From 5354f20012b488c50cd556e315b78ad351ae0f9d Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Tue, 4 Jul 2017 10:51:43 -0400
Subject: Harden 50 profiles

Hardened many profiles using disable-mnt and novideo
Fixed gnome-font-viewer
---
 etc/gnome-font-viewer.profile | 29 +++++++++++++++--------------
 1 file changed, 15 insertions(+), 14 deletions(-)

(limited to 'etc/gnome-font-viewer.profile')

diff --git a/etc/gnome-font-viewer.profile b/etc/gnome-font-viewer.profile
index 3ea1b6b33..605dafc62 100644
--- a/etc/gnome-font-viewer.profile
+++ b/etc/gnome-font-viewer.profile
@@ -5,25 +5,26 @@ include /etc/firejail/globals.local
 # Persistent customizations should go in a .local file.
 include /etc/firejail/gnome-font-viewer.local
 
-private
-#include /etc/firejail/disable-common.inc
-#include /etc/firejail/disable-programs.inc
-#include /etc/firejail/disable-passwdmgr.inc
+#Blacklist Paths
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-devel.inc
 
+#Options
 caps.drop all
 netfilter
+no3d
 nonewprivs
 noroot
+nosound
+novideo
 protocol unix,inet,inet6
 seccomp
 
-#
-# depending on your usage, you can enable some of the commands below: 
-#
-nogroups
-shell none
-# private-bin program
-# private-etc none
-# private-dev
-# private-tmp
-nosound
+private-dev
+private-tmp
+disable-mnt
+
+noexec ${HOME}
+noexec /tmp
-- 
cgit v1.2.3-70-g09d2