diff options
author | Tad <tad@spotco.us> | 2017-04-15 08:57:13 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2017-04-15 15:25:08 -0400 |
commit | 90cd669eba680369c6ba8d96af194b70c8cc8706 (patch) | |
tree | 31c4d14fa5b56003b9898c8e6d19f03b7d91b091 /etc/xonotic.profile | |
parent | noblacklist .config/qt5ct (part 1) (diff) | |
download | firejail-90cd669eba680369c6ba8d96af194b70c8cc8706.tar.gz firejail-90cd669eba680369c6ba8d96af194b70c8cc8706.tar.zst firejail-90cd669eba680369c6ba8d96af194b70c8cc8706.zip |
Harden some profiles
Diffstat (limited to 'etc/xonotic.profile')
-rw-r--r-- | etc/xonotic.profile | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/etc/xonotic.profile b/etc/xonotic.profile index f2690c6c3..6bfb26484 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile | |||
@@ -23,7 +23,16 @@ include /etc/firejail/whitelist-common.inc | |||
23 | #Options | 23 | #Options |
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
26 | nogroups | ||
26 | nonewprivs | 27 | nonewprivs |
27 | noroot | 28 | noroot |
28 | protocol unix,inet,inet6 | 29 | protocol unix,inet,inet6 |
29 | seccomp | 30 | seccomp |
31 | shell none | ||
32 | |||
33 | private-bin xonotic-sdl,xonotic-glx,blind-id | ||
34 | private-dev | ||
35 | private-tmp | ||
36 | |||
37 | noexec ${HOME} | ||
38 | noexec /tmp | ||