Harden galculator (#2562)

author: glitsj16 <glitsj16@users.noreply.github.com> 2019-03-12 07:18:32 +0000
committer: GitHub <noreply@github.com> 2019-03-12 07:18:32 +0000
commit: cf6d5a6910007ae83a629778a00398b7e205e071 (patch)
tree: 9b0327e86dbef63f6c90499aa439e9c9574dbf0d /etc
parent: Support older versions of font-manager (#2561) (diff)
download: firejail-cf6d5a6910007ae83a629778a00398b7e205e071.tar.gz
firejail-cf6d5a6910007ae83a629778a00398b7e205e071.tar.zst
firejail-cf6d5a6910007ae83a629778a00398b7e205e071.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/etc/galculator.profile b/etc/galculator.profile
index 509d9bd05..203d0a455 100644
--- a/etc/galculator.profile
+++ b/etc/galculator.profile
@@ -13,6 +13,7 @@ include disable-devel.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
 mkdir ${HOME}/.config/galculator
 whitelist ${HOME}/.config/galculator
@@ -21,6 +22,8 @@ include whitelist-var-common.inc
 apparmor
 caps.drop all
+hostname galculator
+ipc-namespace
 net none
 nodbus
 nodvd
@@ -37,7 +40,12 @@ shell none
 tracelog
 private-bin galculator
+private-cache
 private-dev
 private-etc alternatives,fonts
 private-lib
 private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
author	glitsj16 <glitsj16@users.noreply.github.com>	2019-03-12 07:18:32 +0000
committer	GitHub <noreply@github.com>	2019-03-12 07:18:32 +0000
commit	cf6d5a6910007ae83a629778a00398b7e205e071 (patch)
tree	9b0327e86dbef63f6c90499aa439e9c9574dbf0d /etc
parent	Support older versions of font-manager (#2561) (diff)
download	firejail-cf6d5a6910007ae83a629778a00398b7e205e071.tar.gz firejail-cf6d5a6910007ae83a629778a00398b7e205e071.tar.zst firejail-cf6d5a6910007ae83a629778a00398b7e205e071.zip

diff --git a/etc/galculator.profile b/etc/galculator.profile index 509d9bd05..203d0a455 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile
@@ -13,6 +13,7 @@ include disable-devel.inc
13	include disable-interpreters.inc	13	include disable-interpreters.inc
14	include disable-passwdmgr.inc	14	include disable-passwdmgr.inc
15	include disable-programs.inc	15	include disable-programs.inc
		16	include disable-xdg.inc
16		17
17	mkdir ${HOME}/.config/galculator	18	mkdir ${HOME}/.config/galculator
18	whitelist ${HOME}/.config/galculator	19	whitelist ${HOME}/.config/galculator
@@ -21,6 +22,8 @@ include whitelist-var-common.inc
21		22
22	apparmor	23	apparmor
23	caps.drop all	24	caps.drop all
		25	hostname galculator
		26	ipc-namespace
24	net none	27	net none
25	nodbus	28	nodbus
26	nodvd	29	nodvd
@@ -37,7 +40,12 @@ shell none
37	tracelog	40	tracelog
38		41
39	private-bin galculator	42	private-bin galculator
		43	private-cache
40	private-dev	44	private-dev
41	private-etc alternatives,fonts	45	private-etc alternatives,fonts
42	private-lib	46	private-lib
43	private-tmp	47	private-tmp
		48
		49	memory-deny-write-execute
		50	noexec ${HOME}
		51	noexec /tmp