Harden /var

author: Tad <tad@spotco.us> 2017-08-22 20:23:01 -0400
committer: Tad <tad@spotco.us> 2017-08-22 21:31:40 -0400
commit: a7f934325a3a4f8ca0dd35e5aaf38d309c46da00 (patch)
tree: 5b5f1d78692c3465b7c93b1004483cbdade06f77 /etc/disable-common.inc
parent: Fix Steam regressions (diff)
download: firejail-a7f934325a3a4f8ca0dd35e5aaf38d309c46da00.tar.gz
firejail-a7f934325a3a4f8ca0dd35e5aaf38d309c46da00.tar.zst
firejail-a7f934325a3a4f8ca0dd35e5aaf38d309c46da00.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index c220b9c50..294ff6bcb 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -107,15 +107,27 @@ blacklist ${PATH}/zuluCrypt-cli
 blacklist ${PATH}/zuluMount-cli
 # var
+blacklist /var/cache/apt
+blacklist /var/cache/pacman
+blacklist /var/lib/apt
+blacklist /var/lib/clamav
+blacklist /var/lib/dkms
 blacklist /var/lib/mysql/mysql.sock
 blacklist /var/lib/mysqld/mysql.sock
+blacklist /var/lib/pacman
+blacklist /var/lib/systemd
+blacklist /var/lib/upower
+blacklist /var/log
 blacklist /var/mail
+blacklist /var/opt
 blacklist /var/run/acpid.socket
 blacklist /var/run/docker.sock
 blacklist /var/run/minissdpd.sock
 blacklist /var/run/mysql/mysqld.sock
 blacklist /var/run/mysqld/mysqld.sock
 blacklist /var/run/rpcbind.sock
+blacklist /var/run/screens
+blacklist /var/run/systemd
 blacklist /var/spool/anacron
 blacklist /var/spool/cron
author	Tad <tad@spotco.us>	2017-08-22 20:23:01 -0400
committer	Tad <tad@spotco.us>	2017-08-22 21:31:40 -0400
commit	a7f934325a3a4f8ca0dd35e5aaf38d309c46da00 (patch)
tree	5b5f1d78692c3465b7c93b1004483cbdade06f77 /etc/disable-common.inc
parent	Fix Steam regressions (diff)
download	firejail-a7f934325a3a4f8ca0dd35e5aaf38d309c46da00.tar.gz firejail-a7f934325a3a4f8ca0dd35e5aaf38d309c46da00.tar.zst firejail-a7f934325a3a4f8ca0dd35e5aaf38d309c46da00.zip

diff --git a/etc/disable-common.inc b/etc/disable-common.inc index c220b9c50..294ff6bcb 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc
@@ -107,15 +107,27 @@ blacklist ${PATH}/zuluCrypt-cli
107	blacklist ${PATH}/zuluMount-cli	107	blacklist ${PATH}/zuluMount-cli
108		108
109	# var	109	# var
		110	blacklist /var/cache/apt
		111	blacklist /var/cache/pacman
		112	blacklist /var/lib/apt
		113	blacklist /var/lib/clamav
		114	blacklist /var/lib/dkms
110	blacklist /var/lib/mysql/mysql.sock	115	blacklist /var/lib/mysql/mysql.sock
111	blacklist /var/lib/mysqld/mysql.sock	116	blacklist /var/lib/mysqld/mysql.sock
		117	blacklist /var/lib/pacman
		118	blacklist /var/lib/systemd
		119	blacklist /var/lib/upower
		120	blacklist /var/log
112	blacklist /var/mail	121	blacklist /var/mail
		122	blacklist /var/opt
113	blacklist /var/run/acpid.socket	123	blacklist /var/run/acpid.socket
114	blacklist /var/run/docker.sock	124	blacklist /var/run/docker.sock
115	blacklist /var/run/minissdpd.sock	125	blacklist /var/run/minissdpd.sock
116	blacklist /var/run/mysql/mysqld.sock	126	blacklist /var/run/mysql/mysqld.sock
117	blacklist /var/run/mysqld/mysqld.sock	127	blacklist /var/run/mysqld/mysqld.sock
118	blacklist /var/run/rpcbind.sock	128	blacklist /var/run/rpcbind.sock
		129	blacklist /var/run/screens
		130	blacklist /var/run/systemd
119	blacklist /var/spool/anacron	131	blacklist /var/spool/anacron
120	blacklist /var/spool/cron	132	blacklist /var/spool/cron
121		133