From 5354f20012b488c50cd556e315b78ad351ae0f9d Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Tue, 4 Jul 2017 10:51:43 -0400
Subject: Harden 50 profiles

Hardened many profiles using disable-mnt and novideo
Fixed gnome-font-viewer
---
 etc/gnome-clocks.profile | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'etc/gnome-clocks.profile')

diff --git a/etc/gnome-clocks.profile b/etc/gnome-clocks.profile
index 40df92454..129bd6e71 100644
--- a/etc/gnome-clocks.profile
+++ b/etc/gnome-clocks.profile
@@ -12,10 +12,11 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
+no3d
 nogroups
 nonewprivs
 noroot
-nosound
+novideo
 protocol unix,inet,inet6
 seccomp
 netfilter
@@ -26,3 +27,7 @@ tracelog
 private-tmp
 private-dev
 # private-etc fonts
+disable-mnt
+
+noexec ${HOME}
+noexec /tmp
-- 
cgit v1.2.3-70-g09d2