Skip to content

Commit

Permalink
Harden mate-* profiles
Browse files Browse the repository at this point in the history
  • Loading branch information
@Fred-Barclay
Fred-Barclay committed Sep 24, 2017
1 parent 463ebe8 commit e3d22fa
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 1 deletion.
9 changes: 8 additions & 1 deletion etc/mate-color-select.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc

whitelist ${HOME}/.config/gtk-3.0
whitelist ${HOME}/.fonts
whitelist ${HOME}/.icons
whitelist ${HOME}/.themes

caps.drop all
netfilter
no3d
Expand All @@ -26,9 +31,11 @@ seccomp
shell none

disable-mnt
private
private-bin mate-color-select
private-etc fonts
private-dev
private-tmp

memory-deny-write-execute
noexec ${HOME}
noexec /tmp
10 changes: 10 additions & 0 deletions etc/mate-dictionary.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@ include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc

whitelist ${HOME}/.config/mate/mate-dictionary
whitelist ${HOME}/.config/gtk-3.0
whitelist ${HOME}/.fonts
whitelist ${HOME}/.icons
whitelist ${HOME}/.themes

caps.drop all
netfilter
no3d
Expand All @@ -27,8 +33,12 @@ seccomp
shell none

disable-mnt
private-bin mate-dictionary
private-etc fonts,resolv.conf
private-opt mate-dictionary
private-dev
private-tmp

memory-deny-write-execute
noexec ${HOME}
noexec /tmp

0 comments on commit e3d22fa

Please sign in to comment.