From 56a34f63f22d20e2dd51f3a0932dc07f2647f252 Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Sat, 9 Jul 2016 05:28:39 +1000
Subject: If you give a mouse a cookie...

---
 etc/atril.profile   | 8 ++++++--
 etc/evince.profile  | 3 ++-
 etc/xreader.profile | 8 ++++++--
 3 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/etc/atril.profile b/etc/atril.profile
index 8ee7da173..bfe731bec 100644
--- a/etc/atril.profile
+++ b/etc/atril.profile
@@ -7,10 +7,14 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-netfilter
 nonewprivs
+nogroups
 noroot
 nosound
-protocol unix,inet,inet6
+protocol unix
 seccomp
+shell none
 tracelog
+
+private-bin atril, atril-previewer, atril-thumbnailer
+private-dev
diff --git a/etc/evince.profile b/etc/evince.profile
index 9899da84d..530ce959a 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -6,9 +6,10 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 nonewprivs
+nogroups
 noroot
 nosound
-protocol unix,inet,inet6
+protocol unix
 seccomp
 
 shell none
diff --git a/etc/xreader.profile b/etc/xreader.profile
index 2cf109f09..fed9d4db5 100644
--- a/etc/xreader.profile
+++ b/etc/xreader.profile
@@ -9,10 +9,14 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-netfilter
 nonewprivs
+nogroups
 noroot
 nosound
-protocol unix,inet,inet6
+protocol unix
 seccomp
+shell none
 tracelog
+
+private-bin xreader, xreader-previewer, xreader-thumbnailer
+private-dev
-- 
cgit v1.2.3-54-g00ecf