From cf6d5a6910007ae83a629778a00398b7e205e071 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Tue, 12 Mar 2019 07:18:32 +0000 Subject: Harden galculator (#2562) --- etc/galculator.profile | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'etc') diff --git a/etc/galculator.profile b/etc/galculator.profile index 509d9bd05..203d0a455 100644 --- a/etc/galculator.profile +++ b/etc/galculator.profile @@ -13,6 +13,7 @@ include disable-devel.inc include disable-interpreters.inc include disable-passwdmgr.inc include disable-programs.inc +include disable-xdg.inc mkdir ${HOME}/.config/galculator whitelist ${HOME}/.config/galculator @@ -21,6 +22,8 @@ include whitelist-var-common.inc apparmor caps.drop all +hostname galculator +ipc-namespace net none nodbus nodvd @@ -37,7 +40,12 @@ shell none tracelog private-bin galculator +private-cache private-dev private-etc alternatives,fonts private-lib private-tmp + +memory-deny-write-execute +noexec ${HOME} +noexec /tmp -- cgit v1.2.3-54-g00ecf