Harden gnome-clocks.profile (#2534)

* Harden gnome-clocks.profile * Review #2534
author: rusty-snake <print_hello_world+GitHub@protonmail.com> 2019-03-07 20:22:00 +0000
committer: glitsj16 <glitsj16@users.noreply.github.com> 2019-03-07 20:22:00 +0000
commit: 76e0bc8fb9fb4c5d4540fe2a86798218786bc035 (patch)
tree: 9c0a5b28f94566659a4dafac1c4abdf21b0155ea
parent: Add fakeroot support for makepkg on Arch (#2536) (diff)
download: firejail-76e0bc8fb9fb4c5d4540fe2a86798218786bc035.tar.gz
firejail-76e0bc8fb9fb4c5d4540fe2a86798218786bc035.tar.zst
firejail-76e0bc8fb9fb4c5d4540fe2a86798218786bc035.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile
index 83ece0fce..32a7ca918 100644
--- a/etc/gnome-clocks.profile
+++ b/etc/gnome-clocks.profile
@@ -6,7 +6,6 @@ include gnome-clocks.local
 # Persistent global definitions
 include globals.local
 include disable-common.inc
 include disable-devel.inc
 include disable-interpreters.inc
@@ -14,8 +13,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-common.inc
 include whitelist-var-common.inc
+apparmor
 caps.drop all
 netfilter
 no3d
@@ -32,9 +33,10 @@ shell none
 tracelog
 disable-mnt
-# private-bin gnome-clocks
+private-bin gnome-clocks,gsound-play
+private-cache
 private-dev
-# private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies,machine-id,hosts,pkcs11,localtime,gtk-3.0,dconf
 private-tmp
 noexec ${HOME}
author	rusty-snake <print_hello_world+GitHub@protonmail.com>	2019-03-07 20:22:00 +0000
committer	glitsj16 <glitsj16@users.noreply.github.com>	2019-03-07 20:22:00 +0000
commit	76e0bc8fb9fb4c5d4540fe2a86798218786bc035 (patch)
tree	9c0a5b28f94566659a4dafac1c4abdf21b0155ea
parent	Add fakeroot support for makepkg on Arch (#2536) (diff)
download	firejail-76e0bc8fb9fb4c5d4540fe2a86798218786bc035.tar.gz firejail-76e0bc8fb9fb4c5d4540fe2a86798218786bc035.tar.zst firejail-76e0bc8fb9fb4c5d4540fe2a86798218786bc035.zip

diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile index 83ece0fce..32a7ca918 100644 --- a/etc/gnome-clocks.profile +++ b/etc/gnome-clocks.profile
@@ -6,7 +6,6 @@ include gnome-clocks.local
6	# Persistent global definitions	6	# Persistent global definitions
7	include globals.local	7	include globals.local
8		8
9
10	include disable-common.inc	9	include disable-common.inc
11	include disable-devel.inc	10	include disable-devel.inc
12	include disable-interpreters.inc	11	include disable-interpreters.inc
@@ -14,8 +13,10 @@ include disable-passwdmgr.inc
14	include disable-programs.inc	13	include disable-programs.inc
15	include disable-xdg.inc	14	include disable-xdg.inc
16		15
		16	include whitelist-common.inc
17	include whitelist-var-common.inc	17	include whitelist-var-common.inc
18		18
		19	apparmor
19	caps.drop all	20	caps.drop all
20	netfilter	21	netfilter
21	no3d	22	no3d
@@ -32,9 +33,10 @@ shell none
32	tracelog	33	tracelog
33		34
34	disable-mnt	35	disable-mnt
35	# private-bin gnome-clocks	36	private-bin gnome-clocks,gsound-play
		37	private-cache
36	private-dev	38	private-dev
37	# private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies	39	private-etc alternatives,fonts,ca-certificates,ssl,pki,crypto-policies,machine-id,hosts,pkcs11,localtime,gtk-3.0,dconf
38	private-tmp	40	private-tmp
39		41
40	noexec ${HOME}	42	noexec ${HOME}