diff options
author | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-10-04 16:24:36 -0500 |
---|---|---|
committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-10-04 16:24:36 -0500 |
commit | c6259375dff79484b9f3d587da9fbfa76a3b68b9 (patch) | |
tree | 1b7c010c2f6b0886ccd7a537bb146f7f46cb1d7f /etc/qbittorrent.profile | |
parent | Tighten spotify profile (diff) | |
download | firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.gz firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.zst firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.zip |
Tighten multiple profiles.
This adds whitelist-var-common, machine-id, memory-deny-write-execute,
and noexec home and tmp when possible.
Diffstat (limited to 'etc/qbittorrent.profile')
-rw-r--r-- | etc/qbittorrent.profile | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 86db5c26c..aeb52b991 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -25,6 +25,7 @@ whitelist ~/.config/qBittorrentrc | |||
25 | whitelist ~/.config/qt5ct | 25 | whitelist ~/.config/qt5ct |
26 | whitelist ~/.local/share/data/qBittorrent | 26 | whitelist ~/.local/share/data/qBittorrent |
27 | include /etc/firejail/whitelist-common.inc | 27 | include /etc/firejail/whitelist-common.inc |
28 | include /etc/firejail/whitelist-var-common.inc | ||
28 | 29 | ||
29 | caps.drop all | 30 | caps.drop all |
30 | machine-id | 31 | machine-id |
@@ -44,3 +45,7 @@ seccomp | |||
44 | private-dev | 45 | private-dev |
45 | # private-etc X11,fonts,xdg,resolv.conf | 46 | # private-etc X11,fonts,xdg,resolv.conf |
46 | private-tmp | 47 | private-tmp |
48 | |||
49 | memory-deny-write-execute | ||
50 | noexec ${HOME} | ||
51 | noexec /tmp | ||