Additional hardening for whois

author: glitsj16 <glitsj16@users.noreply.github.com> 2020-01-02 20:58:56 +0000
committer: GitHub <noreply@github.com> 2020-01-02 20:58:56 +0000
commit: 4bb5f58ae402cc2c03aeea538c15e509b1744c2f (patch)
tree: ce9bb3aea8b345ccae0429be3a01b2a0916702c6
parent: Harden artha.profile (diff)
download: firejail-4bb5f58ae402cc2c03aeea538c15e509b1744c2f.tar.gz
firejail-4bb5f58ae402cc2c03aeea538c15e509b1744c2f.tar.zst
firejail-4bb5f58ae402cc2c03aeea538c15e509b1744c2f.zip
1 files changed, 9 insertions, 5 deletions
diff --git a/etc/whois.profile b/etc/whois.profile
index b993264a5..bd0870bea 100644
--- a/etc/whois.profile
+++ b/etc/whois.profile
@@ -7,19 +7,23 @@ include whois.local
 # Persistent global definitions
 include globals.local
+blacklist /tmp/.X11-unix
 include disable-common.inc
-# include disable-devel.inc
+include disable-devel.inc
 include disable-exec.inc
-# include disable-interpreters.inc
+include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-#include disable-xdg.inc
+include disable-xdg.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.drop all
-# ipc-namespace
+hostname whois
+ipc-namespace
+machine-id
 netfilter
 no3d
 nodbus
@@ -41,7 +45,7 @@ private
 private-bin bash,sh,whois
 private-cache
 private-dev
-# private-etc alternatives,hosts,services,whois.conf
+private-etc alternatives,hosts,jwhois.conf,services,whois.conf
 private-lib
 private-tmp
author	glitsj16 <glitsj16@users.noreply.github.com>	2020-01-02 20:58:56 +0000
committer	GitHub <noreply@github.com>	2020-01-02 20:58:56 +0000
commit	4bb5f58ae402cc2c03aeea538c15e509b1744c2f (patch)
tree	ce9bb3aea8b345ccae0429be3a01b2a0916702c6
parent	Harden artha.profile (diff)
download	firejail-4bb5f58ae402cc2c03aeea538c15e509b1744c2f.tar.gz firejail-4bb5f58ae402cc2c03aeea538c15e509b1744c2f.tar.zst firejail-4bb5f58ae402cc2c03aeea538c15e509b1744c2f.zip

diff --git a/etc/whois.profile b/etc/whois.profile index b993264a5..bd0870bea 100644 --- a/etc/whois.profile +++ b/etc/whois.profile
@@ -7,19 +7,23 @@ include whois.local
7	# Persistent global definitions	7	# Persistent global definitions
8	include globals.local	8	include globals.local
9		9
		10	blacklist /tmp/.X11-unix
		11
10	include disable-common.inc	12	include disable-common.inc
11	# include disable-devel.inc	13	include disable-devel.inc
12	include disable-exec.inc	14	include disable-exec.inc
13	# include disable-interpreters.inc	15	include disable-interpreters.inc
14	include disable-passwdmgr.inc	16	include disable-passwdmgr.inc
15	include disable-programs.inc	17	include disable-programs.inc
16	#include disable-xdg.inc	18	include disable-xdg.inc
17		19
18	include whitelist-usr-share-common.inc	20	include whitelist-usr-share-common.inc
19	include whitelist-var-common.inc	21	include whitelist-var-common.inc
20		22
21	caps.drop all	23	caps.drop all
22	# ipc-namespace	24	hostname whois
		25	ipc-namespace
		26	machine-id
23	netfilter	27	netfilter
24	no3d	28	no3d
25	nodbus	29	nodbus
@@ -41,7 +45,7 @@ private
41	private-bin bash,sh,whois	45	private-bin bash,sh,whois
42	private-cache	46	private-cache
43	private-dev	47	private-dev
44	# private-etc alternatives,hosts,services,whois.conf	48	private-etc alternatives,hosts,jwhois.conf,services,whois.conf
45	private-lib	49	private-lib
46	private-tmp	50	private-tmp
47		51