diff options
author | netblue30 <netblue30@yahoo.com> | 2016-07-13 12:10:50 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-07-13 12:10:50 -0400 |
commit | f4c4140b4eb405172afe4755464f8af10e58350b (patch) | |
tree | a6f36c70a964a0591e806aeabe87e46631c321eb | |
parent | whitelist rework (diff) | |
download | firejail-f4c4140b4eb405172afe4755464f8af10e58350b.tar.gz firejail-f4c4140b4eb405172afe4755464f8af10e58350b.tar.zst firejail-f4c4140b4eb405172afe4755464f8af10e58350b.zip |
todo
-rw-r--r-- | todo | 17 |
1 files changed, 17 insertions, 0 deletions
@@ -218,3 +218,20 @@ sudo firejail /snap/bin/ubuntu-clock-app.clock | |||
218 | 218 | ||
219 | extract env for process | 219 | extract env for process |
220 | ps e -p <pid> | sed 's/ /\n/g' | 220 | ps e -p <pid> | sed 's/ /\n/g' |
221 | |||
222 | |||
223 | 20. check default disable - from grsecurity | ||
224 | |||
225 | GRKERNSEC_HIDESYM | ||
226 | /proc/kallsyms and other files | ||
227 | |||
228 | GRKERNSEC_PROC_USER | ||
229 | If you say Y here, non-root users will only be able to view their own | ||
230 | processes, and restricts them from viewing network-related information, | ||
231 | and viewing kernel symbol and module information. | ||
232 | |||
233 | GRKERNSEC_PROC_ADD | ||
234 | If you say Y here, additional restrictions will be placed on | ||
235 | /proc that keep normal users from viewing device information and | ||
236 | slabinfo information that could be useful for exploits. | ||
237 | |||