diff options
| author |  smitsohu <smitsohu@gmail.com> | 2020-02-09 17:03:46 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2020-02-09 17:03:46 +0100 |
| commit | 1f9c96d75b61cb8d0e568af973a7548df16c385c (patch) | |
| tree | 5e3e3d13ec72383742cc48e58d629148c3ad1a32 /etc | |
| parent | simplescreenrecorder.profile (diff) | |
| download | firejail-1f9c96d75b61cb8d0e568af973a7548df16c385c.tar.gz firejail-1f9c96d75b61cb8d0e568af973a7548df16c385c.tar.zst firejail-1f9c96d75b61cb8d0e568af973a7548df16c385c.zip | |
harden wine
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/disable-programs.inc | 1 | ||||
| -rw-r--r-- | etc/wine.profile | 4 |
2 files changed, 5 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 415b3beb6..02751a818 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -701,6 +701,7 @@ blacklist ${HOME}/.xpdfrc | |||
| 701 | blacklist ${HOME}/.zoom | 701 | blacklist ${HOME}/.zoom |
| 702 | blacklist /tmp/akonadi-* | 702 | blacklist /tmp/akonadi-* |
| 703 | blacklist /tmp/ssh-* | 703 | blacklist /tmp/ssh-* |
| 704 | blacklist /tmp/.wine-* | ||
| 704 | blacklist /var/games/nethack | 705 | blacklist /var/games/nethack |
| 705 | blacklist /var/games/slashem | 706 | blacklist /var/games/slashem |
| 706 | blacklist /var/games/vulturesclaw | 707 | blacklist /var/games/vulturesclaw |
diff --git a/etc/wine.profile b/etc/wine.profile index 67e3952e1..901340052 100644 --- a/etc/wine.profile +++ b/etc/wine.profile | |||
| @@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/Steam | |||
| 11 | noblacklist ${HOME}/.local/share/steam | 11 | noblacklist ${HOME}/.local/share/steam |
| 12 | noblacklist ${HOME}/.steam | 12 | noblacklist ${HOME}/.steam |
| 13 | noblacklist ${HOME}/.wine | 13 | noblacklist ${HOME}/.wine |
| 14 | noblacklist /tmp/.wine-* | ||
| 14 | 15 | ||
| 15 | include disable-common.inc | 16 | include disable-common.inc |
| 16 | include disable-devel.inc | 17 | include disable-devel.inc |
| @@ -18,6 +19,8 @@ include disable-interpreters.inc | |||
| 18 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
| 19 | include disable-programs.inc | 20 | include disable-programs.inc |
| 20 | 21 | ||
| 22 | include whitelist-var-common.inc | ||
| 23 | |||
| 21 | # some applications don't need allow-debuggers, comment the next line | 24 | # some applications don't need allow-debuggers, comment the next line |
| 22 | # if it is not necessary (or put 'ignore allow-debuggers' in your wine.local) | 25 | # if it is not necessary (or put 'ignore allow-debuggers' in your wine.local) |
| 23 | allow-debuggers | 26 | allow-debuggers |
| @@ -28,6 +31,7 @@ nodvd | |||
| 28 | nogroups | 31 | nogroups |
| 29 | nonewprivs | 32 | nonewprivs |
| 30 | noroot | 33 | noroot |
| 34 | # nosound | ||
| 31 | notv | 35 | notv |
| 32 | # novideo | 36 | # novideo |
| 33 | seccomp | 37 | seccomp |