Further restrict Wire

author: Jean Lucas <jean@4ray.co> 2018-06-22 14:29:11 -0400
committer: Jean Lucas <jean@4ray.co> 2018-06-22 14:33:36 -0400
commit: 325aad5dead4e42ae893ce1a9a3cbdda4c5c8f8e (patch)
tree: 72544208716731eaa170fafad08a659d2fd832d7
parent: Amend Wire profiles (diff)
download: firejail-325aad5dead4e42ae893ce1a9a3cbdda4c5c8f8e.tar.gz
firejail-325aad5dead4e42ae893ce1a9a3cbdda4c5c8f8e.tar.zst
firejail-325aad5dead4e42ae893ce1a9a3cbdda4c5c8f8e.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile
index c0e0b3c4b..74d44efe3 100644
--- a/etc/wire-desktop.profile
+++ b/etc/wire-desktop.profile
@@ -13,6 +13,12 @@ include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+mkdir ${HOME}/.config/Wire
+whitelist ${HOME}/.config/Wire
+whitelist ${DOWNLOADS}
+include /etc/firejail/whitelist-common.inc
 caps.drop all
 netfilter
 nodvd
@@ -28,6 +34,7 @@ shell none
 # it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop"
 private-bin wire-desktop
-disable-mnt
 private-dev
+private-etc fonts,machine-id
+disable-mnt
 private-tmp
author	Jean Lucas <jean@4ray.co>	2018-06-22 14:29:11 -0400
committer	Jean Lucas <jean@4ray.co>	2018-06-22 14:33:36 -0400
commit	325aad5dead4e42ae893ce1a9a3cbdda4c5c8f8e (patch)
tree	72544208716731eaa170fafad08a659d2fd832d7
parent	Amend Wire profiles (diff)
download	firejail-325aad5dead4e42ae893ce1a9a3cbdda4c5c8f8e.tar.gz firejail-325aad5dead4e42ae893ce1a9a3cbdda4c5c8f8e.tar.zst firejail-325aad5dead4e42ae893ce1a9a3cbdda4c5c8f8e.zip

diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile index c0e0b3c4b..74d44efe3 100644 --- a/etc/wire-desktop.profile +++ b/etc/wire-desktop.profile
@@ -13,6 +13,12 @@ include /etc/firejail/disable-interpreters.inc
13	include /etc/firejail/disable-passwdmgr.inc	13	include /etc/firejail/disable-passwdmgr.inc
14	include /etc/firejail/disable-programs.inc	14	include /etc/firejail/disable-programs.inc
15		15
		16	mkdir ${HOME}/.config/Wire
		17	whitelist ${HOME}/.config/Wire
		18	whitelist ${DOWNLOADS}
		19
		20	include /etc/firejail/whitelist-common.inc
		21
16	caps.drop all	22	caps.drop all
17	netfilter	23	netfilter
18	nodvd	24	nodvd
@@ -28,6 +34,7 @@ shell none
28	# it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop"	34	# it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop"
29		35
30	private-bin wire-desktop	36	private-bin wire-desktop
31	disable-mnt
32	private-dev	37	private-dev
		38	private-etc fonts,machine-id
		39	disable-mnt
33	private-tmp	40	private-tmp