From b2b955ef34a62ec734d982fc601d77492dc4a232 Mon Sep 17 00:00:00 2001
From: vismir2 <vis@mailbox.org>
Date: Sun, 2 Oct 2016 15:41:45 +0200
Subject: hardened profile for feh

---
 etc/feh.profile | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'etc/feh.profile')

diff --git a/etc/feh.profile b/etc/feh.profile
index ba8f32f44..5fcb6bf25 100644
--- a/etc/feh.profile
+++ b/etc/feh.profile
@@ -5,9 +5,17 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
+seccomp
+protocol unix
 netfilter
+net none
 nonewprivs
 noroot
+nogroups
 nosound
-protocol unix
-seccomp
+shell none
+
+private-bin feh
+whitelist /tmp/.X11-unix
+private-dev
+private-etc feh
-- 
cgit v1.2.3-54-g00ecf