From 028052f0c95d85d39c5c0f7b3486aceb12313fa2 Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Sun, 19 Jul 2020 10:54:11 +0200
Subject: Harden gnome-calculator

---
 etc/profile-a-l/gnome-calculator.profile | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

(limited to 'etc/profile-a-l/gnome-calculator.profile')

diff --git a/etc/profile-a-l/gnome-calculator.profile b/etc/profile-a-l/gnome-calculator.profile
index bc6626598..cf5d5390a 100644
--- a/etc/profile-a-l/gnome-calculator.profile
+++ b/etc/profile-a-l/gnome-calculator.profile
@@ -25,8 +25,7 @@ apparmor
 caps.drop all
 ipc-namespace
 machine-id
-# net none
-netfilter
+net none
 no3d
 nodvd
 nogroups
@@ -39,6 +38,7 @@ novideo
 protocol unix,inet,inet6
 seccomp
 shell none
+tracelog
 
 disable-mnt
 private-bin gnome-calculator
@@ -47,8 +47,7 @@ private-dev
 #private-lib gdk-pixbuf-2.*,gio,girepository-1.*,gvfs,libgconf-2.so.*,libgnutls.so.*,libproxy.so.*,librsvg-2.so.*,libxml2.so.*
 private-tmp
 
-# makes settings immutable
-# dbus-user none
-# dbus-system none
-
-# memory-deny-write-execute
+dbus-user filter
+dbus-user.own org.gnome.Calculator
+dbus-user.talk ca.desrt.dconf
+dbus-system none
-- 
cgit v1.2.3-70-g09d2