Harden Minetest

author: rusty-snake <print_hello_world+Public@protonmail.com> 2019-03-13 13:08:53 +0100
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2019-03-13 13:08:53 +0100
commit: d4d176470a1c0e9ad2a65428318f78f7c2609332 (patch)
tree: e4e7ae2dddf48bc8f14c1df4e10bda05e997ad7c /etc
parent: add disable-exec.inc to few more profiles (diff)
download: firejail-d4d176470a1c0e9ad2a65428318f78f7c2609332.tar.gz
firejail-d4d176470a1c0e9ad2a65428318f78f7c2609332.tar.zst
firejail-d4d176470a1c0e9ad2a65428318f78f7c2609332.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/etc/minetest.profile b/etc/minetest.profile
index aa50847ea..b3e692446 100644
--- a/etc/minetest.profile
+++ b/etc/minetest.profile
@@ -10,9 +10,11 @@ noblacklist ${HOME}/.minetest
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
 mkdir ${HOME}/.minetest
 whitelist ${HOME}/.minetest
@@ -33,13 +35,12 @@ novideo
 protocol unix,inet,inet6
 seccomp
 shell none
+tracelog
 disable-mnt
 private-bin minetest
+private-cache
 private-dev
 # private-etc needs to be updated, see #1702
 #private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id
 private-tmp
-noexec ${HOME}
-noexec /tmp
author	rusty-snake <print_hello_world+Public@protonmail.com>	2019-03-13 13:08:53 +0100
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2019-03-13 13:08:53 +0100
commit	d4d176470a1c0e9ad2a65428318f78f7c2609332 (patch)
tree	e4e7ae2dddf48bc8f14c1df4e10bda05e997ad7c /etc
parent	add disable-exec.inc to few more profiles (diff)
download	firejail-d4d176470a1c0e9ad2a65428318f78f7c2609332.tar.gz firejail-d4d176470a1c0e9ad2a65428318f78f7c2609332.tar.zst firejail-d4d176470a1c0e9ad2a65428318f78f7c2609332.zip

diff --git a/etc/minetest.profile b/etc/minetest.profile index aa50847ea..b3e692446 100644 --- a/etc/minetest.profile +++ b/etc/minetest.profile
@@ -10,9 +10,11 @@ noblacklist ${HOME}/.minetest
10		10
11	include disable-common.inc	11	include disable-common.inc
12	include disable-devel.inc	12	include disable-devel.inc
		13	include disable-exec.inc
13	include disable-interpreters.inc	14	include disable-interpreters.inc
14	include disable-passwdmgr.inc	15	include disable-passwdmgr.inc
15	include disable-programs.inc	16	include disable-programs.inc
		17	include disable-xdg.inc
16		18
17	mkdir ${HOME}/.minetest	19	mkdir ${HOME}/.minetest
18	whitelist ${HOME}/.minetest	20	whitelist ${HOME}/.minetest
@@ -33,13 +35,12 @@ novideo
33	protocol unix,inet,inet6	35	protocol unix,inet,inet6
34	seccomp	36	seccomp
35	shell none	37	shell none
		38	tracelog
36		39
37	disable-mnt	40	disable-mnt
38	private-bin minetest	41	private-bin minetest
		42	private-cache
39	private-dev	43	private-dev
40	# private-etc needs to be updated, see #1702	44	# private-etc needs to be updated, see #1702
41	#private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id	45	#private-etc alternatives,asound.conf,ca-certificates,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,nsswitch.conf,passwd,pulse,resolv.conf,ssl,pki,crypto-policies,machine-id
42	private-tmp	46	private-tmp
43
44	noexec ${HOME}
45	noexec /tmp