diff options
author | 2020-11-16 11:41:35 +0100 | |
---|---|---|
committer | 2020-11-16 11:41:35 +0100 | |
commit | 096d0de5f8bb253d0c1035796464bc5982f06f81 (patch) | |
tree | d9634d1c26afca63ada52f66dd55eb09a46647dd /etc/profile-a-l/dia.profile | |
parent | Add XAUTHORITY file of sddm from openSUSE Tumblew… (diff) | |
download | firejail-096d0de5f8bb253d0c1035796464bc5982f06f81.tar.gz firejail-096d0de5f8bb253d0c1035796464bc5982f06f81.tar.zst firejail-096d0de5f8bb253d0c1035796464bc5982f06f81.zip |
from my overrides
- add seccomp.block-secondary to a lot profiles
- add wruc to firefox-common and ignore it in TB and
firefox-common-addons
- harden dia, gnome-keyring, libreoffice, megaglest, pngquant,
ghostwriter, rhythmbox, sqlitebrowser
Diffstat (limited to 'etc/profile-a-l/dia.profile')
-rw-r--r-- | etc/profile-a-l/dia.profile | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/etc/profile-a-l/dia.profile b/etc/profile-a-l/dia.profile index 52bf1c7f8..e409eb044 100644 --- a/etc/profile-a-l/dia.profile +++ b/etc/profile-a-l/dia.profile | |||
@@ -9,16 +9,24 @@ include globals.local | |||
9 | noblacklist ${HOME}/.dia | 9 | noblacklist ${HOME}/.dia |
10 | noblacklist ${DOCUMENTS} | 10 | noblacklist ${DOCUMENTS} |
11 | 11 | ||
12 | include allow-python2.inc | ||
13 | include allow-python3.inc | ||
14 | |||
12 | include disable-common.inc | 15 | include disable-common.inc |
13 | include disable-devel.inc | 16 | include disable-devel.inc |
14 | include disable-exec.inc | 17 | include disable-exec.inc |
15 | include allow-python2.inc | ||
16 | include allow-python3.inc | ||
17 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 20 | include disable-programs.inc |
20 | include disable-xdg.inc | 21 | include disable-xdg.inc |
21 | 22 | ||
23 | #mkdir ${HOME}/.dia | ||
24 | #whitelist ${HOME}/.dia | ||
25 | #whitelist ${DOCUMENTS} | ||
26 | #include whitelist-common.inc | ||
27 | whitelist /usr/share/dia | ||
28 | include whitelist-runuser-common.inc | ||
29 | include whitelist-usr-share-common.inc | ||
22 | include whitelist-var-common.inc | 30 | include whitelist-var-common.inc |
23 | 31 | ||
24 | apparmor | 32 | apparmor |
@@ -36,6 +44,7 @@ novideo | |||
36 | protocol unix | 44 | protocol unix |
37 | seccomp | 45 | seccomp |
38 | shell none | 46 | shell none |
47 | tracelog | ||
39 | 48 | ||
40 | disable-mnt | 49 | disable-mnt |
41 | #private-bin dia | 50 | #private-bin dia |