From aa2c9ade1a37f0a1ad1d107b082d1a895d8dcad3 Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Wed, 6 Jan 2021 19:08:22 +0000
Subject: harden liferea (#3873)

* harden liferea

* dbus fixes

On closer investigation it seems wiser to tighten D-Bus filtering as Liferea implements stuff via plugins that are disabled by default.
---
 etc/profile-a-l/liferea.profile | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/etc/profile-a-l/liferea.profile b/etc/profile-a-l/liferea.profile
index 7cfd4fc10..a122e9bbc 100644
--- a/etc/profile-a-l/liferea.profile
+++ b/etc/profile-a-l/liferea.profile
@@ -42,7 +42,7 @@ noroot
 # nosound
 notv
 nou2f
-# novideo
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
@@ -51,3 +51,12 @@ tracelog
 disable-mnt
 private-dev
 private-tmp
+
+dbus-user filter
+dbus-user.own net.sourceforge.liferea
+dbus-user.talk ca.desrt.dconf
+# Uncomment the below if you use the 'Popup Notifications' plugin or add 'dbus-user.talk org.freedesktop.Notifications' to your liferea.local
+#dbus-user.talk org.freedesktop.Notifications
+# Uncomment the below if you use the 'Libsecret Support' plugin or add 'dbus-user.talk org.freedesktop.secrets' to your liferea.local
+#dbus-user.talk org.freedesktop.secrets
+dbus-system none
-- 
cgit v1.2.3-70-g09d2