From c310495149a0c96c5b4987b583757a1f3a5b2c58 Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Sun, 24 Feb 2019 21:16:59 +0000
Subject: Harden exiftool.profile (#2456)

---
 etc/exiftool.profile | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'etc/exiftool.profile')

diff --git a/etc/exiftool.profile b/etc/exiftool.profile
index 37e01f8d3..1838ce273 100644
--- a/etc/exiftool.profile
+++ b/etc/exiftool.profile
@@ -19,7 +19,10 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
+apparmor
 caps.drop all
+ipc-namespace
+machine-id
 net none
 no3d
 nodbus
@@ -36,8 +39,12 @@ seccomp
 shell none
 tracelog
 
-# private-bin exiftool,perl
+private-bin exiftool,perl
 private-cache
 private-dev
 private-etc alternatives
 private-tmp
+
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
-- 
cgit v1.2.3-70-g09d2