Harden exiftool.profile (#2456)

author: glitsj16 <glitsj16@users.noreply.github.com> 2019-02-24 21:16:59 +0000
committer: GitHub <noreply@github.com> 2019-02-24 21:16:59 +0000
commit: c310495149a0c96c5b4987b583757a1f3a5b2c58 (patch)
tree: 8135e788d0e1cee8b59d704a915533cc38b739cb /etc/exiftool.profile
parent: Harden enchant.profile (#2455) (diff)
download: firejail-c310495149a0c96c5b4987b583757a1f3a5b2c58.tar.gz
firejail-c310495149a0c96c5b4987b583757a1f3a5b2c58.tar.zst
firejail-c310495149a0c96c5b4987b583757a1f3a5b2c58.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/etc/exiftool.profile b/etc/exiftool.profile
index 37e01f8d3..1838ce273 100644
--- a/etc/exiftool.profile
+++ b/etc/exiftool.profile
@@ -19,7 +19,10 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+apparmor
 caps.drop all
+ipc-namespace
+machine-id
 net none
 no3d
 nodbus
@@ -36,8 +39,12 @@ seccomp
 shell none
 tracelog
-# private-bin exiftool,perl
+private-bin exiftool,perl
 private-cache
 private-dev
 private-etc alternatives
 private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
author	glitsj16 <glitsj16@users.noreply.github.com>	2019-02-24 21:16:59 +0000
committer	GitHub <noreply@github.com>	2019-02-24 21:16:59 +0000
commit	c310495149a0c96c5b4987b583757a1f3a5b2c58 (patch)
tree	8135e788d0e1cee8b59d704a915533cc38b739cb /etc/exiftool.profile
parent	Harden enchant.profile (#2455) (diff)
download	firejail-c310495149a0c96c5b4987b583757a1f3a5b2c58.tar.gz firejail-c310495149a0c96c5b4987b583757a1f3a5b2c58.tar.zst firejail-c310495149a0c96c5b4987b583757a1f3a5b2c58.zip

diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 37e01f8d3..1838ce273 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile
@@ -19,7 +19,10 @@ include disable-interpreters.inc
19	include disable-passwdmgr.inc	19	include disable-passwdmgr.inc
20	include disable-programs.inc	20	include disable-programs.inc
21		21
		22	apparmor
22	caps.drop all	23	caps.drop all
		24	ipc-namespace
		25	machine-id
23	net none	26	net none
24	no3d	27	no3d
25	nodbus	28	nodbus
@@ -36,8 +39,12 @@ seccomp
36	shell none	39	shell none
37	tracelog	40	tracelog
38		41
39	# private-bin exiftool,perl	42	private-bin exiftool,perl
40	private-cache	43	private-cache
41	private-dev	44	private-dev
42	private-etc alternatives	45	private-etc alternatives
43	private-tmp	46	private-tmp
		47
		48	memory-deny-write-execute
		49	noexec ${HOME}
		50	noexec /tmp