From 3c3602fe4e747f3489c917f4de991c9043df9751 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Sat, 16 Sep 2017 14:11:43 -0400
Subject: Harden 25 profiles

---
 etc/ricochet.profile | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'etc/ricochet.profile')

diff --git a/etc/ricochet.profile b/etc/ricochet.profile
index 423dfb887..6da0e21d5 100644
--- a/etc/ricochet.profile
+++ b/etc/ricochet.profile
@@ -19,14 +19,22 @@ include /etc/firejail/whitelist-common.inc
 
 caps.drop all
 ipc-namespace
+netfilter
+no3d
+nodvd
 nogroups
+nonewprivs
 noroot
+notv
+novideo
+protocol unix,inet,inet6
 seccomp
 shell none
 
+disable-mnt
 private-bin ricochet,tor
 private-dev
 #private-etc fonts,tor,X11,alternatives
 
-noexec /home
+noexec ${HOME}
 noexec /tmp
-- 
cgit v1.2.3-70-g09d2