From f99a296347a3a70fe898915746306dfe78bcdeae Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Mon, 12 Dec 2022 13:10:48 +0000
Subject: clipit hardening (#5521)

* clipit hardening

* clipit: fix hardening

* clipit: add xdotool lib to private-lib
---
 etc/profile-a-l/clipit.profile | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'etc/profile-a-l/clipit.profile')

diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile
index ef1800aaa..0356547cd 100644
--- a/etc/profile-a-l/clipit.profile
+++ b/etc/profile-a-l/clipit.profile
@@ -13,7 +13,9 @@ include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
+include disable-proc.inc
 include disable-programs.inc
+include disable-shell.inc
 include disable-xdg.inc
 
 mkdir ${HOME}/.config/clipit
@@ -21,6 +23,8 @@ mkdir ${HOME}/.local/share/clipit
 whitelist ${HOME}/.config/clipit
 whitelist ${HOME}/.local/share/clipit
 include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
@@ -34,6 +38,7 @@ nodvd
 nogroups
 noinput
 nonewprivs
+noprinters
 noroot
 nosound
 notv
@@ -41,9 +46,18 @@ nou2f
 novideo
 protocol unix
 seccomp
+tracelog
 
 disable-mnt
+private-bin clipit,xdotool
 private-cache
 private-dev
+private-lib libxdo.so.*
 private-tmp
 
+dbus-user none
+dbus-system none
+
+#memory-deny-write-execute
+restrict-namespaces
+read-only ${HOME}
-- 
cgit v1.2.3-70-g09d2