From c6259375dff79484b9f3d587da9fbfa76a3b68b9 Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Wed, 4 Oct 2017 16:24:36 -0500
Subject: Tighten multiple profiles.

This adds whitelist-var-common, machine-id, memory-deny-write-execute,
and noexec home and tmp when possible.
---
 etc/gitter.profile | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'etc/gitter.profile')

diff --git a/etc/gitter.profile b/etc/gitter.profile
index 0a47bf888..3e84455f1 100644
--- a/etc/gitter.profile
+++ b/etc/gitter.profile
@@ -13,7 +13,13 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
+whitelist ${DOWNLOADS}
+whitelist ~/.config/autostart
+whitelist ~/.config/Gitter
+include /etc/firejail/whitelist-var-common.inc
+
 caps.drop all
+machine-id
 netfilter
 nodvd
 nogroups
@@ -25,7 +31,12 @@ protocol unix,inet,inet6,netlink
 seccomp
 shell none
 
+disable-mnt
 private-bin bash,env,gitter
+private-etc fonts,pulse,resolv.conf
 private-opt Gitter
 private-dev
 private-tmp
+
+noexec ${HOME}
+noexec /tmp
-- 
cgit v1.2.3-54-g00ecf