From 0dba38435ef92ccc01cc9ff23b69df55489ec983 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 5 Jul 2017 09:40:54 -0400
Subject: Harden profiles

- Added 'disable-devel.conf' to many profiles
- Added 'disable-mnt' to many profiles
- Added 'noexec' to many profiles
- Removed 'netfilter' and 'net none' from profiles with 'protocol unix'
- Cleaned up profiles using defaults
---
 etc/ktorrent.profile | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

(limited to 'etc/ktorrent.profile')

diff --git a/etc/ktorrent.profile b/etc/ktorrent.profile
index 59c2827cd..c19f1c5ef 100644
--- a/etc/ktorrent.profile
+++ b/etc/ktorrent.profile
@@ -5,16 +5,15 @@ include /etc/firejail/globals.local
 # Persistent customizations should go in a .local file.
 include /etc/firejail/ktorrent.local
 
-################################
-# Generic GUI application profile
-################################
 noblacklist ~/.config/ktorrentrc
 noblacklist ~/.local/share/ktorrent
 noblacklist ~/.kde/share/config/ktorrentrc
 noblacklist ~/.kde4/share/config/ktorrentrc
 noblacklist ~/.kde/share/apps/ktorrent
 noblacklist ~/.kde4/share/apps/ktorrent
+
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 
@@ -36,17 +35,18 @@ include /etc/firejail/whitelist-common.inc
 
 caps.drop all
 netfilter
+no3d
+nogroups
 nonewprivs
 noroot
+nosound
+novideo
 protocol unix,inet,inet6
 seccomp
-
-#
-# depending on your usage, you can enable some of the commands below:
-#
-nogroups
 shell none
-# private-bin program
-# private-etc none
+
 private-dev
-# private-tmp
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
-- 
cgit v1.2.3-54-g00ecf