diff options
author | valoq <valoq@mailbox.org> | 2016-12-21 10:34:28 +0100 |
---|---|---|
committer | valoq <valoq@mailbox.org> | 2016-12-21 10:34:28 +0100 |
commit | 77a97aae04c6ed92cc13779d6b4c25a5155a7315 (patch) | |
tree | f43e3847c68ccff9ec5037293f7858dc82f257e2 | |
parent | hardened various profiles (diff) | |
download | firejail-77a97aae04c6ed92cc13779d6b4c25a5155a7315.tar.gz firejail-77a97aae04c6ed92cc13779d6b4c25a5155a7315.tar.zst firejail-77a97aae04c6ed92cc13779d6b4c25a5155a7315.zip |
profile improvements
-rw-r--r-- | etc/atool.profile | 3 | ||||
-rw-r--r-- | etc/git.profile | 4 |
2 files changed, 6 insertions, 1 deletions
diff --git a/etc/atool.profile b/etc/atool.profile index 3fbfb9fc7..578a88fc7 100644 --- a/etc/atool.profile +++ b/etc/atool.profile | |||
@@ -13,9 +13,12 @@ protocol unix | |||
13 | seccomp | 13 | seccomp |
14 | netfilter | 14 | netfilter |
15 | net none | 15 | net none |
16 | no3d | ||
16 | shell none | 17 | shell none |
17 | tracelog | 18 | tracelog |
18 | 19 | ||
20 | blacklist /tmp/.X11-unix | ||
21 | |||
19 | # private-bin atool | 22 | # private-bin atool |
20 | private-tmp | 23 | private-tmp |
21 | private-dev | 24 | private-dev |
diff --git a/etc/git.profile b/etc/git.profile index d60e58c03..80e534e20 100644 --- a/etc/git.profile +++ b/etc/git.profile | |||
@@ -12,15 +12,17 @@ include /etc/firejail/disable-common.inc | |||
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | 14 | ||
15 | |||
16 | caps.drop all | 15 | caps.drop all |
17 | netfilter | 16 | netfilter |
18 | nogroups | 17 | nogroups |
19 | nonewprivs | 18 | nonewprivs |
20 | noroot | 19 | noroot |
21 | nosound | 20 | nosound |
21 | no3d | ||
22 | protocol unix,inet,inet6 | 22 | protocol unix,inet,inet6 |
23 | seccomp | 23 | seccomp |
24 | shell none | 24 | shell none |
25 | 25 | ||
26 | blacklist /tmp/.X11-unix | ||
27 | |||
26 | private-dev | 28 | private-dev |