From 0773b2791af79418572373ac8297bea6060d65a9 Mon Sep 17 00:00:00 2001
From: Fred-Barclay <Fred-Barclay@users.noreply.github.com>
Date: Wed, 17 Aug 2016 09:18:20 +1000
Subject: tightened profiles

---
 etc/gnome-mplayer.profile | 5 ++++-
 etc/gpredict.profile      | 3 ++-
 etc/gthumb.profile        | 3 ++-
 etc/hedgewars.profile     | 6 +++++-
 etc/hexchat.profile       | 6 +++++-
 etc/jitsi.profile         | 1 +
 etc/kmail.profile         | 4 ++++
 etc/konversation.profile  | 3 +++
 8 files changed, 26 insertions(+), 5 deletions(-)

(limited to 'etc')

diff --git a/etc/gnome-mplayer.profile b/etc/gnome-mplayer.profile
index 1caea177d..1b0fc9807 100644
--- a/etc/gnome-mplayer.profile
+++ b/etc/gnome-mplayer.profile
@@ -5,10 +5,13 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
+nogroups
 nonewprivs
 noroot
 protocol unix,inet,inet6
 seccomp
-
 shell none
+
 private-bin gnome-mplayer
+private-dev
+private-tmp
diff --git a/etc/gpredict.profile b/etc/gpredict.profile
index a8378a66e..353ecceae 100644
--- a/etc/gpredict.profile
+++ b/etc/gpredict.profile
@@ -15,10 +15,11 @@ nonewprivs
 nogroups
 noroot
 nosound
-protocol unix,inet,inet6,netlink
+protocol unix,inet,inet6
 seccomp
 shell none
 tracelog
 
 private-bin gpredict
 private-dev
+private-tmp
diff --git a/etc/gthumb.profile b/etc/gthumb.profile
index 3c02576aa..e043c7229 100644
--- a/etc/gthumb.profile
+++ b/etc/gthumb.profile
@@ -7,8 +7,8 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
-nonewprivs
 nogroups
+nonewprivs
 noroot
 nosound
 protocol unix
@@ -19,3 +19,4 @@ tracelog
 private-bin gthumb
 whitelist /tmp/.X11-unix
 private-dev
+private-tmp
diff --git a/etc/hedgewars.profile b/etc/hedgewars.profile
index c5d863bd5..7910b7eb0 100644
--- a/etc/hedgewars.profile
+++ b/etc/hedgewars.profile
@@ -7,12 +7,16 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
+netfilter
+nogroups
 nonewprivs
 noroot
-private-dev
 seccomp
 tracelog
 
+private-dev
+private-tmp
+
 mkdir     ~/.hedgewars
 whitelist ~/.hedgewars
 include /etc/firejail/whitelist-common.inc
diff --git a/etc/hexchat.profile b/etc/hexchat.profile
index 0d7ee6594..0ff64aef5 100644
--- a/etc/hexchat.profile
+++ b/etc/hexchat.profile
@@ -7,9 +7,11 @@ include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-devel.inc
 
 caps.drop all
+netfilter
+nogroups
 nonewprivs
 noroot
-netfilter
+nosound
 protocol unix,inet,inet6
 seccomp
 
@@ -18,3 +20,5 @@ whitelist ~/.config/hexchat
 include /etc/firejail/whitelist-common.inc
 
 # private-bin requires perl, python, etc.
+private-dev
+private-tmp
diff --git a/etc/jitsi.profile b/etc/jitsi.profile
index 8baf1ad94..c61158f8b 100644
--- a/etc/jitsi.profile
+++ b/etc/jitsi.profile
@@ -14,3 +14,4 @@ seccomp
 shell none
 tracelog
 
+private-tmp
diff --git a/etc/kmail.profile b/etc/kmail.profile
index 44a53e258..8c8fd18c4 100644
--- a/etc/kmail.profile
+++ b/etc/kmail.profile
@@ -9,7 +9,11 @@ include /etc/firejail/disable-passwdmgr.inc
 caps.drop all
 netfilter
 nonewprivs
+nogroups
 noroot
 protocol unix,inet,inet6,netlink
 seccomp
 tracelog
+
+private-dev
+private-tmp
diff --git a/etc/konversation.profile b/etc/konversation.profile
index 190061618..e9546fd1b 100644
--- a/etc/konversation.profile
+++ b/etc/konversation.profile
@@ -7,6 +7,9 @@ include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
 netfilter
+nogroups
 noroot
 seccomp
 protocol unix,inet,inet6
+
+private-tmp
-- 
cgit v1.2.3-54-g00ecf