diff options
author | smitsohu <smitsohu@gmail.com> | 2017-10-29 13:06:19 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2017-10-29 13:06:19 +0100 |
commit | 8ef2c87931fa83c2d1fd6b35f23ac650adee6355 (patch) | |
tree | ad154ca76315d658334fb06b587e1df835fb137a /etc/calligra.profile | |
parent | fix for #1614 (--timeout) (diff) | |
download | firejail-8ef2c87931fa83c2d1fd6b35f23ac650adee6355.tar.gz firejail-8ef2c87931fa83c2d1fd6b35f23ac650adee6355.tar.zst firejail-8ef2c87931fa83c2d1fd6b35f23ac650adee6355.zip |
fix and harden various profiles
Diffstat (limited to 'etc/calligra.profile')
-rw-r--r-- | etc/calligra.profile | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/etc/calligra.profile b/etc/calligra.profile index a57694752..f09716bc3 100644 --- a/etc/calligra.profile +++ b/etc/calligra.profile | |||
@@ -5,7 +5,7 @@ include /etc/firejail/calligra.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | blacklist /run/user/*/bus | 8 | # blacklist /run/user/*/bus |
9 | 9 | ||
10 | include /etc/firejail/disable-common.inc | 10 | include /etc/firejail/disable-common.inc |
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
@@ -14,7 +14,7 @@ include /etc/firejail/disable-programs.inc | |||
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | ipc-namespace | 16 | ipc-namespace |
17 | net none | 17 | # net none |
18 | nodvd | 18 | nodvd |
19 | nogroups | 19 | nogroups |
20 | nonewprivs | 20 | nonewprivs |
@@ -25,8 +25,8 @@ protocol unix | |||
25 | seccomp | 25 | seccomp |
26 | shell none | 26 | shell none |
27 | 27 | ||
28 | private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch | 28 | private-bin calligra,calligraauthor,calligraconverter,calligraflow,calligraplan,calligraplanwork,calligrasheets,calligrastage,calligrawords,dbus-launch,kbuildsycoca4,kdeinit4 |
29 | private-dev | 29 | private-dev |
30 | 30 | ||
31 | #noexec ${HOME} | 31 | # noexec ${HOME} |
32 | noexec /tmp | 32 | noexec /tmp |