From 0dba38435ef92ccc01cc9ff23b69df55489ec983 Mon Sep 17 00:00:00 2001 From: Tad Date: Wed, 5 Jul 2017 09:40:54 -0400 Subject: Harden profiles - Added 'disable-devel.conf' to many profiles - Added 'disable-mnt' to many profiles - Added 'noexec' to many profiles - Removed 'netfilter' and 'net none' from profiles with 'protocol unix' - Cleaned up profiles using defaults --- etc/mupdf.profile | 2 -- 1 file changed, 2 deletions(-) (limited to 'etc/mupdf.profile') diff --git a/etc/mupdf.profile b/etc/mupdf.profile index e6652e688..39b801e1a 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile @@ -18,8 +18,6 @@ noroot nosound protocol unix seccomp -netfilter -net none shell none tracelog -- cgit v1.2.3-70-g09d2 From 5e211950f7396f9daa893e1233f87bc789c625b0 Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Tue, 1 Aug 2017 22:49:23 -0500 Subject: Add back net none/netfilter as needed --- etc/2048-qt.profile | 2 ++ etc/Thunar.profile | 2 ++ etc/ark.profile | 1 + etc/atool.profile | 1 + etc/audacity.profile | 1 + etc/bleachbit.profile | 1 + etc/bless.profile | 1 + etc/caja.profile | 1 + etc/catfish.profile | 1 + etc/clipit.profile | 1 + etc/dia.profile | 1 + etc/display.profile | 7 ++++--- etc/dolphin.profile | 1 + etc/enchant.profile | 1 + etc/engrampa.profile | 1 + etc/eog.profile | 1 + etc/evince.profile | 1 + etc/exiftool.profile | 1 + etc/feh.profile | 1 + etc/file-roller.profile | 1 + etc/file.profile | 1 + etc/fontforge.profile | 1 + etc/franz.profile | 2 +- etc/galculator.profile | 1 + etc/gedit.profile | 1 + etc/gimp.profile | 1 + etc/gnome-books.profile | 1 + etc/gnome-documents.profile | 1 + etc/gnome-music.profile | 1 + etc/gnome-photos.profile | 1 + etc/goobox.profile | 1 + etc/gpicview.profile | 1 + etc/gucharmap.profile | 1 + etc/highlight.profile | 1 + etc/hugin.profile | 1 + etc/img2txt.profile | 1 + etc/inkscape.profile | 1 + etc/jd-gui.profile | 1 + etc/kate.profile | 1 + etc/kcalc.profile | 1 + etc/keepassx.profile | 1 + etc/keepassx2.profile | 1 + etc/keepassxc.profile | 1 + etc/kino.profile | 1 + etc/knotes.profile | 1 + etc/kwrite.profile | 1 + etc/leafpad.profile | 1 + etc/luminance-hdr.profile | 1 + etc/lximage-qt.profile | 1 + etc/lxmusic.profile | 1 + etc/mate-calc.profile | 1 + etc/mate-color-select.profile | 1 + etc/mediainfo.profile | 1 + etc/meld.profile | 1 + etc/mousepad.profile | 1 + etc/mupdf.profile | 1 + etc/nautilus.profile | 2 ++ etc/nemo.profile | 1 + etc/odt2txt.profile | 1 + etc/okular.profile | 1 + etc/orage.profile | 1 + etc/pcmanfm.profile | 1 + etc/pdfsam.profile | 1 + etc/pdftotext.profile | 1 + etc/peek.profile | 1 + etc/qlipper.profile | 1 + etc/ranger.profile | 2 ++ etc/ristretto.profile | 1 + etc/synfigstudio.profile | 1 + etc/tracker.profile | 1 + etc/transmission-show.profile | 1 + etc/viewnior.profile | 1 + etc/vym.profile | 1 + etc/xfburn.profile | 1 + etc/xfce4-notes.profile | 1 + etc/xpdf.profile | 1 + etc/zathura.profile | 1 + 77 files changed, 84 insertions(+), 4 deletions(-) (limited to 'etc/mupdf.profile') diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile index c53cfef9d..2f3efe743 100644 --- a/etc/2048-qt.profile +++ b/etc/2048-qt.profile @@ -15,9 +15,11 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all #ipc-namespace +netfilter nogroups nonewprivs noroot +nosound novideo protocol unix seccomp diff --git a/etc/Thunar.profile b/etc/Thunar.profile index e62ce4e2d..30db6f023 100644 --- a/etc/Thunar.profile +++ b/etc/Thunar.profile @@ -16,7 +16,9 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter no3d +nogroups nonewprivs noroot nosound diff --git a/etc/ark.profile b/etc/ark.profile index 7aaa0bc5a..007748ed1 100644 --- a/etc/ark.profile +++ b/etc/ark.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/atool.profile b/etc/atool.profile index b21c5855f..49637aa21 100644 --- a/etc/atool.profile +++ b/etc/atool.