From c6259375dff79484b9f3d587da9fbfa76a3b68b9 Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Wed, 4 Oct 2017 16:24:36 -0500
Subject: Tighten multiple profiles.

This adds whitelist-var-common, machine-id, memory-deny-write-execute,
and noexec home and tmp when possible.
---
 etc/qbittorrent.profile | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'etc/qbittorrent.profile')

diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile
index 86db5c26c..aeb52b991 100644
--- a/etc/qbittorrent.profile
+++ b/etc/qbittorrent.profile
@@ -25,6 +25,7 @@ whitelist ~/.config/qBittorrentrc
 whitelist ~/.config/qt5ct
 whitelist ~/.local/share/data/qBittorrent
 include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
 
 caps.drop all
 machine-id
@@ -44,3 +45,7 @@ seccomp
 private-dev
 # private-etc X11,fonts,xdg,resolv.conf
 private-tmp
+
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
-- 
cgit v1.2.3-70-g09d2