Harden some profiles

author: Tad <tad@spotco.us> 2017-04-15 08:57:13 -0400
committer: Tad <tad@spotco.us> 2017-04-15 15:25:08 -0400
commit: 90cd669eba680369c6ba8d96af194b70c8cc8706 (patch)
tree: 31c4d14fa5b56003b9898c8e6d19f03b7d91b091 /etc/xonotic.profile
parent: noblacklist .config/qt5ct (part 1) (diff)
download: firejail-90cd669eba680369c6ba8d96af194b70c8cc8706.tar.gz
firejail-90cd669eba680369c6ba8d96af194b70c8cc8706.tar.zst
firejail-90cd669eba680369c6ba8d96af194b70c8cc8706.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/etc/xonotic.profile b/etc/xonotic.profile
index f2690c6c3..6bfb26484 100644
--- a/etc/xonotic.profile
+++ b/etc/xonotic.profile
@@ -23,7 +23,16 @@ include /etc/firejail/whitelist-common.inc
 #Options
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
+shell none
+private-bin xonotic-sdl,xonotic-glx,blind-id
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
author	Tad <tad@spotco.us>	2017-04-15 08:57:13 -0400
committer	Tad <tad@spotco.us>	2017-04-15 15:25:08 -0400
commit	90cd669eba680369c6ba8d96af194b70c8cc8706 (patch)
tree	31c4d14fa5b56003b9898c8e6d19f03b7d91b091 /etc/xonotic.profile
parent	noblacklist .config/qt5ct (part 1) (diff)
download	firejail-90cd669eba680369c6ba8d96af194b70c8cc8706.tar.gz firejail-90cd669eba680369c6ba8d96af194b70c8cc8706.tar.zst firejail-90cd669eba680369c6ba8d96af194b70c8cc8706.zip

diff --git a/etc/xonotic.profile b/etc/xonotic.profile index f2690c6c3..6bfb26484 100644 --- a/etc/xonotic.profile +++ b/etc/xonotic.profile
@@ -23,7 +23,16 @@ include /etc/firejail/whitelist-common.inc
23	#Options	23	#Options
24	caps.drop all	24	caps.drop all
25	netfilter	25	netfilter
		26	nogroups
26	nonewprivs	27	nonewprivs
27	noroot	28	noroot
28	protocol unix,inet,inet6	29	protocol unix,inet,inet6
29	seccomp	30	seccomp
		31	shell none
		32
		33	private-bin xonotic-sdl,xonotic-glx,blind-id
		34	private-dev
		35	private-tmp
		36
		37	noexec ${HOME}
		38	noexec /tmp