diff options
author | Ondřej Nový <ondrej.novy@firma.seznam.cz> | 2020-07-17 10:38:29 +0200 |
---|---|---|
committer | Ondřej Nový <ondrej.novy@firma.seznam.cz> | 2020-07-20 08:20:12 +0200 |
commit | 4c712cbaaf593e4e8cd39d798fba714a2aff51ea (patch) | |
tree | 057a2691510c229b1bf825dcd74d39c61831ef24 /etc/profile-m-z/zoom.profile | |
parent | Merge pull request #3516 from smitsohu/busybox (diff) | |
download | firejail-4c712cbaaf593e4e8cd39d798fba714a2aff51ea.tar.gz firejail-4c712cbaaf593e4e8cd39d798fba714a2aff51ea.tar.zst firejail-4c712cbaaf593e4e8cd39d798fba714a2aff51ea.zip |
Hardend Zoom profile
Diffstat (limited to 'etc/profile-m-z/zoom.profile')
-rw-r--r-- | etc/profile-m-z/zoom.profile | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile index 6eac10703..b3125ee50 100644 --- a/etc/profile-m-z/zoom.profile +++ b/etc/profile-m-z/zoom.profile | |||
@@ -10,8 +10,11 @@ noblacklist ${HOME}/.zoom | |||
10 | 10 | ||
11 | include disable-common.inc | 11 | include disable-common.inc |
12 | include disable-devel.inc | 12 | include disable-devel.inc |
13 | include disable-exec.inc | ||
13 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | ||
14 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | ||
15 | 18 | ||
16 | mkdir ${HOME}/.cache/zoom | 19 | mkdir ${HOME}/.cache/zoom |
17 | mkfile ${HOME}/.config/zoomus.conf | 20 | mkfile ${HOME}/.config/zoomus.conf |
@@ -20,14 +23,25 @@ whitelist ${HOME}/.cache/zoom | |||
20 | whitelist ${HOME}/.config/zoomus.conf | 23 | whitelist ${HOME}/.config/zoomus.conf |
21 | whitelist ${HOME}/.zoom | 24 | whitelist ${HOME}/.zoom |
22 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | ||
27 | include whitelist-usr-share-common.inc | ||
28 | include whitelist-var-common.inc | ||
23 | 29 | ||
24 | caps.drop all | 30 | caps.drop all |
25 | netfilter | 31 | netfilter |
26 | nodvd | 32 | nodvd |
33 | nogroups | ||
27 | nonewprivs | 34 | nonewprivs |
28 | noroot | 35 | noroot |
29 | notv | 36 | notv |
37 | nou2f | ||
30 | protocol unix,inet,inet6,netlink | 38 | protocol unix,inet,inet6,netlink |
31 | seccomp !chroot | 39 | seccomp !chroot |
40 | shell none | ||
41 | tracelog | ||
32 | 42 | ||
43 | disable-mnt | ||
44 | private-cache | ||
45 | private-dev | ||
46 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl | ||
33 | private-tmp | 47 | private-tmp |