From d0004b845d074d6a1bffa1b4212dd3782f4999c3 Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Thu, 7 Jan 2021 13:58:37 +0100
Subject: Harden openshot.profile

'dbus-user none' freeze openshot when clicking on open project,
'dbus-user filter' works.
---
 etc/profile-m-z/openshot.profile | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/etc/profile-m-z/openshot.profile b/etc/profile-m-z/openshot.profile
index e1839c724..ac960345a 100644
--- a/etc/profile-m-z/openshot.profile
+++ b/etc/profile-m-z/openshot.profile
@@ -19,6 +19,10 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
+whitelist /usr/share/blender
+whitelist /usr/share/inkscape
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
 apparmor
@@ -32,11 +36,14 @@ notv
 nou2f
 protocol unix,inet,inet6,netlink
 seccomp
+seccomp.block-secondary
 shell none
 tracelog
 
+private-bin blender,inkscape,openshot,openshot-qt,python3*
+private-cache
 private-dev
 private-tmp
 
-dbus-user none
+dbus-user filter
 dbus-system none
-- 
cgit v1.2.3-54-g00ecf