From 0dba38435ef92ccc01cc9ff23b69df55489ec983 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 5 Jul 2017 09:40:54 -0400
Subject: Harden profiles

- Added 'disable-devel.conf' to many profiles
- Added 'disable-mnt' to many profiles
- Added 'noexec' to many profiles
- Removed 'netfilter' and 'net none' from profiles with 'protocol unix'
- Cleaned up profiles using defaults
---
 etc/pcmanfm.profile | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

(limited to 'etc/pcmanfm.profile')

diff --git a/etc/pcmanfm.profile b/etc/pcmanfm.profile
index 68d002f2d..67ab7f9e6 100644
--- a/etc/pcmanfm.profile
+++ b/etc/pcmanfm.profile
@@ -15,21 +15,12 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-netfilter
-nogroups
+no3d
 nonewprivs
 noroot
 nosound
+novideo
 protocol unix
 seccomp
 shell none
 tracelog
-
-#
-# depending on your usage, you can enable some of the commands below: 
-#
-# private-bin program
-# private-etc none
-# private-dev
-# private-tmp
-
-- 
cgit v1.2.3-70-g09d2