From f25fa5cbc2859e4b9f13fcfea79942e1056e1a89 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 16 Oct 2017 08:58:30 -0400 Subject: added private-lib to eog, eom, file, gpicview, less, strings, and tar --- etc/eog.profile | 1 + etc/eom.profile | 1 + etc/file.profile | 1 + etc/gpicview.profile | 1 + etc/less.profile | 3 ++- etc/strings.profile | 3 ++- etc/tar.profile | 1 + 7 files changed, 9 insertions(+), 2 deletions(-) (limited to 'etc') diff --git a/etc/eog.profile b/etc/eog.profile index 5ff926371..112ec7c98 100644 --- a/etc/eog.profile +++ b/etc/eog.profile @@ -34,6 +34,7 @@ shell none private-bin eog private-dev private-etc fonts +private-lib private-tmp memory-deny-write-execute diff --git a/etc/eom.profile b/etc/eom.profile index 802578959..af7ded91a 100644 --- a/etc/eom.profile +++ b/etc/eom.profile @@ -35,6 +35,7 @@ tracelog private-bin eom private-dev private-etc fonts +private-lib private-tmp memory-deny-write-execute diff --git a/etc/file.profile b/etc/file.profile index a83b2cf7d..2316b8e9b 100644 --- a/etc/file.profile +++ b/etc/file.profile @@ -31,6 +31,7 @@ x11 none private-bin file private-dev private-etc magic.mgc,magic,localtime +private-lib memory-deny-write-execute noexec ${HOME} diff --git a/etc/gpicview.profile b/etc/gpicview.profile index 1842c9cb1..b37af2843 100644 --- a/etc/gpicview.profile +++ b/etc/gpicview.profile @@ -31,4 +31,5 @@ tracelog private-bin gpicview private-dev private-etc fonts +private-lib private-tmp diff --git a/etc/less.profile b/etc/less.profile index e1c42ed76..0935f8945 100644 --- a/etc/less.profile +++ b/etc/less.profile @@ -20,8 +20,9 @@ tracelog writable-var-log # The user can have a custom coloring scritps configured in ~/.lessfilter. -# Enable private-bin if you are not using any filter. +# Enable private-bin and private-lib if you are not using any filter. # private-bin less +# private-lib private-dev memory-deny-write-execute diff --git a/etc/strings.profile b/etc/strings.profile index 90bb35ecd..83561cae5 100644 --- a/etc/strings.profile +++ b/etc/strings.profile @@ -18,8 +18,9 @@ novideo shell none tracelog -# private-bin strings - breaking on Debian +private-bin strings private-dev +private-lib memory-deny-write-execute diff --git a/etc/tar.profile b/etc/tar.profile index c8c0b2cae..92ddaa2f3 100644 --- a/etc/tar.profile +++ b/etc/tar.profile @@ -23,5 +23,6 @@ tracelog private-bin sh,bash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop private-dev private-etc passwd,group,localtime +private-lib include /etc/firejail/default.profile -- cgit v1.2.3-70-g09d2