Harden arch-audit.profile (#2450)

author: glitsj16 <glitsj16@users.noreply.github.com> 2019-02-24 20:40:30 +0000
committer: GitHub <noreply@github.com> 2019-02-24 20:40:30 +0000
commit: cb176565030d229b8905a8873b0bf28b98d78914 (patch)
tree: 39fa9a749e94448eacffa0c69d711a5b0c467e81
parent: documentation update (diff)
download: firejail-cb176565030d229b8905a8873b0bf28b98d78914.tar.gz
firejail-cb176565030d229b8905a8873b0bf28b98d78914.tar.zst
firejail-cb176565030d229b8905a8873b0bf28b98d78914.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile
index 7321f4e90..e28733c63 100644
--- a/etc/arch-audit.profile
+++ b/etc/arch-audit.profile
@@ -17,10 +17,13 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+apparmor
 caps.drop all
 ipc-namespace
+machine-id
 netfilter
 no3d
+nodbus
 nodvd
 nogroups
 nonewprivs
@@ -29,14 +32,14 @@ nosound
 notv
 nou2f
 novideo
-protocol unix,inet,inet6
+protocol inet,inet6
 seccomp
 shell none
 disable-mnt
 private
-private-cache
 private-bin arch-audit
+private-cache
 private-dev
 private-tmp
author	glitsj16 <glitsj16@users.noreply.github.com>	2019-02-24 20:40:30 +0000
committer	GitHub <noreply@github.com>	2019-02-24 20:40:30 +0000
commit	cb176565030d229b8905a8873b0bf28b98d78914 (patch)
tree	39fa9a749e94448eacffa0c69d711a5b0c467e81
parent	documentation update (diff)
download	firejail-cb176565030d229b8905a8873b0bf28b98d78914.tar.gz firejail-cb176565030d229b8905a8873b0bf28b98d78914.tar.zst firejail-cb176565030d229b8905a8873b0bf28b98d78914.zip

diff --git a/etc/arch-audit.profile b/etc/arch-audit.profile index 7321f4e90..e28733c63 100644 --- a/etc/arch-audit.profile +++ b/etc/arch-audit.profile
@@ -17,10 +17,13 @@ include disable-passwdmgr.inc
17	include disable-programs.inc	17	include disable-programs.inc
18	include disable-xdg.inc	18	include disable-xdg.inc
19		19
		20	apparmor
20	caps.drop all	21	caps.drop all
21	ipc-namespace	22	ipc-namespace
		23	machine-id
22	netfilter	24	netfilter
23	no3d	25	no3d
		26	nodbus
24	nodvd	27	nodvd
25	nogroups	28	nogroups
26	nonewprivs	29	nonewprivs
@@ -29,14 +32,14 @@ nosound
29	notv	32	notv
30	nou2f	33	nou2f
31	novideo	34	novideo
32	protocol unix,inet,inet6	35	protocol inet,inet6
33	seccomp	36	seccomp
34	shell none	37	shell none
35		38
36	disable-mnt	39	disable-mnt
37	private	40	private
38	private-cache
39	private-bin arch-audit	41	private-bin arch-audit
		42	private-cache
40	private-dev	43	private-dev
41	private-tmp	44	private-tmp
42		45