pkglog: hardening (x11) (#6292)

author: glitsj16 <glitsj16@users.noreply.github.com> 2024-03-27 12:26:03 +0000
committer: GitHub <noreply@github.com> 2024-03-27 12:26:03 +0000
commit: dbf206dcd67f506cba39bdff02824f5b65ad5934 (patch)
tree: 0d826458c1bfe3cd983720be05bcba71f7a67de9
parent: New profile: gh (GitHub CLI) (#6293) (diff)
download: firejail-dbf206dcd67f506cba39bdff02824f5b65ad5934.tar.gz
firejail-dbf206dcd67f506cba39bdff02824f5b65ad5934.tar.zst
firejail-dbf206dcd67f506cba39bdff02824f5b65ad5934.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile
index 799c8f607..2f200e154 100644
--- a/etc/profile-m-z/pkglog.profile
+++ b/etc/profile-m-z/pkglog.profile
@@ -6,6 +6,8 @@ include pkglog.local
 # Persistent global definitions
 include globals.local
+blacklist ${RUNUSER}
 # Allow python (blacklisted by disable-interpreters.inc)
 include allow-python3.inc
@@ -14,6 +16,7 @@ include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
 include disable-programs.inc
+#include disable-x11.inc # x11 none
 include disable-xdg.inc
 whitelist /var/log/apt/history.log
@@ -37,6 +40,7 @@ nou2f
 novideo
 seccomp
 tracelog
+x11 none
 disable-mnt
 private
author	glitsj16 <glitsj16@users.noreply.github.com>	2024-03-27 12:26:03 +0000
committer	GitHub <noreply@github.com>	2024-03-27 12:26:03 +0000
commit	dbf206dcd67f506cba39bdff02824f5b65ad5934 (patch)
tree	0d826458c1bfe3cd983720be05bcba71f7a67de9
parent	New profile: gh (GitHub CLI) (#6293) (diff)
download	firejail-dbf206dcd67f506cba39bdff02824f5b65ad5934.tar.gz firejail-dbf206dcd67f506cba39bdff02824f5b65ad5934.tar.zst firejail-dbf206dcd67f506cba39bdff02824f5b65ad5934.zip

diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile index 799c8f607..2f200e154 100644 --- a/etc/profile-m-z/pkglog.profile +++ b/etc/profile-m-z/pkglog.profile
@@ -6,6 +6,8 @@ include pkglog.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include globals.local	7	include globals.local
8		8
		9	blacklist ${RUNUSER}
		10
9	# Allow python (blacklisted by disable-interpreters.inc)	11	# Allow python (blacklisted by disable-interpreters.inc)
10	include allow-python3.inc	12	include allow-python3.inc
11		13
@@ -14,6 +16,7 @@ include disable-devel.inc
14	include disable-exec.inc	16	include disable-exec.inc
15	include disable-interpreters.inc	17	include disable-interpreters.inc
16	include disable-programs.inc	18	include disable-programs.inc
		19	#include disable-x11.inc # x11 none
17	include disable-xdg.inc	20	include disable-xdg.inc
18		21
19	whitelist /var/log/apt/history.log	22	whitelist /var/log/apt/history.log
@@ -37,6 +40,7 @@ nou2f
37	novideo	40	novideo
38	seccomp	41	seccomp
39	tracelog	42	tracelog
		43	x11 none
40		44
41	disable-mnt	45	disable-mnt
42	private	46	private