diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2019-02-25 00:40:00 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-02-25 00:40:00 +0000 |
commit | 591347192c0b2e0fb89869ce88043a03b7f2ac73 (patch) | |
tree | d46453622d79badd7fe784a77a084c0a5eae3b26 /etc/gpicview.profile | |
parent | Harden eog.profile (#2469) (diff) | |
download | firejail-591347192c0b2e0fb89869ce88043a03b7f2ac73.tar.gz firejail-591347192c0b2e0fb89869ce88043a03b7f2ac73.tar.zst firejail-591347192c0b2e0fb89869ce88043a03b7f2ac73.zip |
Harden gpicview.profile (#2470)
Diffstat (limited to 'etc/gpicview.profile')
-rw-r--r-- | etc/gpicview.profile | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/etc/gpicview.profile b/etc/gpicview.profile index af9680b49..2d369fbd8 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile | |||
@@ -14,9 +14,10 @@ include disable-interpreters.inc | |||
14 | include disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 15 | include disable-programs.inc |
16 | 16 | ||
17 | include whitelist-var-common.inc | 17 | apparmor |
18 | |||
19 | caps.drop all | 18 | caps.drop all |
19 | ipc-namespace | ||
20 | machine-id | ||
20 | net none | 21 | net none |
21 | nodbus | 22 | nodbus |
22 | nodvd | 23 | nodvd |
@@ -33,7 +34,12 @@ shell none | |||
33 | tracelog | 34 | tracelog |
34 | 35 | ||
35 | private-bin gpicview | 36 | private-bin gpicview |
37 | private-cache | ||
36 | private-dev | 38 | private-dev |
37 | private-etc alternatives,fonts | 39 | private-etc alternatives,fonts,groups,passwd |
38 | private-lib | 40 | private-lib |
39 | private-tmp | 41 | private-tmp |
42 | |||
43 | memory-deny-write-execute | ||
44 | noexec ${HOME} | ||
45 | noexec /tmp | ||