diff options
author | smitsohu <smitsohu@gmail.com> | 2017-10-31 02:24:39 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2017-10-31 02:24:39 +0100 |
commit | 871dfe351fd8cf19c8c7f330187c994b911ec995 (patch) | |
tree | fc7839dff34b0b14e92a0cd87d45f56f744d45cd /etc/gwenview.profile | |
parent | fix --ignore=quiet (diff) | |
download | firejail-871dfe351fd8cf19c8c7f330187c994b911ec995.tar.gz firejail-871dfe351fd8cf19c8c7f330187c994b911ec995.tar.zst firejail-871dfe351fd8cf19c8c7f330187c994b911ec995.zip |
harden kde
and whitelist kioslaverc because we don't know if kdeinit
will run outside or inside the sandbox.
Diffstat (limited to 'etc/gwenview.profile')
-rw-r--r-- | etc/gwenview.profile | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/etc/gwenview.profile b/etc/gwenview.profile index 76b77ef1c..891c9865e 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile | |||
@@ -5,6 +5,8 @@ include /etc/firejail/gwenview.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include /etc/firejail/globals.local | 6 | include /etc/firejail/globals.local |
7 | 7 | ||
8 | # blacklist /run/user/*/bus | ||
9 | |||
8 | noblacklist ~/.config/gwenviewrc | 10 | noblacklist ~/.config/gwenviewrc |
9 | noblacklist ~/.config/org.kde.gwenviewrc | 11 | noblacklist ~/.config/org.kde.gwenviewrc |
10 | noblacklist ~/.gimp* | 12 | noblacklist ~/.gimp* |
@@ -23,6 +25,7 @@ include /etc/firejail/disable-programs.inc | |||
23 | include /etc/firejail/whitelist-var-common.inc | 25 | include /etc/firejail/whitelist-var-common.inc |
24 | 26 | ||
25 | caps.drop all | 27 | caps.drop all |
28 | # net none | ||
26 | nodvd | 29 | nodvd |
27 | nogroups | 30 | nogroups |
28 | nonewprivs | 31 | nonewprivs |
@@ -34,7 +37,7 @@ seccomp | |||
34 | shell none | 37 | shell none |
35 | tracelog | 38 | tracelog |
36 | 39 | ||
37 | private-bin gwenview,kbuildsycoca4,gimp* | 40 | private-bin gwenview,gimp*,kbuildsycoca4 |
38 | private-dev | 41 | private-dev |
39 | # private-etc X11 | 42 | # private-etc X11 |
40 | 43 | ||