diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2022-10-01 19:23:19 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-10-01 19:23:19 +0000 |
commit | 2297257745fd568b1f042139b7e3bfa2830eb500 (patch) | |
tree | e03a393051ede5203ecc5374f91f7c41d64c78ce | |
parent | mpv: whitelist mpv-mpris (#5386) (diff) | |
download | firejail-2297257745fd568b1f042139b7e3bfa2830eb500.tar.gz firejail-2297257745fd568b1f042139b7e3bfa2830eb500.tar.zst firejail-2297257745fd568b1f042139b7e3bfa2830eb500.zip |
Harden qutebrowser profile
-rw-r--r-- | etc/profile-m-z/qutebrowser.profile | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/etc/profile-m-z/qutebrowser.profile b/etc/profile-m-z/qutebrowser.profile index fc910b589..e15db2ea5 100644 --- a/etc/profile-m-z/qutebrowser.profile +++ b/etc/profile-m-z/qutebrowser.profile | |||
@@ -16,6 +16,7 @@ include allow-python3.inc | |||
16 | 16 | ||
17 | include disable-common.inc | 17 | include disable-common.inc |
18 | include disable-devel.inc | 18 | include disable-devel.inc |
19 | include disable-exec.inc | ||
19 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
20 | include disable-programs.inc | 21 | include disable-programs.inc |
21 | 22 | ||
@@ -28,6 +29,7 @@ whitelist ${HOME}/.config/qutebrowser | |||
28 | whitelist ${HOME}/.local/share/qutebrowser | 29 | whitelist ${HOME}/.local/share/qutebrowser |
29 | include whitelist-common.inc | 30 | include whitelist-common.inc |
30 | 31 | ||
32 | apparmor | ||
31 | caps.drop all | 33 | caps.drop all |
32 | netfilter | 34 | netfilter |
33 | nodvd | 35 | nodvd |
@@ -38,3 +40,19 @@ protocol unix,inet,inet6,netlink | |||
38 | # blacklisting of chroot system calls breaks qt webengine | 40 | # blacklisting of chroot system calls breaks qt webengine |
39 | seccomp !chroot,!name_to_handle_at | 41 | seccomp !chroot,!name_to_handle_at |
40 | # tracelog | 42 | # tracelog |
43 | |||
44 | disable-mnt | ||
45 | private-cache | ||
46 | private-dev | ||
47 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,localtime,machine-id,pki,pulse,resolv.conf,ssl | ||
48 | private-tmp | ||
49 | |||
50 | dbus-user filter | ||
51 | dbus-user.talk org.freedesktop.Notifications | ||
52 | dbus-user.talk org.mpris.MediaPlayer2.* | ||
53 | # Add the next line to your qutebrowser.local to allow screen sharing under wayland. | ||
54 | #dbus-user.talk org.freedesktop.portal.Desktop | ||
55 | # Add the next line to your qutebrowser.local if screen sharing sharing still does not work | ||
56 | # with the above lines (might depend on the portal implementation). | ||
57 | #ignore noroot | ||
58 | dbus-system none | ||