diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2019-03-27 03:01:48 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-03-27 03:01:48 +0000 |
commit | e401fdacf99d792434af8bb052e3b22979c12d8b (patch) | |
tree | c406b1ee89c7194610542b04657991dd2164061a /etc/pidgin.profile | |
parent | mount runtime seccomp files read-only (#2602) (diff) | |
download | firejail-e401fdacf99d792434af8bb052e3b22979c12d8b.tar.gz firejail-e401fdacf99d792434af8bb052e3b22979c12d8b.tar.zst firejail-e401fdacf99d792434af8bb052e3b22979c12d8b.zip |
Refactor pidgin as whitelist profile (#2620)
Diffstat (limited to 'etc/pidgin.profile')
-rw-r--r-- | etc/pidgin.profile | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 91a204557..444478149 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile | |||
@@ -6,14 +6,24 @@ include pidgin.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | mkdir ${HOME}/.purple | ||
9 | noblacklist ${HOME}/.purple | 10 | noblacklist ${HOME}/.purple |
11 | whitelist ${HOME}/.purple | ||
12 | |||
13 | ignore noexec ${RUNUSER} | ||
14 | ignore noexec /dev/shm | ||
10 | 15 | ||
11 | include disable-common.inc | 16 | include disable-common.inc |
12 | include disable-devel.inc | 17 | include disable-devel.inc |
18 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 19 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 20 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 21 | include disable-programs.inc |
22 | include disable-xdg.inc | ||
23 | include whitelist-common.inc | ||
24 | include whitelist-var-common.inc | ||
16 | 25 | ||
26 | apparmor | ||
17 | caps.drop all | 27 | caps.drop all |
18 | netfilter | 28 | netfilter |
19 | nodvd | 29 | nodvd |
@@ -24,13 +34,10 @@ notv | |||
24 | nou2f | 34 | nou2f |
25 | protocol unix,inet,inet6 | 35 | protocol unix,inet,inet6 |
26 | seccomp | 36 | seccomp |
27 | shell none | 37 | # shell none |
28 | tracelog | 38 | tracelog |
29 | 39 | ||
30 | private-bin pidgin | 40 | # private-bin pidgin |
31 | private-cache | 41 | private-cache |
32 | private-dev | 42 | private-dev |
33 | private-tmp | 43 | private-tmp |
34 | |||
35 | noexec ${HOME} | ||
36 | noexec /tmp | ||