From e3d22faf5a107c6e1717cfbb145a358e054b55f0 Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Sun, 24 Sep 2017 14:19:14 -0500
Subject: Harden mate-* profiles

---
 etc/mate-dictionary.profile | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'etc/mate-dictionary.profile')

diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile
index f0de57e0d..3f85addaf 100644
--- a/etc/mate-dictionary.profile
+++ b/etc/mate-dictionary.profile
@@ -12,6 +12,12 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
+whitelist ${HOME}/.config/mate/mate-dictionary
+whitelist ${HOME}/.config/gtk-3.0
+whitelist ${HOME}/.fonts
+whitelist ${HOME}/.icons
+whitelist ${HOME}/.themes
+
 caps.drop all
 netfilter
 no3d
@@ -27,8 +33,12 @@ seccomp
 shell none
 
 disable-mnt
+private-bin mate-dictionary
+private-etc fonts,resolv.conf
+private-opt mate-dictionary
 private-dev
 private-tmp
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
-- 
cgit v1.2.3-70-g09d2