diff options
author | smitsohu <smitsohu@gmail.com> | 2019-01-30 16:12:49 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-01-30 16:12:49 +0100 |
commit | 0f7636c1ca3ab81c4d1af13b548bc094d038dcbe (patch) | |
tree | b5b4badbccfe3c8c7cde9bdebae0508842e57829 /etc/baloo_file.profile | |
parent | Fixup qtox profile, closes #2374 (diff) | |
download | firejail-0f7636c1ca3ab81c4d1af13b548bc094d038dcbe.tar.gz firejail-0f7636c1ca3ab81c4d1af13b548bc094d038dcbe.tar.zst firejail-0f7636c1ca3ab81c4d1af13b548bc094d038dcbe.zip |
misc profile hardening (xdg blacklist, private-cache, netfilter)
Diffstat (limited to 'etc/baloo_file.profile')
-rw-r--r-- | etc/baloo_file.profile | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index e094945b7..875bc7989 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile | |||
@@ -26,6 +26,7 @@ include disable-programs.inc | |||
26 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
27 | 27 | ||
28 | caps.drop all | 28 | caps.drop all |
29 | netfilter | ||
29 | no3d | 30 | no3d |
30 | nodvd | 31 | nodvd |
31 | nogroups | 32 | nogroups |
@@ -41,6 +42,7 @@ seccomp.drop @cpu-emulation,@debug,@obsolete,@privileged,@resources,add_key,fano | |||
41 | shell none | 42 | shell none |
42 | # x11 xorg | 43 | # x11 xorg |
43 | 44 | ||
45 | private-cache | ||
44 | private-bin baloo_file,baloo_file_extractor,baloo_filemetadata_temp_extractor,kbuildsycoca4 | 46 | private-bin baloo_file,baloo_file_extractor,baloo_filemetadata_temp_extractor,kbuildsycoca4 |
45 | private-dev | 47 | private-dev |
46 | private-tmp | 48 | private-tmp |