diff options
| author |  glitsj16 <glitsj16@users.noreply.github.com> | 2019-02-25 00:40:00 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2019-02-25 00:40:00 +0000 |
| commit | 591347192c0b2e0fb89869ce88043a03b7f2ac73 (patch) | |
| tree | d46453622d79badd7fe784a77a084c0a5eae3b26 /etc | |
| parent | Harden eog.profile (#2469) (diff) | |
| download | firejail-591347192c0b2e0fb89869ce88043a03b7f2ac73.tar.gz firejail-591347192c0b2e0fb89869ce88043a03b7f2ac73.tar.zst firejail-591347192c0b2e0fb89869ce88043a03b7f2ac73.zip | |
Harden gpicview.profile (#2470)
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/gpicview.profile | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/etc/gpicview.profile b/etc/gpicview.profile index af9680b49..2d369fbd8 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile | |||
| @@ -14,9 +14,10 @@ include disable-interpreters.inc | |||
| 14 | include disable-passwdmgr.inc | 14 | include disable-passwdmgr.inc |
| 15 | include disable-programs.inc | 15 | include disable-programs.inc |
| 16 | 16 | ||
| 17 | include whitelist-var-common.inc | 17 | apparmor |
| 18 | |||
| 19 | caps.drop all | 18 | caps.drop all |
| 19 | ipc-namespace | ||
| 20 | machine-id | ||
| 20 | net none | 21 | net none |
| 21 | nodbus | 22 | nodbus |
| 22 | nodvd | 23 | nodvd |
| @@ -33,7 +34,12 @@ shell none | |||
| 33 | tracelog | 34 | tracelog |
| 34 | 35 | ||
| 35 | private-bin gpicview | 36 | private-bin gpicview |
| 37 | private-cache | ||
| 36 | private-dev | 38 | private-dev |
| 37 | private-etc alternatives,fonts | 39 | private-etc alternatives,fonts,groups,passwd |
| 38 | private-lib | 40 | private-lib |
| 39 | private-tmp | 41 | private-tmp |
| 42 | |||
| 43 | memory-deny-write-execute | ||
| 44 | noexec ${HOME} | ||
| 45 | noexec /tmp | ||