configs: tigher policy for firefox

diff --git a/configs/firefox-with-net.cfg b/configs/firefox-with-net.cfg
index 412207c97bd03e57d0f82a04cdae4c481d3f92df..829770040a4ea9acc010ecb56e4153acce410569 100644 (file)
--- a/configs/firefox-with-net.cfg
+++ b/configs/firefox-with-net.cfg
@@ -49,14 +49,8 @@ mount {
 }
 
 mount {
-       src: "/sbin"
-       dst: "/sbin"
-       is_bind: true
-}
-
-mount {
-       src: "/usr"
-       dst: "/usr"
+       src: "/usr/lib"
+       dst: "/usr/lib"
        is_bind: true
 }
 
@@ -80,6 +74,12 @@ mount {
        is_bind: true
 }
 
+mount {
+       src: "/usr/share"
+       dst: "/usr/share"
+       is_bind: true
+}
+
 mount {
        src: "/dev/urandom"
        dst: "/dev/urandom"
@@ -150,5 +150,5 @@ seccomp_string: "
 "
 
 exec_bin {
-        path: "/usr/bin/firefox"
+        path: "/usr/lib/firefox/firefox"
 }