From c6259375dff79484b9f3d587da9fbfa76a3b68b9 Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Wed, 4 Oct 2017 16:24:36 -0500
Subject: Tighten multiple profiles.

This adds whitelist-var-common, machine-id, memory-deny-write-execute,
and noexec home and tmp when possible.
---
 etc/hexchat.profile | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'etc/hexchat.profile')

diff --git a/etc/hexchat.profile b/etc/hexchat.profile
index fc817d9f9..47d39e8c4 100644
--- a/etc/hexchat.profile
+++ b/etc/hexchat.profile
@@ -16,8 +16,10 @@ include /etc/firejail/disable-programs.inc
 mkdir ~/.config/hexchat
 whitelist ~/.config/hexchat
 include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
 
 caps.drop all
+machine-id
 netfilter
 no3d
 nodvd
@@ -38,5 +40,6 @@ private-bin hexchat
 private-dev
 private-tmp
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
-- 
cgit v1.2.3-70-g09d2