hardenings for various profiles (#3160)

* harden devilspie * harden devilspie2 * harden curl * harden wget * harden curl * harden dig * harden claws-mail * harden dnscrypt-proxy * harden dnscrypt-proxy * harden dnscrypt-proxy * harden exfalso * refactor easystroke as whitelist profile * refactor enchant as whitelist profile * safeguard ${DOCUMENTS} Thanks @rusty-snake for the suggestion. * drop x11-none Thanks @rusty-snake for catching this. * drop x11 none Thanks @rusty-snake for saving the bacon... * drop x11 none Thanks @rusty-snake for catching this. * drop x11 none Thanks @rusty-snake for preventing breakage! * drop ipc-namespace Better safe than sorry...
author: glitsj16 <glitsj16@users.noreply.github.com> 2020-01-17 23:31:46 +0000
committer: GitHub <noreply@github.com> 2020-01-17 23:31:46 +0000
commit: f9c9c469a23dbb6d484f82f6ba719d662b784753 (patch)
tree: 9485d36a39798b0542ed70b9a5df688bab2c3d69 /etc/easystroke.profile
parent: join: wait with effective uid of the user (diff)
download: firejail-f9c9c469a23dbb6d484f82f6ba719d662b784753.tar.gz
firejail-f9c9c469a23dbb6d484f82f6ba719d662b784753.tar.zst
firejail-f9c9c469a23dbb6d484f82f6ba719d662b784753.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/easystroke.profile b/etc/easystroke.profile
index 623a4cadc..1297f5f40 100644
--- a/etc/easystroke.profile
+++ b/etc/easystroke.profile
@@ -16,7 +16,11 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+mkdir ${HOME}/.easystroke
+whitelist ${HOME}/.easystroke
+include whitelist-common.inc
 include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
 apparmor
 caps.drop all
@@ -35,6 +39,7 @@ novideo
 protocol unix
 seccomp
 shell none
+tracelog
 disable-mnt
 # breaks custom shell command functionality
author	glitsj16 <glitsj16@users.noreply.github.com>	2020-01-17 23:31:46 +0000
committer	GitHub <noreply@github.com>	2020-01-17 23:31:46 +0000
commit	f9c9c469a23dbb6d484f82f6ba719d662b784753 (patch)
tree	9485d36a39798b0542ed70b9a5df688bab2c3d69 /etc/easystroke.profile
parent	join: wait with effective uid of the user (diff)
download	firejail-f9c9c469a23dbb6d484f82f6ba719d662b784753.tar.gz firejail-f9c9c469a23dbb6d484f82f6ba719d662b784753.tar.zst firejail-f9c9c469a23dbb6d484f82f6ba719d662b784753.zip

diff --git a/etc/easystroke.profile b/etc/easystroke.profile index 623a4cadc..1297f5f40 100644 --- a/etc/easystroke.profile +++ b/etc/easystroke.profile
@@ -16,7 +16,11 @@ include disable-passwdmgr.inc
16	include disable-programs.inc	16	include disable-programs.inc
17	include disable-xdg.inc	17	include disable-xdg.inc
18		18
		19	mkdir ${HOME}/.easystroke
		20	whitelist ${HOME}/.easystroke
		21	include whitelist-common.inc
19	include whitelist-usr-share-common.inc	22	include whitelist-usr-share-common.inc
		23	include whitelist-var-common.inc
20		24
21	apparmor	25	apparmor
22	caps.drop all	26	caps.drop all
@@ -35,6 +39,7 @@ novideo
35	protocol unix	39	protocol unix
36	seccomp	40	seccomp
37	shell none	41	shell none
		42	tracelog
38		43
39	disable-mnt	44	disable-mnt
40	# breaks custom shell command functionality	45	# breaks custom shell command functionality