diff options
| author |  Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-04-25 22:23:16 -0500 |
|---|---|---|
| committer | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-04-25 22:23:16 -0500 |
| commit | 50e3096b3c1c50bc9a040be3dab1374c146cc7ac (patch) | |
| tree | 867332db43d70b111be17bac116d36255b2140a2 /etc/spotify.profile | |
| parent | noexec /home/fred and /tmp for gpredict (diff) | |
| download | firejail-50e3096b3c1c50bc9a040be3dab1374c146cc7ac.tar.gz firejail-50e3096b3c1c50bc9a040be3dab1374c146cc7ac.tar.zst firejail-50e3096b3c1c50bc9a040be3dab1374c146cc7ac.zip | |
Added noexec for home and tmp, spotify profile.
This might break special cases when an addon (like blockify) is installed in home. We'll need to keep an eye on this.
Diffstat (limited to 'etc/spotify.profile')
| -rw-r--r-- | etc/spotify.profile | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/spotify.profile b/etc/spotify.profile index 8261fe0fb..bfc074c28 100644 --- a/etc/spotify.profile +++ b/etc/spotify.profile | |||
| @@ -28,6 +28,9 @@ protocol unix,inet,inet6,netlink | |||
| 28 | seccomp | 28 | seccomp |
| 29 | shell none | 29 | shell none |
| 30 | 30 | ||
| 31 | noexec ${HOME} | ||
| 32 | noexec /tmp | ||
| 33 | |||
| 31 | private-bin spotify,bash,sh | 34 | private-bin spotify,bash,sh |
| 32 | private-etc fonts,machine-id,pulse,resolv.conf | 35 | private-etc fonts,machine-id,pulse,resolv.conf |
| 33 | private-dev | 36 | private-dev |