From deb6c12454191b7aeff3d259612a00427d1aa6a1 Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Thu, 9 Jul 2020 10:49:17 +0000
Subject: hardening some profiles (#3505)

* hardening some profiles

 - harden and fix flameshot
 - wruc: frogatto, ghostwriter
 - harden gnome-latex
 - add whitelist opt-in note to keepassxc
 - add comment to minetest
 - harden openarena, tremulous, xonotic
 - add profile for xonotic-sdl-wrapper

* followup
---
 etc/profile-a-l/flameshot.profile | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'etc/profile-a-l/flameshot.profile')

diff --git a/etc/profile-a-l/flameshot.profile b/etc/profile-a-l/flameshot.profile
index 207f87074..7c41417ec 100644
--- a/etc/profile-a-l/flameshot.profile
+++ b/etc/profile-a-l/flameshot.profile
@@ -8,6 +8,7 @@ include flameshot.local
 include globals.local
 
 noblacklist ${PICTURES}
+noblacklist ${HOME}/.config/Dharkael
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,7 +19,13 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
+#whitelist ${PICTURES}
+#whitelist ${HOME}/.config/Dharkael
+whitelist /usr/share/flameshot
+#include whitelist-common.inc
 include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
 
 caps.drop all
 ipc-namespace
@@ -35,13 +42,15 @@ novideo
 protocol unix,inet,inet6
 seccomp
 shell none
+tracelog
 
 disable-mnt
 private-bin flameshot
 private-cache
-private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.conf,pki,resolv.conf,ssl
+private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.conf,machine-id,pki,resolv.conf,ssl
 private-dev
 private-tmp
 
-# dbus-user none
-# dbus-system none
+dbus-user filter
+dbus-user.own org.dharkael.Flameshot
+dbus-system none
-- 
cgit v1.2.3-70-g09d2