diff options
-rw-r--r-- | etc/mate-color-select.profile | 9 | ||||
-rw-r--r-- | etc/mate-dictionary.profile | 10 |
2 files changed, 18 insertions, 1 deletions
diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index 26ce42fbf..7df7d7faa 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile | |||
@@ -11,6 +11,11 @@ include /etc/firejail/disable-devel.inc | |||
11 | include /etc/firejail/disable-passwdmgr.inc | 11 | include /etc/firejail/disable-passwdmgr.inc |
12 | include /etc/firejail/disable-programs.inc | 12 | include /etc/firejail/disable-programs.inc |
13 | 13 | ||
14 | whitelist ${HOME}/.config/gtk-3.0 | ||
15 | whitelist ${HOME}/.fonts | ||
16 | whitelist ${HOME}/.icons | ||
17 | whitelist ${HOME}/.themes | ||
18 | |||
14 | caps.drop all | 19 | caps.drop all |
15 | netfilter | 20 | netfilter |
16 | no3d | 21 | no3d |
@@ -26,9 +31,11 @@ seccomp | |||
26 | shell none | 31 | shell none |
27 | 32 | ||
28 | disable-mnt | 33 | disable-mnt |
29 | private | 34 | private-bin mate-color-select |
35 | private-etc fonts | ||
30 | private-dev | 36 | private-dev |
31 | private-tmp | 37 | private-tmp |
32 | 38 | ||
39 | memory-deny-write-execute | ||
33 | noexec ${HOME} | 40 | noexec ${HOME} |
34 | noexec /tmp | 41 | noexec /tmp |
diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index f0de57e0d..3f85addaf 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile | |||
@@ -12,6 +12,12 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | whitelist ${HOME}/.config/mate/mate-dictionary | ||
16 | whitelist ${HOME}/.config/gtk-3.0 | ||
17 | whitelist ${HOME}/.fonts | ||
18 | whitelist ${HOME}/.icons | ||
19 | whitelist ${HOME}/.themes | ||
20 | |||
15 | caps.drop all | 21 | caps.drop all |
16 | netfilter | 22 | netfilter |
17 | no3d | 23 | no3d |
@@ -27,8 +33,12 @@ seccomp | |||
27 | shell none | 33 | shell none |
28 | 34 | ||
29 | disable-mnt | 35 | disable-mnt |
36 | private-bin mate-dictionary | ||
37 | private-etc fonts,resolv.conf | ||
38 | private-opt mate-dictionary | ||
30 | private-dev | 39 | private-dev |
31 | private-tmp | 40 | private-tmp |
32 | 41 | ||
42 | memory-deny-write-execute | ||
33 | noexec ${HOME} | 43 | noexec ${HOME} |
34 | noexec /tmp | 44 | noexec /tmp |