diff options
| author |  glitsj16 <glitsj16@users.noreply.github.com> | 2019-03-14 12:01:43 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2019-03-14 12:01:43 +0000 |
| commit | 097aba97d8cb0a848f1f21018f65c58d48ef3cb2 (patch) | |
| tree | bb5159f2651680606ccf7208dd4f48e1add373fe /etc/gzip.profile | |
| parent | Fixes for seahorse/seahorse-tool (#2592) (diff) | |
| download | firejail-097aba97d8cb0a848f1f21018f65c58d48ef3cb2.tar.gz firejail-097aba97d8cb0a848f1f21018f65c58d48ef3cb2.tar.zst firejail-097aba97d8cb0a848f1f21018f65c58d48ef3cb2.zip | |
Hardening compressors (#2594)
* Harden atool
* Harden cpio
* Fix ordering in private-* options
* Harden gzip
* Harden tar
* Harden bsdtar
* Harden+ tar
* Harden+ gzip
* Harden+ cpio
* Create bzip2.profile
* Description for bunzip2
* Add bzip2/bunzip2 to firecfg
Diffstat (limited to 'etc/gzip.profile')
| -rw-r--r-- | etc/gzip.profile | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/etc/gzip.profile b/etc/gzip.profile index 49c43a49c..27e262f87 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
| @@ -9,11 +9,20 @@ include globals.local | |||
| 9 | 9 | ||
| 10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
| 11 | 11 | ||
| 12 | include disable-exec.inc | ||
| 13 | include disable-interpreters.inc | ||
| 14 | |||
| 12 | ignore noroot | 15 | ignore noroot |
| 16 | |||
| 17 | apparmor | ||
| 18 | hostname gzip | ||
| 19 | ipc-namespace | ||
| 20 | machine-id | ||
| 13 | net none | 21 | net none |
| 14 | no3d | 22 | no3d |
| 15 | nodbus | 23 | nodbus |
| 16 | nodvd | 24 | nodvd |
| 25 | nogroups | ||
| 17 | nosound | 26 | nosound |
| 18 | notv | 27 | notv |
| 19 | nou2f | 28 | nou2f |
| @@ -21,6 +30,9 @@ novideo | |||
| 21 | shell none | 30 | shell none |
| 22 | tracelog | 31 | tracelog |
| 23 | 32 | ||
| 33 | private-cache | ||
| 24 | private-dev | 34 | private-dev |
| 25 | 35 | ||
| 36 | memory-deny-write-execute | ||
| 37 | |||
| 26 | include default.profile | 38 | include default.profile |