hardening & fixing

3 files changed, 12 insertions, 1 deletions

diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index b3d4b710a..a900263ff 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -299,6 +299,7 @@ blacklist ${HOME}/.ecryptfs
 blacklist ${HOME}/.fetchmailrc
 blacklist ${HOME}/.gnome2/keyrings
 blacklist ${HOME}/.gnupg
+blacklist ${HOME}/.config/hub
 blacklist ${HOME}/.kde/share/apps/kwallet
 blacklist ${HOME}/.kde4/share/apps/kwallet
 blacklist ${HOME}/.local/share/keyrings
diff --git a/etc/inkscape.profile b/etc/inkscape.profile
index bc0377e53..a1b3bce23 100644
--- a/etc/inkscape.profile
+++ b/etc/inkscape.profile
@@ -43,8 +43,10 @@ novideo
 protocol unix
 seccomp
 shell none
+tracelog
 
 # private-bin inkscape,potrace,python* - problems on Debian stretch
+private-cache
 private-dev
 private-tmp
 
diff --git a/etc/meld.profile b/etc/meld.profile
index 34b1f22de..321b92cd5 100644
--- a/etc/meld.profile
+++ b/etc/meld.profile
@@ -6,6 +6,13 @@ include meld.local
 # Persistent global definitions
 include globals.local
 
+# If you want to use meld as git-mergetool (and may some other VCS integrations) you need
+# to bypass firejail, you can do this by removing the symlink or call it by its absolut path
+# Removing the symlink:
+#  sudo rm /usr/local/bin/meld
+# Calling by its absolut path (example for git-mergetoll):
+#  git config --global mergetool.meld.cmd /usr/bin/meld
+
 noblacklist ${HOME}/.config/git
 noblacklist ${HOME}/.gitconfig
 noblacklist ${HOME}/.git-credentials
@@ -26,7 +33,8 @@ include disable-passwdmgr.inc
 # Uncomment the next line (or put it into your meld.local) if you don't need to compare files in disable-programs.inc.
 #include disable-programs.inc
 
-include whitelist-var-common.inc
+# Uncomment the next line (or put it into your meld.local) if you don't need to compare files in /var.
+#include whitelist-var-common.inc
 
 apparmor
 caps.drop all