diff options
| author |  Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-08-02 09:37:20 -0500 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2017-08-02 09:37:20 -0500 |
| commit | caaac4417bd9b4116681c96fa1127b3f78c33d1d (patch) | |
| tree | 0c1fd52865432943dff536a7679408bec47df683 /etc/pcmanfm.profile | |
| parent | get_mempolicy syscall was temporarily removed from the default seccomp list. ... (diff) | |
| parent | Fixes (diff) | |
| download | firejail-caaac4417bd9b4116681c96fa1127b3f78c33d1d.tar.gz firejail-caaac4417bd9b4116681c96fa1127b3f78c33d1d.tar.zst firejail-caaac4417bd9b4116681c96fa1127b3f78c33d1d.zip | |
Merge pull request #1367 from SpotComms/mh
Harden profiles
Diffstat (limited to 'etc/pcmanfm.profile')
| -rw-r--r-- | etc/pcmanfm.profile | 14 |
1 files changed, 3 insertions, 11 deletions
diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile index 68d002f2d..654904f17 100644 --- a/etc/pcmanfm.profile +++ b/etc/pcmanfm.profile | |||
| @@ -15,21 +15,13 @@ include /etc/firejail/disable-devel.inc | |||
| 15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
| 16 | 16 | ||
| 17 | caps.drop all | 17 | caps.drop all |
| 18 | netfilter | 18 | net none |
| 19 | nogroups | 19 | no3d |
| 20 | nonewprivs | 20 | nonewprivs |
| 21 | noroot | 21 | noroot |
| 22 | nosound | 22 | nosound |
| 23 | novideo | ||
| 23 | protocol unix | 24 | protocol unix |
| 24 | seccomp | 25 | seccomp |
| 25 | shell none | 26 | shell none |
| 26 | tracelog | 27 | tracelog |
| 27 | |||
| 28 | # | ||
| 29 | # depending on your usage, you can enable some of the commands below: | ||
| 30 | # | ||
| 31 | # private-bin program | ||
| 32 | # private-etc none | ||
| 33 | # private-dev | ||
| 34 | # private-tmp | ||
| 35 | |||