diff options
author | Tad <tad@spotco.us> | 2018-09-19 15:32:18 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2018-09-19 15:32:48 -0400 |
commit | c0ba48bec1bc11c98cbac3c6cc9fdf117dcb98d1 (patch) | |
tree | 83e0f2b4020db3c9ae6c0501aab2d30f56df086e | |
parent | 0.9.56 released (diff) | |
download | firejail-c0ba48bec1bc11c98cbac3c6cc9fdf117dcb98d1.tar.gz firejail-c0ba48bec1bc11c98cbac3c6cc9fdf117dcb98d1.tar.zst firejail-c0ba48bec1bc11c98cbac3c6cc9fdf117dcb98d1.zip |
Misc profile hardening
-rw-r--r-- | etc/android-studio.profile | 2 | ||||
-rw-r--r-- | etc/apktool.profile | 2 | ||||
-rw-r--r-- | etc/bless.profile | 2 | ||||
-rw-r--r-- | etc/dex2jar.profile | 2 | ||||
-rw-r--r-- | etc/gitg.profile | 2 | ||||
-rw-r--r-- | etc/jd-gui.profile | 2 | ||||
-rw-r--r-- | etc/liferea.profile | 1 | ||||
-rw-r--r-- | etc/lollypop.profile | 2 | ||||
-rw-r--r-- | etc/meld.profile | 2 | ||||
-rw-r--r-- | etc/minetest.profile | 2 | ||||
-rw-r--r-- | etc/mumble.profile | 1 | ||||
-rw-r--r-- | etc/patch.profile | 2 | ||||
-rw-r--r-- | etc/picard.profile | 2 | ||||
-rw-r--r-- | etc/pithos.profile | 1 | ||||
-rw-r--r-- | etc/remmina.profile | 2 | ||||
-rw-r--r-- | etc/sdat2img.profile | 2 | ||||
-rw-r--r-- | etc/shellcheck.profile | 2 | ||||
-rw-r--r-- | etc/soundconverter.profile | 2 | ||||
-rw-r--r-- | etc/sqlitebrowser.profile | 2 | ||||
-rw-r--r-- | etc/vlc.profile | 2 | ||||
-rw-r--r-- | etc/xonotic.profile | 1 |
21 files changed, 37 insertions, 1 deletions
diff --git a/etc/android-studio.profile b/etc/android-studio.profile index d845bd4b9..8f5cd56cc 100644 --- a/etc/android-studio.profile +++ b/etc/android-studio.profile | |||
@@ -20,6 +20,8 @@ include /etc/firejail/disable-common.inc | |||
20 | include /etc/firejail/disable-passwdmgr.inc | 20 | include /etc/firejail/disable-passwdmgr.inc |
21 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
22 | 22 | ||
23 | include /etc/firejail/whitelist-var-common.inc | ||
24 | |||
23 | caps.drop all | 25 | caps.drop all |
24 | netfilter | 26 | netfilter |
25 | nodvd | 27 | nodvd |
diff --git a/etc/apktool.profile b/etc/apktool.profile index 2043cf5af..d157b1478 100644 --- a/etc/apktool.profile +++ b/etc/apktool.profile | |||
@@ -12,6 +12,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | include /etc/firejail/disable-xdg.inc | 13 | include /etc/firejail/disable-xdg.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | ||
16 | |||
15 | caps.drop all | 17 | caps.drop all |
16 | net none | 18 | net none |
17 | no3d | 19 | no3d |
diff --git a/etc/bless.profile b/etc/bless.profile index 01f75b00d..0da3436e8 100644 --- a/etc/bless.profile +++ b/etc/bless.profile | |||
@@ -14,6 +14,8 @@ include /etc/firejail/disable-interpreters.inc | |||
14 | include /etc/firejail/disable-passwdmgr.inc | 14 | include /etc/firejail/disable-passwdmgr.inc |
15 | include /etc/firejail/disable-programs.inc | 15 | include /etc/firejail/disable-programs.inc |
16 | 16 | ||
17 | include /etc/firejail/whitelist-var-common.inc | ||
18 | |||
17 | caps.drop all | 19 | caps.drop all |
18 | net none | 20 | net none |
19 | no3d | 21 | no3d |
diff --git a/etc/dex2jar.profile b/etc/dex2jar.profile index b61d68e06..da59fc71a 100644 --- a/etc/dex2jar.profile +++ b/etc/dex2jar.profile | |||
