From cc4e42705c39361f56b82c1a2e1e2f0ad6ae8bed Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Mon, 18 Mar 2019 16:33:45 +0000
Subject: Harden easystroke (#2606)

---
 etc/easystroke.profile | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'etc/easystroke.profile')

diff --git a/etc/easystroke.profile b/etc/easystroke.profile
index 44156f97e..42529d302 100644
--- a/etc/easystroke.profile
+++ b/etc/easystroke.profile
@@ -10,12 +10,14 @@ noblacklist ${HOME}/.easystroke
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
 
+apparmor
 caps.drop all
-ipc-namespace
 machine-id
 net none
 no3d
@@ -33,13 +35,13 @@ seccomp
 shell none
 
 disable-mnt
-private-bin easystroke,bash,sh
+# breaks custom shell command functionality
+#private-bin bash,easystroke,sh
 private-cache
 private-dev
-private-etc alternatives,fonts
-private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*
+private-etc alternatives,fonts,group,passwd
+# breaks custom shell command functionality
+#private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*
 private-tmp
 
 memory-deny-write-execute
-noexec ${HOME}
-noexec /tmp
-- 
cgit v1.2.3-70-g09d2