diff options
| author |  Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-10-04 16:24:36 -0500 |
|---|---|---|
| committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-10-04 16:24:36 -0500 |
| commit | c6259375dff79484b9f3d587da9fbfa76a3b68b9 (patch) | |
| tree | 1b7c010c2f6b0886ccd7a537bb146f7f46cb1d7f /etc/keepassx.profile | |
| parent | Tighten spotify profile (diff) | |
| download | firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.gz firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.zst firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.zip | |
Tighten multiple profiles.
This adds whitelist-var-common, machine-id, memory-deny-write-execute,
and noexec home and tmp when possible.
Diffstat (limited to 'etc/keepassx.profile')
| -rw-r--r-- | etc/keepassx.profile | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 9d943d89c..27ca408f5 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile | |||
| @@ -15,6 +15,8 @@ include /etc/firejail/disable-devel.inc | |||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
| 17 | 17 | ||
| 18 | include /etc/firejail/whitelist-var-common.inc | ||
| 19 | |||
| 18 | caps.drop all | 20 | caps.drop all |
| 19 | machine-id | 21 | machine-id |
| 20 | net none | 22 | net none |
| @@ -36,5 +38,6 @@ private-dev | |||
| 36 | private-etc fonts,machine-id | 38 | private-etc fonts,machine-id |
| 37 | private-tmp | 39 | private-tmp |
| 38 | 40 | ||
| 41 | memory-deny-write-execute | ||
| 39 | noexec ${HOME} | 42 | noexec ${HOME} |
| 40 | noexec /tmp | 43 | noexec /tmp |