diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-07-19 10:54:11 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-07-19 10:55:30 +0200 |
commit | 028052f0c95d85d39c5c0f7b3486aceb12313fa2 (patch) | |
tree | bd3ba0edca0b5c3a40916178c1caea086508535f | |
parent | Merge pull request #3519 from onovy/signal-profile (diff) | |
download | firejail-028052f0c95d85d39c5c0f7b3486aceb12313fa2.tar.gz firejail-028052f0c95d85d39c5c0f7b3486aceb12313fa2.tar.zst firejail-028052f0c95d85d39c5c0f7b3486aceb12313fa2.zip |
Harden gnome-calculator
-rw-r--r-- | etc/profile-a-l/gnome-calculator.profile | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/etc/profile-a-l/gnome-calculator.profile b/etc/profile-a-l/gnome-calculator.profile index bc6626598..cf5d5390a 100644 --- a/etc/profile-a-l/gnome-calculator.profile +++ b/etc/profile-a-l/gnome-calculator.profile | |||
@@ -25,8 +25,7 @@ apparmor | |||
25 | caps.drop all | 25 | caps.drop all |
26 | ipc-namespace | 26 | ipc-namespace |
27 | machine-id | 27 | machine-id |
28 | # net none | 28 | net none |
29 | netfilter | ||
30 | no3d | 29 | no3d |
31 | nodvd | 30 | nodvd |
32 | nogroups | 31 | nogroups |
@@ -39,6 +38,7 @@ novideo | |||
39 | protocol unix,inet,inet6 | 38 | protocol unix,inet,inet6 |
40 | seccomp | 39 | seccomp |
41 | shell none | 40 | shell none |
41 | tracelog | ||
42 | 42 | ||
43 | disable-mnt | 43 | disable-mnt |
44 | private-bin gnome-calculator | 44 | private-bin gnome-calculator |
@@ -47,8 +47,7 @@ private-dev | |||
47 | #private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*,libgnutls.so.*,libproxy.so.*,librsvg-2.so.*,libxml2.so.* | 47 | #private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*,libgnutls.so.*,libproxy.so.*,librsvg-2.so.*,libxml2.so.* |
48 | private-tmp | 48 | private-tmp |
49 | 49 | ||
50 | # makes settings immutable | 50 | dbus-user filter |
51 | # dbus-user none | 51 | dbus-user.own org.gnome.Calculator |
52 | # dbus-system none | 52 | dbus-user.talk ca.desrt.dconf |
53 | 53 | dbus-system none | |
54 | # memory-deny-write-execute | ||