From 8c68c369bf25e6b2e14d45e4117552313abfc324 Mon Sep 17 00:00:00 2001
From: rusty-snake <print_hello_world+Public@protonmail.com>
Date: Wed, 13 Mar 2019 13:10:26 +0100
Subject: Harden qtox

---
 etc/qtox.profile | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'etc')

diff --git a/etc/qtox.profile b/etc/qtox.profile
index 3dc4c6a30..2c3b69c46 100644
--- a/etc/qtox.profile
+++ b/etc/qtox.profile
@@ -13,6 +13,7 @@ include disable-devel.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
 
 mkdir ${HOME}/.config/tox
 whitelist ${DOWNLOADS}
@@ -20,9 +21,11 @@ whitelist ${HOME}/.config/tox
 include whitelist-common.inc
 include whitelist-var-common.inc
 
+apparmor
 caps.drop all
 ipc-namespace
 netfilter
+nodbus
 nodvd
 nogroups
 nonewprivs
@@ -36,9 +39,11 @@ tracelog
 
 disable-mnt
 private-bin qtox
-private-etc alternatives,fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies,machine-id,pulse
+private-cache
 private-dev
+private-etc alternatives,fonts,resolv.conf,ld.so.cache,localtime,ca-certificates,ssl,pki,crypto-policies,machine-id,pulse
 private-tmp
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
-- 
cgit v1.2.3-54-g00ecf