Hardend Zoom profile

author: Ondřej Nový <ondrej.novy@firma.seznam.cz> 2020-07-17 10:38:29 +0200
committer: Ondřej Nový <ondrej.novy@firma.seznam.cz> 2020-07-20 08:20:12 +0200
commit: 4c712cbaaf593e4e8cd39d798fba714a2aff51ea (patch)
tree: 057a2691510c229b1bf825dcd74d39c61831ef24
parent: Merge pull request #3516 from smitsohu/busybox (diff)
download: firejail-4c712cbaaf593e4e8cd39d798fba714a2aff51ea.tar.gz
firejail-4c712cbaaf593e4e8cd39d798fba714a2aff51ea.tar.zst
firejail-4c712cbaaf593e4e8cd39d798fba714a2aff51ea.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile
index 6eac10703..b3125ee50 100644
--- a/etc/profile-m-z/zoom.profile
+++ b/etc/profile-m-z/zoom.profile
@@ -10,8 +10,11 @@ noblacklist ${HOME}/.zoom
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
+include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
 mkdir ${HOME}/.cache/zoom
 mkfile ${HOME}/.config/zoomus.conf
@@ -20,14 +23,25 @@ whitelist ${HOME}/.cache/zoom
 whitelist ${HOME}/.config/zoomus.conf
 whitelist ${HOME}/.zoom
 include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
 caps.drop all
 netfilter
 nodvd
+nogroups
 nonewprivs
 noroot
 notv
+nou2f
 protocol unix,inet,inet6,netlink
 seccomp !chroot
+shell none
+tracelog
+disable-mnt
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl
 private-tmp
author	Ondřej Nový <ondrej.novy@firma.seznam.cz>	2020-07-17 10:38:29 +0200
committer	Ondřej Nový <ondrej.novy@firma.seznam.cz>	2020-07-20 08:20:12 +0200
commit	4c712cbaaf593e4e8cd39d798fba714a2aff51ea (patch)
tree	057a2691510c229b1bf825dcd74d39c61831ef24
parent	Merge pull request #3516 from smitsohu/busybox (diff)
download	firejail-4c712cbaaf593e4e8cd39d798fba714a2aff51ea.tar.gz firejail-4c712cbaaf593e4e8cd39d798fba714a2aff51ea.tar.zst firejail-4c712cbaaf593e4e8cd39d798fba714a2aff51ea.zip

diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile index 6eac10703..b3125ee50 100644 --- a/etc/profile-m-z/zoom.profile +++ b/etc/profile-m-z/zoom.profile
@@ -10,8 +10,11 @@ noblacklist ${HOME}/.zoom
10		10
11	include disable-common.inc	11	include disable-common.inc
12	include disable-devel.inc	12	include disable-devel.inc
		13	include disable-exec.inc
13	include disable-interpreters.inc	14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
14	include disable-programs.inc	16	include disable-programs.inc
		17	include disable-xdg.inc
15		18
16	mkdir ${HOME}/.cache/zoom	19	mkdir ${HOME}/.cache/zoom
17	mkfile ${HOME}/.config/zoomus.conf	20	mkfile ${HOME}/.config/zoomus.conf
@@ -20,14 +23,25 @@ whitelist ${HOME}/.cache/zoom
20	whitelist ${HOME}/.config/zoomus.conf	23	whitelist ${HOME}/.config/zoomus.conf
21	whitelist ${HOME}/.zoom	24	whitelist ${HOME}/.zoom
22	include whitelist-common.inc	25	include whitelist-common.inc
		26	include whitelist-runuser-common.inc
		27	include whitelist-usr-share-common.inc
		28	include whitelist-var-common.inc
23		29
24	caps.drop all	30	caps.drop all
25	netfilter	31	netfilter
26	nodvd	32	nodvd
		33	nogroups
27	nonewprivs	34	nonewprivs
28	noroot	35	noroot
29	notv	36	notv
		37	nou2f
30	protocol unix,inet,inet6,netlink	38	protocol unix,inet,inet6,netlink
31	seccomp !chroot	39	seccomp !chroot
		40	shell none
		41	tracelog
32		42
		43	disable-mnt
		44	private-cache
		45	private-dev
		46	private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl
33	private-tmp	47	private-tmp