Refactor pidgin as whitelist profile (#2620)

author: glitsj16 <glitsj16@users.noreply.github.com> 2019-03-27 03:01:48 +0000
committer: GitHub <noreply@github.com> 2019-03-27 03:01:48 +0000
commit: e401fdacf99d792434af8bb052e3b22979c12d8b (patch)
tree: c406b1ee89c7194610542b04657991dd2164061a /etc
parent: mount runtime seccomp files read-only (#2602) (diff)
download: firejail-e401fdacf99d792434af8bb052e3b22979c12d8b.tar.gz
firejail-e401fdacf99d792434af8bb052e3b22979c12d8b.tar.zst
firejail-e401fdacf99d792434af8bb052e3b22979c12d8b.zip
1 files changed, 12 insertions, 5 deletions
diff --git a/etc/pidgin.profile b/etc/pidgin.profile
index 91a204557..444478149 100644
--- a/etc/pidgin.profile
+++ b/etc/pidgin.profile
@@ -6,14 +6,24 @@ include pidgin.local
 # Persistent global definitions
 include globals.local
+mkdir ${HOME}/.purple
 noblacklist ${HOME}/.purple
+whitelist ${HOME}/.purple
+ignore noexec ${RUNUSER}
+ignore noexec /dev/shm
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
+include whitelist-common.inc
+include whitelist-var-common.inc
+apparmor
 caps.drop all
 netfilter
 nodvd
@@ -24,13 +34,10 @@ notv
 nou2f
 protocol unix,inet,inet6
 seccomp
-shell none
+# shell none
 tracelog
-private-bin pidgin
+# private-bin pidgin
 private-cache
 private-dev
 private-tmp
-noexec ${HOME}
-noexec /tmp
author	glitsj16 <glitsj16@users.noreply.github.com>	2019-03-27 03:01:48 +0000
committer	GitHub <noreply@github.com>	2019-03-27 03:01:48 +0000
commit	e401fdacf99d792434af8bb052e3b22979c12d8b (patch)
tree	c406b1ee89c7194610542b04657991dd2164061a /etc
parent	mount runtime seccomp files read-only (#2602) (diff)
download	firejail-e401fdacf99d792434af8bb052e3b22979c12d8b.tar.gz firejail-e401fdacf99d792434af8bb052e3b22979c12d8b.tar.zst firejail-e401fdacf99d792434af8bb052e3b22979c12d8b.zip

diff --git a/etc/pidgin.profile b/etc/pidgin.profile index 91a204557..444478149 100644 --- a/etc/pidgin.profile +++ b/etc/pidgin.profile
@@ -6,14 +6,24 @@ include pidgin.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include globals.local	7	include globals.local
8		8
		9	mkdir ${HOME}/.purple
9	noblacklist ${HOME}/.purple	10	noblacklist ${HOME}/.purple
		11	whitelist ${HOME}/.purple
		12
		13	ignore noexec ${RUNUSER}
		14	ignore noexec /dev/shm
10		15
11	include disable-common.inc	16	include disable-common.inc
12	include disable-devel.inc	17	include disable-devel.inc
		18	include disable-exec.inc
13	include disable-interpreters.inc	19	include disable-interpreters.inc
14	include disable-passwdmgr.inc	20	include disable-passwdmgr.inc
15	include disable-programs.inc	21	include disable-programs.inc
		22	include disable-xdg.inc
		23	include whitelist-common.inc
		24	include whitelist-var-common.inc
16		25
		26	apparmor
17	caps.drop all	27	caps.drop all
18	netfilter	28	netfilter
19	nodvd	29	nodvd
@@ -24,13 +34,10 @@ notv
24	nou2f	34	nou2f
25	protocol unix,inet,inet6	35	protocol unix,inet,inet6
26	seccomp	36	seccomp
27	shell none	37	# shell none
28	tracelog	38	tracelog
29		39
30	private-bin pidgin	40	# private-bin pidgin
31	private-cache	41	private-cache
32	private-dev	42	private-dev
33	private-tmp	43	private-tmp
34
35	noexec ${HOME}
36	noexec /tmp