Harden more profiles

author: Tad <tad@spotco.us> 2017-04-17 17:11:24 -0400
committer: Tad <tad@spotco.us> 2017-04-17 17:11:24 -0400
commit: 4f238b75de05d91f200305335da1f019810ac149 (patch)
tree: 40f021c8d9e7bb70f7bd0a868d571286fa438420 /etc/chromium.profile
parent: Merge pull request #1229 from SpotComms/firecfg2 (diff)
download: firejail-4f238b75de05d91f200305335da1f019810ac149.tar.gz
firejail-4f238b75de05d91f200305335da1f019810ac149.tar.zst
firejail-4f238b75de05d91f200305335da1f019810ac149.zip
1 files changed, 11 insertions, 4 deletions
diff --git a/etc/chromium.profile b/etc/chromium.profile
index 995c0001b..071c8a18a 100644
--- a/etc/chromium.profile
+++ b/etc/chromium.profile
@@ -8,12 +8,8 @@ noblacklist ~/.cache/chromium
 noblacklist ~/.pki
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 # chromium is distributed with a perl script on Arch
 # include /etc/firejail/disable-devel.inc
-#
-netfilter
 whitelist ${DOWNLOADS}
 mkdir ~/.config/chromium
@@ -27,3 +23,14 @@ whitelist ~/.pki
 whitelist ~/.config/chromium-flags.conf
 include /etc/firejail/whitelist-common.inc
+ipc-namespace
+netfilter
+nogroups
+shell none
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
author	Tad <tad@spotco.us>	2017-04-17 17:11:24 -0400
committer	Tad <tad@spotco.us>	2017-04-17 17:11:24 -0400
commit	4f238b75de05d91f200305335da1f019810ac149 (patch)
tree	40f021c8d9e7bb70f7bd0a868d571286fa438420 /etc/chromium.profile
parent	Merge pull request #1229 from SpotComms/firecfg2 (diff)
download	firejail-4f238b75de05d91f200305335da1f019810ac149.tar.gz firejail-4f238b75de05d91f200305335da1f019810ac149.tar.zst firejail-4f238b75de05d91f200305335da1f019810ac149.zip

diff --git a/etc/chromium.profile b/etc/chromium.profile index 995c0001b..071c8a18a 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile
@@ -8,12 +8,8 @@ noblacklist ~/.cache/chromium
8	noblacklist ~/.pki	8	noblacklist ~/.pki
9	include /etc/firejail/disable-common.inc	9	include /etc/firejail/disable-common.inc
10	include /etc/firejail/disable-programs.inc	10	include /etc/firejail/disable-programs.inc
11
12	# chromium is distributed with a perl script on Arch	11	# chromium is distributed with a perl script on Arch
13	# include /etc/firejail/disable-devel.inc	12	# include /etc/firejail/disable-devel.inc
14	#
15
16	netfilter
17		13
18	whitelist ${DOWNLOADS}	14	whitelist ${DOWNLOADS}
19	mkdir ~/.config/chromium	15	mkdir ~/.config/chromium
@@ -27,3 +23,14 @@ whitelist ~/.pki
27	whitelist ~/.config/chromium-flags.conf	23	whitelist ~/.config/chromium-flags.conf
28		24
29	include /etc/firejail/whitelist-common.inc	25	include /etc/firejail/whitelist-common.inc
		26
		27	ipc-namespace
		28	netfilter
		29	nogroups
		30	shell none
		31
		32	private-dev
		33	private-tmp
		34
		35	noexec ${HOME}
		36	noexec /tmp