diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2020-01-02 20:58:56 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-01-02 20:58:56 +0000 |
commit | 4bb5f58ae402cc2c03aeea538c15e509b1744c2f (patch) | |
tree | ce9bb3aea8b345ccae0429be3a01b2a0916702c6 /etc | |
parent | Harden artha.profile (diff) | |
download | firejail-4bb5f58ae402cc2c03aeea538c15e509b1744c2f.tar.gz firejail-4bb5f58ae402cc2c03aeea538c15e509b1744c2f.tar.zst firejail-4bb5f58ae402cc2c03aeea538c15e509b1744c2f.zip |
Additional hardening for whois
Diffstat (limited to 'etc')
-rw-r--r-- | etc/whois.profile | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/etc/whois.profile b/etc/whois.profile index b993264a5..bd0870bea 100644 --- a/etc/whois.profile +++ b/etc/whois.profile | |||
@@ -7,19 +7,23 @@ include whois.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | |||
10 | include disable-common.inc | 12 | include disable-common.inc |
11 | # include disable-devel.inc | 13 | include disable-devel.inc |
12 | include disable-exec.inc | 14 | include disable-exec.inc |
13 | # include disable-interpreters.inc | 15 | include disable-interpreters.inc |
14 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 17 | include disable-programs.inc |
16 | #include disable-xdg.inc | 18 | include disable-xdg.inc |
17 | 19 | ||
18 | include whitelist-usr-share-common.inc | 20 | include whitelist-usr-share-common.inc |
19 | include whitelist-var-common.inc | 21 | include whitelist-var-common.inc |
20 | 22 | ||
21 | caps.drop all | 23 | caps.drop all |
22 | # ipc-namespace | 24 | hostname whois |
25 | ipc-namespace | ||
26 | machine-id | ||
23 | netfilter | 27 | netfilter |
24 | no3d | 28 | no3d |
25 | nodbus | 29 | nodbus |
@@ -41,7 +45,7 @@ private | |||
41 | private-bin bash,sh,whois | 45 | private-bin bash,sh,whois |
42 | private-cache | 46 | private-cache |
43 | private-dev | 47 | private-dev |
44 | # private-etc alternatives,hosts,services,whois.conf | 48 | private-etc alternatives,hosts,jwhois.conf,services,whois.conf |
45 | private-lib | 49 | private-lib |
46 | private-tmp | 50 | private-tmp |
47 | 51 | ||