From e3d22faf5a107c6e1717cfbb145a358e054b55f0 Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Sun, 24 Sep 2017 14:19:14 -0500 Subject: Harden mate-* profiles --- etc/mate-color-select.profile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'etc/mate-color-select.profile') diff --git a/etc/mate-color-select.profile b/etc/mate-color-select.profile index 26ce42fbf..7df7d7faa 100644 --- a/etc/mate-color-select.profile +++ b/etc/mate-color-select.profile @@ -11,6 +11,11 @@ include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc include /etc/firejail/disable-programs.inc +whitelist ${HOME}/.config/gtk-3.0 +whitelist ${HOME}/.fonts +whitelist ${HOME}/.icons +whitelist ${HOME}/.themes + caps.drop all netfilter no3d @@ -26,9 +31,11 @@ seccomp shell none disable-mnt -private +private-bin mate-color-select +private-etc fonts private-dev private-tmp +memory-deny-write-execute noexec ${HOME} noexec /tmp -- cgit v1.2.3-70-g09d2