small fixes

3 files changed, 14 insertions, 3 deletions

diff --git a/etc/profile-m-z/server.profile b/etc/profile-m-z/server.profile
index 9e40796a6..f1cf0ca59 100644
--- a/etc/profile-m-z/server.profile
+++ b/etc/profile-m-z/server.profile
@@ -33,6 +33,9 @@ include globals.local
 
 noblacklist /sbin
 noblacklist /usr/sbin
+noblacklist /etc/init.d
+noblacklist /var/lib/apt
+noblacklist /var/cache/apt
 # noblacklist /var/opt
 
 blacklist /tmp/.X11-unix
@@ -50,7 +53,9 @@ include disable-xdg.inc
 # include whitelist-usr-share-common.inc
 # include whitelist-var-common.inc
 
-apparmor
+# people use to install servers all over the place!
+# apparmor runs executable only from default system locations
+# apparmor
 caps
 # ipc-namespace
 machine-id
@@ -59,15 +64,16 @@ no3d
 nodvd
 # nogroups
 noinput
-# nonewprivs
+nonewprivs
 # noroot
 nosound
 notv
 nou2f
 novideo
-# protocol unix,inet,inet6,netlink
+protocol unix,inet,inet6,netlink,packet
 seccomp
 # shell none
+tab # allow tab completion
 
 disable-mnt
 private
diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c
index fd3cd5016..634d408a3 100644
--- a/src/fnettrace/main.c
+++ b/src/fnettrace/main.c
@@ -233,6 +233,8 @@ static inline const char *common_port(uint16_t port) {
                 return "(telnet)";
         else if (port == 25)
                 return "(SMTP)";
+        else if (port == 43)
+                return "(WHOIS)";
         else if (port == 67)
                 return "(DHCP)";
         else if (port == 69)
diff --git a/src/include/seccomp.h b/src/include/seccomp.h
index 9dbe25bfa..503bf54ac 100644
--- a/src/include/seccomp.h
+++ b/src/include/seccomp.h
@@ -250,6 +250,9 @@
 #define RETURN_ALLOW \
         BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
 
+#define RETURN_KILL \
+        BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)
+
 #define RETURN_ERRNO(nr) \
         BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO | nr)