diff options
author | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-10-04 16:24:36 -0500 |
---|---|---|
committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-10-04 16:24:36 -0500 |
commit | c6259375dff79484b9f3d587da9fbfa76a3b68b9 (patch) | |
tree | 1b7c010c2f6b0886ccd7a537bb146f7f46cb1d7f /etc/thunderbird.profile | |
parent | Tighten spotify profile (diff) | |
download | firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.gz firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.zst firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.zip |
Tighten multiple profiles.
This adds whitelist-var-common, machine-id, memory-deny-write-execute,
and noexec home and tmp when possible.
Diffstat (limited to 'etc/thunderbird.profile')
-rw-r--r-- | etc/thunderbird.profile | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/etc/thunderbird.profile b/etc/thunderbird.profile index 8e878eb1c..db944a2c0 100644 --- a/etc/thunderbird.profile +++ b/etc/thunderbird.profile | |||
@@ -22,9 +22,11 @@ whitelist ~/.gnupg | |||
22 | whitelist ~/.icedove | 22 | whitelist ~/.icedove |
23 | whitelist ~/.thunderbird | 23 | whitelist ~/.thunderbird |
24 | include /etc/firejail/whitelist-common.inc | 24 | include /etc/firejail/whitelist-common.inc |
25 | include /etc/firejail/whitelist-var-common.inc | ||
25 | 26 | ||
26 | ignore private-tmp | 27 | ignore private-tmp |
27 | 28 | machine-id | |
29 | disable-mnt | ||
28 | read-only ~/.config/mimeapps.list | 30 | read-only ~/.config/mimeapps.list |
29 | 31 | ||
30 | # allow browsers | 32 | # allow browsers |