diff options
author | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-10-04 16:24:36 -0500 |
---|---|---|
committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-10-04 16:24:36 -0500 |
commit | c6259375dff79484b9f3d587da9fbfa76a3b68b9 (patch) | |
tree | 1b7c010c2f6b0886ccd7a537bb146f7f46cb1d7f /etc/stellarium.profile | |
parent | Tighten spotify profile (diff) | |
download | firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.gz firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.zst firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.zip |
Tighten multiple profiles.
This adds whitelist-var-common, machine-id, memory-deny-write-execute,
and noexec home and tmp when possible.
Diffstat (limited to 'etc/stellarium.profile')
-rw-r--r-- | etc/stellarium.profile | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/stellarium.profile b/etc/stellarium.profile index 89e2d1a30..360b9f881 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile | |||
@@ -18,8 +18,10 @@ mkdir ~/.stellarium | |||
18 | whitelist ~/.config/stellarium | 18 | whitelist ~/.config/stellarium |
19 | whitelist ~/.stellarium | 19 | whitelist ~/.stellarium |
20 | include /etc/firejail/whitelist-common.inc | 20 | include /etc/firejail/whitelist-common.inc |
21 | include /etc/firejail/whitelist-var-common.inc | ||
21 | 22 | ||
22 | caps.drop all | 23 | caps.drop all |
24 | machine-id | ||
23 | netfilter | 25 | netfilter |
24 | nodvd | 26 | nodvd |
25 | nogroups | 27 | nogroups |
@@ -36,3 +38,6 @@ disable-mnt | |||
36 | private-bin stellarium | 38 | private-bin stellarium |
37 | private-dev | 39 | private-dev |
38 | private-tmp | 40 | private-tmp |
41 | |||
42 | noexec ${HOME} | ||
43 | noexec /tmp | ||