diff options
Diffstat (limited to 'etc/profile-a-l')
-rw-r--r-- | etc/profile-a-l/chromium-common-hardened.profile | 9 | ||||
-rw-r--r-- | etc/profile-a-l/chromium-common.profile | 2 | ||||
-rw-r--r-- | etc/profile-a-l/electron.profile | 2 |
3 files changed, 11 insertions, 2 deletions
diff --git a/etc/profile-a-l/chromium-common-hardened.profile b/etc/profile-a-l/chromium-common-hardened.profile new file mode 100644 index 000000000..d756eec50 --- /dev/null +++ b/etc/profile-a-l/chromium-common-hardened.profile | |||
@@ -0,0 +1,9 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include chromium-common-hardened.local | ||
4 | |||
5 | caps.drop all | ||
6 | nonewprivs | ||
7 | noroot | ||
8 | protocol unix,inet,inet6,netlink | ||
9 | seccomp !chroot | ||
diff --git a/etc/profile-a-l/chromium-common.profile b/etc/profile-a-l/chromium-common.profile index 1afb2c6e1..b81b1cb36 100644 --- a/etc/profile-a-l/chromium-common.profile +++ b/etc/profile-a-l/chromium-common.profile | |||
@@ -32,7 +32,7 @@ include whitelist-var-common.inc | |||
32 | 32 | ||
33 | # Uncomment the next line (or add it to your chromium-common.local) | 33 | # Uncomment the next line (or add it to your chromium-common.local) |
34 | # if your kernel allows unprivileged userns clone. | 34 | # if your kernel allows unprivileged userns clone. |
35 | #include chromium-common-hardened.inc | 35 | #include chromium-common-hardened.profile |
36 | 36 | ||
37 | # Uncomment or put in your chromium-common.local to allow screen sharing under | 37 | # Uncomment or put in your chromium-common.local to allow screen sharing under |
38 | # wayland. | 38 | # wayland. |
diff --git a/etc/profile-a-l/electron.profile b/etc/profile-a-l/electron.profile index d3be07c9d..691616393 100644 --- a/etc/profile-a-l/electron.profile +++ b/etc/profile-a-l/electron.profile | |||
@@ -20,7 +20,7 @@ include whitelist-var-common.inc | |||
20 | 20 | ||
21 | # Uncomment the next line (or add it to your chromium-common.local) | 21 | # Uncomment the next line (or add it to your chromium-common.local) |
22 | # if your kernel allows unprivileged userns clone. | 22 | # if your kernel allows unprivileged userns clone. |
23 | #include chromium-common-hardened.inc | 23 | #include chromium-common-hardened.profile |
24 | 24 | ||
25 | apparmor | 25 | apparmor |
26 | caps.keep sys_admin,sys_chroot | 26 | caps.keep sys_admin,sys_chroot |