From e80b99934977a623d8090eee678fac34b2de1950 Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Sun, 24 Feb 2019 21:53:50 +0000
Subject: Harden gucharmap.profile (#2463)

---
 etc/gucharmap.profile | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'etc')

diff --git a/etc/gucharmap.profile b/etc/gucharmap.profile
index 13db746f8..c85424de9 100644
--- a/etc/gucharmap.profile
+++ b/etc/gucharmap.profile
@@ -14,8 +14,10 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
+apparmor
 caps.drop all
-netfilter
+machine-id
+net none
 no3d
 nodvd
 nogroups
@@ -30,10 +32,15 @@ seccomp
 shell none
 
 disable-mnt
+# for GTK theme support comment 'private'
 private
 private-cache
 private-dev
 private-tmp
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
+
+# gucharmap will never write anything
+read-only ${HOME}
-- 
cgit v1.2.3-70-g09d2