From 582ae38e811a7a768d2cfbcf93e711ebbc984e07 Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Fri, 23 Oct 2020 14:06:37 +0200
Subject: harden peek; update README.md; add gnome-sound-…
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

…recorder to firecfg.config
---
 etc/profile-m-z/peek.profile | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

(limited to 'etc/profile-m-z/peek.profile')

diff --git a/etc/profile-m-z/peek.profile b/etc/profile-m-z/peek.profile
index 66fdd6496..28a7da404 100644
--- a/etc/profile-m-z/peek.profile
+++ b/etc/profile-m-z/peek.profile
@@ -17,7 +17,18 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
+#mkdir ${HOME}/.cache/peek
+#whitelist ${HOME}/.cache/peek
+#whitelist ${PICTURES}
+#whitelist ${VIDEOS}
+#include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
 caps.drop all
+machine-id
 net none
 no3d
 nodvd
@@ -31,13 +42,20 @@ novideo
 protocol unix
 seccomp
 shell none
+tracelog
 
-# private-bin breaks gif mode, mp4 and webm mode work fine however
-# private-bin convert,ffmpeg,peek
+disable-mnt
+private-bin bash,convert,ffmpeg,firejail,fish,peek,sh,which,zsh
 private-dev
+private-etc dconf,firejail,fonts,gtk-3.0,login.defs,pango,passwd,X11
 private-tmp
 
-dbus-user none
+dbus-user filter
+dbus-user.own com.uploadedlobster.peek
+dbus-user.talk ca.desrt.dconf
+dbus-user.talk org.freedesktop.FileManager1
+dbus-user.talk org.freedesktop.Notifications
+dbus-user.talk org.gnome.Shell.Screencast
 dbus-system none
 
 memory-deny-write-execute
-- 
cgit v1.2.3-70-g09d2