harden redeclipse

author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2020-09-02 13:03:54 +0200
committer: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2020-09-02 13:03:54 +0200
commit: 7c21aad2340cef5d81d5d57b452c7cbbb62a2fe2 (patch)
tree: 066fb5bde8afaf951b81fa89191d6e4fab212e86 /etc
parent: allow flatpak/exports also for systemd-wide location (diff)
download: firejail-7c21aad2340cef5d81d5d57b452c7cbbb62a2fe2.tar.gz
firejail-7c21aad2340cef5d81d5d57b452c7cbbb62a2fe2.tar.zst
firejail-7c21aad2340cef5d81d5d57b452c7cbbb62a2fe2.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/etc/profile-m-z/redeclipse.profile b/etc/profile-m-z/redeclipse.profile
index bb1ad56d3..a29205e14 100644
--- a/etc/profile-m-z/redeclipse.profile
+++ b/etc/profile-m-z/redeclipse.profile
@@ -14,10 +14,14 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
 mkdir ${HOME}/.redeclipse
 whitelist ${HOME}/.redeclipse
+whitelist /usr/share/redeclipse
 include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 caps.drop all
@@ -32,8 +36,13 @@ novideo
 protocol unix,inet,inet6
 seccomp
 shell none
+tracelog
 disable-mnt
+#private-bin redeclipse,sh,man
+private-cache
 private-dev
 private-tmp
+dbus-user none
+dbus-system none
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2020-09-02 13:03:54 +0200
committer	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2020-09-02 13:03:54 +0200
commit	7c21aad2340cef5d81d5d57b452c7cbbb62a2fe2 (patch)
tree	066fb5bde8afaf951b81fa89191d6e4fab212e86 /etc
parent	allow flatpak/exports also for systemd-wide location (diff)
download	firejail-7c21aad2340cef5d81d5d57b452c7cbbb62a2fe2.tar.gz firejail-7c21aad2340cef5d81d5d57b452c7cbbb62a2fe2.tar.zst firejail-7c21aad2340cef5d81d5d57b452c7cbbb62a2fe2.zip

diff --git a/etc/profile-m-z/redeclipse.profile b/etc/profile-m-z/redeclipse.profile index bb1ad56d3..a29205e14 100644 --- a/etc/profile-m-z/redeclipse.profile +++ b/etc/profile-m-z/redeclipse.profile
@@ -14,10 +14,14 @@ include disable-exec.inc
14	include disable-interpreters.inc	14	include disable-interpreters.inc
15	include disable-passwdmgr.inc	15	include disable-passwdmgr.inc
16	include disable-programs.inc	16	include disable-programs.inc
		17	include disable-xdg.inc
17		18
18	mkdir ${HOME}/.redeclipse	19	mkdir ${HOME}/.redeclipse
19	whitelist ${HOME}/.redeclipse	20	whitelist ${HOME}/.redeclipse
		21	whitelist /usr/share/redeclipse
20	include whitelist-common.inc	22	include whitelist-common.inc
		23	include whitelist-runuser-common.inc
		24	include whitelist-usr-share-common.inc
21	include whitelist-var-common.inc	25	include whitelist-var-common.inc
22		26
23	caps.drop all	27	caps.drop all
@@ -32,8 +36,13 @@ novideo
32	protocol unix,inet,inet6	36	protocol unix,inet,inet6
33	seccomp	37	seccomp
34	shell none	38	shell none
		39	tracelog
35		40
36	disable-mnt	41	disable-mnt
		42	#private-bin redeclipse,sh,man
		43	private-cache
37	private-dev	44	private-dev
38	private-tmp	45	private-tmp
39		46
		47	dbus-user none
		48	dbus-system none