From 90cd669eba680369c6ba8d96af194b70c8cc8706 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Sat, 15 Apr 2017 08:57:13 -0400
Subject: Harden some profiles

---
 etc/xonotic.profile | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'etc/xonotic.profile')

diff --git a/etc/xonotic.profile b/etc/xonotic.profile
index f2690c6c3..6bfb26484 100644
--- a/etc/xonotic.profile
+++ b/etc/xonotic.profile
@@ -23,7 +23,16 @@ include /etc/firejail/whitelist-common.inc
 #Options
 caps.drop all
 netfilter
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
+shell none
+
+private-bin xonotic-sdl,xonotic-glx,blind-id
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
-- 
cgit v1.2.3-70-g09d2