diff options
author | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-04-13 12:23:22 +0200 |
---|---|---|
committer | rusty-snake <print_hello_world+Public@protonmail.com> | 2019-04-13 12:23:22 +0200 |
commit | 947337b257612a0291f883149f1e001ccf26112b (patch) | |
tree | 60f54ba8745b106c91aabf5e454ec577c2fe8112 /etc | |
parent | More disable-exec stuff (#2647) (diff) | |
download | firejail-947337b257612a0291f883149f1e001ccf26112b.tar.gz firejail-947337b257612a0291f883149f1e001ccf26112b.tar.zst firejail-947337b257612a0291f883149f1e001ccf26112b.zip |
More disable-exec and hardening
Diffstat (limited to 'etc')
-rw-r--r-- | etc/default.profile | 3 | ||||
-rw-r--r-- | etc/display.profile | 1 | ||||
-rw-r--r-- | etc/etr.profile | 11 | ||||
-rw-r--r-- | etc/feh.profile | 1 |
4 files changed, 14 insertions, 2 deletions
diff --git a/etc/default.profile b/etc/default.profile index 3eacf9546..95a6e8095 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
@@ -19,6 +19,8 @@ include disable-programs.inc | |||
19 | # apparmor | 19 | # apparmor |
20 | caps.drop all | 20 | caps.drop all |
21 | # ipc-namespace | 21 | # ipc-namespace |
22 | # machine-id | ||
23 | # net none | ||
22 | netfilter | 24 | netfilter |
23 | # no3d | 25 | # no3d |
24 | # nodbus | 26 | # nodbus |
@@ -33,6 +35,7 @@ noroot | |||
33 | protocol unix,inet,inet6 | 35 | protocol unix,inet,inet6 |
34 | seccomp | 36 | seccomp |
35 | # shell none | 37 | # shell none |
38 | # tracelog | ||
36 | 39 | ||
37 | # disable-mnt | 40 | # disable-mnt |
38 | # private | 41 | # private |
diff --git a/etc/display.profile b/etc/display.profile index e66fa3ae9..0bab32db1 100644 --- a/etc/display.profile +++ b/etc/display.profile | |||
@@ -17,6 +17,7 @@ noblacklist /usr/local/lib/python3* | |||
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
20 | include disable-exec.inc | ||
20 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
22 | include disable-programs.inc | 23 | include disable-programs.inc |
diff --git a/etc/etr.profile b/etc/etr.profile index cf13a42de..d93d3de63 100644 --- a/etc/etr.profile +++ b/etc/etr.profile | |||
@@ -8,14 +8,18 @@ include globals.local | |||
8 | noblacklist ${HOME}/.etr | 8 | noblacklist ${HOME}/.etr |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-exec.inc | ||
12 | include disable-interpreters.inc | ||
11 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
12 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | include disable-xdg.inc | ||
13 | 16 | ||
14 | mkdir ${HOME}/.etr | 17 | mkdir ${HOME}/.etr |
15 | whitelist ${HOME}/.etr | 18 | whitelist ${HOME}/.etr |
16 | include whitelist-common.inc | 19 | include whitelist-common.inc |
17 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
18 | 21 | ||
22 | apparmor | ||
19 | caps.drop all | 23 | caps.drop all |
20 | net none | 24 | net none |
21 | nodbus | 25 | nodbus |
@@ -28,8 +32,11 @@ nou2f | |||
28 | protocol unix,netlink | 32 | protocol unix,netlink |
29 | seccomp | 33 | seccomp |
30 | shell none | 34 | shell none |
35 | tracelog | ||
31 | 36 | ||
32 | # private-bin etr | 37 | disable-mnt |
38 | private-bin etr | ||
39 | private-cache | ||
33 | private-dev | 40 | private-dev |
34 | # private-etc alternatives | 41 | # private-etc alternatives,drirc,machine-id,openal |
35 | private-tmp | 42 | private-tmp |
diff --git a/etc/feh.profile b/etc/feh.profile index f020bace5..6a8071c28 100644 --- a/etc/feh.profile +++ b/etc/feh.profile | |||
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | ||
11 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
12 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
13 | include disable-programs.inc | 14 | include disable-programs.inc |