Merge pull request #1365 from SpotComms/master

Harden 50 profiles

1 files changed, 15 insertions, 14 deletions

diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile
index 3ea1b6b33..605dafc62 100644
--- a/etc/gnome-font-viewer.profile
+++ b/etc/gnome-font-viewer.profile
@@ -5,25 +5,26 @@ include /etc/firejail/globals.local
 # Persistent customizations should go in a .local file.
 include /etc/firejail/gnome-font-viewer.local
 
-private
-#include /etc/firejail/disable-common.inc
-#include /etc/firejail/disable-programs.inc
-#include /etc/firejail/disable-passwdmgr.inc
+#Blacklist Paths
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-devel.inc
 
+#Options
 caps.drop all
 netfilter
+no3d
 nonewprivs
 noroot
+nosound
+novideo
 protocol unix,inet,inet6
 seccomp
 
-#
-# depending on your usage, you can enable some of the commands below: 
-#
-nogroups
-shell none
-# private-bin program
-# private-etc none
-# private-dev
-# private-tmp
-nosound
+private-dev
+private-tmp
+disable-mnt
+
+noexec ${HOME}
+noexec /tmp