From 25796cc5fac4d9460357d2fd9844ce746b4b7a4f Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 15 Mar 2020 17:45:45 -0400 Subject: some profile hardening --- etc/leafpad.profile | 2 ++ etc/mate-calc.profile | 1 + etc/mate-dictionary.profile | 1 + etc/midori.profile | 2 ++ etc/mousepad.profile | 2 ++ etc/mupdf.profile | 1 + 6 files changed, 9 insertions(+) (limited to 'etc') diff --git a/etc/leafpad.profile b/etc/leafpad.profile index 56a792c8e..1c917b9e7 100644 --- a/etc/leafpad.profile +++ b/etc/leafpad.profile @@ -17,7 +17,9 @@ include disable-programs.inc include whitelist-var-common.inc +apparmor caps.drop all +net none netfilter no3d nodvd diff --git a/etc/mate-calc.profile b/etc/mate-calc.profile index 2f6020ad3..966aa0a13 100644 --- a/etc/mate-calc.profile +++ b/etc/mate-calc.profile @@ -23,6 +23,7 @@ whitelist ${HOME}/.config/caja whitelist ${HOME}/.config/mate-menu include whitelist-common.inc +apparmor caps.drop all net none no3d diff --git a/etc/mate-dictionary.profile b/etc/mate-dictionary.profile index 49a776766..59f439c91 100644 --- a/etc/mate-dictionary.profile +++ b/etc/mate-dictionary.profile @@ -18,6 +18,7 @@ mkdir ${HOME}/.config/mate/mate-dictionary whitelist ${HOME}/.config/mate/mate-dictionary include whitelist-common.inc +apparmor caps.drop all netfilter no3d diff --git a/etc/midori.profile b/etc/midori.profile index e11e2acaa..648ce7738 100644 --- a/etc/midori.profile +++ b/etc/midori.profile @@ -49,6 +49,7 @@ whitelist ${HOME}/.pki whitelist ${HOME}/.local/share/pki include whitelist-common.inc +apparmor caps.drop all netfilter nodvd @@ -60,3 +61,4 @@ seccomp tracelog disable-mnt +private-tmp diff --git a/etc/mousepad.profile b/etc/mousepad.profile index 20370a5b5..9ba6f6376 100644 --- a/etc/mousepad.profile +++ b/etc/mousepad.profile @@ -17,7 +17,9 @@ include disable-programs.inc include whitelist-var-common.inc +apparmor caps.drop all +net none netfilter nodvd nogroups diff --git a/etc/mupdf.profile b/etc/mupdf.profile index 43afbc859..592467658 100644 --- a/etc/mupdf.profile +++ b/etc/mupdf.profile @@ -18,6 +18,7 @@ include disable-xdg.inc include whitelist-var-common.inc +apparmor caps.drop all machine-id net none -- cgit v1.2.3-54-g00ecf