Tighten multiple profiles.

This adds whitelist-var-common, machine-id, memory-deny-write-execute, and noexec home and tmp when possible.
author: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2017-10-04 16:24:36 -0500
committer: Fred-Barclay <Fred-Barclay@users.noreply.github.com> 2017-10-04 16:24:36 -0500
commit: c6259375dff79484b9f3d587da9fbfa76a3b68b9 (patch)
tree: 1b7c010c2f6b0886ccd7a537bb146f7f46cb1d7f /etc/xed.profile
parent: Tighten spotify profile (diff)
download: firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.gz
firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.zst
firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/xed.profile b/etc/xed.profile
index 42a42ef5f..bb8b0bf23 100644
--- a/etc/xed.profile
+++ b/etc/xed.profile
@@ -12,8 +12,11 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 # net none - makes settings immutable
+machine-id
 no3d
 nodvd
 nogroups
@@ -32,5 +35,6 @@ private-dev
 # private-etc fonts
 private-tmp
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
author	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2017-10-04 16:24:36 -0500
committer	Fred-Barclay <Fred-Barclay@users.noreply.github.com>	2017-10-04 16:24:36 -0500
commit	c6259375dff79484b9f3d587da9fbfa76a3b68b9 (patch)
tree	1b7c010c2f6b0886ccd7a537bb146f7f46cb1d7f /etc/xed.profile
parent	Tighten spotify profile (diff)
download	firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.gz firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.tar.zst firejail-c6259375dff79484b9f3d587da9fbfa76a3b68b9.zip

diff --git a/etc/xed.profile b/etc/xed.profile index 42a42ef5f..bb8b0bf23 100644 --- a/etc/xed.profile +++ b/etc/xed.profile
@@ -12,8 +12,11 @@ include /etc/firejail/disable-devel.inc
12	include /etc/firejail/disable-passwdmgr.inc	12	include /etc/firejail/disable-passwdmgr.inc
13	include /etc/firejail/disable-programs.inc	13	include /etc/firejail/disable-programs.inc
14		14
		15	include /etc/firejail/whitelist-var-common.inc
		16
15	caps.drop all	17	caps.drop all
16	# net none - makes settings immutable	18	# net none - makes settings immutable
		19	machine-id
17	no3d	20	no3d
18	nodvd	21	nodvd
19	nogroups	22	nogroups
@@ -32,5 +35,6 @@ private-dev
32	# private-etc fonts	35	# private-etc fonts
33	private-tmp	36	private-tmp
34		37
		38	memory-deny-write-execute
35	noexec ${HOME}	39	noexec ${HOME}
36	noexec /tmp	40	noexec /tmp