From 0dba38435ef92ccc01cc9ff23b69df55489ec983 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 5 Jul 2017 09:40:54 -0400
Subject: Harden profiles

- Added 'disable-devel.conf' to many profiles
- Added 'disable-mnt' to many profiles
- Added 'noexec' to many profiles
- Removed 'netfilter' and 'net none' from profiles with 'protocol unix'
- Cleaned up profiles using defaults
---
 etc/luminance-hdr.profile | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'etc/luminance-hdr.profile')

diff --git a/etc/luminance-hdr.profile b/etc/luminance-hdr.profile
index 6ee118f76..0b8742e49 100644
--- a/etc/luminance-hdr.profile
+++ b/etc/luminance-hdr.profile
@@ -7,24 +7,26 @@ include /etc/firejail/luminance-hdr.local
 
 # luminance-hdr
 noblacklist ${HOME}/.config/Luminance
+
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 #ipc-namespace
-netfilter
 nogroups
 nonewprivs
 noroot
 nosound
+novideo
 protocol unix
 seccomp
 shell none
 tracelog
 
-noexec ${HOME}
-noexec /tmp
-
 private-tmp
 private-dev
+
+noexec ${HOME}
+noexec /tmp
-- 
cgit v1.2.3-54-g00ecf