aboutsummaryrefslogtreecommitdiffstats
path: root/etc/cpio.profile
diff options
context:
space:
mode:
authorLibravatar glitsj16 <glitsj16@users.noreply.github.com>2019-03-14 12:01:43 +0000
committerLibravatar GitHub <noreply@github.com>2019-03-14 12:01:43 +0000
commit097aba97d8cb0a848f1f21018f65c58d48ef3cb2 (patch)
treebb5159f2651680606ccf7208dd4f48e1add373fe /etc/cpio.profile
parentFixes for seahorse/seahorse-tool (#2592) (diff)
downloadfirejail-097aba97d8cb0a848f1f21018f65c58d48ef3cb2.tar.gz
firejail-097aba97d8cb0a848f1f21018f65c58d48ef3cb2.tar.zst
firejail-097aba97d8cb0a848f1f21018f65c58d48ef3cb2.zip
Hardening compressors (#2594)
* Harden atool * Harden cpio * Fix ordering in private-* options * Harden gzip * Harden tar * Harden bsdtar * Harden+ tar * Harden+ gzip * Harden+ cpio * Create bzip2.profile * Description for bunzip2 * Add bzip2/bunzip2 to firecfg
Diffstat (limited to 'etc/cpio.profile')
-rw-r--r--etc/cpio.profile10
1 files changed, 10 insertions, 0 deletions
diff --git a/etc/cpio.profile b/etc/cpio.profile
index f63e0a552..b6f7e7f9f 100644
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@@ -13,14 +13,21 @@ noblacklist /sbin
13noblacklist /usr/sbin 13noblacklist /usr/sbin
14 14
15include disable-common.inc 15include disable-common.inc
16# include disable-devel.inc
17include disable-exec.inc
16include disable-passwdmgr.inc 18include disable-passwdmgr.inc
17include disable-programs.inc 19include disable-programs.inc
18 20
21apparmor
19caps.drop all 22caps.drop all
23hostname cpio
24ipc-namespace
25machine-id
20net none 26net none
21no3d 27no3d
22nodbus 28nodbus
23nodvd 29nodvd
30nogroups
24nonewprivs 31nonewprivs
25nosound 32nosound
26notv 33notv
@@ -30,4 +37,7 @@ seccomp
30shell none 37shell none
31tracelog 38tracelog
32 39
40private-cache
33private-dev 41private-dev
42
43memory-deny-write-execute
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-03 09:01:14 +0000