diff options
| author |  smitsohu <smitsohu@gmail.com> | 2019-03-15 12:37:36 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2019-03-15 12:37:36 +0100 |
| commit | 529315fe17a526eb8200e42a44b57ddffbd7a838 (patch) | |
| tree | a70214750cdd46f0e6945d24a715ab19125a8244 /etc/disable-exec.inc | |
| parent | ffmpegthumbnailer breaks in ranger with private-cache enabled from (#2596) (diff) | |
| download | firejail-529315fe17a526eb8200e42a44b57ddffbd7a838.tar.gz firejail-529315fe17a526eb8200e42a44b57ddffbd7a838.tar.zst firejail-529315fe17a526eb8200e42a44b57ddffbd7a838.zip | |
profile hardening: add disable-exec.inc in more places
Diffstat (limited to 'etc/disable-exec.inc')
| -rw-r--r-- | etc/disable-exec.inc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/disable-exec.inc b/etc/disable-exec.inc index c535af7d4..ee3391730 100644 --- a/etc/disable-exec.inc +++ b/etc/disable-exec.inc | |||
| @@ -6,6 +6,6 @@ noexec ${HOME} | |||
| 6 | noexec ${RUNUSER} | 6 | noexec ${RUNUSER} |
| 7 | noexec /dev/shm | 7 | noexec /dev/shm |
| 8 | noexec /tmp | 8 | noexec /tmp |
| 9 | # /var/tmp is noexec by default | 9 | # /var is noexec by default for unprivileged users |
| 10 | # just in case there is a keep-var-tmp option: | 10 | # except there is a writable-var option, so just in case: |
| 11 | noexec /var/tmp | 11 | noexec /var |