diff options
| author |  Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-10-04 16:24:36 -0500 |
|---|---|---|
| committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-10-04 16:24:36 -0500 |
| commit | c6259375dff79484b9f3d587da9fbfa76a3b68b9 (patch) | |
| tree | 1b7c010c2f6b0886ccd7a537bb146f7f46cb1d7f /etc/hexchat.profile | |
| parent | Tighten spotify profile (diff) | |
| download | firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.gz firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.zst firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.zip | |
Tighten multiple profiles.
This adds whitelist-var-common, machine-id, memory-deny-write-execute,
and noexec home and tmp when possible.
Diffstat (limited to 'etc/hexchat.profile')
| -rw-r--r-- | etc/hexchat.profile | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/hexchat.profile b/etc/hexchat.profile index fc817d9f9..47d39e8c4 100644 --- a/etc/hexchat.profile +++ b/etc/hexchat.profile | |||
| @@ -16,8 +16,10 @@ include /etc/firejail/disable-programs.inc | |||
| 16 | mkdir ~/.config/hexchat | 16 | mkdir ~/.config/hexchat |
| 17 | whitelist ~/.config/hexchat | 17 | whitelist ~/.config/hexchat |
| 18 | include /etc/firejail/whitelist-common.inc | 18 | include /etc/firejail/whitelist-common.inc |
| 19 | include /etc/firejail/whitelist-var-common.inc | ||
| 19 | 20 | ||
| 20 | caps.drop all | 21 | caps.drop all |
| 22 | machine-id | ||
| 21 | netfilter | 23 | netfilter |
| 22 | no3d | 24 | no3d |
| 23 | nodvd | 25 | nodvd |
| @@ -38,5 +40,6 @@ private-bin hexchat | |||
| 38 | private-dev | 40 | private-dev |
| 39 | private-tmp | 41 | private-tmp |
| 40 | 42 | ||
| 43 | memory-deny-write-execute | ||
| 41 | noexec ${HOME} | 44 | noexec ${HOME} |
| 42 | noexec /tmp | 45 | noexec /tmp |