diff options
author | smitsohu <smitsohu@gmail.com> | 2019-03-12 20:44:51 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-03-12 20:44:51 +0000 |
commit | aa2bdffc4b4d0437dd710a70546c87b8f882b100 (patch) | |
tree | e44a8864ec0964a6c72caa7b6297ca90d7e8fd21 /etc/disable-exec.inc | |
parent | Harden meld.profile (#2577) (diff) | |
download | firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.tar.gz firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.tar.zst firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.zip |
add disable-exec.inc to all profiles with apparmor (#2576)
* add disable-exec.inc to all profiles with apparmor - #2385 #2505
* drop disable-exec.inc from generic electron.profile
Diffstat (limited to 'etc/disable-exec.inc')
-rw-r--r-- | etc/disable-exec.inc | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/etc/disable-exec.inc b/etc/disable-exec.inc new file mode 100644 index 000000000..c535af7d4 --- /dev/null +++ b/etc/disable-exec.inc | |||
@@ -0,0 +1,11 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include disable-exec.local | ||
4 | |||
5 | noexec ${HOME} | ||
6 | noexec ${RUNUSER} | ||
7 | noexec /dev/shm | ||
8 | noexec /tmp | ||
9 | # /var/tmp is noexec by default | ||
10 | # just in case there is a keep-var-tmp option: | ||
11 | noexec /var/tmp | ||