diff options
author | Tad <tad@spotco.us> | 2017-04-17 21:43:06 -0400 |
---|---|---|
committer | Tad <tad@spotco.us> | 2017-04-17 21:43:06 -0400 |
commit | 0502ac9cb515a763fd31814b47f19a8f3147122d (patch) | |
tree | a0d279d7fd89a9550f8b011eeed42f7d467717ea /etc | |
parent | Harden more profiles (diff) | |
download | firejail-0502ac9cb515a763fd31814b47f19a8f3147122d.tar.gz firejail-0502ac9cb515a763fd31814b47f19a8f3147122d.tar.zst firejail-0502ac9cb515a763fd31814b47f19a8f3147122d.zip |
Harden some more profiles
Diffstat (limited to 'etc')
-rw-r--r-- | etc/arduino.profile | 1 | ||||
-rw-r--r-- | etc/audacity.profile | 1 | ||||
-rw-r--r-- | etc/brasero.profile | 7 | ||||
-rw-r--r-- | etc/deadbeef.profile | 1 | ||||
-rw-r--r-- | etc/keepass.profile | 1 | ||||
-rw-r--r-- | etc/keepassxc.profile | 1 | ||||
-rw-r--r-- | etc/kodi.profile | 1 | ||||
-rw-r--r-- | etc/meld.profile | 1 | ||||
-rw-r--r-- | etc/viking.profile | 1 | ||||
-rw-r--r-- | etc/youtube-dl.profile | 3 |
10 files changed, 17 insertions, 1 deletions
diff --git a/etc/arduino.profile b/etc/arduino.profile index e80222bb6..570006de5 100644 --- a/etc/arduino.profile +++ b/etc/arduino.profile | |||
@@ -12,6 +12,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
12 | include /etc/firejail/disable-devel.inc | 12 | include /etc/firejail/disable-devel.inc |
13 | 13 | ||
14 | caps.drop all | 14 | caps.drop all |
15 | ipc-namespace | ||
15 | netfilter | 16 | netfilter |
16 | no3d | 17 | no3d |
17 | nogroups | 18 | nogroups |
diff --git a/etc/audacity.profile b/etc/audacity.profile index 779cd8cdb..29ea34acf 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
11 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | ipc-namespace | ||
14 | net none | 15 | net none |
15 | netfilter | 16 | netfilter |
16 | no3d | 17 | no3d |
diff --git a/etc/brasero.profile b/etc/brasero.profile index 6d84b0ca5..a15a54ddb 100644 --- a/etc/brasero.profile +++ b/etc/brasero.profile | |||
@@ -11,6 +11,8 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | ipc-namespace | ||
15 | net none | ||
14 | nogroups | 16 | nogroups |
15 | nonewprivs | 17 | nonewprivs |
16 | noroot | 18 | noroot |
@@ -22,6 +24,9 @@ shell none | |||
22 | tracelog | 24 | tracelog |
23 | 25 | ||
24 | # private-bin brasero | 26 | # private-bin brasero |
25 | # private-tmp | ||
26 | # private-dev | 27 | # private-dev |
27 | # private-etc fonts | 28 | # private-etc fonts |
29 | # private-tmp | ||
30 | |||
31 | noexec ${HOME} | ||
32 | noexec /tmp | ||
diff --git a/etc/deadbeef.profile b/etc/deadbeef.profile index efd8b463b..8bdc2a8bb 100644 --- a/etc/deadbeef.profile +++ b/etc/deadbeef.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | ipc-namespace | ||
14 | netfilter | 15 | netfilter |
15 | no3d | 16 | no3d |
16 | nogroups | 17 | nogroups |
diff --git a/etc/keepass.profile b/etc/keepass.profile index abe52eca3..9cfe63d42 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | 16 | ||
17 | caps.drop all | 17 | caps.drop all |
18 | ipc-namespace | ||
18 | netfilter | 19 | netfilter |
19 | no3d | 20 | no3d |
20 | nogroups | 21 | nogroups |
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index 369d4a5ae..7180cab95 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile | |||
@@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
15 | 15 | ||
16 | # To use KeePassHTTP, comment out `net none` | 16 | # To use KeePassHTTP, comment out `net none` |
17 | caps.drop all | 17 | caps.drop all |
18 | ipc-namespace | ||
18 | net none | 19 | net none |
19 | no3d | 20 | no3d |
20 | nogroups | 21 | nogroups |
diff --git a/etc/kodi.profile b/etc/kodi.profile index b81b010bf..75098e908 100644 --- a/etc/kodi.profile +++ b/etc/kodi.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-programs.inc | |||
11 | include /etc/firejail/disable-devel.inc | 11 | include /etc/firejail/disable-devel.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | ipc-namespace | ||
14 | netfilter | 15 | netfilter |
15 | nogroups | 16 | nogroups |
16 | nonewprivs | 17 | nonewprivs |
diff --git a/etc/meld.profile b/etc/meld.profile index 4b95b866d..c87358671 100644 --- a/etc/meld.profile +++ b/etc/meld.profile | |||
@@ -11,6 +11,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
11 | include /etc/firejail/disable-programs.inc | 11 | include /etc/firejail/disable-programs.inc |
12 | 12 | ||
13 | caps.drop all | 13 | caps.drop all |
14 | ipc-namespace | ||
14 | net none | 15 | net none |
15 | netfilter | 16 | netfilter |
16 | no3d | 17 | no3d |
diff --git a/etc/viking.profile b/etc/viking.profile index 2b68d731c..3eec5d823 100644 --- a/etc/viking.profile +++ b/etc/viking.profile | |||
@@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
13 | include /etc/firejail/disable-devel.inc | 13 | include /etc/firejail/disable-devel.inc |
14 | 14 | ||
15 | caps.drop all | 15 | caps.drop all |
16 | ipc-namespace | ||
16 | netfilter | 17 | netfilter |
17 | no3d | 18 | no3d |
18 | nogroups | 19 | nogroups |
diff --git a/etc/youtube-dl.profile b/etc/youtube-dl.profile index 720a27af2..2ba74105d 100644 --- a/etc/youtube-dl.profile +++ b/etc/youtube-dl.profile | |||
@@ -10,6 +10,7 @@ include /etc/firejail/disable-passwdmgr.inc | |||
10 | include /etc/firejail/disable-devel.inc | 10 | include /etc/firejail/disable-devel.inc |
11 | 11 | ||
12 | caps.drop all | 12 | caps.drop all |
13 | ipc-namespace | ||
13 | netfilter | 14 | netfilter |
14 | no3d | 15 | no3d |
15 | nogroups | 16 | nogroups |
@@ -19,6 +20,8 @@ nosound | |||
19 | protocol unix,inet,inet6 | 20 | protocol unix,inet,inet6 |
20 | seccomp | 21 | seccomp |
21 | shell none | 22 | shell none |
23 | tracelog | ||
24 | quiet | ||
22 | 25 | ||
23 | private-dev | 26 | private-dev |
24 | 27 | ||