From 90cd669eba680369c6ba8d96af194b70c8cc8706 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Sat, 15 Apr 2017 08:57:13 -0400
Subject: Harden some profiles

---
 etc/pithos.profile | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'etc/pithos.profile')

diff --git a/etc/pithos.profile b/etc/pithos.profile
index 500e35989..beb76909f 100644
--- a/etc/pithos.profile
+++ b/etc/pithos.profile
@@ -17,7 +17,17 @@ include /etc/firejail/whitelist-common.inc
 #Options
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
+shell none
+
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
+
+no3d
-- 
cgit v1.2.3-54-g00ecf