Harden signal-desktop.profile and add rules for Firefox

author: curiosityseeker <60518106+curiosityseeker@users.noreply.github.com> 2020-04-04 13:54:36 +0200
committer: GitHub <noreply@github.com> 2020-04-04 13:54:36 +0200
commit: 6d308b36d528cf5381415a33428172b62b953e47 (patch)
tree: a524d65ddd2bf40b933a41f24f4aeb652feaa0a9 /etc
parent: Harden thunderbird.profile (diff)
download: firejail-6d308b36d528cf5381415a33428172b62b953e47.tar.gz
firejail-6d308b36d528cf5381415a33428172b62b953e47.tar.zst
firejail-6d308b36d528cf5381415a33428172b62b953e47.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile
index f810a37ec..25932720b 100644
--- a/etc/signal-desktop.profile
+++ b/etc/signal-desktop.profile
@@ -9,6 +9,11 @@ ignore noexec /tmp
 noblacklist ${HOME}/.config/Signal
+# These lines are needed to allow Firefox to open links
+noblacklist ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+read-only ${HOME}/.mozilla/firefox/profiles.ini
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -22,8 +27,10 @@ whitelist ${HOME}/.config/Signal
 include whitelist-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.keep sys_admin,sys_chroot
 netfilter
+nodbus
 nodvd
 nogroups
 notv
author	curiosityseeker <60518106+curiosityseeker@users.noreply.github.com>	2020-04-04 13:54:36 +0200
committer	GitHub <noreply@github.com>	2020-04-04 13:54:36 +0200
commit	6d308b36d528cf5381415a33428172b62b953e47 (patch)
tree	a524d65ddd2bf40b933a41f24f4aeb652feaa0a9 /etc
parent	Harden thunderbird.profile (diff)
download	firejail-6d308b36d528cf5381415a33428172b62b953e47.tar.gz firejail-6d308b36d528cf5381415a33428172b62b953e47.tar.zst firejail-6d308b36d528cf5381415a33428172b62b953e47.zip

diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile index f810a37ec..25932720b 100644 --- a/etc/signal-desktop.profile +++ b/etc/signal-desktop.profile
@@ -9,6 +9,11 @@ ignore noexec /tmp
9		9
10	noblacklist ${HOME}/.config/Signal	10	noblacklist ${HOME}/.config/Signal
11		11
		12	# These lines are needed to allow Firefox to open links
		13	noblacklist ${HOME}/.mozilla
		14	whitelist ${HOME}/.mozilla/firefox/profiles.ini
		15	read-only ${HOME}/.mozilla/firefox/profiles.ini
		16
12	include disable-common.inc	17	include disable-common.inc
13	include disable-devel.inc	18	include disable-devel.inc
14	include disable-exec.inc	19	include disable-exec.inc
@@ -22,8 +27,10 @@ whitelist ${HOME}/.config/Signal
22	include whitelist-common.inc	27	include whitelist-common.inc
23	include whitelist-var-common.inc	28	include whitelist-var-common.inc
24		29
		30	apparmor
25	caps.keep sys_admin,sys_chroot	31	caps.keep sys_admin,sys_chroot
26	netfilter	32	netfilter
		33	nodbus
27	nodvd	34	nodvd
28	nogroups	35	nogroups
29	notv	36	notv