diff options
| author |  Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-04-15 22:06:37 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2017-04-15 22:06:37 +0000 |
| commit | f13aa1b80ac13085503bc190bf4ee7d7513607be (patch) | |
| tree | b32a354af0af97e19b779380382ec973275a1006 /etc/pithos.profile | |
| parent | noblacklist .config/qt5ct (part 1) (diff) | |
| parent | Harden Steam (diff) | |
| download | firejail-f13aa1b80ac13085503bc190bf4ee7d7513607be.tar.gz firejail-f13aa1b80ac13085503bc190bf4ee7d7513607be.tar.zst firejail-f13aa1b80ac13085503bc190bf4ee7d7513607be.zip | |
Merge pull request #1220 from SpotComms/harden
Harden some profiles
Diffstat (limited to 'etc/pithos.profile')
| -rw-r--r-- | etc/pithos.profile | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/etc/pithos.profile b/etc/pithos.profile index 500e35989..c25b5772b 100644 --- a/etc/pithos.profile +++ b/etc/pithos.profile | |||
| @@ -17,7 +17,16 @@ include /etc/firejail/whitelist-common.inc | |||
| 17 | #Options | 17 | #Options |
| 18 | caps.drop all | 18 | caps.drop all |
| 19 | netfilter | 19 | netfilter |
| 20 | no3d | ||
| 21 | nogroups | ||
| 20 | nonewprivs | 22 | nonewprivs |
| 21 | noroot | 23 | noroot |
| 22 | protocol unix,inet,inet6 | 24 | protocol unix,inet,inet6 |
| 23 | seccomp | 25 | seccomp |
| 26 | shell none | ||
| 27 | |||
| 28 | private-dev | ||
| 29 | private-tmp | ||
| 30 | |||
| 31 | noexec ${HOME} | ||
| 32 | noexec /tmp | ||