diff options
author | rusty-snake <print_hello_world+Public@protonmail.com> | 2020-01-02 10:22:59 +0100 |
---|---|---|
committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2020-01-02 10:37:38 +0100 |
commit | d90d9109f68ebcc0b297a12f456aee20a1c5b3d3 (patch) | |
tree | f4e8eb93187c0fa07f6a1236a1e954012c72dc7a | |
parent | gitlab-ci: disable continuously failing fedora test (diff) | |
download | firejail-d90d9109f68ebcc0b297a12f456aee20a1c5b3d3.tar.gz firejail-d90d9109f68ebcc0b297a12f456aee20a1c5b3d3.tar.zst firejail-d90d9109f68ebcc0b297a12f456aee20a1c5b3d3.zip |
Harden wget.profile
-rw-r--r-- | etc/wget.profile | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/wget.profile b/etc/wget.profile index 4bf354652..c034a3f0e 100644 --- a/etc/wget.profile +++ b/etc/wget.profile | |||
@@ -19,6 +19,8 @@ include whitelist-usr-share-common.inc | |||
19 | include whitelist-var-common.inc | 19 | include whitelist-var-common.inc |
20 | 20 | ||
21 | caps.drop all | 21 | caps.drop all |
22 | ipc-namespace | ||
23 | machine-id | ||
22 | netfilter | 24 | netfilter |
23 | no3d | 25 | no3d |
24 | nodvd | 26 | nodvd |
@@ -32,9 +34,11 @@ novideo | |||
32 | protocol unix,inet,inet6 | 34 | protocol unix,inet,inet6 |
33 | seccomp | 35 | seccomp |
34 | shell none | 36 | shell none |
37 | tracelog | ||
35 | 38 | ||
36 | # private-bin wget | 39 | # private-bin wget |
37 | private-dev | 40 | private-dev |
38 | # private-etc alternatives,ca-certificates,crypto-policie,pki,resolv.conf,ssl | 41 | # private-etc alternatives,ca-certificates,crypto-policie,pki,resolv.conf,ssl |
39 | # private-tmp | 42 | # private-tmp |
40 | 43 | ||
44 | memory-deny-write-execute | ||