diff options
| author |  glitsj16 <glitsj16@users.noreply.github.com> | 2019-02-24 21:53:50 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2019-02-24 21:53:50 +0000 |
| commit | e80b99934977a623d8090eee678fac34b2de1950 (patch) | |
| tree | e9904e5879cdf88d8797e1aafc2d56a2f396ec46 | |
| parent | Harden gnome-maps.profile (#2462) (diff) | |
| download | firejail-e80b99934977a623d8090eee678fac34b2de1950.tar.gz firejail-e80b99934977a623d8090eee678fac34b2de1950.tar.zst firejail-e80b99934977a623d8090eee678fac34b2de1950.zip | |
Harden gucharmap.profile (#2463)
| -rw-r--r-- | etc/gucharmap.profile | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index 13db746f8..c85424de9 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile | |||
| @@ -14,8 +14,10 @@ include disable-passwdmgr.inc | |||
| 14 | include disable-programs.inc | 14 | include disable-programs.inc |
| 15 | include disable-xdg.inc | 15 | include disable-xdg.inc |
| 16 | 16 | ||
| 17 | apparmor | ||
| 17 | caps.drop all | 18 | caps.drop all |
| 18 | netfilter | 19 | machine-id |
| 20 | net none | ||
| 19 | no3d | 21 | no3d |
| 20 | nodvd | 22 | nodvd |
| 21 | nogroups | 23 | nogroups |
| @@ -30,10 +32,15 @@ seccomp | |||
| 30 | shell none | 32 | shell none |
| 31 | 33 | ||
| 32 | disable-mnt | 34 | disable-mnt |
| 35 | # for GTK theme support comment 'private' | ||
| 33 | private | 36 | private |
| 34 | private-cache | 37 | private-cache |
| 35 | private-dev | 38 | private-dev |
| 36 | private-tmp | 39 | private-tmp |
| 37 | 40 | ||
| 41 | memory-deny-write-execute | ||
| 38 | noexec ${HOME} | 42 | noexec ${HOME} |
| 39 | noexec /tmp | 43 | noexec /tmp |
| 44 | |||
| 45 | # gucharmap will never write anything | ||
| 46 | read-only ${HOME} | ||