github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

clipit hardening (#5521)

Browse source 
* clipit hardening

* clipit: fix hardening

* clipit: add xdotool lib to private-lib
This commit is contained in:
glitsj16 2022-12-12 13:10:48 +00:00 committed by GitHub
parent 01f9dc87bf
commit f99a296347
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
etc/profile-a-l/clipit.profile
View file

@ -13,7 +13,9 @@ include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-proc.inc
include disable-programs.inc
include disable-shell.inc
include disable-xdg.inc
mkdir ${HOME}/.config/clipit
@ -21,6 +23,8 @@ mkdir ${HOME}/.local/share/clipit
whitelist ${HOME}/.config/clipit
whitelist ${HOME}/.local/share/clipit
include whitelist-common.inc
include whitelist-run-common.inc
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc
@ -34,6 +38,7 @@ nodvd
nogroups
noinput
nonewprivs
noprinters
noroot
nosound
notv
@ -41,9 +46,18 @@ nou2f
novideo
protocol unix
seccomp
tracelog
disable-mnt
private-bin clipit,xdotool
private-cache
private-dev
private-lib libxdo.so.*
private-tmp
dbus-user none
dbus-system none
#memory-deny-write-execute
restrict-namespaces
read-only ${HOME}