diff options
author | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-09-24 14:19:14 -0500 |
---|---|---|
committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-09-24 14:19:14 -0500 |
commit | e3d22faf5a107c6e1717cfbb145a358e054b55f0 (patch) | |
tree | f1b29b2ed9fad34d9df49f474cd9221417b94c93 /etc/mate-dictionary.profile | |
parent | tighten mate-calc profile (diff) | |
download | firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.tar.gz firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.tar.zst firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.zip |
Harden mate-* profiles
Diffstat (limited to 'etc/mate-dictionary.profile')
-rw-r--r-- | etc/mate-dictionary.profile | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index f0de57e0d..3f85addaf 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile | |||
@@ -12,6 +12,12 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | whitelist ${HOME}/.config/mate/mate-dictionary | ||
16 | whitelist ${HOME}/.config/gtk-3.0 | ||
17 | whitelist ${HOME}/.fonts | ||
18 | whitelist ${HOME}/.icons | ||
19 | whitelist ${HOME}/.themes | ||
20 | |||
15 | caps.drop all | 21 | caps.drop all |
16 | netfilter | 22 | netfilter |
17 | no3d | 23 | no3d |
@@ -27,8 +33,12 @@ seccomp | |||
27 | shell none | 33 | shell none |
28 | 34 | ||
29 | disable-mnt | 35 | disable-mnt |
36 | private-bin mate-dictionary | ||
37 | private-etc fonts,resolv.conf | ||
38 | private-opt mate-dictionary | ||
30 | private-dev | 39 | private-dev |
31 | private-tmp | 40 | private-tmp |
32 | 41 | ||
42 | memory-deny-write-execute | ||
33 | noexec ${HOME} | 43 | noexec ${HOME} |
34 | noexec /tmp | 44 | noexec /tmp |