From 6041ee719a9496959ef820347ef5db0854efee50 Mon Sep 17 00:00:00 2001
From: "Adrian L. Shaw" <adrianlshaw@gmail.com>
Date: Sun, 24 Nov 2019 16:06:27 +0000
Subject: Sort and harden profanity profile

---
 etc/profanity.profile | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

(limited to 'etc/profanity.profile')

diff --git a/etc/profanity.profile b/etc/profanity.profile
index 9ad7d9f92..b6c5f8102 100644
--- a/etc/profanity.profile
+++ b/etc/profanity.profile
@@ -1,33 +1,36 @@
 # Firejail profile for profanity
-# Description: profanity is an XMPP-OTR chat client for the terminal
+# Description: profanity is an XMPP chat client for the terminal
 # This file is overwritten after every install/update
 quiet
 # Persistent local customizations
-include unzip.local
+include profanity.local
 # Persistent global definitions
 include globals.local
 
-ignore net none
-
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
 
-mkdir ${HOME}/.config/profanity
-mkdir ${HOME}/.local/share/profanity
 noblacklist ${HOME}/.config/profanity
 noblacklist ${HOME}/.local/share/profanity
 
 caps.drop all
 netfilter
+no3d
+nodbus
 nodvd
 nogroups
 nonewprivs
 noroot
+nosound
 notv
 nou2f
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
@@ -35,10 +38,7 @@ shell none
 private-bin profanity
 private-cache
 private-dev
-private-tmp
 private-etc alternatives,localtime,mime.types,resolv.conf,ssl
+private-tmp
 
 memory-deny-write-execute
-noexec ${HOME}
-noexec /tmp
-
-- 
cgit v1.2.3-70-g09d2