From 6d308b36d528cf5381415a33428172b62b953e47 Mon Sep 17 00:00:00 2001
From: curiosityseeker <60518106+curiosityseeker@users.noreply.github.com>
Date: Sat, 4 Apr 2020 13:54:36 +0200
Subject: Harden signal-desktop.profile and add rules for Firefox

---
 etc/signal-desktop.profile | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'etc')

diff --git a/etc/signal-desktop.profile b/etc/signal-desktop.profile
index f810a37ec..25932720b 100644
--- a/etc/signal-desktop.profile
+++ b/etc/signal-desktop.profile
@@ -9,6 +9,11 @@ ignore noexec /tmp
 
 noblacklist ${HOME}/.config/Signal
 
+# These lines are needed to allow Firefox to open links
+noblacklist ${HOME}/.mozilla
+whitelist ${HOME}/.mozilla/firefox/profiles.ini
+read-only ${HOME}/.mozilla/firefox/profiles.ini
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
@@ -22,8 +27,10 @@ whitelist ${HOME}/.config/Signal
 include whitelist-common.inc
 include whitelist-var-common.inc
 
+apparmor
 caps.keep sys_admin,sys_chroot
 netfilter
+nodbus
 nodvd
 nogroups
 notv
-- 
cgit v1.2.3-70-g09d2