From 1edc42036e632de5c5e620bbb5044d932e0d37c4 Mon Sep 17 00:00:00 2001 From: smitsohu Date: Thu, 21 Sep 2017 16:27:39 +0200 Subject: harden corebird --- etc/corebird.profile | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'etc/corebird.profile') diff --git a/etc/corebird.profile b/etc/corebird.profile index 87f7a970b..99a3335ef 100644 --- a/etc/corebird.profile +++ b/etc/corebird.profile @@ -5,16 +5,30 @@ include /etc/firejail/corebird.local # Persistent global definitions include /etc/firejail/globals.local +noblacklist ~/.config/corebird include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +include /etc/firejail/whitelist-var-common.inc + caps.drop all netfilter nodvd +nogroups +nonewprivs noroot notv +novideo protocol unix,inet,inet6 seccomp +shell none + +private-bin corebird +private-dev +private-tmp + +noexec ${HOME} +noexec /tmp -- cgit v1.2.3-70-g09d2