Tighten multiple profiles.

This adds whitelist-var-common, machine-id, memory-deny-write-execute, and noexec home and tmp when possible.
author: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2017-10-04 16:24:36 -0500
committer: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2017-10-04 16:24:36 -0500
commit: c6259375dff79484b9f3d587da9fbfa76a3b68b9 (patch)
tree: 1b7c010c2f6b0886ccd7a537bb146f7f46cb1d7f /etc/keepassx2.profile
parent: Tighten spotify profile (diff)
download: firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.gz
firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.zst
firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.zip
1 files changed, 2 insertions, 35 deletions
diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile
index e20e06b76..ba98df19d 100644
--- a/etc/keepassx2.profile
+++ b/etc/keepassx2.profile
@@ -1,38 +1,5 @@
 # Firejail profile for keepassx2
 # This file is overwritten after every install/update
-# Persistent local customizations
-include /etc/firejail/keepassx2.local
-# Persistent global definitions
-include /etc/firejail/globals.local
-noblacklist ${HOME}/*.kdb
+# Redirects
-noblacklist ${HOME}/*.kdbx
+include /etc/firejail/keepassx.profile
-noblacklist ${HOME}/.config/keepassx
-noblacklist ${HOME}/.keepassx
-include /etc/firejail/disable-common.inc
-include /etc/firejail/disable-devel.inc
-include /etc/firejail/disable-passwdmgr.inc
-include /etc/firejail/disable-programs.inc
-caps.drop all
-net none
-no3d
-nodvd
-nogroups
-nonewprivs
-noroot
-nosound
-notv
-novideo
-protocol unix
-seccomp
-shell none
-private-bin keepassx2
-private-dev
-private-etc fonts
-private-tmp
-noexec ${HOME}
-noexec /tmp
author	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2017-10-04 16:24:36 -0500
committer	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2017-10-04 16:24:36 -0500
commit	c6259375dff79484b9f3d587da9fbfa76a3b68b9 (patch)
tree	1b7c010c2f6b0886ccd7a537bb146f7f46cb1d7f /etc/keepassx2.profile
parent	Tighten spotify profile (diff)
download	firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.gz firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.zst firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.zip

diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile index e20e06b76..ba98df19d 100644 --- a/etc/keepassx2.profile +++ b/etc/keepassx2.profile
@@ -1,38 +1,5 @@
1	# Firejail profile for keepassx2	1	# Firejail profile for keepassx2
2	# This file is overwritten after every install/update	2	# This file is overwritten after every install/update
3	# Persistent local customizations
4	include /etc/firejail/keepassx2.local
5	# Persistent global definitions
6	include /etc/firejail/globals.local
7		3
8	noblacklist ${HOME}/*.kdb	4	# Redirects
9	noblacklist ${HOME}/*.kdbx	5	include /etc/firejail/keepassx.profile
10	noblacklist ${HOME}/.config/keepassx
11	noblacklist ${HOME}/.keepassx
12
13	include /etc/firejail/disable-common.inc
14	include /etc/firejail/disable-devel.inc
15	include /etc/firejail/disable-passwdmgr.inc
16	include /etc/firejail/disable-programs.inc
17
18	caps.drop all
19	net none
20	no3d
21	nodvd
22	nogroups
23	nonewprivs
24	noroot
25	nosound
26	notv
27	novideo
28	protocol unix
29	seccomp
30	shell none
31
32	private-bin keepassx2
33	private-dev
34	private-etc fonts
35	private-tmp
36
37	noexec ${HOME}
38	noexec /tmp