harden & fix xiphos.profile

author: rusty-snake <print_hello_world+Public@protonmail.com> 2019-05-12 12:53:46 +0200
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2019-05-12 12:53:46 +0200
commit: da2a3fd0d1780fe7751f33cd9628879a78669118 (patch)
tree: 0b752daf243495e1d7ffaf070ee3f205f651b3d7 /etc
parent: Update keepassxc.profile (#2687) (diff)
download: firejail-da2a3fd0d1780fe7751f33cd9628879a78669118.tar.gz
firejail-da2a3fd0d1780fe7751f33cd9628879a78669118.tar.zst
firejail-da2a3fd0d1780fe7751f33cd9628879a78669118.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/etc/xiphos.profile b/etc/xiphos.profile
index 3ad03e2c6..33056395e 100644
--- a/etc/xiphos.profile
+++ b/etc/xiphos.profile
@@ -13,6 +13,7 @@ noblacklist ${HOME}/.xiphos
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -20,8 +21,11 @@ include disable-programs.inc
 whitelist ${HOME}/.sword
 whitelist ${HOME}/.xiphos
 include whitelist-common.inc
+include whitelist-var-common.inc
+apparmor
 caps.drop all
+machine-id
 netfilter
 nodvd
 nogroups
@@ -36,7 +40,9 @@ seccomp
 shell none
 tracelog
+disable-mnt
 private-bin xiphos
+private-cache
 private-dev
-private-etc alternatives,fonts,resolv.conf,sword,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,fonts,resolv.conf,sword,ca-certificates,ssli,sword.conf,pki,crypto-policies
 private-tmp
author	rusty-snake <print_hello_world+Public@protonmail.com>	2019-05-12 12:53:46 +0200
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2019-05-12 12:53:46 +0200
commit	da2a3fd0d1780fe7751f33cd9628879a78669118 (patch)
tree	0b752daf243495e1d7ffaf070ee3f205f651b3d7 /etc
parent	Update keepassxc.profile (#2687) (diff)
download	firejail-da2a3fd0d1780fe7751f33cd9628879a78669118.tar.gz firejail-da2a3fd0d1780fe7751f33cd9628879a78669118.tar.zst firejail-da2a3fd0d1780fe7751f33cd9628879a78669118.zip

diff --git a/etc/xiphos.profile b/etc/xiphos.profile index 3ad03e2c6..33056395e 100644 --- a/etc/xiphos.profile +++ b/etc/xiphos.profile
@@ -13,6 +13,7 @@ noblacklist ${HOME}/.xiphos
13		13
14	include disable-common.inc	14	include disable-common.inc
15	include disable-devel.inc	15	include disable-devel.inc
		16	include disable-exec.inc
16	include disable-interpreters.inc	17	include disable-interpreters.inc
17	include disable-passwdmgr.inc	18	include disable-passwdmgr.inc
18	include disable-programs.inc	19	include disable-programs.inc
@@ -20,8 +21,11 @@ include disable-programs.inc
20	whitelist ${HOME}/.sword	21	whitelist ${HOME}/.sword
21	whitelist ${HOME}/.xiphos	22	whitelist ${HOME}/.xiphos
22	include whitelist-common.inc	23	include whitelist-common.inc
		24	include whitelist-var-common.inc
23		25
		26	apparmor
24	caps.drop all	27	caps.drop all
		28	machine-id
25	netfilter	29	netfilter
26	nodvd	30	nodvd
27	nogroups	31	nogroups
@@ -36,7 +40,9 @@ seccomp
36	shell none	40	shell none
37	tracelog	41	tracelog
38		42
		43	disable-mnt
39	private-bin xiphos	44	private-bin xiphos
		45	private-cache
40	private-dev	46	private-dev
41	private-etc alternatives,fonts,resolv.conf,sword,ca-certificates,ssl,pki,crypto-policies	47	private-etc alternatives,fonts,resolv.conf,sword,ca-certificates,ssli,sword.conf,pki,crypto-policies
42	private-tmp	48	private-tmp