diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-06-25 15:09:44 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-06-25 15:09:44 +0200 |
commit | eb34c2d931698529ff6de2b3b90d7b1703f3b13a (patch) | |
tree | b3e12067ad232da69642be1a0530fbacc6a53fd3 /etc/profile-a-l | |
parent | new profiles (diff) | |
download | firejail-eb34c2d931698529ff6de2b3b90d7b1703f3b13a.tar.gz firejail-eb34c2d931698529ff6de2b3b90d7b1703f3b13a.tar.zst firejail-eb34c2d931698529ff6de2b3b90d7b1703f3b13a.zip |
harden gradio.profile
Diffstat (limited to 'etc/profile-a-l')
-rw-r--r-- | etc/profile-a-l/gradio.profile | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile index 82e2504b9..a16e65efb 100644 --- a/etc/profile-a-l/gradio.profile +++ b/etc/profile-a-l/gradio.profile | |||
@@ -14,12 +14,15 @@ include disable-exec.inc | |||
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | ||
17 | 18 | ||
18 | mkdir ${HOME}/.cache/gradio | 19 | mkdir ${HOME}/.cache/gradio |
19 | mkdir ${HOME}/.local/share/gradio | 20 | mkdir ${HOME}/.local/share/gradio |
20 | whitelist ${HOME}/.cache/gradio | 21 | whitelist ${HOME}/.cache/gradio |
21 | whitelist ${HOME}/.local/share/gradio | 22 | whitelist ${HOME}/.local/share/gradio |
22 | include whitelist-common.inc | 23 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | ||
25 | include whitelist-usr-share-common.inc | ||
23 | include whitelist-var-common.inc | 26 | include whitelist-var-common.inc |
24 | 27 | ||
25 | caps.drop all | 28 | caps.drop all |
@@ -30,11 +33,23 @@ nogroups | |||
30 | nonewprivs | 33 | nonewprivs |
31 | noroot | 34 | noroot |
32 | notv | 35 | notv |
36 | nou2f | ||
33 | novideo | 37 | novideo |
34 | protocol unix,inet,inet6 | 38 | protocol unix,inet,inet6 |
35 | seccomp | 39 | seccomp |
40 | seccomp.block-secondary | ||
36 | shell none | 41 | shell none |
42 | tracelog | ||
37 | 43 | ||
44 | disable-mnt | ||
45 | private-bin gradio | ||
46 | private-cache | ||
47 | private-dev | ||
38 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg | 48 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg |
39 | private-tmp | 49 | private-tmp |
40 | 50 | ||
51 | dbus-user filter | ||
52 | dbus-user.own de.haeckerfelix.gradio | ||
53 | dbus-user.own org.mpris.MediaPlayer2.gradio | ||
54 | dbus-user.talk ca.desrt.dconf | ||
55 | dbus-system none | ||