From 2297257745fd568b1f042139b7e3bfa2830eb500 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Sat, 1 Oct 2022 19:23:19 +0000 Subject: Harden qutebrowser profile --- etc/profile-m-z/qutebrowser.profile | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'etc/profile-m-z') diff --git a/etc/profile-m-z/qutebrowser.profile b/etc/profile-m-z/qutebrowser.profile index fc910b589..e15db2ea5 100644 --- a/etc/profile-m-z/qutebrowser.profile +++ b/etc/profile-m-z/qutebrowser.profile @@ -16,6 +16,7 @@ include allow-python3.inc include disable-common.inc include disable-devel.inc +include disable-exec.inc include disable-interpreters.inc include disable-programs.inc @@ -28,6 +29,7 @@ whitelist ${HOME}/.config/qutebrowser whitelist ${HOME}/.local/share/qutebrowser include whitelist-common.inc +apparmor caps.drop all netfilter nodvd @@ -38,3 +40,19 @@ protocol unix,inet,inet6,netlink # blacklisting of chroot system calls breaks qt webengine seccomp !chroot,!name_to_handle_at # tracelog + +disable-mnt +private-cache +private-dev +private-etc alternatives,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.preload,localtime,machine-id,pki,pulse,resolv.conf,ssl +private-tmp + +dbus-user filter +dbus-user.talk org.freedesktop.Notifications +dbus-user.talk org.mpris.MediaPlayer2.* +# Add the next line to your qutebrowser.local to allow screen sharing under wayland. +#dbus-user.talk org.freedesktop.portal.Desktop +# Add the next line to your qutebrowser.local if screen sharing sharing still does not work +# with the above lines (might depend on the portal implementation). +#ignore noroot +dbus-system none -- cgit v1.2.3-54-g00ecf