diff options
-rw-r--r-- | README | 4 | ||||
-rw-r--r-- | etc/default.profile | 3 | ||||
-rw-r--r-- | etc/display.profile | 1 | ||||
-rw-r--r-- | etc/etr.profile | 11 | ||||
-rw-r--r-- | etc/feh.profile | 1 |
5 files changed, 16 insertions, 4 deletions
@@ -547,11 +547,11 @@ rusty-snake (https://github.com/rusty-snake) | |||
547 | - added profiles: kid3-qt, kid3-cli, anki, utox | 547 | - added profiles: kid3-qt, kid3-cli, anki, utox |
548 | - fixed profiles: kdenlive, bibletime, rhythmbox, gajim, seahorse | 548 | - fixed profiles: kdenlive, bibletime, rhythmbox, gajim, seahorse |
549 | - fixed profiles: libreoffice, gnome-maps, wget, seahorse-tool | 549 | - fixed profiles: libreoffice, gnome-maps, wget, seahorse-tool |
550 | - fixed profiles: gnome-logs, klavaro | 550 | - fixed profiles: gnome-logs, klavaro, default |
551 | - hardened profiles: disable-common.inc, disable-programs.inc | 551 | - hardened profiles: disable-common.inc, disable-programs.inc |
552 | - hardened profiles: gajim, evince, ffmpeg, feh-network.inc, qtox | 552 | - hardened profiles: gajim, evince, ffmpeg, feh-network.inc, qtox |
553 | - hardened profiles: gnome-clocks, meld, minetest, youtube-dl | 553 | - hardened profiles: gnome-clocks, meld, minetest, youtube-dl |
554 | - hardened profiles: bibletime, whois | 554 | - hardened profiles: bibletime, whois, etr, display, feh |
555 | - gnome-mpv was renamed to celluloid | 555 | - gnome-mpv was renamed to celluloid |
556 | - updates for ~/.cargo and ~/.python-history | 556 | - updates for ~/.cargo and ~/.python-history |
557 | Salvo 'LtWorf' Tomaselli (https://github.com/ltworf) | 557 | Salvo 'LtWorf' Tomaselli (https://github.com/ltworf) |
diff --git a/etc/default.profile b/etc/default.profile index 3eacf9546..95a6e8095 100644 --- a/etc/default.profile +++ b/etc/default.profile | |||
@@ -19,6 +19,8 @@ include disable-programs.inc | |||
19 | # apparmor | 19 | # apparmor |
20 | caps.drop all | 20 | caps.drop all |
21 | # ipc-namespace | 21 | # ipc-namespace |
22 | # machine-id | ||
23 | # net none | ||
22 | netfilter | 24 | netfilter |
23 | # no3d | 25 | # no3d |
24 | # nodbus | 26 | # nodbus |
@@ -33,6 +35,7 @@ noroot | |||
33 | protocol unix,inet,inet6 | 35 | protocol unix,inet,inet6 |
34 | seccomp | 36 | seccomp |
35 | # shell none | 37 | # shell none |
38 | # tracelog | ||
36 | 39 | ||
37 | # disable-mnt | 40 | # disable-mnt |
38 | # private | 41 | # private |
diff --git a/etc/display.profile b/etc/display.profile index e66fa3ae9..0bab32db1 100644 --- a/etc/display.profile +++ b/etc/display.profile | |||
@@ -17,6 +17,7 @@ noblacklist /usr/local/lib/python3* | |||
17 | 17 | ||
18 | include disable-common.inc | 18 | include disable-common.inc |
19 | include disable-devel.inc | 19 | include disable-devel.inc |
20 | include disable-exec.inc | ||
20 | include disable-interpreters.inc | 21 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
22 | include disable-programs.inc | 23 | include disable-programs.inc |
diff --git a/etc/etr.profile b/etc/etr.profile index cf13a42de..d93d3de63 100644 --- a/etc/etr.profile +++ b/etc/etr.profile | |||
@@ -8,14 +8,18 @@ include globals.local | |||
8 | noblacklist ${HOME}/.etr | 8 | noblacklist ${HOME}/.etr |
9 | 9 | ||
10 | include disable-common.inc | 10 | include disable-common.inc |
11 | include disable-exec.inc | ||
12 | include disable-interpreters.inc | ||
11 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
12 | include disable-programs.inc | 14 | include disable-programs.inc |
15 | include disable-xdg.inc | ||
13 | 16 | ||
14 | mkdir ${HOME}/.etr | 17 | mkdir ${HOME}/.etr |
15 | whitelist ${HOME}/.etr | 18 | whitelist ${HOME}/.etr |
16 | include whitelist-common.inc | 19 | include whitelist-common.inc |
17 | include whitelist-var-common.inc | 20 | include whitelist-var-common.inc |
18 | 21 | ||
22 | apparmor | ||
19 | caps.drop all | 23 | caps.drop all |
20 | net none | 24 | net none |
21 | nodbus | 25 | nodbus |
@@ -28,8 +32,11 @@ nou2f | |||
28 | protocol unix,netlink | 32 | protocol unix,netlink |
29 | seccomp | 33 | seccomp |
30 | shell none | 34 | shell none |
35 | tracelog | ||
31 | 36 | ||
32 | # private-bin etr | 37 | disable-mnt |
38 | private-bin etr | ||
39 | private-cache | ||
33 | private-dev | 40 | private-dev |
34 | # private-etc alternatives | 41 | # private-etc alternatives,drirc,machine-id,openal |
35 | private-tmp | 42 | private-tmp |
diff --git a/etc/feh.profile b/etc/feh.profile index f020bace5..6a8071c28 100644 --- a/etc/feh.profile +++ b/etc/feh.profile | |||
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | include disable-common.inc | 9 | include disable-common.inc |
10 | include disable-devel.inc | 10 | include disable-devel.inc |
11 | include disable-exec.inc | ||
11 | include disable-interpreters.inc | 12 | include disable-interpreters.inc |
12 | include disable-passwdmgr.inc | 13 | include disable-passwdmgr.inc |
13 | include disable-programs.inc | 14 | include disable-programs.inc |