +++ b/etc/scribus.profile | |||
@@ -40,6 +40,7 @@ include disable-xdg.inc | |||
40 | 40 | ||
41 | include whitelist-var-common.inc | 41 | include whitelist-var-common.inc |
42 | 42 | ||
43 | apparmor | ||
43 | caps.drop all | 44 | caps.drop all |
44 | net none | 45 | net none |
45 | nodbus | 46 | nodbus |
diff --git a/etc/sol.profile b/etc/sol.profile index ea1620b31..4c8fdfbb1 100644 --- a/etc/sol.profile +++ b/etc/sol.profile | |||
@@ -17,6 +17,7 @@ include disable-xdg.inc | |||
17 | include whitelist-common.inc | 17 | include whitelist-common.inc |
18 | include whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
20 | apparmor | ||
20 | caps.drop all | 21 | caps.drop all |
21 | ipc-namespace | 22 | ipc-namespace |
22 | net none | 23 | net none |
diff --git a/etc/tcpdump.profile b/etc/tcpdump.profile index 3c46dfdcb..881fbf49e 100644 --- a/etc/tcpdump.profile +++ b/etc/tcpdump.profile | |||
@@ -19,6 +19,7 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | include whitelist-common.inc | 20 | include whitelist-common.inc |
21 | 21 | ||
22 | apparmor | ||
22 | caps.keep net_raw | 23 | caps.keep net_raw |
23 | ipc-namespace | 24 | ipc-namespace |
24 | #net tun0 | 25 | #net tun0 |
diff --git a/etc/warzone2100.profile b/etc/warzone2100.profile index e65e0a0c3..e33cace49 100644 --- a/etc/warzone2100.profile +++ b/etc/warzone2100.profile | |||
@@ -22,6 +22,7 @@ whitelist ${HOME}/.warzone2100-3.2 | |||
22 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 23 | include whitelist-var-common.inc |
24 | 24 | ||
25 | apparmor | ||
25 | caps.drop all | 26 | caps.drop all |
26 | netfilter | 27 | netfilter |
27 | nodvd | 28 | nodvd |
diff --git a/etc/xpdf.profile b/etc/xpdf.profile index 8c405ba1d..cb7ac4a59 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile | |||
@@ -19,6 +19,7 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
21 | 21 | ||
22 | apparmor | ||
22 | caps.drop all | 23 | caps.drop all |
23 | machine-id | 24 | machine-id |
24 | net none | 25 | net none |
@@ -38,4 +39,4 @@ shell none | |||
38 | 39 | ||
39 | private-dev | 40 | private-dev |
40 | private-tmp | 41 | private-tmp |
41 | 42 | memory-deny-write-execute | |