blob: 3fcb6d9fd118d9108d1d19c69c78e1fa95d73b53 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
# Limited access to homedir contents
whitelist ~/.config/firefox
whitelist ~/.config/gtk-3.0
whitelist ~/.mozilla/firefox
whitelist ~/documents
whitelist ~/downloads/firefox
whitelist ~/pictures
read-only ~/.config/gtk-3.0
read-only ~/documents
read-only ~/pictures
# Use private system resources
private-tmp
# Remove executable bits
noexec /tmp
caps.drop all
|