From 0e7b0bd52e7bc26d7407a5f6f756b474e52dbaf1 Mon Sep 17 00:00:00 2001 From: Tad Date: Sun, 30 Jul 2017 17:26:38 -0400 Subject: Add noexec to more profiles as tested by @curiosity-seeker See https://github.com/netblue30/firejail/pull/1367#issuecomment-315793729 --- etc/digikam.profile | 3 +++ etc/dragon.profile | 3 +++ etc/google-chrome-beta.profile | 3 +++ etc/google-chrome-unstable.profile | 3 +++ etc/google-chrome.profile | 3 +++ etc/guayadeque.profile | 3 +++ etc/gwenview.profile | 3 +++ etc/icecat.profile | 3 +++ etc/okular.profile | 3 +++ etc/quiterss.profile | 3 +++ etc/vivaldi.profile | 3 +++ 11 files changed, 33 insertions(+) diff --git a/etc/digikam.profile b/etc/digikam.profile index fd19953a0..d81d00ed3 100644 --- a/etc/digikam.profile +++ b/etc/digikam.profile @@ -31,3 +31,6 @@ shell none # private-etc none # private-dev - prevents libdc1394 loading; this lib is used to connect to a camera device private-tmp + +noexec ${HOME} +noexec /tmp diff --git a/etc/dragon.profile b/etc/dragon.profile index d099f1d9d..47d2c593a 100644 --- a/etc/dragon.profile +++ b/etc/dragon.profile @@ -27,3 +27,6 @@ private-bin dragon private-dev private-tmp # private-etc + +noexec ${HOME} +noexec /tmp diff --git a/etc/google-chrome-beta.profile b/etc/google-chrome-beta.profile index 3b884bd64..e527318c2 100644 --- a/etc/google-chrome-beta.profile +++ b/etc/google-chrome-beta.profile @@ -26,3 +26,6 @@ whitelist ~/.cache/google-chrome-beta mkdir ~/.pki whitelist ~/.pki include /etc/firejail/whitelist-common.inc + +noexec ${HOME} +noexec /tmp diff --git a/etc/google-chrome-unstable.profile b/etc/google-chrome-unstable.profile index 18bcb94a6..860e2488a 100644 --- a/etc/google-chrome-unstable.profile +++ b/etc/google-chrome-unstable.profile @@ -26,3 +26,6 @@ whitelist ~/.cache/google-chrome-unstable mkdir ~/.pki whitelist ~/.pki include /etc/firejail/whitelist-common.inc + +noexec ${HOME} +noexec /tmp diff --git a/etc/google-chrome.profile b/etc/google-chrome.profile index 84e0c6cdc..7d27355d2 100644 --- a/etc/google-chrome.profile +++ b/etc/google-chrome.profile @@ -27,3 +27,6 @@ whitelist ~/.cache/google-chrome mkdir ~/.pki whitelist ~/.pki include /etc/firejail/whitelist-common.inc + +noexec ${HOME} +noexec /tmp diff --git a/etc/guayadeque.profile b/etc/guayadeque.profile index 5b3bc11f2..86f3d7838 100644 --- a/etc/guayadeque.profile +++ b/etc/guayadeque.profile @@ -24,3 +24,6 @@ shell none private-bin guayadeque private-dev private-tmp + +noexec ${HOME} +noexec /tmp diff --git a/etc/gwenview.profile b/etc/gwenview.profile index 97227186a..047d2e32e 100644 --- a/etc/gwenview.profile +++ b/etc/gwenview.profile @@ -32,3 +32,6 @@ private-dev # Experimental: #private-etc X11 + +noexec ${HOME} +noexec /tmp diff --git a/etc/icecat.profile b/etc/icecat.profile index 7684cedbe..600263a2a 100644 --- a/etc/icecat.profile +++ b/etc/icecat.profile @@ -48,3 +48,6 @@ include /etc/firejail/whitelist-common.inc # experimental features #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse + +noexec ${HOME} +noexec /tmp diff --git a/etc/okular.profile b/etc/okular.profile index 351083582..0944e900c 100644 --- a/etc/okular.profile +++ b/etc/okular.profile @@ -34,3 +34,6 @@ tracelog # private-etc fonts,X11 private-dev private-tmp + +noexec ${HOME} +noexec /tmp diff --git a/etc/quiterss.profile b/etc/quiterss.profile index c8112f064..aa17693cd 100644 --- a/etc/quiterss.profile +++ b/etc/quiterss.profile @@ -42,3 +42,6 @@ private-dev disable-mnt include /etc/firejail/whitelist-common.inc + +noexec ${HOME} +noexec /tmp diff --git a/etc/vivaldi.profile b/etc/vivaldi.profile index 25d78439d..7b9c4c9c6 100644 --- a/etc/vivaldi.profile +++ b/etc/vivaldi.profile @@ -22,3 +22,6 @@ whitelist ~/.config/vivaldi mkdir ~/.cache/vivaldi whitelist ~/.cache/vivaldi include /etc/firejail/whitelist-common.inc + +noexec ${HOME} +noexec /tmp -- cgit v1.2.3-70-g09d2