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/audacity.profile b/etc/audacity.profile index 8cea3b18d..9ce997361 100644 --- a/etc/audacity.profile +++ b/etc/audacity.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all #ipc-namespace +netfilter no3d nogroups nonewprivs diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile index 5cc025a4a..7ecf899c9 100644 --- a/etc/bleachbit.profile +++ b/etc/bleachbit.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all #ipc-namespace +netfilter no3d nogroups nonewprivs diff --git a/etc/bless.profile b/etc/bless.profile index 41712850e..ea9a2d8ec 100644 --- a/etc/bless.profile +++ b/etc/bless.profile @@ -21,6 +21,7 @@ include /etc/firejail/disable-devel.inc #Options caps.drop all #ipc-namespace +netfilter no3d nogroups nonewprivs diff --git a/etc/caja.profile b/etc/caja.profile index e6f38dfa9..a724e76b1 100644 --- a/etc/caja.profile +++ b/etc/caja.profile @@ -21,6 +21,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/catfish.profile b/etc/catfish.profile index 5612d4486..0deaca1b5 100644 --- a/etc/catfish.profile +++ b/etc/catfish.profile @@ -13,6 +13,7 @@ noblacklist ~/.config/catfish include /etc/firejail/disable-devel.inc caps.drop all +net none no3d nogroups nonewprivs diff --git a/etc/clipit.profile b/etc/clipit.profile index 7b1c584ac..b44041cbf 100644 --- a/etc/clipit.profile +++ b/etc/clipit.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/dia.profile b/etc/dia.profile index 67cd2ca63..71d8a249b 100644 --- a/etc/dia.profile +++ b/etc/dia.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/display.profile b/etc/display.profile index c9744b001..c2c46cba3 100644 --- a/etc/display.profile +++ b/etc/display.profile @@ -12,12 +12,13 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all -seccomp -protocol unix +net none nonewprivs -noroot nogroups +noroot nosound +protocol unix +seccomp shell none x11 xorg diff --git a/etc/dolphin.profile b/etc/dolphin.profile index 5ba8dd497..0085fb004 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile @@ -22,6 +22,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/enchant.profile b/etc/enchant.profile index 97fb82da3..554ed5e28 100644 --- a/etc/enchant.profile +++ b/etc/enchant.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/engrampa.profile b/etc/engrampa.profile index a786a702c..605643472 100644 --- a/etc/engrampa.profile +++ b/etc/engrampa.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/eog.profile b/etc/eog.profile index aa986e7d7..e272a1935 100644 --- a/etc/eog.profile +++ b/etc/eog.profile @@ -18,6 +18,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all #ipc-namespace +net none no3d nogroups nonewprivs diff --git a/etc/evince.profile b/etc/evince.profile index ee637c607..9f1ebbf76 100644 --- a/etc/evince.profile +++ b/etc/evince.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all #ipc-namespace +netfilter no3d nogroups nonewprivs diff --git a/etc/exiftool.profile b/etc/exiftool.profile index 9b0759dfe..e69a6206e 100644 --- a/etc/exiftool.profile +++ b/etc/exiftool.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +net none nogroups nonewprivs noroot diff --git a/etc/feh.profile b/etc/feh.profile index e41a4ad94..8f40a0c3e 100644 --- a/etc/feh.profile +++ b/etc/feh.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +net none nogroups nonewprivs noroot diff --git a/etc/file-roller.profile b/etc/file-roller.profile index 7cbfc4edb..15d8d36c6 100644 --- a/etc/file-roller.profile +++ b/etc/file-roller.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all #ipc-namespace +net none no3d nogroups nonewprivs diff --git a/etc/file.profile b/etc/file.profile index ffdaf9f47..51e35007f 100644 --- a/etc/file.profile +++ b/etc/file.