diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-04-30 10:34:38 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-04-30 10:34:47 +0200 |
commit | a9c1a56bc21c6f583292f0f543673730c5737c1b (patch) | |
tree | 7eb5e5d77e47c9665782fd8e27d0bfaf91582f07 /etc/profile-m-z/mrrescue.profile | |
parent | Merge pull request #4219 from Neo00001/master (diff) | |
download | firejail-a9c1a56bc21c6f583292f0f543673730c5737c1b.tar.gz firejail-a9c1a56bc21c6f583292f0f543673730c5737c1b.tar.zst firejail-a9c1a56bc21c6f583292f0f543673730c5737c1b.zip |
Harden some game profiles
Diffstat (limited to 'etc/profile-m-z/mrrescue.profile')
-rw-r--r-- | etc/profile-m-z/mrrescue.profile | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/etc/profile-m-z/mrrescue.profile b/etc/profile-m-z/mrrescue.profile index f02a4f357..5b2164bae 100644 --- a/etc/profile-m-z/mrrescue.profile +++ b/etc/profile-m-z/mrrescue.profile | |||
@@ -8,18 +8,23 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.local/share/love | 9 | noblacklist ${HOME}/.local/share/love |
10 | 10 | ||
11 | include allow-bin-sh.inc | ||
12 | include allow-lua.inc | ||
13 | |||
11 | include disable-common.inc | 14 | include disable-common.inc |
12 | include disable-devel.inc | 15 | include disable-devel.inc |
13 | include disable-exec.inc | 16 | include disable-exec.inc |
14 | include disable-interpreters.inc | 17 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 18 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 19 | include disable-programs.inc |
20 | include disable-shell.inc | ||
17 | include disable-xdg.inc | 21 | include disable-xdg.inc |
18 | 22 | ||
19 | mkdir ${HOME}/.local/share/love | 23 | mkdir ${HOME}/.local/share/love |
20 | whitelist ${HOME}/.local/share/love | 24 | whitelist ${HOME}/.local/share/love |
21 | whitelist /usr/share/mrrescue | 25 | whitelist /usr/share/mrrescue |
22 | include whitelist-common.inc | 26 | include whitelist-common.inc |
27 | include whitelist-runuser-common.inc | ||
23 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
24 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
25 | 30 | ||
@@ -35,6 +40,7 @@ nou2f | |||
35 | novideo | 40 | novideo |
36 | protocol unix,netlink | 41 | protocol unix,netlink |
37 | seccomp | 42 | seccomp |
43 | seccomp.block-secondary | ||
38 | shell none | 44 | shell none |
39 | tracelog | 45 | tracelog |
40 | 46 | ||