diff options
author | Tad <tad@spotco.us> | 2017-04-17 17:11:24 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2017-04-17 17:11:24 -0400 |
commit | 4f238b75de05d91f200305335da1f019810ac149 (patch) | |
tree | 40f021c8d9e7bb70f7bd0a868d571286fa438420 /etc/polari.profile | |
parent | Merge pull request #1229 from SpotComms/firecfg2 (diff) | |
download | firejail-4f238b75de05d91f200305335da1f019810ac149.tar.gz firejail-4f238b75de05d91f200305335da1f019810ac149.tar.zst firejail-4f238b75de05d91f200305335da1f019810ac149.zip |
Harden more profiles
Diffstat (limited to 'etc/polari.profile')
-rw-r--r-- | etc/polari.profile | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/etc/polari.profile b/etc/polari.profile index 834a8b3d6..db5fc9487 100644 --- a/etc/polari.profile +++ b/etc/polari.profile | |||
@@ -23,7 +23,18 @@ include /etc/firejail/whitelist-common.inc | |||
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
26 | no3d | ||
27 | nogroups | ||
26 | nonewprivs | 28 | nonewprivs |
27 | noroot | 29 | noroot |
30 | nosound | ||
28 | protocol unix,inet,inet6 | 31 | protocol unix,inet,inet6 |
29 | seccomp | 32 | seccomp |
33 | shell none | ||
34 | tracelog | ||
35 | |||
36 | private-dev | ||
37 | private-tmp | ||
38 | |||
39 | noexec ${HOME} | ||
40 | noexec /tmp | ||