diff options
author | curiosityseeker <60518106+curiosityseeker@users.noreply.github.com> | 2020-04-04 13:54:36 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-04 13:54:36 +0200 |
commit | 6d308b36d528cf5381415a33428172b62b953e47 (patch) | |
tree | a524d65ddd2bf40b933a41f24f4aeb652feaa0a9 /etc | |
parent | Harden thunderbird.profile (diff) | |
download | firejail-6d308b36d528cf5381415a33428172b62b953e47.tar.gz firejail-6d308b36d528cf5381415a33428172b62b953e47.tar.zst firejail-6d308b36d528cf5381415a33428172b62b953e47.zip |
Harden signal-desktop.profile and add rules for Firefox
Diffstat (limited to 'etc')
-rw-r--r-- | etc/signal-desktop.profile | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile index f810a37ec..25932720b 100644 --- a/etc/signal-desktop.profile +++ b/etc/signal-desktop.profile | |||
@@ -9,6 +9,11 @@ ignore noexec /tmp | |||
9 | 9 | ||
10 | noblacklist ${HOME}/.config/Signal | 10 | noblacklist ${HOME}/.config/Signal |
11 | 11 | ||
12 | # These lines are needed to allow Firefox to open links | ||
13 | noblacklist ${HOME}/.mozilla | ||
14 | whitelist ${HOME}/.mozilla/firefox/profiles.ini | ||
15 | read-only ${HOME}/.mozilla/firefox/profiles.ini | ||
16 | |||
12 | include disable-common.inc | 17 | include disable-common.inc |
13 | include disable-devel.inc | 18 | include disable-devel.inc |
14 | include disable-exec.inc | 19 | include disable-exec.inc |
@@ -22,8 +27,10 @@ whitelist ${HOME}/.config/Signal | |||
22 | include whitelist-common.inc | 27 | include whitelist-common.inc |
23 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
24 | 29 | ||
30 | apparmor | ||
25 | caps.keep sys_admin,sys_chroot | 31 | caps.keep sys_admin,sys_chroot |
26 | netfilter | 32 | netfilter |
33 | nodbus | ||
27 | nodvd | 34 | nodvd |
28 | nogroups | 35 | nogroups |
29 | notv | 36 | notv |