From 400ece953865d42a2619323e82b60257c8ac8f31 Mon Sep 17 00:00:00 2001
From: Fred Barclay <Fred-Barclay@users.noreply.github.com>
Date: Fri, 17 Feb 2017 14:41:48 -0600
Subject: Tightened keepassx profiles.

---
 etc/keepassx.profile  | 9 ++++++---
 etc/keepassx2.profile | 6 ++++--
 2 files changed, 10 insertions(+), 5 deletions(-)

(limited to 'etc')

diff --git a/etc/keepassx.profile b/etc/keepassx.profile
index ec6d014bf..6c36697e5 100644
--- a/etc/keepassx.profile
+++ b/etc/keepassx.profile
@@ -1,6 +1,6 @@
 # This file is overwritten during software install.
 # Persistent customizations should go in a .local file.
-include /etc/firejail/keepassx.local
+include /etc/firejail/keepassx2.local
 
 # keepassx password manager profile
 noblacklist ${HOME}/.config/keepassx
@@ -13,14 +13,17 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
+net none
 nogroups
 nonewprivs
 noroot
 nosound
 protocol unix
 seccomp
-netfilter
 shell none
+tracelog
 
+private-bin keepassx
+private-etc fonts
+private-dev
 private-tmp
-private-dev 
diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile
index 5bf79b891..83f93e9f7 100644
--- a/etc/keepassx2.profile
+++ b/etc/keepassx2.profile
@@ -13,14 +13,16 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 
 caps.drop all
+net none
 nogroups
 nonewprivs
 noroot
 nosound
 protocol unix
 seccomp
-netfilter
 shell none
 
+private-bin keepassx2
+private-etc fonts
+private-dev
 private-tmp
-private-dev 
-- 
cgit v1.2.3-54-g00ecf