Harden some profiles

author: Tad <tad@spotco.us> 2017-04-15 08:57:13 -0400
committer: Tad <tad@spotco.us> 2017-04-15 15:25:08 -0400
commit: 90cd669eba680369c6ba8d96af194b70c8cc8706 (patch)
tree: 31c4d14fa5b56003b9898c8e6d19f03b7d91b091 /etc/bless.profile
parent: noblacklist .config/qt5ct (part 1) (diff)
download: firejail-90cd669eba680369c6ba8d96af194b70c8cc8706.tar.gz
firejail-90cd669eba680369c6ba8d96af194b70c8cc8706.tar.zst
firejail-90cd669eba680369c6ba8d96af194b70c8cc8706.zip
1 files changed, 13 insertions, 1 deletions
diff --git a/etc/bless.profile b/etc/bless.profile
index b8325de39..08a756989 100644
--- a/etc/bless.profile
+++ b/etc/bless.profile
@@ -18,7 +18,19 @@ include /etc/firejail/disable-devel.inc
 #Options
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
-protocol unix,inet,inet6
+protocol unix           
 seccomp
+shell none
+private-dev
+private-etc fonts,mono
+private-tmp
+noexec ${HOME}
+noexec /tmp
+no3d
+nosound
author	Tad <tad@spotco.us>	2017-04-15 08:57:13 -0400
committer	Tad <tad@spotco.us>	2017-04-15 15:25:08 -0400
commit	90cd669eba680369c6ba8d96af194b70c8cc8706 (patch)
tree	31c4d14fa5b56003b9898c8e6d19f03b7d91b091 /etc/bless.profile
parent	noblacklist .config/qt5ct (part 1) (diff)
download	firejail-90cd669eba680369c6ba8d96af194b70c8cc8706.tar.gz firejail-90cd669eba680369c6ba8d96af194b70c8cc8706.tar.zst firejail-90cd669eba680369c6ba8d96af194b70c8cc8706.zip

diff --git a/etc/bless.profile b/etc/bless.profile index b8325de39..08a756989 100644 --- a/etc/bless.profile +++ b/etc/bless.profile
@@ -18,7 +18,19 @@ include /etc/firejail/disable-devel.inc
18	#Options	18	#Options
19	caps.drop all	19	caps.drop all
20	netfilter	20	netfilter
		21	nogroups
21	nonewprivs	22	nonewprivs
22	noroot	23	noroot
23	protocol unix,inet,inet6	24	protocol unix
24	seccomp	25	seccomp
		26	shell none
		27
		28	private-dev
		29	private-etc fonts,mono
		30	private-tmp
		31
		32	noexec ${HOME}
		33	noexec /tmp
		34
		35	no3d
		36	nosound