diff options
author | netblue30 <netblue30@yahoo.com> | 2020-03-15 17:45:45 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2020-03-15 17:45:45 -0400 |
commit | 25796cc5fac4d9460357d2fd9844ce746b4b7a4f (patch) | |
tree | 755ea43f2b6104a9c6b2b7f3cfe6261855215b9c | |
parent | fix freeoffice (diff) | |
download | firejail-25796cc5fac4d9460357d2fd9844ce746b4b7a4f.tar.gz firejail-25796cc5fac4d9460357d2fd9844ce746b4b7a4f.tar.zst firejail-25796cc5fac4d9460357d2fd9844ce746b4b7a4f.zip |
some profile hardening
-rw-r--r-- | etc/leafpad.profile | 2 | ||||
-rw-r--r-- | etc/mate-calc.profile | 1 | ||||
-rw-r--r-- | etc/mate-dictionary.profile | 1 | ||||
-rw-r--r-- | etc/midori.profile | 2 | ||||
-rw-r--r-- | etc/mousepad.profile | 2 | ||||
-rw-r--r-- | etc/mupdf.profile | 1 |
6 files changed, 9 insertions, 0 deletions
diff --git a/etc/leafpad.profile b/etc/leafpad.profile index 56a792c8e..1c917b9e7 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile | |||
@@ -17,7 +17,9 @@ include disable-programs.inc | |||
17 | 17 | ||
18 | include whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
20 | apparmor | ||
20 | caps.drop all | 21 | caps.drop all |
22 | net none | ||
21 | netfilter | 23 | netfilter |
22 | no3d | 24 | no3d |
23 | nodvd | 25 | nodvd |
diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index 2f6020ad3..966aa0a13 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile | |||
@@ -23,6 +23,7 @@ whitelist ${HOME}/.config/caja | |||
23 | whitelist ${HOME}/.config/mate-menu | 23 | whitelist ${HOME}/.config/mate-menu |
24 | include whitelist-common.inc | 24 | include whitelist-common.inc |
25 | 25 | ||
26 | apparmor | ||
26 | caps.drop all | 27 | caps.drop all |
27 | net none | 28 | net none |
28 | no3d | 29 | no3d |
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index 49a776766..59f439c91 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile | |||
@@ -18,6 +18,7 @@ mkdir ${HOME}/.config/mate/mate-dictionary | |||
18 | whitelist ${HOME}/.config/mate/mate-dictionary | 18 | whitelist ${HOME}/.config/mate/mate-dictionary |
19 | include whitelist-common.inc | 19 | include whitelist-common.inc |
20 | 20 | ||
21 | apparmor | ||
21 | caps.drop all | 22 | caps.drop all |
22 | netfilter | 23 | netfilter |
23 | no3d | 24 | no3d |
diff --git a/etc/midori.profile b/etc/midori.profile index e11e2acaa..648ce7738 100644 --- a/etc/midori.profile +++ b/etc/midori.profile | |||
@@ -49,6 +49,7 @@ whitelist ${HOME}/.pki | |||
49 | whitelist ${HOME}/.local/share/pki | 49 | whitelist ${HOME}/.local/share/pki |
50 | include whitelist-common.inc | 50 | include whitelist-common.inc |
51 | 51 | ||
52 | apparmor | ||
52 | caps.drop all | 53 | caps.drop all |
53 | netfilter | 54 | netfilter |
54 | nodvd | 55 | nodvd |
@@ -60,3 +61,4 @@ seccomp | |||
60 | tracelog | 61 | tracelog |
61 | 62 | ||
62 | disable-mnt | 63 | disable-mnt |
64 | private-tmp | ||
diff --git a/etc/mousepad.profile b/etc/mousepad.profile index 20370a5b5..9ba6f6376 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile | |||
@@ -17,7 +17,9 @@ include disable-programs.inc | |||
17 | 17 | ||
18 | include whitelist-var-common.inc | 18 | include whitelist-var-common.inc |
19 | 19 | ||
20 | apparmor | ||
20 | caps.drop all | 21 | caps.drop all |
22 | net none | ||
21 | netfilter | 23 | netfilter |
22 | nodvd | 24 | nodvd |
23 | nogroups | 25 | nogroups |
diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 43afbc859..592467658 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile | |||
@@ -18,6 +18,7 @@ include disable-xdg.inc | |||
18 | 18 | ||
19 | include whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | apparmor | ||
21 | caps.drop all | 22 | caps.drop all |
22 | machine-id | 23 | machine-id |
23 | net none | 24 | net none |