diff options
author | Nex <nex@nex.sx> | 2020-12-29 17:53:40 +0100 |
---|---|---|
committer | Nex <nex@nex.sx> | 2020-12-29 17:53:40 +0100 |
commit | d60281e009d13ca997a1b2e2483a6a52f5355370 (patch) | |
tree | f3235c6d2c30a7802199a6180b314a3f96b0be27 /etc | |
parent | Added some more restrictions to coyim profile (diff) | |
download | firejail-d60281e009d13ca997a1b2e2483a6a52f5355370.tar.gz firejail-d60281e009d13ca997a1b2e2483a6a52f5355370.tar.zst firejail-d60281e009d13ca997a1b2e2483a6a52f5355370.zip |
Implementing some of the suggested changes from #3853
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/profile-a-l/coyim.profile | 6 |
2 files changed, 4 insertions, 3 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 07fefec8c..a2d45a98d 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -191,6 +191,7 @@ blacklist ${HOME}/.config/cmus | |||
191 | blacklist ${HOME}/.config/com.github.bleakgrey.tootle | 191 | blacklist ${HOME}/.config/com.github.bleakgrey.tootle |
192 | blacklist ${HOME}/.config/corebird | 192 | blacklist ${HOME}/.config/corebird |
193 | blacklist ${HOME}/.config/cower | 193 | blacklist ${HOME}/.config/cower |
194 | blacklist ${HOME}/.config/coyim | ||
194 | blacklist ${HOME}/.config/darktable | 195 | blacklist ${HOME}/.config/darktable |
195 | blacklist ${HOME}/.config/deadbeef | 196 | blacklist ${HOME}/.config/deadbeef |
196 | blacklist ${HOME}/.config/deluge | 197 | blacklist ${HOME}/.config/deluge |
diff --git a/etc/profile-a-l/coyim.profile b/etc/profile-a-l/coyim.profile index 2ca6c20f8..80aae097e 100644 --- a/etc/profile-a-l/coyim.profile +++ b/etc/profile-a-l/coyim.profile | |||
@@ -15,11 +15,11 @@ include disable-interpreters.inc | |||
15 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-shell.inc | 17 | include disable-shell.inc |
18 | include disable-write-mnt.inc | ||
19 | include disable-xdg.inc | 18 | include disable-xdg.inc |
20 | 19 | ||
21 | mkdir ${HOME}/.config/coyim | 20 | mkdir ${HOME}/.config/coyim |
22 | whitelist ${HOME}/.config/coyim | 21 | whitelist ${HOME}/.config/coyim |
22 | include whitelist-common.inc | ||
23 | 23 | ||
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
@@ -37,10 +37,10 @@ tracelog | |||
37 | disable-mnt | 37 | disable-mnt |
38 | private-cache | 38 | private-cache |
39 | private-dev | 39 | private-dev |
40 | private-etc alternatives,ca-certificates,crypto-policies,fonts,ssl | 40 | private-etc alternatives,ca-certificates,crypto-policies,fonts,machine-id,pki,ssl |
41 | private-tmp | 41 | private-tmp |
42 | 42 | ||
43 | dbus-user none | 43 | dbus-user none |
44 | dbus-system none | 44 | dbus-system none |
45 | 45 | ||
46 | memory-deny-write-execute | 46 | #memory-deny-write-execute |