ipc-namespace
protocol inet,inet6

# private-bin rtv,python,sh,xdg-settings
private-etc ca-certificates,resolv.conf,ssl
private-tmp

# memory-deny-write-execute

# # Use with hardened-malloc package
env LD_PRELOAD=/usr/lib/libhardened_malloc.so