Commit b5f29f9c authored by Tad's avatar Tad

Harden 9 more profiles

parent f34222c7
......@@ -11,7 +11,9 @@ include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
caps.drop all
net none
netfilter
no3d
nogroups
nonewprivs
noroot
......@@ -23,3 +25,6 @@ tracelog
private-bin audacity
private-dev
private-tmp
noexec ${HOME}
noexec /tmp
......@@ -9,17 +9,21 @@ include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
caps.drop all
net none
netfilter
no3d
nogroups
nonewprivs
noroot
nosound
shell none
seccomp
protocol unix
seccomp
shell none
# private-bin
# private-dev
# private-tmp
# private-etc
noexec ${HOME}
noexec /tmp
......@@ -11,7 +11,17 @@ include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
caps.drop all
netfilter
no3d
nogroups
nonewprivs
noroot
protocol unix,inet,inet6
seccomp
shell none
private-dev
private-tmp
noexec ${HOME}
noexec /tmp
......@@ -21,6 +21,7 @@ nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
shell none
tracelog
whitelist ${DOWNLOADS}
......@@ -59,3 +60,6 @@ include /etc/firejail/whitelist-common.inc
#private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse
private-dev
private-tmp
noexec ${HOME}
noexec /tmp
......@@ -19,6 +19,7 @@ caps.drop all
netfilter
#net none
no3d
nogroups
nonewprivs
noroot
nosound
......
......@@ -14,7 +14,18 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
netfilter
no3d
nogroups
nonewprivs
noroot
nosound
protocol unix,inet,inet6
seccomp
shell none
tracelog
private-dev
#private-tmp #Breaks when exiting
noexec ${HOME}
noexec /tmp
......@@ -12,11 +12,13 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
netfilter
nogroups
nonewprivs
noroot
protocol unix,inet,inet6,netlink
seccomp
shell none
tracelog
private-dev
private-tmp
......@@ -10,11 +10,11 @@ include /etc/firejail/disable-passwdmgr.inc
caps.drop all
netfilter
no3d
nogroups
nonewprivs
noroot
nogroups
nosound
no3d
protocol unix,inet,inet6
seccomp
shell none
......@@ -22,7 +22,9 @@ shell none
blacklist /tmp/.X11-unix
# private-bin wget
# private-etc resolv.conf
private-dev
# private-etc resolv.conf
private-tmp
noexec ${HOME}
noexec /tmp
......@@ -18,6 +18,7 @@ include /etc/firejail/disable-passwdmgr.inc
#protocol unix,inet,inet6,netlink
netfilter
no3d
nogroups
nonewprivs
nosound
......@@ -28,3 +29,6 @@ tracelog
#private-bin wireshark
private-dev
private-tmp
noexec ${HOME}
noexec /tmp
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment