diff options
| author |  Tad <tad@spotco.us> | 2017-07-05 09:40:54 -0400 |
|---|---|---|
| committer | Tad <tad@spotco.us> | 2017-08-02 00:13:42 -0400 |
| commit | 0dba38435ef92ccc01cc9ff23b69df55489ec983 (patch) | |
| tree | dfd1d8db02f579183fa77acdbde9aa315596220f /etc/Thunar.profile | |
| parent | x11/xpra support (diff) | |
| download | firejail-0dba38435ef92ccc01cc9ff23b69df55489ec983.tar.gz firejail-0dba38435ef92ccc01cc9ff23b69df55489ec983.tar.zst firejail-0dba38435ef92ccc01cc9ff23b69df55489ec983.zip | |
Harden profiles
- Added 'disable-devel.conf' to many profiles
- Added 'disable-mnt' to many profiles
- Added 'noexec' to many profiles
- Removed 'netfilter' and 'net none' from profiles with 'protocol unix'
- Cleaned up profiles using defaults
Diffstat (limited to 'etc/Thunar.profile')
| -rw-r--r-- | etc/Thunar.profile | 12 |
1 files changed, 2 insertions, 10 deletions
diff --git a/etc/Thunar.profile b/etc/Thunar.profile index ed8a37add..e62ce4e2d 100644 --- a/etc/Thunar.profile +++ b/etc/Thunar.profile | |||
| @@ -16,20 +16,12 @@ include /etc/firejail/disable-devel.inc | |||
| 16 | include /etc/firejail/disable-passwdmgr.inc | 16 | include /etc/firejail/disable-passwdmgr.inc |
| 17 | 17 | ||
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | netfilter | 19 | no3d |
| 20 | nogroups | ||
| 21 | nonewprivs | 20 | nonewprivs |
| 22 | noroot | 21 | noroot |
| 23 | nosound | 22 | nosound |
| 23 | novideo | ||
| 24 | protocol unix | 24 | protocol unix |
| 25 | seccomp | 25 | seccomp |
| 26 | shell none | 26 | shell none |
| 27 | tracelog | 27 | tracelog |
| 28 | |||
| 29 | # | ||
| 30 | # depending on your usage, you can enable some of the commands below: | ||
| 31 | # | ||
| 32 | # private-bin program | ||
| 33 | # private-etc none | ||
| 34 | # private-dev | ||
| 35 | # private-tmp | ||