diff options
author | Tad <tad@spotco.us> | 2017-04-15 16:07:25 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2017-04-15 16:07:25 -0400 |
commit | b7d51c2df6fb62d7830bdd3a873fff618adb00dc (patch) | |
tree | b7970715f4f36fda11c39c34655fded68b354230 /etc/totem.profile | |
parent | Harden dino (diff) | |
download | firejail-b7d51c2df6fb62d7830bdd3a873fff618adb00dc.tar.gz firejail-b7d51c2df6fb62d7830bdd3a873fff618adb00dc.tar.zst firejail-b7d51c2df6fb62d7830bdd3a873fff618adb00dc.zip |
Harden 19 more profiles
Diffstat (limited to 'etc/totem.profile')
-rw-r--r-- | etc/totem.profile | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/etc/totem.profile b/etc/totem.profile index 0b3942cf0..fadfbb00b 100644 --- a/etc/totem.profile +++ b/etc/totem.profile | |||
@@ -12,8 +12,18 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | netfilter | ||
16 | nogroups | ||
15 | nonewprivs | 17 | nonewprivs |
16 | noroot | 18 | noroot |
17 | netfilter | ||
18 | protocol unix,inet,inet6 | 19 | protocol unix,inet,inet6 |
19 | seccomp | 20 | seccomp |
21 | shell none | ||
22 | |||
23 | private-bin totem | ||
24 | private-dev | ||
25 | private-etc fonts | ||
26 | private-tmp | ||
27 | |||
28 | noexec ${HOME} | ||
29 | noexec /tmp | ||