From 325aad5dead4e42ae893ce1a9a3cbdda4c5c8f8e Mon Sep 17 00:00:00 2001
From: Jean Lucas <jean@4ray.co>
Date: Fri, 22 Jun 2018 14:29:11 -0400
Subject: Further restrict Wire

---
 etc/wire-desktop.profile | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/etc/wire-desktop.profile b/etc/wire-desktop.profile
index c0e0b3c4b..74d44efe3 100644
--- a/etc/wire-desktop.profile
+++ b/etc/wire-desktop.profile
@@ -13,6 +13,12 @@ include /etc/firejail/disable-interpreters.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
+mkdir ${HOME}/.config/Wire
+whitelist ${HOME}/.config/Wire
+whitelist ${DOWNLOADS}
+
+include /etc/firejail/whitelist-common.inc
+
 caps.drop all
 netfilter
 nodvd
@@ -28,6 +34,7 @@ shell none
 # it is not in PATH. To use Wire with firejail, run "firejail /opt/wire-desktop/wire-desktop"
 
 private-bin wire-desktop
-disable-mnt
 private-dev
+private-etc fonts,machine-id
+disable-mnt
 private-tmp
-- 
cgit v1.2.3-54-g00ecf