diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2020-01-29 08:36:07 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-01-29 08:36:07 +0000 |
commit | 971f3f6b811f81a41df8bcddc58c834ae7f18808 (patch) | |
tree | ab8ce365d2e2ca899f13b6f50a100a31a1a641d4 | |
parent | Update zathura.profile (diff) | |
download | firejail-971f3f6b811f81a41df8bcddc58c834ae7f18808.tar.gz firejail-971f3f6b811f81a41df8bcddc58c834ae7f18808.tar.zst firejail-971f3f6b811f81a41df8bcddc58c834ae7f18808.zip |
updates for zathura.profile (#3193)
* move mkdir in zathura.profile
* harden zathura.profile
* fix private-lib in zathura.profile
-rw-r--r-- | etc/zathura.profile | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/etc/zathura.profile b/etc/zathura.profile index 7b0109a90..41258a24d 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile | |||
@@ -18,10 +18,17 @@ include disable-passwdmgr.inc | |||
18 | include disable-programs.inc | 18 | include disable-programs.inc |
19 | include disable-xdg.inc | 19 | include disable-xdg.inc |
20 | 20 | ||
21 | mkdir ${HOME}/.config/zathura | ||
22 | mkdir ${HOME}/.local/share/zathura | ||
23 | whitelist /usr/share/zathura | ||
24 | include whitelist-usr-share-common.inc | ||
25 | include whitelist-var-common.inc | ||
26 | |||
21 | caps.drop all | 27 | caps.drop all |
28 | ipc-namespace | ||
22 | machine-id | 29 | machine-id |
23 | # net none | 30 | net none |
24 | # nodbus | 31 | nodbus |
25 | nodvd | 32 | nodvd |
26 | nogroups | 33 | nogroups |
27 | nonewprivs | 34 | nonewprivs |
@@ -39,10 +46,9 @@ private-bin zathura | |||
39 | private-cache | 46 | private-cache |
40 | private-dev | 47 | private-dev |
41 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id | 48 | private-etc alternatives,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id |
49 | private-lib libarchive.so.*,libdjvulibre.so.*,libgirara-gtk*,libpoppler-glib.so.*,libspectre.so.*,libstdc++.so.*,zathura | ||
42 | private-tmp | 50 | private-tmp |
43 | 51 | ||
44 | mkdir ${HOME}/.config/zathura | ||
45 | mkdir ${HOME}/.local/share/zathura | ||
46 | read-only ${HOME} | 52 | read-only ${HOME} |
47 | read-write ${HOME}/.config/zathura | 53 | read-write ${HOME}/.config/zathura |
48 | read-write ${HOME}/.local/share/zathura | 54 | read-write ${HOME}/.local/share/zathura |