diff options
author | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-10-04 16:24:36 -0500 |
---|---|---|
committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-10-04 16:24:36 -0500 |
commit | c6259375dff79484b9f3d587da9fbfa76a3b68b9 (patch) | |
tree | 1b7c010c2f6b0886ccd7a537bb146f7f46cb1d7f /etc/hexchat.profile | |
parent | Tighten spotify profile (diff) | |
download | firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.gz firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.zst firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.zip |
Tighten multiple profiles.
This adds whitelist-var-common, machine-id, memory-deny-write-execute,
and noexec home and tmp when possible.
Diffstat (limited to 'etc/hexchat.profile')
-rw-r--r-- | etc/hexchat.profile | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index fc817d9f9..47d39e8c4 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
@@ -16,8 +16,10 @@ include /etc/firejail/disable-programs.inc | |||
16 | mkdir ~/.config/hexchat | 16 | mkdir ~/.config/hexchat |
17 | whitelist ~/.config/hexchat | 17 | whitelist ~/.config/hexchat |
18 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
19 | include /etc/firejail/whitelist-var-common.inc | ||
19 | 20 | ||
20 | caps.drop all | 21 | caps.drop all |
22 | machine-id | ||
21 | netfilter | 23 | netfilter |
22 | no3d | 24 | no3d |
23 | nodvd | 25 | nodvd |
@@ -38,5 +40,6 @@ private-bin hexchat | |||
38 | private-dev | 40 | private-dev |
39 | private-tmp | 41 | private-tmp |
40 | 42 | ||
43 | memory-deny-write-execute | ||
41 | noexec ${HOME} | 44 | noexec ${HOME} |
42 | noexec /tmp | 45 | noexec /tmp |