From a1d92b15fef9dfa5f75b7caa97304e6d1ca93a9c Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Sun, 24 Feb 2019 21:43:33 +0000
Subject: Harden gnome-logs.profile (#2461)

---
 etc/gnome-logs.profile | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'etc/gnome-logs.profile')

diff --git a/etc/gnome-logs.profile b/etc/gnome-logs.profile
index c429c7697..9ea4fb9f6 100644
--- a/etc/gnome-logs.profile
+++ b/etc/gnome-logs.profile
@@ -16,7 +16,9 @@ include disable-xdg.inc
 whitelist /var/log/journal
 include whitelist-var-common.inc
 
+apparmor
 caps.drop all
+ipc-namespace
 net none
 no3d
 nodbus
@@ -36,11 +38,16 @@ shell none
 
 disable-mnt
 private-bin gnome-logs
+private-cache
 private-dev
 private-etc alternatives,fonts,localtime,machine-id
 private-lib gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libgconf-2.so.*,librsvg-2.so.*
 private-tmp
 writable-var-log
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
+
+# comment this if you export logs to a file in your ${HOME}
+read-only ${HOME}
-- 
cgit v1.2.3-70-g09d2