mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-21 06:45:29 -06:00
Harden 50 profiles
Hardened many profiles using disable-mnt and novideo Fixed gnome-font-viewer
This commit is contained in:
Tad
parent
822be0355f
commit
5354f20012
51 changed files with 149 additions and 17 deletions
|
|
@ -5,25 +5,26 @@ include /etc/firejail/globals.local
|
|||
# Persistent customizations should go in a .local file.
|
||||
include /etc/firejail/gnome-font-viewer.local
|
||||
|
||||
private
|
||||
#include /etc/firejail/disable-common.inc
|
||||
#include /etc/firejail/disable-programs.inc
|
||||
#include /etc/firejail/disable-passwdmgr.inc
|
||||
#Blacklist Paths
|
||||
include /etc/firejail/disable-common.inc
|
||||
include /etc/firejail/disable-programs.inc
|
||||
include /etc/firejail/disable-passwdmgr.inc
|
||||
include /etc/firejail/disable-devel.inc
|
||||
|
||||
#Options
|
||||
caps.drop all
|
||||
netfilter
|
||||
no3d
|
||||
nonewprivs
|
||||
noroot
|
||||
nosound
|
||||
novideo
|
||||
protocol unix,inet,inet6
|
||||
seccomp
|
||||
|
||||
#
|
||||
# depending on your usage, you can enable some of the commands below:
|
||||
#
|
||||
nogroups
|
||||
shell none
|
||||
# private-bin program
|
||||
# private-etc none
|
||||
# private-dev
|
||||
# private-tmp
|
||||
nosound
|
||||
private-dev
|
||||
private-tmp
|
||||
disable-mnt
|
||||
|
||||
noexec ${HOME}
|
||||
noexec /tmp
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue