diff options
-rw-r--r-- | etc/gnome-logs.profile | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile index c429c7697..9ea4fb9f6 100644 --- a/etc/gnome-logs.profile +++ b/etc/gnome-logs.profile | |||
@@ -16,7 +16,9 @@ include disable-xdg.inc | |||
16 | whitelist /var/log/journal | 16 | whitelist /var/log/journal |
17 | include whitelist-var-common.inc | 17 | include whitelist-var-common.inc |
18 | 18 | ||
19 | apparmor | ||
19 | caps.drop all | 20 | caps.drop all |
21 | ipc-namespace | ||
20 | net none | 22 | net none |
21 | no3d | 23 | no3d |
22 | nodbus | 24 | nodbus |
@@ -36,11 +38,16 @@ shell none | |||
36 | 38 | ||
37 | disable-mnt | 39 | disable-mnt |
38 | private-bin gnome-logs | 40 | private-bin gnome-logs |
41 | private-cache | ||
39 | private-dev | 42 | private-dev |
40 | private-etc alternatives,fonts,localtime,machine-id | 43 | private-etc alternatives,fonts,localtime,machine-id |
41 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* | 44 | private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.* |
42 | private-tmp | 45 | private-tmp |
43 | writable-var-log | 46 | writable-var-log |
44 | 47 | ||
48 | memory-deny-write-execute | ||
45 | noexec ${HOME} | 49 | noexec ${HOME} |
46 | noexec /tmp | 50 | noexec /tmp |
51 | |||
52 | # comment this if you export logs to a file in your ${HOME} | ||
53 | read-only ${HOME} | ||