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all hostname file +net none no3d nogroups nonewprivs diff --git a/etc/fontforge.profile b/etc/fontforge.profile index 2b3d0f258..e8e3df62b 100644 --- a/etc/fontforge.profile +++ b/etc/fontforge.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/franz.profile b/etc/franz.profile index 859c6ed9b..c5e019947 100644 --- a/etc/franz.profile +++ b/etc/franz.profile @@ -32,7 +32,7 @@ noroot protocol unix,inet,inet6,netlink seccomp shell none -tracelog +#tracelog private-dev private-tmp diff --git a/etc/galculator.profile b/etc/galculator.profile index c346a382d..897946e7a 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile @@ -17,6 +17,7 @@ mkdir ~/.config/galculator whitelist ~/.config/galculator caps.drop all +net none nogroups nonewprivs noroot diff --git a/etc/gedit.profile b/etc/gedit.profile index c1bdacf44..3e78d939e 100644 --- a/etc/gedit.profile +++ b/etc/gedit.profile @@ -18,6 +18,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all #ipc-namespace +net none no3d nogroups nonewprivs diff --git a/etc/gimp.profile b/etc/gimp.profile index 7d2738adf..0fe462912 100644 --- a/etc/gimp.profile +++ b/etc/gimp.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +net none nogroups nonewprivs noroot diff --git a/etc/gnome-books.profile b/etc/gnome-books.profile index 6258b1f77..e36294930 100644 --- a/etc/gnome-books.profile +++ b/etc/gnome-books.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/gnome-documents.profile b/etc/gnome-documents.profile index ec5914e37..2d70bf7ef 100644 --- a/etc/gnome-documents.profile +++ b/etc/gnome-documents.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/gnome-music.profile b/etc/gnome-music.profile index d571aff88..8b569e563 100644 --- a/etc/gnome-music.profile +++ b/etc/gnome-music.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/gnome-photos.profile b/etc/gnome-photos.profile index 158311711..ed9dc0a03 100644 --- a/etc/gnome-photos.profile +++ b/etc/gnome-photos.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/goobox.profile b/etc/goobox.profile index c670d5ec7..129d17ae7 100644 --- a/etc/goobox.profile +++ b/etc/goobox.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/gpicview.profile b/etc/gpicview.profile index d1dee8914..f457f0590 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +net none nogroups nonewprivs noroot diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile index bc5d7dddf..4d6237067 100644 --- a/etc/gucharmap.profile +++ b/etc/gucharmap.profile @@ -11,6 +11,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/highlight.profile b/etc/highlight.profile index 327c77696..fefbcc55d 100644 --- a/etc/highlight.profile +++ b/etc/highlight.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +net none nogroups nonewprivs noroot diff --git a/etc/hugin.profile b/etc/hugin.profile index 5d2891321..26e696f0d 100644 --- a/etc/hugin.profile +++ b/etc/hugin.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/img2txt.profile b/etc/img2txt.profile index 1ac5e1fb0..8f63b103d 100644 --- a/etc/img2txt.profile +++ b/etc/img2txt.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/inkscape.profile b/etc/inkscape.profile index 450e819b9..af1be565b 100644 --- a/etc/inkscape.profile +++ b/etc/inkscape.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/jd-gui.profile b/etc/jd-gui.profile index 56cf43104..9cb845b50 100644 --- a/etc/jd-gui.profile +++ b/etc/jd-gui.profile @@ -21,6 +21,7 @@ include /etc/firejail/disable-devel.inc #Options caps.drop all #ipc-namespace +net none no3d nogroups nonewprivs diff --git a/etc/kate.profile b/etc/kate.profile index c4178a776..97372f752 100644 --- a/etc/kate.profile +++ b/etc/kate.profile @@ -19,6 +19,7 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/kcalc.profile b/etc/kcalc.profile index 24d7daa89..1d425cf47 100644 --- a/etc/kcalc.profile +++ b/etc/kcalc.profile @@ -11,6 +11,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 64fe62fb6..34e260f8f 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile @@ -18,6 +18,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all machine-id +net none no3d nogroups nonewprivs diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile index fee04b6fb..0536866fb 100644 --- a/etc/keepassx2.profile +++ b/etc/keepassx2.