diff options
author | rusty-snake <print_hello_world+GitHub@protonmail.com> | 2019-03-07 20:22:00 +0000 |
---|---|---|
committer | glitsj16 <glitsj16@users.noreply.github.com> | 2019-03-07 20:22:00 +0000 |
commit | 76e0bc8fb9fb4c5d4540fe2a86798218786bc035 (patch) | |
tree | 9c0a5b28f94566659a4dafac1c4abdf21b0155ea | |
parent | Add fakeroot support for makepkg on Arch (#2536) (diff) | |
download | firejail-76e0bc8fb9fb4c5d4540fe2a86798218786bc035.tar.gz firejail-76e0bc8fb9fb4c5d4540fe2a86798218786bc035.tar.zst firejail-76e0bc8fb9fb4c5d4540fe2a86798218786bc035.zip |
Harden gnome-clocks.profile (#2534)
* Harden gnome-clocks.profile
* Review #2534
-rw-r--r-- | etc/gnome-clocks.profile | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index 83ece0fce..32a7ca918 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile | |||
@@ -6,7 +6,6 @@ include gnome-clocks.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | |||
10 | include disable-common.inc | 9 | include disable-common.inc |
11 | include disable-devel.inc | 10 | include disable-devel.inc |
12 | include disable-interpreters.inc | 11 | include disable-interpreters.inc |
@@ -14,8 +13,10 @@ include disable-passwdmgr.inc | |||
14 | include disable-programs.inc | 13 | include disable-programs.inc |
15 | include disable-xdg.inc | 14 | include disable-xdg.inc |
16 | 15 | ||
16 | include whitelist-common.inc | ||
17 | include whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
18 | 18 | ||
19 | apparmor | ||
19 | caps.drop all | 20 | caps.drop all |
20 | netfilter | 21 | netfilter |
21 | no3d | 22 | no3d |
@@ -32,9 +33,10 @@ shell none | |||
32 | tracelog | 33 | tracelog |
33 | 34 | ||
34 | disable-mnt | 35 | disable-mnt |
35 | # private-bin gnome-clocks | 36 | private-bin gnome-clocks,gsound-play |
37 | private-cache | ||
36 | private-dev | 38 | private-dev |
37 | # private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies | 39 | private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies,machine-id,hosts,pkcs11,localtime,gtk-3.0,dconf |
38 | private-tmp | 40 | private-tmp |
39 | 41 | ||
40 | noexec ${HOME} | 42 | noexec ${HOME} |