Harden 50 profiles

Hardened many profiles using disable-mnt and novideo Fixed gnome-font-viewer
author: Tad <tad@spotco.us> 2017-07-04 10:51:43 -0400
committer: Tad <tad@spotco.us> 2017-07-04 11:35:29 -0400
commit: 5354f20012b488c50cd556e315b78ad351ae0f9d (patch)
tree: 89c737f738f8525da446786083473c249b8a9f79 /etc/gnome-2048.profile
parent: per-profile disable-mnt (diff)
download: firejail-5354f20012b488c50cd556e315b78ad351ae0f9d.tar.gz
firejail-5354f20012b488c50cd556e315b78ad351ae0f9d.tar.zst
firejail-5354f20012b488c50cd556e315b78ad351ae0f9d.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile
index 0e757a06f..5e0dfc2a1 100644
--- a/etc/gnome-2048.profile
+++ b/etc/gnome-2048.profile
@@ -26,7 +26,17 @@ include /etc/firejail/whitelist-common.inc
 #Options
 caps.drop all
 netfilter
+no3d
 nonewprivs
 noroot
+#nosound
+novideo
 protocol unix,inet,inet6
 seccomp
+private-dev
+private-tmp
+disable-mnt
+noexec ${HOME}
+noexec /tmp
author	Tad <tad@spotco.us>	2017-07-04 10:51:43 -0400
committer	Tad <tad@spotco.us>	2017-07-04 11:35:29 -0400
commit	5354f20012b488c50cd556e315b78ad351ae0f9d (patch)
tree	89c737f738f8525da446786083473c249b8a9f79 /etc/gnome-2048.profile
parent	per-profile disable-mnt (diff)
download	firejail-5354f20012b488c50cd556e315b78ad351ae0f9d.tar.gz firejail-5354f20012b488c50cd556e315b78ad351ae0f9d.tar.zst firejail-5354f20012b488c50cd556e315b78ad351ae0f9d.zip

diff --git a/etc/gnome-2048.profile b/etc/gnome-2048.profile index 0e757a06f..5e0dfc2a1 100644 --- a/etc/gnome-2048.profile +++ b/etc/gnome-2048.profile
@@ -26,7 +26,17 @@ include /etc/firejail/whitelist-common.inc
26	#Options	26	#Options
27	caps.drop all	27	caps.drop all
28	netfilter	28	netfilter
		29	no3d
29	nonewprivs	30	nonewprivs
30	noroot	31	noroot
		32	#nosound
		33	novideo
31	protocol unix,inet,inet6	34	protocol unix,inet,inet6
32	seccomp	35	seccomp
		36
		37	private-dev
		38	private-tmp
		39	disable-mnt
		40
		41	noexec ${HOME}
		42	noexec /tmp