Merge pull request #2435 from glitsj16/devilspies

Harden devilspie{2} profiles
author: glitsj16 <glitsj16@users.noreply.github.com> 2019-02-20 22:55:48 +0000
committer: GitHub <noreply@github.com> 2019-02-20 22:55:48 +0000
commit: 970d0bb1f783297a5d66672a9450befbe9948d8f (patch)
tree: 31225c1cd7fd089ff4eb25dbfacea1d1af35064c
parent: Merge pull request #2428 from glitsj16/assogiate (diff)
parent: Harden devilspie2 profile (diff)
download: firejail-970d0bb1f783297a5d66672a9450befbe9948d8f.tar.gz
firejail-970d0bb1f783297a5d66672a9450befbe9948d8f.tar.zst
firejail-970d0bb1f783297a5d66672a9450befbe9948d8f.zip
2 files changed, 5 insertions, 0 deletions
diff --git a/etc/devilspie.profile b/etc/devilspie.profile
index a809bee0c..d0a1ccf41 100644
--- a/etc/devilspie.profile
+++ b/etc/devilspie.profile
@@ -13,9 +13,12 @@ include disable-devel.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
+apparmor
 caps.drop all
 ipc-namespace
+# machine-id breaks audio; it should work fine in setups where sound is not required
 machine-id
 net none
 no3d
diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile
index d8c10413b..fbf765fa2 100644
--- a/etc/devilspie2.profile
+++ b/etc/devilspie2.profile
@@ -13,7 +13,9 @@ include disable-devel.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
+apparmor
 caps.drop all
 ipc-namespace
 machine-id
author	glitsj16 <glitsj16@users.noreply.github.com>	2019-02-20 22:55:48 +0000
committer	GitHub <noreply@github.com>	2019-02-20 22:55:48 +0000
commit	970d0bb1f783297a5d66672a9450befbe9948d8f (patch)
tree	31225c1cd7fd089ff4eb25dbfacea1d1af35064c
parent	Merge pull request #2428 from glitsj16/assogiate (diff)
parent	Harden devilspie2 profile (diff)
download	firejail-970d0bb1f783297a5d66672a9450befbe9948d8f.tar.gz firejail-970d0bb1f783297a5d66672a9450befbe9948d8f.tar.zst firejail-970d0bb1f783297a5d66672a9450befbe9948d8f.zip

diff --git a/etc/devilspie.profile b/etc/devilspie.profile index a809bee0c..d0a1ccf41 100644 --- a/etc/devilspie.profile +++ b/etc/devilspie.profile
@@ -13,9 +13,12 @@ include disable-devel.inc
13	include disable-interpreters.inc	13	include disable-interpreters.inc
14	include disable-passwdmgr.inc	14	include disable-passwdmgr.inc
15	include disable-programs.inc	15	include disable-programs.inc
		16	include disable-xdg.inc
16		17
		18	apparmor
17	caps.drop all	19	caps.drop all
18	ipc-namespace	20	ipc-namespace
		21	# machine-id breaks audio; it should work fine in setups where sound is not required
19	machine-id	22	machine-id
20	net none	23	net none
21	no3d	24	no3d


diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile index d8c10413b..fbf765fa2 100644 --- a/etc/devilspie2.profile +++ b/etc/devilspie2.profile
@@ -13,7 +13,9 @@ include disable-devel.inc
13	include disable-interpreters.inc	13	include disable-interpreters.inc
14	include disable-passwdmgr.inc	14	include disable-passwdmgr.inc
15	include disable-programs.inc	15	include disable-programs.inc
		16	include disable-xdg.inc
16		17
		18	apparmor
17	caps.drop all	19	caps.drop all
18	ipc-namespace	20	ipc-namespace
19	machine-id	21	machine-id