diff options
author | smitsohu <smitsohu@gmail.com> | 2019-03-12 20:44:51 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-03-12 20:44:51 +0000 |
commit | aa2bdffc4b4d0437dd710a70546c87b8f882b100 (patch) | |
tree | e44a8864ec0964a6c72caa7b6297ca90d7e8fd21 /etc/firefox-common.profile | |
parent | Harden meld.profile (#2577) (diff) | |
download | firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.tar.gz firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.tar.zst firejail-aa2bdffc4b4d0437dd710a70546c87b8f882b100.zip |
add disable-exec.inc to all profiles with apparmor (#2576)
* add disable-exec.inc to all profiles with apparmor - #2385 #2505
* drop disable-exec.inc from generic electron.profile
Diffstat (limited to 'etc/firefox-common.profile')
-rw-r--r-- | etc/firefox-common.profile | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/etc/firefox-common.profile b/etc/firefox-common.profile index 3089b7ce8..a2a34f33f 100644 --- a/etc/firefox-common.profile +++ b/etc/firefox-common.profile | |||
@@ -6,6 +6,9 @@ include firefox-common.local | |||
6 | # already included by caller profile | 6 | # already included by caller profile |
7 | #include globals.local | 7 | #include globals.local |
8 | 8 | ||
9 | # noexec ${HOME} breaks DRM binaries. | ||
10 | ignore noexec ${HOME} | ||
11 | |||
9 | # Uncomment the following line to allow access to common programs/addons/plugins. | 12 | # Uncomment the following line to allow access to common programs/addons/plugins. |
10 | #include firefox-common-addons.inc | 13 | #include firefox-common-addons.inc |
11 | 14 | ||
@@ -14,6 +17,7 @@ noblacklist ${HOME}/.local/share/pki | |||
14 | 17 | ||
15 | include disable-common.inc | 18 | include disable-common.inc |
16 | include disable-devel.inc | 19 | include disable-devel.inc |
20 | include disable-exec.inc | ||
17 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
18 | include disable-programs.inc | 22 | include disable-programs.inc |
19 | 23 | ||
@@ -55,7 +59,3 @@ private-dev | |||
55 | # private-etc below works fine on most distributions. There are some problems on CentOS. | 59 | # private-etc below works fine on most distributions. There are some problems on CentOS. |
56 | #private-etc alternatives,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache | 60 | #private-etc alternatives,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,mime.types,mailcap,asound.conf,pulse,pki,crypto-policies,ld.so.cache |
57 | private-tmp | 61 | private-tmp |
58 | |||
59 | # Breaks DRM binaries. | ||
60 | #noexec ${HOME} | ||
61 | noexec /tmp | ||