diff options
author | smitsohu <smitsohu@gmail.com> | 2019-03-15 12:37:36 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2019-03-15 12:37:36 +0100 |
commit | 529315fe17a526eb8200e42a44b57ddffbd7a838 (patch) | |
tree | a70214750cdd46f0e6945d24a715ab19125a8244 /etc/start-tor-browser.profile | |
parent | ffmpegthumbnailer breaks in ranger with private-cache enabled from (#2596) (diff) | |
download | firejail-529315fe17a526eb8200e42a44b57ddffbd7a838.tar.gz firejail-529315fe17a526eb8200e42a44b57ddffbd7a838.tar.zst firejail-529315fe17a526eb8200e42a44b57ddffbd7a838.zip |
profile hardening: add disable-exec.inc in more places
Diffstat (limited to 'etc/start-tor-browser.profile')
-rw-r--r-- | etc/start-tor-browser.profile | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/start-tor-browser.profile b/etc/start-tor-browser.profile index b0cb52a0f..8acf77349 100644 --- a/etc/start-tor-browser.profile +++ b/etc/start-tor-browser.profile | |||
@@ -5,9 +5,11 @@ include start-tor-browser.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | ignore noexec ${HOME} | ||
8 | 9 | ||
9 | include disable-common.inc | 10 | include disable-common.inc |
10 | include disable-devel.inc | 11 | include disable-devel.inc |
12 | include disable-exec.inc | ||
11 | include disable-interpreters.inc | 13 | include disable-interpreters.inc |
12 | include disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
13 | include disable-programs.inc | 15 | include disable-programs.inc |
@@ -36,5 +38,3 @@ private-bin bash,sh,grep,tail,env,gpg,id,readlink,dirname,test,mkdir,ln,sed,cp,r | |||
36 | private-dev | 38 | private-dev |
37 | private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache | 39 | private-etc alternatives,fonts,hostname,hosts,resolv.conf,pki,ssl,ca-certificates,crypto-policies,alsa,asound.conf,pulse,machine-id,ld.so.cache |
38 | private-tmp | 40 | private-tmp |
39 | |||
40 | noexec /tmp | ||