Harden 50 profiles

Hardened many profiles using disable-mnt and novideo Fixed gnome-font-viewer
2026-05-21 06:45:29 -06:00 · 2017-07-04 10:51:43 -04:00 · 2017-07-04 10:51:43 -04:00 · 5354f20012
commit 5354f20012
parent 822be0355f
51 changed files with 149 additions and 17 deletions
--- a/etc/gnome-weather.profile
+++ b/etc/gnome-weather.profile
@ -16,10 +16,12 @@ include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc

 caps.drop all
+no3d
 nogroups
 nonewprivs
 noroot
 nosound
+novideo
 protocol unix,inet,inet6
 seccomp
 netfilter
@ -30,3 +32,7 @@ tracelog
 private-tmp
 private-dev
 # private-etc fonts
+disable-mnt
+
+noexec ${HOME}
+noexec /tmp