diff options
author | Tad <tad@spotco.us> | 2017-04-17 17:11:24 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2017-04-17 17:11:24 -0400 |
commit | 4f238b75de05d91f200305335da1f019810ac149 (patch) | |
tree | 40f021c8d9e7bb70f7bd0a868d571286fa438420 /etc/chromium.profile | |
parent | Merge pull request #1229 from SpotComms/firecfg2 (diff) | |
download | firejail-4f238b75de05d91f200305335da1f019810ac149.tar.gz firejail-4f238b75de05d91f200305335da1f019810ac149.tar.zst firejail-4f238b75de05d91f200305335da1f019810ac149.zip |
Harden more profiles
Diffstat (limited to 'etc/chromium.profile')
-rw-r--r-- | etc/chromium.profile | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/etc/chromium.profile b/etc/chromium.profile index 995c0001b..071c8a18a 100644 --- a/etc/chromium.profile +++ b/etc/chromium.profile | |||
@@ -8,12 +8,8 @@ noblacklist ~/.cache/chromium | |||
8 | noblacklist ~/.pki | 8 | noblacklist ~/.pki |
9 | include /etc/firejail/disable-common.inc | 9 | include /etc/firejail/disable-common.inc |
10 | include /etc/firejail/disable-programs.inc | 10 | include /etc/firejail/disable-programs.inc |
11 | |||
12 | # chromium is distributed with a perl script on Arch | 11 | # chromium is distributed with a perl script on Arch |
13 | # include /etc/firejail/disable-devel.inc | 12 | # include /etc/firejail/disable-devel.inc |
14 | # | ||
15 | |||
16 | netfilter | ||
17 | 13 | ||
18 | whitelist ${DOWNLOADS} | 14 | whitelist ${DOWNLOADS} |
19 | mkdir ~/.config/chromium | 15 | mkdir ~/.config/chromium |
@@ -27,3 +23,14 @@ whitelist ~/.pki | |||
27 | whitelist ~/.config/chromium-flags.conf | 23 | whitelist ~/.config/chromium-flags.conf |
28 | 24 | ||
29 | include /etc/firejail/whitelist-common.inc | 25 | include /etc/firejail/whitelist-common.inc |
26 | |||
27 | ipc-namespace | ||
28 | netfilter | ||
29 | nogroups | ||
30 | shell none | ||
31 | |||
32 | private-dev | ||
33 | private-tmp | ||
34 | |||
35 | noexec ${HOME} | ||
36 | noexec /tmp | ||