Tighten multiple profiles.

This adds whitelist-var-common, machine-id, memory-deny-write-execute, and noexec home and tmp when possible.
author: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2017-10-04 16:24:36 -0500
committer: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2017-10-04 16:24:36 -0500
commit: c6259375dff79484b9f3d587da9fbfa76a3b68b9 (patch)
tree: 1b7c010c2f6b0886ccd7a537bb146f7f46cb1d7f /etc/stellarium.profile
parent: Tighten spotify profile (diff)
download: firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.gz
firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.zst
firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/etc/stellarium.profile b/etc/stellarium.profile
index 89e2d1a30..360b9f881 100644
--- a/etc/stellarium.profile
+++ b/etc/stellarium.profile
@@ -18,8 +18,10 @@ mkdir ~/.stellarium
 whitelist ~/.config/stellarium
 whitelist ~/.stellarium
 include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
+machine-id
 netfilter
 nodvd
 nogroups
@@ -36,3 +38,6 @@ disable-mnt
 private-bin stellarium
 private-dev
 private-tmp
+noexec ${HOME}
+noexec /tmp
author	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2017-10-04 16:24:36 -0500
committer	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2017-10-04 16:24:36 -0500
commit	c6259375dff79484b9f3d587da9fbfa76a3b68b9 (patch)
tree	1b7c010c2f6b0886ccd7a537bb146f7f46cb1d7f /etc/stellarium.profile
parent	Tighten spotify profile (diff)
download	firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.gz firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.zst firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.zip

diff --git a/etc/stellarium.profile b/etc/stellarium.profile index 89e2d1a30..360b9f881 100644 --- a/etc/stellarium.profile +++ b/etc/stellarium.profile
@@ -18,8 +18,10 @@ mkdir ~/.stellarium
18	whitelist ~/.config/stellarium	18	whitelist ~/.config/stellarium
19	whitelist ~/.stellarium	19	whitelist ~/.stellarium
20	include /etc/firejail/whitelist-common.inc	20	include /etc/firejail/whitelist-common.inc
		21	include /etc/firejail/whitelist-var-common.inc
21		22
22	caps.drop all	23	caps.drop all
		24	machine-id
23	netfilter	25	netfilter
24	nodvd	26	nodvd
25	nogroups	27	nogroups
@@ -36,3 +38,6 @@ disable-mnt
36	private-bin stellarium	38	private-bin stellarium
37	private-dev	39	private-dev
38	private-tmp	40	private-tmp
		41
		42	noexec ${HOME}
		43	noexec /tmp