Harden mate-* profiles

author: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2017-09-24 14:19:14 -0500
committer: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2017-09-24 14:19:14 -0500
commit: e3d22faf5a107c6e1717cfbb145a358e054b55f0 (patch)
tree: f1b29b2ed9fad34d9df49f474cd9221417b94c93 /etc/mate-color-select.profile
parent: tighten mate-calc profile (diff)
download: firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.tar.gz
firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.tar.zst
firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile
index 26ce42fbf..7df7d7faa 100644
--- a/etc/mate-color-select.profile
+++ b/etc/mate-color-select.profile
@@ -11,6 +11,11 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+whitelist ${HOME}/.config/gtk-3.0
+whitelist ${HOME}/.fonts
+whitelist ${HOME}/.icons
+whitelist ${HOME}/.themes
 caps.drop all
 netfilter
 no3d
@@ -26,9 +31,11 @@ seccomp
 shell none
 disable-mnt
-private
+private-bin mate-color-select
+private-etc fonts
 private-dev
 private-tmp
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
author	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2017-09-24 14:19:14 -0500
committer	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2017-09-24 14:19:14 -0500
commit	e3d22faf5a107c6e1717cfbb145a358e054b55f0 (patch)
tree	f1b29b2ed9fad34d9df49f474cd9221417b94c93 /etc/mate-color-select.profile
parent	tighten mate-calc profile (diff)
download	firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.tar.gz firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.tar.zst firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.zip

diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index 26ce42fbf..7df7d7faa 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile
@@ -11,6 +11,11 @@ include /etc/firejail/disable-devel.inc
11	include /etc/firejail/disable-passwdmgr.inc	11	include /etc/firejail/disable-passwdmgr.inc
12	include /etc/firejail/disable-programs.inc	12	include /etc/firejail/disable-programs.inc
13		13
		14	whitelist ${HOME}/.config/gtk-3.0
		15	whitelist ${HOME}/.fonts
		16	whitelist ${HOME}/.icons
		17	whitelist ${HOME}/.themes
		18
14	caps.drop all	19	caps.drop all
15	netfilter	20	netfilter
16	no3d	21	no3d
@@ -26,9 +31,11 @@ seccomp
26	shell none	31	shell none
27		32
28	disable-mnt	33	disable-mnt
29	private	34	private-bin mate-color-select
		35	private-etc fonts
30	private-dev	36	private-dev
31	private-tmp	37	private-tmp
32		38
		39	memory-deny-write-execute
33	noexec ${HOME}	40	noexec ${HOME}
34	noexec /tmp	41	noexec /tmp