From 0dba38435ef92ccc01cc9ff23b69df55489ec983 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Wed, 5 Jul 2017 09:40:54 -0400
Subject: Harden profiles

- Added 'disable-devel.conf' to many profiles
- Added 'disable-mnt' to many profiles
- Added 'noexec' to many profiles
- Removed 'netfilter' and 'net none' from profiles with 'protocol unix'
- Cleaned up profiles using defaults
---
 etc/skype.profile | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'etc/skype.profile')

diff --git a/etc/skype.profile b/etc/skype.profile
index 8b97c7152..7c7a4eb17 100644
--- a/etc/skype.profile
+++ b/etc/skype.profile
@@ -7,17 +7,22 @@ include /etc/firejail/skype.local
 
 # Skype profile
 noblacklist ${HOME}/.Skype
+
 include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
+shell none
 
+private-dev
 private-tmp
 disable-mnt
 
-- 
cgit v1.2.3-70-g09d2