fix and harden various profiles

author: smitsohu <smitsohu@gmail.com> 2017-10-29 13:06:19 +0100
committer: smitsohu <smitsohu@gmail.com> 2017-10-29 13:06:19 +0100
commit: 8ef2c87931fa83c2d1fd6b35f23ac650adee6355 (patch)
tree: ad154ca76315d658334fb06b587e1df835fb137a /etc/inox.profile
parent: fix for #1614 (--timeout) (diff)
download: firejail-8ef2c87931fa83c2d1fd6b35f23ac650adee6355.tar.gz
firejail-8ef2c87931fa83c2d1fd6b35f23ac650adee6355.tar.zst
firejail-8ef2c87931fa83c2d1fd6b35f23ac650adee6355.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/etc/inox.profile b/etc/inox.profile
index de4d6205b..221acd309 100644
--- a/etc/inox.profile
+++ b/etc/inox.profile
@@ -20,11 +20,17 @@ whitelist ~/.cache/inox
 whitelist ~/.config/inox
 whitelist ~/.pki
 include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.keep sys_chroot,sys_admin
 netfilter
 nodvd
 nogroups
-noroot
 notv
 shell none
+private-dev
+# private-tmp - problems with multiple browser sessions
+noexec ${HOME}
+noexec /tmp
author	smitsohu <smitsohu@gmail.com>	2017-10-29 13:06:19 +0100
committer	smitsohu <smitsohu@gmail.com>	2017-10-29 13:06:19 +0100
commit	8ef2c87931fa83c2d1fd6b35f23ac650adee6355 (patch)
tree	ad154ca76315d658334fb06b587e1df835fb137a /etc/inox.profile
parent	fix for #1614 (--timeout) (diff)
download	firejail-8ef2c87931fa83c2d1fd6b35f23ac650adee6355.tar.gz firejail-8ef2c87931fa83c2d1fd6b35f23ac650adee6355.tar.zst firejail-8ef2c87931fa83c2d1fd6b35f23ac650adee6355.zip

diff --git a/etc/inox.profile b/etc/inox.profile index de4d6205b..221acd309 100644 --- a/etc/inox.profile +++ b/etc/inox.profile
@@ -20,11 +20,17 @@ whitelist ~/.cache/inox
20	whitelist ~/.config/inox	20	whitelist ~/.config/inox
21	whitelist ~/.pki	21	whitelist ~/.pki
22	include /etc/firejail/whitelist-common.inc	22	include /etc/firejail/whitelist-common.inc
		23	include /etc/firejail/whitelist-var-common.inc
23		24
24	caps.keep sys_chroot,sys_admin	25	caps.keep sys_chroot,sys_admin
25	netfilter	26	netfilter
26	nodvd	27	nodvd
27	nogroups	28	nogroups
28	noroot
29	notv	29	notv
30	shell none	30	shell none
		31
		32	private-dev
		33	# private-tmp - problems with multiple browser sessions
		34
		35	noexec ${HOME}
		36	noexec /tmp