diff options
| author |  smitsohu <smitsohu@gmail.com> | 2019-03-12 20:44:51 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2019-03-12 20:44:51 +0000 |
| commit | aa2bdffc4b4d0437dd710a70546c87b8f882b100 (patch) | |
| tree | e44a8864ec0964a6c72caa7b6297ca90d7e8fd21 /etc/disable-exec.inc | |
| parent | Harden meld.profile (#2577) (diff) | |
| download | firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.tar.gz firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.tar.zst firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.zip | |
add disable-exec.inc to all profiles with apparmor (#2576)
* add disable-exec.inc to all profiles with apparmor - #2385 #2505
* drop disable-exec.inc from generic electron.profile
Diffstat (limited to 'etc/disable-exec.inc')
| -rw-r--r-- | etc/disable-exec.inc | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/etc/disable-exec.inc b/etc/disable-exec.inc new file mode 100644 index 000000000..c535af7d4 --- /dev/null +++ b/etc/disable-exec.inc | |||
| @@ -0,0 +1,11 @@ | |||
| 1 | # This file is overwritten during software install. | ||
| 2 | # Persistent customizations should go in a .local file. | ||
| 3 | include disable-exec.local | ||
| 4 | |||
| 5 | noexec ${HOME} | ||
| 6 | noexec ${RUNUSER} | ||
| 7 | noexec /dev/shm | ||
| 8 | noexec /tmp | ||
| 9 | # /var/tmp is noexec by default | ||
| 10 | # just in case there is a keep-var-tmp option: | ||
| 11 | noexec /var/tmp | ||