diff options
| author |  Tad <tad@spotco.us> | 2017-09-16 14:11:43 -0400 |
|---|---|---|
| committer | Tad <tad@spotco.us> | 2017-09-18 18:24:13 -0400 |
| commit | 3c3602fe4e747f3489c917f4de991c9043df9751 (patch) | |
| tree | 052baee1387ce11b9ecd00e49a7c96d59f92d480 /etc/ricochet.profile | |
| parent | Fixup 36 profiles (diff) | |
| download | firejail-3c3602fe4e747f3489c917f4de991c9043df9751.tar.gz firejail-3c3602fe4e747f3489c917f4de991c9043df9751.tar.zst firejail-3c3602fe4e747f3489c917f4de991c9043df9751.zip | |
Harden 25 profiles
Diffstat (limited to 'etc/ricochet.profile')
| -rw-r--r-- | etc/ricochet.profile | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/etc/ricochet.profile b/etc/ricochet.profile index 423dfb887..6da0e21d5 100644 --- a/etc/ricochet.profile +++ b/etc/ricochet.profile | |||
| @@ -19,14 +19,22 @@ include /etc/firejail/whitelist-common.inc | |||
| 19 | 19 | ||
| 20 | caps.drop all | 20 | caps.drop all |
| 21 | ipc-namespace | 21 | ipc-namespace |
| 22 | netfilter | ||
| 23 | no3d | ||
| 24 | nodvd | ||
| 22 | nogroups | 25 | nogroups |
| 26 | nonewprivs | ||
| 23 | noroot | 27 | noroot |
| 28 | notv | ||
| 29 | novideo | ||
| 30 | protocol unix,inet,inet6 | ||
| 24 | seccomp | 31 | seccomp |
| 25 | shell none | 32 | shell none |
| 26 | 33 | ||
| 34 | disable-mnt | ||
| 27 | private-bin ricochet,tor | 35 | private-bin ricochet,tor |
| 28 | private-dev | 36 | private-dev |
| 29 | #private-etc fonts,tor,X11,alternatives | 37 | #private-etc fonts,tor,X11,alternatives |
| 30 | 38 | ||
| 31 | noexec /home | 39 | noexec ${HOME} |
| 32 | noexec /tmp | 40 | noexec /tmp |