diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2022-10-03 18:32:54 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-10-03 18:32:54 +0000 |
commit | 669c18c606893be64011d6b76763243db1b79b9c (patch) | |
tree | 36572bbb53a90672c95782135e0817672b8cfaad /etc | |
parent | Fix D-Bus mpris support (diff) | |
download | firejail-669c18c606893be64011d6b76763243db1b79b9c.tar.gz firejail-669c18c606893be64011d6b76763243db1b79b9c.tar.zst firejail-669c18c606893be64011d6b76763243db1b79b9c.zip |
Harden qutebrowser
Diffstat (limited to 'etc')
-rw-r--r-- | etc/profile-m-z/qutebrowser.profile | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/etc/profile-m-z/qutebrowser.profile b/etc/profile-m-z/qutebrowser.profile index 5b254c58b..ae62c0b89 100644 --- a/etc/profile-m-z/qutebrowser.profile +++ b/etc/profile-m-z/qutebrowser.profile | |||
@@ -10,6 +10,9 @@ noblacklist ${HOME}/.cache/qutebrowser | |||
10 | noblacklist ${HOME}/.config/qutebrowser | 10 | noblacklist ${HOME}/.config/qutebrowser |
11 | noblacklist ${HOME}/.local/share/qutebrowser | 11 | noblacklist ${HOME}/.local/share/qutebrowser |
12 | 12 | ||
13 | # Allow /bin/sh (blacklisted by disable-shell.inc) | ||
14 | include allow-bin-sh.inc | ||
15 | |||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 16 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 17 | include allow-python2.inc |
15 | include allow-python3.inc | 18 | include allow-python3.inc |
@@ -19,6 +22,7 @@ include disable-devel.inc | |||
19 | include disable-exec.inc | 22 | include disable-exec.inc |
20 | include disable-interpreters.inc | 23 | include disable-interpreters.inc |
21 | include disable-programs.inc | 24 | include disable-programs.inc |
25 | include disable-shell.inc | ||
22 | 26 | ||
23 | mkdir ${HOME}/.cache/qutebrowser | 27 | mkdir ${HOME}/.cache/qutebrowser |
24 | mkdir ${HOME}/.config/qutebrowser | 28 | mkdir ${HOME}/.config/qutebrowser |
@@ -27,7 +31,12 @@ whitelist ${DOWNLOADS} | |||
27 | whitelist ${HOME}/.cache/qutebrowser | 31 | whitelist ${HOME}/.cache/qutebrowser |
28 | whitelist ${HOME}/.config/qutebrowser | 32 | whitelist ${HOME}/.config/qutebrowser |
29 | whitelist ${HOME}/.local/share/qutebrowser | 33 | whitelist ${HOME}/.local/share/qutebrowser |
34 | whitelist /usr/share/qtbrowser | ||
30 | include whitelist-common.inc | 35 | include whitelist-common.inc |
36 | include whitelist-run-common.inc | ||
37 | include whitelist-runuser-common.inc | ||
38 | include whitelist-usr-share-common.inc | ||
39 | include whitelist-var-common.inc | ||
31 | 40 | ||
32 | apparmor | 41 | apparmor |
33 | caps.drop all | 42 | caps.drop all |