More disable-exec and hardening

author: rusty-snake <print_hello_world+Public@protonmail.com> 2019-04-13 12:23:22 +0200
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2019-04-13 12:23:22 +0200
commit: 947337b257612a0291f883149f1e001ccf26112b (patch)
tree: 60f54ba8745b106c91aabf5e454ec577c2fe8112 /etc/etr.profile
parent: More disable-exec stuff (#2647) (diff)
download: firejail-947337b257612a0291f883149f1e001ccf26112b.tar.gz
firejail-947337b257612a0291f883149f1e001ccf26112b.tar.zst
firejail-947337b257612a0291f883149f1e001ccf26112b.zip
1 files changed, 9 insertions, 2 deletions
diff --git a/etc/etr.profile b/etc/etr.profile
index cf13a42de..d93d3de63 100644
--- a/etc/etr.profile
+++ b/etc/etr.profile
@@ -8,14 +8,18 @@ include globals.local
 noblacklist ${HOME}/.etr
 include disable-common.inc
+include disable-exec.inc
+include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
 mkdir ${HOME}/.etr
 whitelist ${HOME}/.etr
 include whitelist-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 net none
 nodbus
@@ -28,8 +32,11 @@ nou2f
 protocol unix,netlink
 seccomp
 shell none
+tracelog
-# private-bin etr
+disable-mnt
+private-bin etr
+private-cache
 private-dev
-# private-etc alternatives
+# private-etc alternatives,drirc,machine-id,openal
 private-tmp
author	rusty-snake <print_hello_world+Public@protonmail.com>	2019-04-13 12:23:22 +0200
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2019-04-13 12:23:22 +0200
commit	947337b257612a0291f883149f1e001ccf26112b (patch)
tree	60f54ba8745b106c91aabf5e454ec577c2fe8112 /etc/etr.profile
parent	More disable-exec stuff (#2647) (diff)
download	firejail-947337b257612a0291f883149f1e001ccf26112b.tar.gz firejail-947337b257612a0291f883149f1e001ccf26112b.tar.zst firejail-947337b257612a0291f883149f1e001ccf26112b.zip

diff --git a/etc/etr.profile b/etc/etr.profile index cf13a42de..d93d3de63 100644 --- a/etc/etr.profile +++ b/etc/etr.profile
@@ -8,14 +8,18 @@ include globals.local
8	noblacklist ${HOME}/.etr	8	noblacklist ${HOME}/.etr
9		9
10	include disable-common.inc	10	include disable-common.inc
		11	include disable-exec.inc
		12	include disable-interpreters.inc
11	include disable-passwdmgr.inc	13	include disable-passwdmgr.inc
12	include disable-programs.inc	14	include disable-programs.inc
		15	include disable-xdg.inc
13		16
14	mkdir ${HOME}/.etr	17	mkdir ${HOME}/.etr
15	whitelist ${HOME}/.etr	18	whitelist ${HOME}/.etr
16	include whitelist-common.inc	19	include whitelist-common.inc
17	include whitelist-var-common.inc	20	include whitelist-var-common.inc
18		21
		22	apparmor
19	caps.drop all	23	caps.drop all
20	net none	24	net none
21	nodbus	25	nodbus
@@ -28,8 +32,11 @@ nou2f
28	protocol unix,netlink	32	protocol unix,netlink
29	seccomp	33	seccomp
30	shell none	34	shell none
		35	tracelog
31		36
32	# private-bin etr	37	disable-mnt
		38	private-bin etr
		39	private-cache
33	private-dev	40	private-dev
34	# private-etc alternatives	41	# private-etc alternatives,drirc,machine-id,openal
35	private-tmp	42	private-tmp