@@ -19,6 +19,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
19 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
20 | include /etc/firejail/disable-xdg.inc | 20 | include /etc/firejail/disable-xdg.inc |
21 | 21 | ||
22 | include /etc/firejail/whitelist-var-common.inc | ||
23 | |||
22 | caps.drop all | 24 | caps.drop all |
23 | net none | 25 | net none |
24 | no3d | 26 | no3d |
diff --git a/etc/gitg.profile b/etc/gitg.profile index 5a7349eb1..87d8c0a1f 100644 --- a/etc/gitg.profile +++ b/etc/gitg.profile | |||
@@ -16,6 +16,8 @@ include /etc/firejail/disable-interpreters.inc | |||
16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
17 | include /etc/firejail/disable-programs.inc | 17 | include /etc/firejail/disable-programs.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | ||
20 | |||
19 | caps.drop all | 21 | caps.drop all |
20 | no3d | 22 | no3d |
21 | nodvd | 23 | nodvd |
diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 81e538153..3a280dab7 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile | |||
@@ -21,6 +21,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
21 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
22 | include /etc/firejail/disable-xdg.inc | 22 | include /etc/firejail/disable-xdg.inc |
23 | 23 | ||
24 | include /etc/firejail/whitelist-var-common.inc | ||
25 | |||
24 | caps.drop all | 26 | caps.drop all |
25 | net none | 27 | net none |
26 | no3d | 28 | no3d |
diff --git a/etc/liferea.profile b/etc/liferea.profile index 673182c10..04c649121 100644 --- a/etc/liferea.profile +++ b/etc/liferea.profile | |||
@@ -29,6 +29,7 @@ whitelist ${HOME}/.cache/liferea | |||
29 | whitelist ${HOME}/.config/liferea | 29 | whitelist ${HOME}/.config/liferea |
30 | whitelist ${HOME}/.local/share/liferea | 30 | whitelist ${HOME}/.local/share/liferea |
31 | include /etc/firejail/whitelist-common.inc | 31 | include /etc/firejail/whitelist-common.inc |
32 | include /etc/firejail/whitelist-var-common.inc | ||
32 | 33 | ||
33 | caps.drop all | 34 | caps.drop all |
34 | netfilter | 35 | netfilter |
diff --git a/etc/lollypop.profile b/etc/lollypop.profile index 0f8f49488..efd40e899 100644 --- a/etc/lollypop.profile +++ b/etc/lollypop.profile | |||
@@ -22,6 +22,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
22 | include /etc/firejail/disable-programs.inc | 22 | include /etc/firejail/disable-programs.inc |
23 | include /etc/firejail/disable-xdg.inc | 23 | include /etc/firejail/disable-xdg.inc |
24 | 24 | ||
25 | include /etc/firejail/whitelist-var-common.inc | ||
26 | |||
25 | caps.drop all | 27 | caps.drop all |
26 | netfilter | 28 | netfilter |
27 | no3d | 29 | no3d |
diff --git a/etc/meld.profile b/etc/meld.profile index 00d5c6caa..1a7935800 100644 --- a/etc/meld.profile +++ b/etc/meld.profile | |||
@@ -13,6 +13,8 @@ include /etc/firejail/disable-devel.inc | |||
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | ||
17 | |||
16 | caps.drop all | 18 | caps.drop all |
17 | net none | 19 | net none |
18 | no3d | 20 | no3d |
diff --git a/etc/minetest.profile b/etc/minetest.profile index 7de546791..3e06b6d30 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile | |||
@@ -17,10 +17,12 @@ include /etc/firejail/disable-programs.inc | |||
