From 5354f20012b488c50cd556e315b78ad351ae0f9d Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Tue, 4 Jul 2017 10:51:43 -0400
Subject: Harden 50 profiles

Hardened many profiles using disable-mnt and novideo
Fixed gnome-font-viewer
---
 etc/rhythmbox.profile | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'etc/rhythmbox.profile')

diff --git a/etc/rhythmbox.profile b/etc/rhythmbox.profile
index 192382f77..930a8fed5 100644
--- a/etc/rhythmbox.profile
+++ b/etc/rhythmbox.profile
@@ -13,9 +13,11 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
+#no3d
 nogroups
 nonewprivs
 noroot
+novideo
 protocol unix,inet,inet6
 seccomp
 shell none
@@ -24,3 +26,6 @@ tracelog
 private-bin rhythmbox
 private-dev
 private-tmp
+
+noexec ${HOME}
+noexec /tmp
-- 
cgit v1.2.3-54-g00ecf