From 3c3602fe4e747f3489c917f4de991c9043df9751 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Sat, 16 Sep 2017 14:11:43 -0400
Subject: Harden 25 profiles

---
 etc/imagej.profile | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'etc/imagej.profile')

diff --git a/etc/imagej.profile b/etc/imagej.profile
index 4613e378f..88a56c706 100644
--- a/etc/imagej.profile
+++ b/etc/imagej.profile
@@ -16,12 +16,20 @@ include /etc/firejail/disable-programs.inc
 caps.drop all
 ipc-namespace
 net none
+nodvd
 nogroups
 nonewprivs
 noroot
+nosound
+notv
+novideo
+protocol unix
 seccomp
+shell none
 
 private-bin imagej,bash,grep,sort,tail,tr,cut,whoami,hostname,uname,mkdir,ls,touch,free,awk,update-java-alternatives,basename,xprop,rm,ln
 private-dev
-# private-etc passwd,alternatives,hosts,fonts,X11
 private-tmp
+
+noexec ${HOME}
+noexec /tmp
-- 
cgit v1.2.3-54-g00ecf