diff options
author | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-09-24 14:19:14 -0500 |
---|---|---|
committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-09-24 14:19:14 -0500 |
commit | e3d22faf5a107c6e1717cfbb145a358e054b55f0 (patch) | |
tree | f1b29b2ed9fad34d9df49f474cd9221417b94c93 /etc/mate-color-select.profile | |
parent | tighten mate-calc profile (diff) | |
download | firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.tar.gz firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.tar.zst firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.zip |
Harden mate-* profiles
Diffstat (limited to 'etc/mate-color-select.profile')
-rw-r--r-- | etc/mate-color-select.profile | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index 26ce42fbf..7df7d7faa 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile | |||
@@ -11,6 +11,11 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | whitelist ${HOME}/.config/gtk-3.0 | ||
15 | whitelist ${HOME}/.fonts | ||
16 | whitelist ${HOME}/.icons | ||
17 | whitelist ${HOME}/.themes | ||
18 | |||
14 | caps.drop all | 19 | caps.drop all |
15 | netfilter | 20 | netfilter |
16 | no3d | 21 | no3d |
@@ -26,9 +31,11 @@ seccomp | |||
26 | shell none | 31 | shell none |
27 | 32 | ||
28 | disable-mnt | 33 | disable-mnt |
29 | private | 34 | private-bin mate-color-select |
35 | private-etc fonts | ||
30 | private-dev | 36 | private-dev |
31 | private-tmp | 37 | private-tmp |
32 | 38 | ||
39 | memory-deny-write-execute | ||
33 | noexec ${HOME} | 40 | noexec ${HOME} |
34 | noexec /tmp | 41 | noexec /tmp |