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +net none no3d nogroups nonewprivs diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile index 719cf1dec..3ab4115e6 100644 --- a/etc/keepassxc.profile +++ b/etc/keepassxc.profile @@ -18,6 +18,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all #ipc-namespace +net none no3d nogroups nonewprivs diff --git a/etc/kino.profile b/etc/kino.profile index 73b1e060b..bb37d56ab 100644 --- a/etc/kino.profile +++ b/etc/kino.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/knotes.profile b/etc/knotes.profile index 6a1233db0..b1883112c 100644 --- a/etc/knotes.profile +++ b/etc/knotes.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/kwrite.profile b/etc/kwrite.profile index 342427090..7ac881f6a 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile @@ -19,6 +19,7 @@ include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/leafpad.profile b/etc/leafpad.profile index 7403a13ab..fc2cc7e09 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile index 0b8742e49..f73c83cbd 100644 --- a/etc/luminance-hdr.profile +++ b/etc/luminance-hdr.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc caps.drop all #ipc-namespace +netfilter nogroups nonewprivs noroot diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile index 9e8bac878..42996af04 100644 --- a/etc/lximage-qt.profile +++ b/etc/lximage-qt.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/lxmusic.profile b/etc/lxmusic.profile index 49057d0ab..eac72c6db 100644 --- a/etc/lxmusic.profile +++ b/etc/lxmusic.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index 75b51f96d..e083e8b88 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index b9b445ac6..74fe4bd69 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile @@ -11,6 +11,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/mediainfo.profile b/etc/mediainfo.profile index c6e95cc5c..8758d66b9 100644 --- a/etc/mediainfo.profile +++ b/etc/mediainfo.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +net none nonewprivs nogroups noroot diff --git a/etc/meld.profile b/etc/meld.profile index 535745e6f..503f6d07c 100644 --- a/etc/meld.profile +++ b/etc/meld.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-programs.inc caps.drop all #ipc-namespace +net none no3d nogroups nonewprivs diff --git a/etc/mousepad.profile b/etc/mousepad.profile index fc788fea6..c3e85d55f 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 39b801e1a..ca61edfdd 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +net none nogroups nonewprivs noroot diff --git a/etc/nautilus.profile b/etc/nautilus.profile index 71d2b2192..4f2f50d9f 100644 --- a/etc/nautilus.profile +++ b/etc/nautilus.profile @@ -22,6 +22,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter +nogroups nonewprivs noroot protocol unix diff --git a/etc/nemo.profile b/etc/nemo.profile index d4bb0d5ff..5e6f4936f 100644 --- a/etc/nemo.profile +++ b/etc/nemo.profile @@ -17,6 +17,7 @@ include /etc/firejail/disable-devel.inc caps.drop all netfilter no3d +nogroups nonewprivs noroot nosound diff --git a/etc/odt2txt.profile b/etc/odt2txt.profile index 58440e50f..8cfadd9ac 100644 --- a/etc/odt2txt.profile +++ b/etc/odt2txt.