17 | mkdir ${HOME}/.minetest | 17 | mkdir ${HOME}/.minetest |
18 | whitelist ${HOME}/.minetest | 18 | whitelist ${HOME}/.minetest |
19 | include /etc/firejail/whitelist-common.inc | 19 | include /etc/firejail/whitelist-common.inc |
20 | include /etc/firejail/whitelist-var-common.inc | ||
20 | 21 | ||
21 | caps.drop all | 22 | caps.drop all |
22 | ipc-namespace | 23 | ipc-namespace |
23 | netfilter | 24 | netfilter |
25 | nodbus | ||
24 | nodvd | 26 | nodvd |
25 | nogroups | 27 | nogroups |
26 | nonewprivs | 28 | nonewprivs |
diff --git a/etc/mumble.profile b/etc/mumble.profile index f894acb57..c5af9aa42 100644 --- a/etc/mumble.profile +++ b/etc/mumble.profile | |||
@@ -20,6 +20,7 @@ mkdir ${HOME}/.local/share/data/Mumble | |||
20 | whitelist ${HOME}/.config/Mumble | 20 | whitelist ${HOME}/.config/Mumble |
21 | whitelist ${HOME}/.local/share/data/Mumble | 21 | whitelist ${HOME}/.local/share/data/Mumble |
22 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
23 | include /etc/firejail/whitelist-var-common.inc | ||
23 | 24 | ||
24 | caps.drop all | 25 | caps.drop all |
25 | netfilter | 26 | netfilter |
diff --git a/etc/patch.profile b/etc/patch.profile index d4058d6e7..8fa6ac966 100644 --- a/etc/patch.profile +++ b/etc/patch.profile | |||
@@ -15,6 +15,8 @@ include /etc/firejail/disable-interpreters.inc | |||
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-xdg.inc | 16 | include /etc/firejail/disable-xdg.inc |
17 | 17 | ||
18 | include /etc/firejail/whitelist-var-common.inc | ||
19 | |||
18 | caps.drop all | 20 | caps.drop all |
19 | ipc-namespace | 21 | ipc-namespace |
20 | net none | 22 | net none |
diff --git a/etc/picard.profile b/etc/picard.profile index 2cc0b5c68..8474eeda6 100644 --- a/etc/picard.profile +++ b/etc/picard.profile | |||
@@ -23,6 +23,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
23 | include /etc/firejail/disable-programs.inc | 23 | include /etc/firejail/disable-programs.inc |
24 | include /etc/firejail/disable-xdg.inc | 24 | include /etc/firejail/disable-xdg.inc |
25 | 25 | ||
26 | include /etc/firejail/whitelist-var-common.inc | ||
27 | |||
26 | caps.drop all | 28 | caps.drop all |
27 | no3d | 29 | no3d |
28 | nodvd | 30 | nodvd |
diff --git a/etc/pithos.profile b/etc/pithos.profile index e5af9c973..cbe7ac9c6 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile | |||
@@ -20,6 +20,7 @@ include /etc/firejail/disable-programs.inc | |||
20 | include /etc/firejail/disable-xdg.inc | 20 | include /etc/firejail/disable-xdg.inc |
21 | 21 | ||
22 | include /etc/firejail/whitelist-common.inc | 22 | include /etc/firejail/whitelist-common.inc |
23 | include /etc/firejail/whitelist-var-common.inc | ||
23 | 24 | ||
24 | caps.drop all | 25 | caps.drop all |
25 | netfilter | 26 | netfilter |
diff --git a/etc/remmina.profile b/etc/remmina.profile index 5078000bb..51c0f2d17 100644 --- a/etc/remmina.profile +++ b/etc/remmina.profile | |||
@@ -18,6 +18,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
18 | include /etc/firejail/disable-programs.inc | 18 | include /etc/firejail/disable-programs.inc |
19 | include /etc/firejail/disable-xdg.inc | 19 | include /etc/firejail/disable-xdg.inc |
20 | 20 | ||
