diff options
author | smitsohu <smitsohu@gmail.com> | 2019-03-15 14:18:14 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-03-15 14:18:14 +0100 |
commit | 135e29d22a145544ba7245a489649385cb51484b (patch) | |
tree | 12af1189b80a2f7c4fa995dcceb256c44193d73c /etc/clamtk.profile | |
parent | profile hardening: add disable-exec.inc in more places (diff) | |
download | firejail-135e29d22a145544ba7245a489649385cb51484b.tar.gz firejail-135e29d22a145544ba7245a489649385cb51484b.tar.zst firejail-135e29d22a145544ba7245a489649385cb51484b.zip |
harden clamtk profile, strings profile cleanup
Diffstat (limited to 'etc/clamtk.profile')
-rw-r--r-- | etc/clamtk.profile | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/etc/clamtk.profile b/etc/clamtk.profile index a93523acc..bc09808cb 100644 --- a/etc/clamtk.profile +++ b/etc/clamtk.profile | |||
@@ -5,6 +5,8 @@ include clamtk.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | include disable-exec.inc | ||
9 | |||
8 | caps.drop all | 10 | caps.drop all |
9 | ipc-namespace | 11 | ipc-namespace |
10 | net none | 12 | net none |
@@ -23,6 +25,3 @@ seccomp | |||
23 | shell none | 25 | shell none |
24 | 26 | ||
25 | private-dev | 27 | private-dev |
26 | |||
27 | noexec ${HOME} | ||
28 | noexec /tmp | ||