From c6259375dff79484b9f3d587da9fbfa76a3b68b9 Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Wed, 4 Oct 2017 16:24:36 -0500
Subject: Tighten multiple profiles.

This adds whitelist-var-common, machine-id, memory-deny-write-execute,
and noexec home and tmp when possible.
---
 etc/pluma.profile | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'etc/pluma.profile')

diff --git a/etc/pluma.profile b/etc/pluma.profile
index 718dee440..56786fda7 100644
--- a/etc/pluma.profile
+++ b/etc/pluma.profile
@@ -12,8 +12,11 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
 
+include /etc/firejail/whitelist-var-common.inc
+
 caps.drop all
 # net none - makes settings immutable
+machine-id
 no3d
 nodvd
 nogroups
@@ -32,5 +35,6 @@ private-dev
 # private-etc fonts
 private-tmp
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
-- 
cgit v1.2.3-54-g00ecf