diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2019-03-14 12:01:43 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-03-14 12:01:43 +0000 |
commit | 097aba97d8cb0a848f1f21018f65c58d48ef3cb2 (patch) | |
tree | bb5159f2651680606ccf7208dd4f48e1add373fe /etc/gzip.profile | |
parent | Fixes for seahorse/seahorse-tool (#2592) (diff) | |
download | firejail-097aba97d8cb0a848f1f21018f65c58d48ef3cb2.tar.gz firejail-097aba97d8cb0a848f1f21018f65c58d48ef3cb2.tar.zst firejail-097aba97d8cb0a848f1f21018f65c58d48ef3cb2.zip |
Hardening compressors (#2594)
* Harden atool
* Harden cpio
* Fix ordering in private-* options
* Harden gzip
* Harden tar
* Harden bsdtar
* Harden+ tar
* Harden+ gzip
* Harden+ cpio
* Create bzip2.profile
* Description for bunzip2
* Add bzip2/bunzip2 to firecfg
Diffstat (limited to 'etc/gzip.profile')
-rw-r--r-- | etc/gzip.profile | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/etc/gzip.profile b/etc/gzip.profile index 49c43a49c..27e262f87 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile | |||
@@ -9,11 +9,20 @@ include globals.local | |||
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | 10 | blacklist /tmp/.X11-unix |
11 | 11 | ||
12 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | ||
14 | |||
12 | ignore noroot | 15 | ignore noroot |
16 | |||
17 | apparmor | ||
18 | hostname gzip | ||
19 | ipc-namespace | ||
20 | machine-id | ||
13 | net none | 21 | net none |
14 | no3d | 22 | no3d |
15 | nodbus | 23 | nodbus |
16 | nodvd | 24 | nodvd |
25 | nogroups | ||
17 | nosound | 26 | nosound |
18 | notv | 27 | notv |
19 | nou2f | 28 | nou2f |
@@ -21,6 +30,9 @@ novideo | |||
21 | shell none | 30 | shell none |
22 | tracelog | 31 | tracelog |
23 | 32 | ||
33 | private-cache | ||
24 | private-dev | 34 | private-dev |
25 | 35 | ||
36 | memory-deny-write-execute | ||
37 | |||
26 | include default.profile | 38 | include default.profile |