hardenings for various profiles (#3160)

* harden devilspie * harden devilspie2 * harden curl * harden wget * harden curl * harden dig * harden claws-mail * harden dnscrypt-proxy * harden dnscrypt-proxy * harden dnscrypt-proxy * harden exfalso * refactor easystroke as whitelist profile * refactor enchant as whitelist profile * safeguard ${DOCUMENTS} Thanks @rusty-snake for the suggestion. * drop x11-none Thanks @rusty-snake for catching this. * drop x11 none Thanks @rusty-snake for saving the bacon... * drop x11 none Thanks @rusty-snake for catching this. * drop x11 none Thanks @rusty-snake for preventing breakage! * drop ipc-namespace Better safe than sorry...
author: glitsj16 <glitsj16@users.noreply.github.com> 2020-01-17 23:31:46 +0000
committer: GitHub <noreply@github.com> 2020-01-17 23:31:46 +0000
commit: f9c9c469a23dbb6d484f82f6ba719d662b784753 (patch)
tree: 9485d36a39798b0542ed70b9a5df688bab2c3d69 /etc/enchant.profile
parent: join: wait with effective uid of the user (diff)
download: firejail-f9c9c469a23dbb6d484f82f6ba719d662b784753.tar.gz
firejail-f9c9c469a23dbb6d484f82f6ba719d662b784753.tar.zst
firejail-f9c9c469a23dbb6d484f82f6ba719d662b784753.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/etc/enchant.profile b/etc/enchant.profile
index d276cec84..e2811a955 100644
--- a/etc/enchant.profile
+++ b/etc/enchant.profile
@@ -8,6 +8,8 @@ include globals.local
 noblacklist ${HOME}/.config/enchant
+blacklist /tmp/.X11-unix
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -16,7 +18,11 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+mkdir ${HOME}/.config/enchant
+whitelist ${HOME}/.config/enchant
+include whitelist-common.inc
 include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
 apparmor
 caps.drop all
author	glitsj16 <glitsj16@users.noreply.github.com>	2020-01-17 23:31:46 +0000
committer	GitHub <noreply@github.com>	2020-01-17 23:31:46 +0000
commit	f9c9c469a23dbb6d484f82f6ba719d662b784753 (patch)
tree	9485d36a39798b0542ed70b9a5df688bab2c3d69 /etc/enchant.profile
parent	join: wait with effective uid of the user (diff)
download	firejail-f9c9c469a23dbb6d484f82f6ba719d662b784753.tar.gz firejail-f9c9c469a23dbb6d484f82f6ba719d662b784753.tar.zst firejail-f9c9c469a23dbb6d484f82f6ba719d662b784753.zip

diff --git a/etc/enchant.profile b/etc/enchant.profile index d276cec84..e2811a955 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile
@@ -8,6 +8,8 @@ include globals.local
8		8
9	noblacklist ${HOME}/.config/enchant	9	noblacklist ${HOME}/.config/enchant
10		10
		11	blacklist /tmp/.X11-unix
		12
11	include disable-common.inc	13	include disable-common.inc
12	include disable-devel.inc	14	include disable-devel.inc
13	include disable-exec.inc	15	include disable-exec.inc
@@ -16,7 +18,11 @@ include disable-passwdmgr.inc
16	include disable-programs.inc	18	include disable-programs.inc
17	include disable-xdg.inc	19	include disable-xdg.inc
18		20
		21	mkdir ${HOME}/.config/enchant
		22	whitelist ${HOME}/.config/enchant
		23	include whitelist-common.inc
19	include whitelist-usr-share-common.inc	24	include whitelist-usr-share-common.inc
		25	include whitelist-var-common.inc
20		26
21	apparmor	27	apparmor
22	caps.drop all	28	caps.drop all