diff options
author | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-10-04 16:24:36 -0500 |
---|---|---|
committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-10-04 16:24:36 -0500 |
commit | c6259375dff79484b9f3d587da9fbfa76a3b68b9 (patch) | |
tree | 1b7c010c2f6b0886ccd7a537bb146f7f46cb1d7f /etc/xed.profile | |
parent | Tighten spotify profile (diff) | |
download | firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.gz firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.zst firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.zip |
Tighten multiple profiles.
This adds whitelist-var-common, machine-id, memory-deny-write-execute,
and noexec home and tmp when possible.
Diffstat (limited to 'etc/xed.profile')
-rw-r--r-- | etc/xed.profile | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/xed.profile b/etc/xed.profile index 42a42ef5f..bb8b0bf23 100644 --- a/etc/xed.profile +++ b/etc/xed.profile | |||
@@ -12,8 +12,11 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | include /etc/firejail/whitelist-var-common.inc | ||
16 | |||
15 | caps.drop all | 17 | caps.drop all |
16 | # net none - makes settings immutable | 18 | # net none - makes settings immutable |
19 | machine-id | ||
17 | no3d | 20 | no3d |
18 | nodvd | 21 | nodvd |
19 | nogroups | 22 | nogroups |
@@ -32,5 +35,6 @@ private-dev | |||
32 | # private-etc fonts | 35 | # private-etc fonts |
33 | private-tmp | 36 | private-tmp |
34 | 37 | ||
38 | memory-deny-write-execute | ||
35 | noexec ${HOME} | 39 | noexec ${HOME} |
36 | noexec /tmp | 40 | noexec /tmp |