From 90cd669eba680369c6ba8d96af194b70c8cc8706 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Sat, 15 Apr 2017 08:57:13 -0400
Subject: Harden some profiles

---
 etc/lollypop.profile | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'etc/lollypop.profile')

diff --git a/etc/lollypop.profile b/etc/lollypop.profile
index 06ed415d6..4b51f69b0 100644
--- a/etc/lollypop.profile
+++ b/etc/lollypop.profile
@@ -18,7 +18,18 @@ include /etc/firejail/disable-devel.inc
 #Options
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
+shell none
+
+private-dev
+private-etc fonts
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
+
+no3d
-- 
cgit v1.2.3-70-g09d2