From 5018a209d23e7f7e7dae2a93b3b57a40e5e3a980 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Sun, 18 Mar 2018 21:35:55 -0400
Subject: Misc profile hardening and fixes

---
 etc/asunder.profile       | 3 ---
 etc/atool.profile         | 1 +
 etc/brasero.profile       | 1 +
 etc/frozen-bubble.profile | 2 ++
 etc/gnome-twitch.profile  | 1 +
 etc/open-invaders.profile | 1 +
 etc/pingus.profile        | 1 +
 etc/simutrans.profile     | 1 +
 etc/supertux2.profile     | 2 ++
 etc/terasology.profile    | 2 +-
 10 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/etc/asunder.profile b/etc/asunder.profile
index ce68f8897..0fbc3a158 100644
--- a/etc/asunder.profile
+++ b/etc/asunder.profile
@@ -10,8 +10,6 @@ noblacklist ${HOME}/.asunder_album_genre
 noblacklist ${HOME}/.asunder_album_title
 noblacklist ${HOME}/.asunder_album_artist
 
-
-
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
@@ -29,7 +27,6 @@ protocol unix,inet,inet6
 seccomp
 shell none
 
-
 #private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
 private-dev
 private-tmp
diff --git a/etc/atool.profile b/etc/atool.profile
index c2e772f9d..4cc3f02de 100644
--- a/etc/atool.profile
+++ b/etc/atool.profile
@@ -14,6 +14,7 @@ include /etc/firejail/disable-programs.inc
 
 caps.drop all
 netfilter
+net none
 no3d
 nodvd
 nogroups
diff --git a/etc/brasero.profile b/etc/brasero.profile
index f90d4688a..90a7b176e 100644
--- a/etc/brasero.profile
+++ b/etc/brasero.profile
@@ -13,6 +13,7 @@ include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
 caps.drop all
+net none
 nogroups
 nonewprivs
 noroot
diff --git a/etc/frozen-bubble.profile b/etc/frozen-bubble.profile
index 0660137e0..ca38ed1b8 100644
--- a/etc/frozen-bubble.profile
+++ b/etc/frozen-bubble.profile
@@ -10,6 +10,7 @@ blacklist /run/user/*/bus
 noblacklist ${HOME}/.frozen-bubble
 
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
@@ -29,6 +30,7 @@ protocol unix,netlink
 seccomp
 shell none
 
+disable-mnt
 # private-bin frozen-bubble
 private-dev
 # private-etc none
diff --git a/etc/gnome-twitch.profile b/etc/gnome-twitch.profile
index 9c94404d1..9e8f2a241 100644
--- a/etc/gnome-twitch.profile
+++ b/etc/gnome-twitch.profile
@@ -30,6 +30,7 @@ protocol unix,inet,inet6
 seccomp
 shell none
 
+disable-mnt
 private-dev
 private-tmp
 
diff --git a/etc/open-invaders.profile b/etc/open-invaders.profile
index 331bfa939..191f8d87b 100644
--- a/etc/open-invaders.profile
+++ b/etc/open-invaders.profile
@@ -10,6 +10,7 @@ blacklist /run/user/*/bus
 noblacklist ${HOME}/.openinvaders
 
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
diff --git a/etc/pingus.profile b/etc/pingus.profile
index 65aeedd86..ec7eff632 100644
--- a/etc/pingus.profile
+++ b/etc/pingus.profile
@@ -10,6 +10,7 @@ blacklist /run/user/*/bus
 noblacklist ${HOME}/.pingus
 
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
diff --git a/etc/simutrans.profile b/etc/simutrans.profile
index 89d1f2925..8b4113d2f 100644
--- a/etc/simutrans.profile
+++ b/etc/simutrans.profile
@@ -10,6 +10,7 @@ blacklist /run/user/*/bus
 noblacklist ${HOME}/.simutrans
 
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
diff --git a/etc/supertux2.profile b/etc/supertux2.profile
index 2b5bb07c3..d60d7fa5f 100644
--- a/etc/supertux2.profile
+++ b/etc/supertux2.profile
@@ -10,6 +10,7 @@ blacklist /run/user/*/bus
 noblacklist ${HOME}/.local/share/supertux2
 
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
@@ -29,6 +30,7 @@ protocol unix,netlink
 seccomp
 shell none
 
+disable-mnt
 # private-bin supertux2
 private-dev
 # private-etc none
diff --git a/etc/terasology.profile b/etc/terasology.profile
index 3d27134c4..ea25938d3 100644
--- a/etc/terasology.profile
+++ b/etc/terasology.profile
@@ -1,7 +1,7 @@
 # Firejail profile for terasology
 # This file is overwritten after every install/update
 # Persistent local customizations
-include /etc/firejail/default.local
+include /etc/firejail/terasology.local
 # Persistent global definitions
 include /etc/firejail/globals.local
 
-- 
cgit v1.2.3-54-g00ecf