diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-09-02 13:03:54 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-09-02 13:03:54 +0200 |
commit | 7c21aad2340cef5d81d5d57b452c7cbbb62a2fe2 (patch) | |
tree | 066fb5bde8afaf951b81fa89191d6e4fab212e86 | |
parent | allow flatpak/exports also for systemd-wide location (diff) | |
download | firejail-7c21aad2340cef5d81d5d57b452c7cbbb62a2fe2.tar.gz firejail-7c21aad2340cef5d81d5d57b452c7cbbb62a2fe2.tar.zst firejail-7c21aad2340cef5d81d5d57b452c7cbbb62a2fe2.zip |
harden redeclipse
-rw-r--r-- | etc/profile-m-z/redeclipse.profile | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/etc/profile-m-z/redeclipse.profile b/etc/profile-m-z/redeclipse.profile index bb1ad56d3..a29205e14 100644 --- a/etc/profile-m-z/redeclipse.profile +++ b/etc/profile-m-z/redeclipse.profile | |||
@@ -14,10 +14,14 @@ include disable-exec.inc | |||
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | ||
17 | 18 | ||
18 | mkdir ${HOME}/.redeclipse | 19 | mkdir ${HOME}/.redeclipse |
19 | whitelist ${HOME}/.redeclipse | 20 | whitelist ${HOME}/.redeclipse |
21 | whitelist /usr/share/redeclipse | ||
20 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | ||
24 | include whitelist-usr-share-common.inc | ||
21 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
22 | 26 | ||
23 | caps.drop all | 27 | caps.drop all |
@@ -32,8 +36,13 @@ novideo | |||
32 | protocol unix,inet,inet6 | 36 | protocol unix,inet,inet6 |
33 | seccomp | 37 | seccomp |
34 | shell none | 38 | shell none |
39 | tracelog | ||
35 | 40 | ||
36 | disable-mnt | 41 | disable-mnt |
42 | #private-bin redeclipse,sh,man | ||
43 | private-cache | ||
37 | private-dev | 44 | private-dev |
38 | private-tmp | 45 | private-tmp |
39 | 46 | ||
47 | dbus-user none | ||
48 | dbus-system none | ||