Harden mate-* profiles

author: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2017-09-24 14:19:14 -0500
committer: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2017-09-24 14:19:14 -0500
commit: e3d22faf5a107c6e1717cfbb145a358e054b55f0 (patch)
tree: f1b29b2ed9fad34d9df49f474cd9221417b94c93 /etc/mate-dictionary.profile
parent: tighten mate-calc profile (diff)
download: firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.tar.gz
firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.tar.zst
firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile
index f0de57e0d..3f85addaf 100644
--- a/etc/mate-dictionary.profile
+++ b/etc/mate-dictionary.profile
@@ -12,6 +12,12 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+whitelist ${HOME}/.config/mate/mate-dictionary
+whitelist ${HOME}/.config/gtk-3.0
+whitelist ${HOME}/.fonts
+whitelist ${HOME}/.icons
+whitelist ${HOME}/.themes
 caps.drop all
 netfilter
 no3d
@@ -27,8 +33,12 @@ seccomp
 shell none
 disable-mnt
+private-bin mate-dictionary
+private-etc fonts,resolv.conf
+private-opt mate-dictionary
 private-dev
 private-tmp
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
author	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2017-09-24 14:19:14 -0500
committer	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2017-09-24 14:19:14 -0500
commit	e3d22faf5a107c6e1717cfbb145a358e054b55f0 (patch)
tree	f1b29b2ed9fad34d9df49f474cd9221417b94c93 /etc/mate-dictionary.profile
parent	tighten mate-calc profile (diff)
download	firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.tar.gz firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.tar.zst firejail-e3d22faf5a107c6e1717cfbb145a358e054b55f0.zip

diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index f0de57e0d..3f85addaf 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile
@@ -12,6 +12,12 @@ include /etc/firejail/disable-devel.inc
12	include /etc/firejail/disable-passwdmgr.inc	12	include /etc/firejail/disable-passwdmgr.inc
13	include /etc/firejail/disable-programs.inc	13	include /etc/firejail/disable-programs.inc
14		14
		15	whitelist ${HOME}/.config/mate/mate-dictionary
		16	whitelist ${HOME}/.config/gtk-3.0
		17	whitelist ${HOME}/.fonts
		18	whitelist ${HOME}/.icons
		19	whitelist ${HOME}/.themes
		20
15	caps.drop all	21	caps.drop all
16	netfilter	22	netfilter
17	no3d	23	no3d
@@ -27,8 +33,12 @@ seccomp
27	shell none	33	shell none
28		34
29	disable-mnt	35	disable-mnt
		36	private-bin mate-dictionary
		37	private-etc fonts,resolv.conf
		38	private-opt mate-dictionary
30	private-dev	39	private-dev
31	private-tmp	40	private-tmp
32		41
		42	memory-deny-write-execute
33	noexec ${HOME}	43	noexec ${HOME}
34	noexec /tmp	44	noexec /tmp