From d15fa8fc2c5a245cb7698c0bfa3e9838bdbb6dd6 Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Wed, 20 Feb 2019 22:53:14 +0000
Subject: Harden devilspie profile

---
 etc/devilspie.profile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/etc/devilspie.profile b/etc/devilspie.profile
index a809bee0c..d0a1ccf41 100644
--- a/etc/devilspie.profile
+++ b/etc/devilspie.profile
@@ -13,9 +13,12 @@ include disable-devel.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
 
+apparmor
 caps.drop all
 ipc-namespace
+# machine-id breaks audio; it should work fine in setups where sound is not required
 machine-id
 net none
 no3d
-- 
cgit v1.2.3-54-g00ecf


From 50f6270c84ca1b8073a01f1936cb1bb653e7812c Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Wed, 20 Feb 2019 22:54:39 +0000
Subject: Harden devilspie2 profile

---
 etc/devilspie2.profile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/etc/devilspie2.profile b/etc/devilspie2.profile
index d8c10413b..fbf765fa2 100644
--- a/etc/devilspie2.profile
+++ b/etc/devilspie2.profile
@@ -13,7 +13,9 @@ include disable-devel.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
 
+apparmor
 caps.drop all
 ipc-namespace
 machine-id
-- 
cgit v1.2.3-54-g00ecf