From eb34c2d931698529ff6de2b3b90d7b1703f3b13a Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Thu, 25 Jun 2020 15:09:44 +0200
Subject: harden gradio.profile

---
 etc/profile-a-l/gradio.profile | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/etc/profile-a-l/gradio.profile b/etc/profile-a-l/gradio.profile
index 82e2504b9..a16e65efb 100644
--- a/etc/profile-a-l/gradio.profile
+++ b/etc/profile-a-l/gradio.profile
@@ -14,12 +14,15 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
 
 mkdir ${HOME}/.cache/gradio
 mkdir ${HOME}/.local/share/gradio
 whitelist ${HOME}/.cache/gradio
 whitelist ${HOME}/.local/share/gradio
 include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
 caps.drop all
@@ -30,11 +33,23 @@ nogroups
 nonewprivs
 noroot
 notv
+nou2f
 novideo
 protocol unix,inet,inet6
 seccomp
+seccomp.block-secondary
 shell none
+tracelog
 
+disable-mnt
+private-bin gradio
+private-cache
+private-dev
 private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-3.0,host.conf,hostname,hosts,machine-id,pki,pulse,resolv.conf,ssl,xdg
 private-tmp
 
+dbus-user filter
+dbus-user.own de.haeckerfelix.gradio
+dbus-user.own org.mpris.MediaPlayer2.gradio
+dbus-user.talk ca.desrt.dconf
+dbus-system none
-- 
cgit v1.2.3-70-g09d2