diff options
author | Tad <tad@spotco.us> | 2017-07-04 10:51:43 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2017-07-04 11:35:29 -0400 |
commit | 5354f20012b488c50cd556e315b78ad351ae0f9d (patch) | |
tree | 89c737f738f8525da446786083473c249b8a9f79 /etc/rhythmbox.profile | |
parent | per-profile disable-mnt (diff) | |
download | firejail-5354f20012b488c50cd556e315b78ad351ae0f9d.tar.gz firejail-5354f20012b488c50cd556e315b78ad351ae0f9d.tar.zst firejail-5354f20012b488c50cd556e315b78ad351ae0f9d.zip |
Harden 50 profiles
Hardened many profiles using disable-mnt and novideo
Fixed gnome-font-viewer
Diffstat (limited to 'etc/rhythmbox.profile')
-rw-r--r-- | etc/rhythmbox.profile | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile index 192382f77..930a8fed5 100644 --- a/etc/rhythmbox.profile +++ b/etc/rhythmbox.profile | |||
@@ -13,9 +13,11 @@ include /etc/firejail/disable-passwdmgr.inc | |||
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | 15 | netfilter |
16 | #no3d | ||
16 | nogroups | 17 | nogroups |
17 | nonewprivs | 18 | nonewprivs |
18 | noroot | 19 | noroot |
20 | novideo | ||
19 | protocol unix,inet,inet6 | 21 | protocol unix,inet,inet6 |
20 | seccomp | 22 | seccomp |
21 | shell none | 23 | shell none |
@@ -24,3 +26,6 @@ tracelog | |||
24 | private-bin rhythmbox | 26 | private-bin rhythmbox |
25 | private-dev | 27 | private-dev |
26 | private-tmp | 28 | private-tmp |
29 | |||
30 | noexec ${HOME} | ||
31 | noexec /tmp | ||