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +net none nogroups nonewprivs noroot diff --git a/etc/okular.profile b/etc/okular.profile index 0944e900c..578f01915 100644 --- a/etc/okular.profile +++ b/etc/okular.profile @@ -21,6 +21,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nonewprivs nogroups noroot diff --git a/etc/orage.profile b/etc/orage.profile index ee96076eb..c9977d002 100644 --- a/etc/orage.profile +++ b/etc/orage.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile index 67ab7f9e6..654904f17 100644 --- a/etc/pcmanfm.profile +++ b/etc/pcmanfm.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +net none no3d nonewprivs noroot diff --git a/etc/pdfsam.profile b/etc/pdfsam.profile index 4adb01c3f..2465be252 100644 --- a/etc/pdfsam.profile +++ b/etc/pdfsam.profile @@ -19,6 +19,7 @@ include /etc/firejail/disable-devel.inc #Options caps.drop all #ipc-namespace +net none no3d nogroups nonewprivs diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 882b10678..e5dab840f 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile @@ -12,6 +12,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +net none nogroups nonewprivs noroot diff --git a/etc/peek.profile b/etc/peek.profile index c2dd5c010..811eb701b 100644 --- a/etc/peek.profile +++ b/etc/peek.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +net none no3d nogroups nonewprivs diff --git a/etc/qlipper.profile b/etc/qlipper.profile index 6989acb7a..d57856c1a 100644 --- a/etc/qlipper.profile +++ b/etc/qlipper.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/ranger.profile b/etc/ranger.profile index 55e43d13b..ab0545aaf 100644 --- a/etc/ranger.profile +++ b/etc/ranger.profile @@ -18,6 +18,8 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +net none +nogroups nonewprivs noroot protocol unix diff --git a/etc/ristretto.profile b/etc/ristretto.profile index 5c72f9eb8..3d3491658 100644 --- a/etc/ristretto.profile +++ b/etc/ristretto.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/synfigstudio.profile b/etc/synfigstudio.profile index c714fc70a..bcb42f624 100644 --- a/etc/synfigstudio.profile +++ b/etc/synfigstudio.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/tracker.profile b/etc/tracker.profile index d7b68ea5c..b87bebf43 100644 --- a/etc/tracker.profile +++ b/etc/tracker.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 2447edc35..743f9ff4f 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +net none nonewprivs noroot nosound diff --git a/etc/viewnior.profile b/etc/viewnior.profile index 3b2b54264..20f738d42 100644 --- a/etc/viewnior.profile +++ b/etc/viewnior.profile @@ -19,6 +19,7 @@ blacklist ~/.bashrc blacklist ~/.Xauthority caps.drop all +net none nogroups nonewprivs noroot diff --git a/etc/vym.profile b/etc/vym.profile index 13fa08d4f..d3058fa64 100644 --- a/etc/vym.profile +++ b/etc/vym.profile @@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/xfburn.profile b/etc/xfburn.profile index aaef6bb60..7bfeba2b1 100644 --- a/etc/xfburn.profile +++ b/etc/xfburn.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +netfilter nogroups nonewprivs noroot diff --git a/etc/xfce4-notes.profile b/etc/xfce4-notes.profile index 544225920..e3215d6ea 100644 --- a/etc/xfce4-notes.profile +++ b/etc/xfce4-notes.profile @@ -15,6 +15,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +netfilter no3d nogroups nonewprivs diff --git a/etc/xpdf.profile b/etc/xpdf.profile index 1f2344e21..ce8cd2459 100644 --- a/etc/xpdf.profile +++ b/etc/xpdf.profile @@ -16,6 +16,7 @@ include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc caps.drop all +net none no3d nogroups nonewprivs diff --git a/etc/zathura.profile b/etc/zathura.profile index 53e905e9c..502e066c8 100644 --- a/etc/zathura.profile +++ b/etc/zathura.profile @@ -14,6 +14,7 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc caps.drop all +net none nogroups nonewprivs noroot -- cgit v1.2.3-70-g09d2