User:Trickygnome/Firejail Hardening

From Gentoo Wiki
Jump to:navigation Jump to:search
FILE /etc/firejail/firejail.config
allow-tray no
bind no
dbus no # eqaul to --dbus-user=none --dbus-system=none
disable-mnt yes
force-nonewprivs yes
join no

Based on app-misc/neofetch script

FILE command line options for Firejail
--novideo --nosound \
         --private-dev
	 --nodvd \
         --noprinters \
         --nonewprivs \
	 --dbus-user=none --dbus-system=none \
	 --env=HOME=~ \
	 --env=HOSTNAME=localhost \
	 --env=USER= \
	 --env=HOSTTYPE=arm64 \
	 --blacklist=/usr/lib/os-release \
	 --blacklist=/usr/bin/xfce4-session \
	 --blacklist=/usr/bin/xfconf-query \
	 --blacklist=/usr/bin/gsettings \
	 --blacklist=/usr/bin/id \
	 --blacklist=/usr/bin/who \
 	 --blacklist=/bin/hostname \
	 --blacklist=/bin/uname \
--blacklist=/usr/bin/uname \
     --blacklist=/etc/os-release \
     --blacklist=/etc/gentoo-release \
     --blacklist=/sys \
     --blacklist=/var \
     --blacklist=/proc/version \
     --blacklist=/proc/cpuinfo \
     --blacklist=/proc/meminfo \
     --blacklist=/proc/uptime \

See also

User:Sakaki/Sakaki's EFI Install Guide/Sandboxing the Firefox Browser with Firejail - tutorial-style article, introducing firejail's protection features in some depth, as well as the additional steps required to fully graphically isolate software such as firefox.

Retrieved from "https://wiki.gentoo.org/index.php?title=User:Trickygnome/Firejail_Hardening&oldid=1066301"