diff options
| author |  smitsohu <smitsohu@gmail.com> | 2019-03-12 20:44:51 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2019-03-12 20:44:51 +0000 |
| commit | aa2bdffc4b4d0437dd710a70546c87b8f882b100 (patch) | |
| tree | e44a8864ec0964a6c72caa7b6297ca90d7e8fd21 /etc/file.profile | |
| parent | Harden meld.profile (#2577) (diff) | |
| download | firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.tar.gz firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.tar.zst firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.zip | |
add disable-exec.inc to all profiles with apparmor (#2576)
* add disable-exec.inc to all profiles with apparmor - #2385 #2505
* drop disable-exec.inc from generic electron.profile
Diffstat (limited to 'etc/file.profile')
| -rw-r--r-- | etc/file.profile | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/etc/file.profile b/etc/file.profile index e084e80c2..c304b4efe 100644 --- a/etc/file.profile +++ b/etc/file.profile | |||
| @@ -10,6 +10,7 @@ include globals.local | |||
| 10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
| 11 | 11 | ||
| 12 | include disable-common.inc | 12 | include disable-common.inc |
| 13 | include disable-exec.inc | ||
| 13 | include disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 14 | include disable-programs.inc | 15 | include disable-programs.inc |
| 15 | 16 | ||
| @@ -41,5 +42,3 @@ private-etc alternatives,magic.mgc,magic,localtime | |||
| 41 | private-lib libarchive.so.*,libfakeroot,libmagic.so.* | 42 | private-lib libarchive.so.*,libfakeroot,libmagic.so.* |
| 42 | 43 | ||
| 43 | memory-deny-write-execute | 44 | memory-deny-write-execute |
| 44 | noexec ${HOME} | ||
| 45 | noexec /tmp | ||