diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-05-02 17:58:02 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-02 17:58:02 +0000 |
commit | 49280197ccf830b708b1b7c4d6fb8b3590f44da2 (patch) | |
tree | 76ae21d4faa96a2970738aedc693b6b9ed3183c8 /etc/profile-a-l | |
parent | fixes for zeal.profile (diff) | |
download | firejail-49280197ccf830b708b1b7c4d6fb8b3590f44da2.tar.gz firejail-49280197ccf830b708b1b7c4d6fb8b3590f44da2.tar.zst firejail-49280197ccf830b708b1b7c4d6fb8b3590f44da2.zip |
various hardening (#3394)
Diffstat (limited to 'etc/profile-a-l')
-rw-r--r-- | etc/profile-a-l/etr.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/frozen-bubble.profile | 5 | ||||
-rw-r--r-- | etc/profile-a-l/gnome-chess.profile | 4 | ||||
-rw-r--r-- | etc/profile-a-l/gnome-hexgl.profile | 2 |
4 files changed, 14 insertions, 1 deletions
diff --git a/etc/profile-a-l/etr.profile b/etc/profile-a-l/etr.profile index 7afcd01d7..72f588366 100644 --- a/etc/profile-a-l/etr.profile +++ b/etc/profile-a-l/etr.profile | |||
@@ -9,6 +9,7 @@ include globals.local | |||
9 | noblacklist ${HOME}/.etr | 9 | noblacklist ${HOME}/.etr |
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | ||
12 | include disable-exec.inc | 13 | include disable-exec.inc |
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
@@ -17,7 +18,10 @@ include disable-xdg.inc | |||
17 | 18 | ||
18 | mkdir ${HOME}/.etr | 19 | mkdir ${HOME}/.etr |
19 | whitelist ${HOME}/.etr | 20 | whitelist ${HOME}/.etr |
21 | whitelist /usr/share/etr | ||
20 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | ||
24 | include whitelist-usr-share-common.inc | ||
21 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
22 | 26 | ||
23 | apparmor | 27 | apparmor |
diff --git a/etc/profile-a-l/frozen-bubble.profile b/etc/profile-a-l/frozen-bubble.profile index d1dc64bb9..9245ae3a9 100644 --- a/etc/profile-a-l/frozen-bubble.profile +++ b/etc/profile-a-l/frozen-bubble.profile | |||
@@ -17,10 +17,14 @@ include disable-exec.inc | |||
17 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
18 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
19 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-xdg.inc | ||
20 | 21 | ||
21 | mkdir ${HOME}/.frozen-bubble | 22 | mkdir ${HOME}/.frozen-bubble |
22 | whitelist ${HOME}/.frozen-bubble | 23 | whitelist ${HOME}/.frozen-bubble |
24 | whitelist /usr/share/perl5 | ||
23 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | ||
27 | include whitelist-usr-share-common.inc | ||
24 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
25 | 29 | ||
26 | apparmor | 30 | apparmor |
@@ -36,6 +40,7 @@ novideo | |||
36 | protocol unix,netlink | 40 | protocol unix,netlink |
37 | seccomp | 41 | seccomp |
38 | shell none | 42 | shell none |
43 | tracelog | ||
39 | 44 | ||
40 | disable-mnt | 45 | disable-mnt |
41 | # private-bin frozen-bubble | 46 | # private-bin frozen-bubble |
diff --git a/etc/profile-a-l/gnome-chess.profile b/etc/profile-a-l/gnome-chess.profile index 2e2e86ac9..c1d2a34c0 100644 --- a/etc/profile-a-l/gnome-chess.profile +++ b/etc/profile-a-l/gnome-chess.profile | |||
@@ -17,6 +17,10 @@ include disable-passwdmgr.inc | |||
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-xdg.inc | 18 | include disable-xdg.inc |
19 | 19 | ||
20 | #mkdir ${HOME}/.local/share/gnome-chess | ||
21 | #whitelist ${HOME}/.local/share/gnome-chess | ||
22 | #include whitelist-common.inc | ||
23 | |||
20 | whitelist /usr/share/gnuchess | 24 | whitelist /usr/share/gnuchess |
21 | whitelist /usr/share/gnome-chess | 25 | whitelist /usr/share/gnome-chess |
22 | include whitelist-runuser-common.inc | 26 | include whitelist-runuser-common.inc |
diff --git a/etc/profile-a-l/gnome-hexgl.profile b/etc/profile-a-l/gnome-hexgl.profile index 873a47ea9..59fe330a1 100644 --- a/etc/profile-a-l/gnome-hexgl.profile +++ b/etc/profile-a-l/gnome-hexgl.profile | |||
@@ -40,7 +40,7 @@ private | |||
40 | private-bin gnome-hexgl | 40 | private-bin gnome-hexgl |
41 | private-cache | 41 | private-cache |
42 | private-dev | 42 | private-dev |
43 | private-etc machine-id | 43 | private-etc alsa,asound.conf,machine-id,pulse |
44 | private-tmp | 44 | private-tmp |
45 | 45 | ||
46 | dbus-user none | 46 | dbus-user none |