diff options
author | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-10-04 16:24:36 -0500 |
---|---|---|
committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-10-04 16:24:36 -0500 |
commit | c6259375dff79484b9f3d587da9fbfa76a3b68b9 (patch) | |
tree | 1b7c010c2f6b0886ccd7a537bb146f7f46cb1d7f /etc/gitter.profile | |
parent | Tighten spotify profile (diff) | |
download | firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.gz firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.zst firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.zip |
Tighten multiple profiles.
This adds whitelist-var-common, machine-id, memory-deny-write-execute,
and noexec home and tmp when possible.
Diffstat (limited to 'etc/gitter.profile')
-rw-r--r-- | etc/gitter.profile | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/etc/gitter.profile b/etc/gitter.profile index 0a47bf888..3e84455f1 100644 --- a/etc/gitter.profile +++ b/etc/gitter.profile | |||
@@ -13,7 +13,13 @@ include /etc/firejail/disable-devel.inc | |||
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | whitelist ${DOWNLOADS} | ||
17 | whitelist ~/.config/autostart | ||
18 | whitelist ~/.config/Gitter | ||
19 | include /etc/firejail/whitelist-var-common.inc | ||
20 | |||
16 | caps.drop all | 21 | caps.drop all |
22 | machine-id | ||
17 | netfilter | 23 | netfilter |
18 | nodvd | 24 | nodvd |
19 | nogroups | 25 | nogroups |
@@ -25,7 +31,12 @@ protocol unix,inet,inet6,netlink | |||
25 | seccomp | 31 | seccomp |
26 | shell none | 32 | shell none |
27 | 33 | ||
34 | disable-mnt | ||
28 | private-bin bash,env,gitter | 35 | private-bin bash,env,gitter |
36 | private-etc fonts,pulse,resolv.conf | ||
29 | private-opt Gitter | 37 | private-opt Gitter |
30 | private-dev | 38 | private-dev |
31 | private-tmp | 39 | private-tmp |
40 | |||
41 | noexec ${HOME} | ||
42 | noexec /tmp | ||