Merge pull request #3518 from onovy/zoom-profile

Hardend Zoom profile
author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2020-07-21 08:36:06 +0000
committer: GitHub <noreply@github.com> 2020-07-21 08:36:06 +0000
commit: fb145c33ebf4de35396502217cf9663e3176a96c (patch)
tree: e89a1790230bc1a1a3ae6552cbc6602119f6d198 /etc/profile-m-z
parent: Merge pull request #3520 from onovy/mattermost-profile (diff)
parent: Hardend Zoom profile (diff)
download: firejail-fb145c33ebf4de35396502217cf9663e3176a96c.tar.gz
firejail-fb145c33ebf4de35396502217cf9663e3176a96c.tar.zst
firejail-fb145c33ebf4de35396502217cf9663e3176a96c.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile
index 6eac10703..b3125ee50 100644
--- a/etc/profile-m-z/zoom.profile
+++ b/etc/profile-m-z/zoom.profile
@@ -10,8 +10,11 @@ noblacklist ${HOME}/.zoom
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
+include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
 mkdir ${HOME}/.cache/zoom
 mkfile ${HOME}/.config/zoomus.conf
@@ -20,14 +23,25 @@ whitelist ${HOME}/.cache/zoom
 whitelist ${HOME}/.config/zoomus.conf
 whitelist ${HOME}/.zoom
 include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
 caps.drop all
 netfilter
 nodvd
+nogroups
 nonewprivs
 noroot
 notv
+nou2f
 protocol unix,inet,inet6,netlink
 seccomp !chroot
+shell none
+tracelog
+disable-mnt
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl
 private-tmp
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2020-07-21 08:36:06 +0000
committer	GitHub <noreply@github.com>	2020-07-21 08:36:06 +0000
commit	fb145c33ebf4de35396502217cf9663e3176a96c (patch)
tree	e89a1790230bc1a1a3ae6552cbc6602119f6d198 /etc/profile-m-z
parent	Merge pull request #3520 from onovy/mattermost-profile (diff)
parent	Hardend Zoom profile (diff)
download	firejail-fb145c33ebf4de35396502217cf9663e3176a96c.tar.gz firejail-fb145c33ebf4de35396502217cf9663e3176a96c.tar.zst firejail-fb145c33ebf4de35396502217cf9663e3176a96c.zip

diff --git a/etc/profile-m-z/zoom.profile b/etc/profile-m-z/zoom.profile index 6eac10703..b3125ee50 100644 --- a/etc/profile-m-z/zoom.profile +++ b/etc/profile-m-z/zoom.profile
@@ -10,8 +10,11 @@ noblacklist ${HOME}/.zoom
10		10
11	include disable-common.inc	11	include disable-common.inc
12	include disable-devel.inc	12	include disable-devel.inc
		13	include disable-exec.inc
13	include disable-interpreters.inc	14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
14	include disable-programs.inc	16	include disable-programs.inc
		17	include disable-xdg.inc
15		18
16	mkdir ${HOME}/.cache/zoom	19	mkdir ${HOME}/.cache/zoom
17	mkfile ${HOME}/.config/zoomus.conf	20	mkfile ${HOME}/.config/zoomus.conf
@@ -20,14 +23,25 @@ whitelist ${HOME}/.cache/zoom
20	whitelist ${HOME}/.config/zoomus.conf	23	whitelist ${HOME}/.config/zoomus.conf
21	whitelist ${HOME}/.zoom	24	whitelist ${HOME}/.zoom
22	include whitelist-common.inc	25	include whitelist-common.inc
		26	include whitelist-runuser-common.inc
		27	include whitelist-usr-share-common.inc
		28	include whitelist-var-common.inc
23		29
24	caps.drop all	30	caps.drop all
25	netfilter	31	netfilter
26	nodvd	32	nodvd
		33	nogroups
27	nonewprivs	34	nonewprivs
28	noroot	35	noroot
29	notv	36	notv
		37	nou2f
30	protocol unix,inet,inet6,netlink	38	protocol unix,inet,inet6,netlink
31	seccomp !chroot	39	seccomp !chroot
		40	shell none
		41	tracelog
32		42
		43	disable-mnt
		44	private-cache
		45	private-dev
		46	private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,nsswitch.conf,pki,resolv.conf,ssl
33	private-tmp	47	private-tmp