diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2020-01-17 23:31:46 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-01-17 23:31:46 +0000 |
commit | f9c9c469a23dbb6d484f82f6ba719d662b784753 (patch) | |
tree | 9485d36a39798b0542ed70b9a5df688bab2c3d69 /etc/dig.profile | |
parent | join: wait with effective uid of the user (diff) | |
download | firejail-f9c9c469a23dbb6d484f82f6ba719d662b784753.tar.gz firejail-f9c9c469a23dbb6d484f82f6ba719d662b784753.tar.zst firejail-f9c9c469a23dbb6d484f82f6ba719d662b784753.zip |
hardenings for various profiles (#3160)
* harden devilspie
* harden devilspie2
* harden curl
* harden wget
* harden curl
* harden dig
* harden claws-mail
* harden dnscrypt-proxy
* harden dnscrypt-proxy
* harden dnscrypt-proxy
* harden exfalso
* refactor easystroke as whitelist profile
* refactor enchant as whitelist profile
* safeguard ${DOCUMENTS}
Thanks @rusty-snake for the suggestion.
* drop x11-none
Thanks @rusty-snake for catching this.
* drop x11 none
Thanks @rusty-snake for saving the bacon...
* drop x11 none
Thanks @rusty-snake for catching this.
* drop x11 none
Thanks @rusty-snake for preventing breakage!
* drop ipc-namespace
Better safe than sorry...
Diffstat (limited to 'etc/dig.profile')
-rw-r--r-- | etc/dig.profile | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/etc/dig.profile b/etc/dig.profile index af71ff17f..054e4891d 100644 --- a/etc/dig.profile +++ b/etc/dig.profile | |||
@@ -9,6 +9,8 @@ include globals.local | |||
9 | 9 | ||
10 | noblacklist ${HOME}/.digrc | 10 | noblacklist ${HOME}/.digrc |
11 | 11 | ||
12 | blacklist /tmp/.X11-unix | ||
13 | |||
12 | include disable-common.inc | 14 | include disable-common.inc |
13 | # include disable-devel.inc | 15 | # include disable-devel.inc |
14 | include disable-exec.inc | 16 | include disable-exec.inc |
@@ -24,7 +26,7 @@ include whitelist-usr-share-common.inc | |||
24 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
25 | 27 | ||
26 | caps.drop all | 28 | caps.drop all |
27 | # ipc-namespace | 29 | ipc-namespace |
28 | machine-id | 30 | machine-id |
29 | netfilter | 31 | netfilter |
30 | no3d | 32 | no3d |
@@ -40,6 +42,7 @@ novideo | |||
40 | protocol unix,inet,inet6 | 42 | protocol unix,inet,inet6 |
41 | seccomp | 43 | seccomp |
42 | shell none | 44 | shell none |
45 | tracelog | ||
43 | 46 | ||
44 | disable-mnt | 47 | disable-mnt |
45 | private | 48 | private |