diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2019-02-24 21:11:55 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-02-24 21:11:55 +0000 |
commit | 17b7a99c6854bc9fdb5edbcfbb4ad2c4d493eebb (patch) | |
tree | c06bac9878d474fb5c4de6f8aaf74f7e33cd4a69 /etc/enchant.profile | |
parent | Harden dig.profile (#2454) (diff) | |
download | firejail-17b7a99c6854bc9fdb5edbcfbb4ad2c4d493eebb.tar.gz firejail-17b7a99c6854bc9fdb5edbcfbb4ad2c4d493eebb.tar.zst firejail-17b7a99c6854bc9fdb5edbcfbb4ad2c4d493eebb.zip |
Harden enchant.profile (#2455)
Diffstat (limited to 'etc/enchant.profile')
-rw-r--r-- | etc/enchant.profile | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/etc/enchant.profile b/etc/enchant.profile index 1d3d33d68..f2d9d2ee9 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile | |||
@@ -15,8 +15,11 @@ include disable-passwdmgr.inc | |||
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | include disable-xdg.inc | 16 | include disable-xdg.inc |
17 | 17 | ||
18 | apparmor | ||
18 | caps.drop all | 19 | caps.drop all |
19 | netfilter | 20 | ipc-namespace |
21 | machine-id | ||
22 | net none | ||
20 | no3d | 23 | no3d |
21 | nodbus | 24 | nodbus |
22 | nodvd | 25 | nodvd |
@@ -32,12 +35,13 @@ seccomp | |||
32 | shell none | 35 | shell none |
33 | tracelog | 36 | tracelog |
34 | 37 | ||
35 | # private-bin enchant, enchant-* | 38 | private-bin enchant, enchant-* |
36 | private-cache | 39 | private-cache |
37 | private-dev | 40 | private-dev |
38 | private-etc alternatives | 41 | private-etc alternatives |
42 | private-lib | ||
39 | private-tmp | 43 | private-tmp |
40 | 44 | ||
41 | # memory-deny-write-execute | 45 | memory-deny-write-execute |
42 | noexec ${HOME} | 46 | noexec ${HOME} |
43 | noexec /tmp | 47 | noexec /tmp |