diff options
| author |  Tad <tad@spotco.us> | 2017-09-16 14:11:43 -0400 |
|---|---|---|
| committer | Tad <tad@spotco.us> | 2017-09-18 18:24:13 -0400 |
| commit | 3c3602fe4e747f3489c917f4de991c9043df9751 (patch) | |
| tree | 052baee1387ce11b9ecd00e49a7c96d59f92d480 /etc/tor.profile | |
| parent | Fixup 36 profiles (diff) | |
| download | firejail-3c3602fe4e747f3489c917f4de991c9043df9751.tar.gz firejail-3c3602fe4e747f3489c917f4de991c9043df9751.tar.zst firejail-3c3602fe4e747f3489c917f4de991c9043df9751.zip | |
Harden 25 profiles
Diffstat (limited to 'etc/tor.profile')
| -rw-r--r-- | etc/tor.profile | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/etc/tor.profile b/etc/tor.profile index 73577825a..fcb123eef 100644 --- a/etc/tor.profile +++ b/etc/tor.profile | |||
| @@ -23,16 +23,25 @@ include /etc/firejail/disable-programs.inc | |||
| 23 | 23 | ||
| 24 | caps.keep setuid,setgid,net_bind_service,dac_read_search | 24 | caps.keep setuid,setgid,net_bind_service,dac_read_search |
| 25 | ipc-namespace | 25 | ipc-namespace |
| 26 | netfilter | ||
| 26 | no3d | 27 | no3d |
| 28 | nodvd | ||
| 27 | nogroups | 29 | nogroups |
| 28 | nonewprivs | 30 | nonewprivs |
| 29 | nosound | 31 | nosound |
| 32 | notv | ||
| 33 | novideo | ||
| 34 | protocol unix,inet,inet6 | ||
| 30 | seccomp | 35 | seccomp |
| 31 | shell none | 36 | shell none |
| 32 | writable-var | 37 | writable-var |
| 33 | 38 | ||
| 39 | disable-mnt | ||
| 34 | private | 40 | private |
| 35 | private-bin tor,bash | 41 | private-bin tor,bash |
| 36 | private-dev | 42 | private-dev |
| 37 | private-etc tor,passwd | 43 | private-etc tor,passwd |
| 38 | private-tmp | 44 | private-tmp |
| 45 | |||
| 46 | noexec ${HOME} | ||
| 47 | noexec /tmp | ||