diff options
| author |  Tad <tad@spotco.us> | 2017-07-04 10:51:43 -0400 |
|---|---|---|
| committer | Tad <tad@spotco.us> | 2017-07-04 11:35:29 -0400 |
| commit | 5354f20012b488c50cd556e315b78ad351ae0f9d (patch) | |
| tree | 89c737f738f8525da446786083473c249b8a9f79 /etc/gnome-clocks.profile | |
| parent | per-profile disable-mnt (diff) | |
| download | firejail-5354f20012b488c50cd556e315b78ad351ae0f9d.tar.gz firejail-5354f20012b488c50cd556e315b78ad351ae0f9d.tar.zst firejail-5354f20012b488c50cd556e315b78ad351ae0f9d.zip | |
Harden 50 profiles
Hardened many profiles using disable-mnt and novideo
Fixed gnome-font-viewer
Diffstat (limited to 'etc/gnome-clocks.profile')
| -rw-r--r-- | etc/gnome-clocks.profile | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index 40df92454..129bd6e71 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile | |||
| @@ -12,10 +12,11 @@ include /etc/firejail/disable-devel.inc | |||
| 12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
| 13 | 13 | ||
| 14 | caps.drop all | 14 | caps.drop all |
| 15 | no3d | ||
| 15 | nogroups | 16 | nogroups |
| 16 | nonewprivs | 17 | nonewprivs |
| 17 | noroot | 18 | noroot |
| 18 | nosound | 19 | novideo |
| 19 | protocol unix,inet,inet6 | 20 | protocol unix,inet,inet6 |
| 20 | seccomp | 21 | seccomp |
| 21 | netfilter | 22 | netfilter |
| @@ -26,3 +27,7 @@ tracelog | |||
| 26 | private-tmp | 27 | private-tmp |
| 27 | private-dev | 28 | private-dev |
| 28 | # private-etc fonts | 29 | # private-etc fonts |
| 30 | disable-mnt | ||
| 31 | |||
| 32 | noexec ${HOME} | ||
| 33 | noexec /tmp | ||