21 | include /etc/firejail/whitelist-var-common.inc | ||
22 | |||
21 | caps.drop all | 23 | caps.drop all |
22 | nodvd | 24 | nodvd |
23 | nogroups | 25 | nogroups |
diff --git a/etc/sdat2img.profile b/etc/sdat2img.profile index e318dd568..a2a54f838 100644 --- a/etc/sdat2img.profile +++ b/etc/sdat2img.profile | |||
@@ -19,6 +19,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
19 | include /etc/firejail/disable-programs.inc | 19 | include /etc/firejail/disable-programs.inc |
20 | include /etc/firejail/disable-xdg.inc | 20 | include /etc/firejail/disable-xdg.inc |
21 | 21 | ||
22 | include /etc/firejail/whitelist-var-common.inc | ||
23 | |||
22 | caps.drop all | 24 | caps.drop all |
23 | net none | 25 | net none |
24 | no3d | 26 | no3d |
diff --git a/etc/shellcheck.profile b/etc/shellcheck.profile index f6c154183..90fc9cb8c 100644 --- a/etc/shellcheck.profile +++ b/etc/shellcheck.profile | |||
@@ -16,6 +16,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include /etc/firejail/disable-xdg.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | ||
20 | |||
19 | caps.drop all | 21 | caps.drop all |
20 | ipc-namespace | 22 | ipc-namespace |
21 | net none | 23 | net none |
diff --git a/etc/soundconverter.profile b/etc/soundconverter.profile index ee4d90265..69efe5244 100644 --- a/etc/soundconverter.profile +++ b/etc/soundconverter.profile | |||
@@ -21,6 +21,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
21 | include /etc/firejail/disable-programs.inc | 21 | include /etc/firejail/disable-programs.inc |
22 | include /etc/firejail/disable-xdg.inc | 22 | include /etc/firejail/disable-xdg.inc |
23 | 23 | ||
24 | include /etc/firejail/whitelist-var-common.inc | ||
25 | |||
24 | caps.drop all | 26 | caps.drop all |
25 | net none | 27 | net none |
26 | no3d | 28 | no3d |
diff --git a/etc/sqlitebrowser.profile b/etc/sqlitebrowser.profile index 75e8ed5c0..0f030d559 100644 --- a/etc/sqlitebrowser.profile +++ b/etc/sqlitebrowser.profile | |||
@@ -16,6 +16,8 @@ include /etc/firejail/disable-passwdmgr.inc | |||
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | include /etc/firejail/disable-xdg.inc | 17 | include /etc/firejail/disable-xdg.inc |
18 | 18 | ||
19 | include /etc/firejail/whitelist-var-common.inc | ||
20 | |||
19 | caps.drop all | 21 | caps.drop all |
20 | net none | 22 | net none |
21 | no3d | 23 | no3d |
diff --git a/etc/vlc.profile b/etc/vlc.profile index 20dafba25..594a5944b 100644 --- a/etc/vlc.profile +++ b/etc/vlc.profile | |||
@@ -25,7 +25,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
25 | caps.drop all | 25 | caps.drop all |
26 | netfilter | 26 | netfilter |
27 | #nodbus | 27 | #nodbus |
28 | #nogroups | 28 | nogroups |
29 | nonewprivs | 29 | nonewprivs |
30 | noroot | 30 | noroot |
31 | protocol unix,inet,inet6,netlink | 31 | protocol unix,inet,inet6,netlink |
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index 29b2bb382..a7e8edc0f 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
@@ -21,6 +21,7 @@ include /etc/firejail/whitelist-var-common.inc | |||
21 | 21 | ||
22 | caps.drop all | 22 | caps.drop all |
23 | netfilter | 23 | netfilter |
24 | nodbus | ||
24 | nodvd | 25 | nodvd |
25 | nogroups | 26 | nogroups |
26 | nonewprivs | 27 | nonewprivs |