diff options
author | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-06-13 13:47:43 +0200 |
---|---|---|
committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-06-13 13:47:43 +0200 |
commit | 064bd8610f87c5c50d73fa8afb5332db34b1e771 (patch) | |
tree | 346001d66cefd2a9ededbacd0feb0615dcdb1d80 /etc | |
parent | fix youtube-dl (diff) | |
download | firejail-064bd8610f87c5c50d73fa8afb5332db34b1e771.tar.gz firejail-064bd8610f87c5c50d73fa8afb5332db34b1e771.tar.zst firejail-064bd8610f87c5c50d73fa8afb5332db34b1e771.zip |
hardening & fixing
Diffstat (limited to 'etc')
-rw-r--r-- | etc/disable-common.inc | 1 | ||||
-rw-r--r-- | etc/inkscape.profile | 2 | ||||
-rw-r--r-- | etc/meld.profile | 10 |
3 files changed, 12 insertions, 1 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index b3d4b710a..a900263ff 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -299,6 +299,7 @@ blacklist ${HOME}/.ecryptfs | |||
299 | blacklist ${HOME}/.fetchmailrc | 299 | blacklist ${HOME}/.fetchmailrc |
300 | blacklist ${HOME}/.gnome2/keyrings | 300 | blacklist ${HOME}/.gnome2/keyrings |
301 | blacklist ${HOME}/.gnupg | 301 | blacklist ${HOME}/.gnupg |
302 | blacklist ${HOME}/.config/hub | ||
302 | blacklist ${HOME}/.kde/share/apps/kwallet | 303 | blacklist ${HOME}/.kde/share/apps/kwallet |
303 | blacklist ${HOME}/.kde4/share/apps/kwallet | 304 | blacklist ${HOME}/.kde4/share/apps/kwallet |
304 | blacklist ${HOME}/.local/share/keyrings | 305 | blacklist ${HOME}/.local/share/keyrings |
diff --git a/etc/inkscape.profile b/etc/inkscape.profile index bc0377e53..a1b3bce23 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile | |||
@@ -43,8 +43,10 @@ novideo | |||
43 | protocol unix | 43 | protocol unix |
44 | seccomp | 44 | seccomp |
45 | shell none | 45 | shell none |
46 | tracelog | ||
46 | 47 | ||
47 | # private-bin inkscape,potrace,python* - problems on Debian stretch | 48 | # private-bin inkscape,potrace,python* - problems on Debian stretch |
49 | private-cache | ||
48 | private-dev | 50 | private-dev |
49 | private-tmp | 51 | private-tmp |
50 | 52 | ||
diff --git a/etc/meld.profile b/etc/meld.profile index 34b1f22de..321b92cd5 100644 --- a/etc/meld.profile +++ b/etc/meld.profile | |||
@@ -6,6 +6,13 @@ include meld.local | |||
6 | # Persistent global definitions | 6 | # Persistent global definitions |
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | # If you want to use meld as git-mergetool (and may some other VCS integrations) you need | ||
10 | # to bypass firejail, you can do this by removing the symlink or call it by its absolut path | ||
11 | # Removing the symlink: | ||
12 | # sudo rm /usr/local/bin/meld | ||
13 | # Calling by its absolut path (example for git-mergetoll): | ||
14 | # git config --global mergetool.meld.cmd /usr/bin/meld | ||
15 | |||
9 | noblacklist ${HOME}/.config/git | 16 | noblacklist ${HOME}/.config/git |
10 | noblacklist ${HOME}/.gitconfig | 17 | noblacklist ${HOME}/.gitconfig |
11 | noblacklist ${HOME}/.git-credentials | 18 | noblacklist ${HOME}/.git-credentials |
@@ -26,7 +33,8 @@ include disable-passwdmgr.inc | |||
26 | # Uncomment the next line (or put it into your meld.local) if you don't need to compare files in disable-programs.inc. | 33 | # Uncomment the next line (or put it into your meld.local) if you don't need to compare files in disable-programs.inc. |
27 | #include disable-programs.inc | 34 | #include disable-programs.inc |
28 | 35 | ||
29 | include whitelist-var-common.inc | 36 | # Uncomment the next line (or put it into your meld.local) if you don't need to compare files in /var. |
37 | #include whitelist-var-common.inc | ||
30 | 38 | ||
31 | apparmor | 39 | apparmor |
32 | caps.drop all | 40 | caps.drop all |