diff options
| author |  smitsohu <smitsohu@gmail.com> | 2019-03-15 12:37:36 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2019-03-15 12:37:36 +0100 |
| commit | 529315fe17a526eb8200e42a44b57ddffbd7a838 (patch) | |
| tree | a70214750cdd46f0e6945d24a715ab19125a8244 /etc/clamav.profile | |
| parent | ffmpegthumbnailer breaks in ranger with private-cache enabled from (#2596) (diff) | |
| download | firejail-529315fe17a526eb8200e42a44b57ddffbd7a838.tar.gz firejail-529315fe17a526eb8200e42a44b57ddffbd7a838.tar.zst firejail-529315fe17a526eb8200e42a44b57ddffbd7a838.zip | |
profile hardening: add disable-exec.inc in more places
Diffstat (limited to 'etc/clamav.profile')
| -rw-r--r-- | etc/clamav.profile | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/clamav.profile b/etc/clamav.profile index a48fa8039..45e7723eb 100644 --- a/etc/clamav.profile +++ b/etc/clamav.profile | |||
| @@ -7,6 +7,8 @@ include clamav.local | |||
| 7 | # Persistent global definitions | 7 | # Persistent global definitions |
| 8 | include globals.local | 8 | include globals.local |
| 9 | 9 | ||
| 10 | include disable-exec.inc | ||
| 11 | |||
| 10 | caps.drop all | 12 | caps.drop all |
| 11 | ipc-namespace | 13 | ipc-namespace |
| 12 | net none | 14 | net none |
| @@ -30,5 +32,3 @@ private-dev | |||
| 30 | read-only ${HOME} | 32 | read-only ${HOME} |
| 31 | 33 | ||
| 32 | memory-deny-write-execute | 34 | memory-deny-write-execute |
| 33 | noexec ${HOME} | ||
| 34 | noexec /tmp | ||