diff options
-rw-r--r-- | etc/dig.profile | 2 | ||||
-rw-r--r-- | etc/nslookup.profile | 2 | ||||
-rw-r--r-- | etc/unknown-horizons.profile | 4 | ||||
-rw-r--r-- | src/profstats/main.c | 12 |
4 files changed, 10 insertions, 10 deletions
diff --git a/etc/dig.profile b/etc/dig.profile index f283db962..673af1526 100644 --- a/etc/dig.profile +++ b/etc/dig.profile | |||
@@ -25,7 +25,6 @@ include disable-xdg.inc | |||
25 | #mkfile ${HOME}/.digrc -- see #903 | 25 | #mkfile ${HOME}/.digrc -- see #903 |
26 | whitelist ${HOME}/.digrc | 26 | whitelist ${HOME}/.digrc |
27 | include whitelist-common.inc | 27 | include whitelist-common.inc |
28 | include whitelist-runuser-common.inc | ||
29 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
30 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
31 | 30 | ||
@@ -33,7 +32,6 @@ apparmor | |||
33 | caps.drop all | 32 | caps.drop all |
34 | ipc-namespace | 33 | ipc-namespace |
35 | machine-id | 34 | machine-id |
36 | memory-deny-write-execute | ||
37 | netfilter | 35 | netfilter |
38 | no3d | 36 | no3d |
39 | nodbus | 37 | nodbus |
diff --git a/etc/nslookup.profile b/etc/nslookup.profile index 9ed6ef1e9..000cc1075 100644 --- a/etc/nslookup.profile +++ b/etc/nslookup.profile | |||
@@ -23,7 +23,6 @@ include disable-xdg.inc | |||
23 | 23 | ||
24 | whitelist ${HOME}/.nslookuprc | 24 | whitelist ${HOME}/.nslookuprc |
25 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-runuser-common.inc | ||
27 | include whitelist-usr-share-common.inc | 26 | include whitelist-usr-share-common.inc |
28 | include whitelist-var-common.inc | 27 | include whitelist-var-common.inc |
29 | 28 | ||
@@ -31,7 +30,6 @@ apparmor | |||
31 | caps.drop all | 30 | caps.drop all |
32 | ipc-namespace | 31 | ipc-namespace |
33 | machine-id | 32 | machine-id |
34 | memory-deny-write-execute | ||
35 | netfilter | 33 | netfilter |
36 | no3d | 34 | no3d |
37 | nodbus | 35 | nodbus |
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile index 489de67bb..7dc13e284 100644 --- a/etc/unknown-horizons.profile +++ b/etc/unknown-horizons.profile | |||
@@ -23,7 +23,6 @@ include whitelist-var-common.inc | |||
23 | 23 | ||
24 | apparmor | 24 | apparmor |
25 | caps.drop all | 25 | caps.drop all |
26 | # memory-deny-write-execute - doesn't work | ||
27 | nodvd | 26 | nodvd |
28 | nogroups | 27 | nogroups |
29 | nonewprivs | 28 | nonewprivs |
@@ -40,3 +39,6 @@ disable-mnt | |||
40 | private-dev | 39 | private-dev |
41 | # private-etc alternatives,ca-certificates,crypto-policies,pki,ssl | 40 | # private-etc alternatives,ca-certificates,crypto-policies,pki,ssl |
42 | private-tmp | 41 | private-tmp |
42 | |||
43 | # doesn't work - maybe all Tcl/Tk programs have this problem | ||
44 | # memory-deny-write-execute | ||
diff --git a/src/profstats/main.c b/src/profstats/main.c index ac02c69bc..29acdc7bd 100644 --- a/src/profstats/main.c +++ b/src/profstats/main.c | |||
@@ -68,9 +68,9 @@ static void usage(void) { | |||
68 | printf(" --private-dev - print profiles without private-dev\n"); | 68 | printf(" --private-dev - print profiles without private-dev\n"); |
69 | printf(" --private-tmp - print profiles without private-tmp\n"); | 69 | printf(" --private-tmp - print profiles without private-tmp\n"); |
70 | printf(" --seccomp - print profiles without seccomp\n"); | 70 | printf(" --seccomp - print profiles without seccomp\n"); |
71 | printf(" --memory-deny-write-execute - profile without it\n"); | 71 | printf(" --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n"); |
72 | printf(" --whitelist-var - print profiles without \"include whitelist-var-common.inc\"\n"); | 72 | printf(" --whitelist-var - print profiles without \"include whitelist-var-common.inc\"\n"); |
73 | printf(" --whitelist-runuser - print profiles without \"include whitelist-runuser-common.inc\"\n"); | 73 | printf(" --whitelist-runuser - print profiles without \"include whitelist-runuser-common.inc\" or \"blacklist ${RUNUSER}\"\n"); |
74 | printf(" --whitelist-usrshare - print profiles without \"include whitelist-usr-share-common.inc\"\n"); | 74 | printf(" --whitelist-usrshare - print profiles without \"include whitelist-usr-share-common.inc\"\n"); |
75 | printf(" --debug\n"); | 75 | printf(" --debug\n"); |
76 | printf("\n"); | 76 | printf("\n"); |
@@ -111,9 +111,10 @@ void process_file(const char *fname) { | |||
111 | cnt_noexec++; | 111 | cnt_noexec++; |
112 | else if (strncmp(ptr, "include whitelist-var-common.inc", 32) == 0) | 112 | else if (strncmp(ptr, "include whitelist-var-common.inc", 32) == 0) |
113 | cnt_whitelistvar++; | 113 | cnt_whitelistvar++; |
114 | else if (strncmp(ptr, "include whitelist-runuser-common.inc", 32) == 0) | 114 | else if (strncmp(ptr, "include whitelist-runuser-common.inc", 36) == 0 || |
115 | strncmp(ptr, "blacklist ${RUNUSER}", 20) == 0) | ||
115 | cnt_whitelistrunuser++; | 116 | cnt_whitelistrunuser++; |
116 | else if (strncmp(ptr, "include whitelist-usr-share-common.inc", 32) == 0) | 117 | else if (strncmp(ptr, "include whitelist-usr-share-common.inc", 38) == 0) |
117 | cnt_whitelistusrshare++; | 118 | cnt_whitelistusrshare++; |
118 | else if (strncmp(ptr, "include disable-common.inc", 26) == 0) | 119 | else if (strncmp(ptr, "include disable-common.inc", 26) == 0) |
119 | cnt_ssh++; | 120 | cnt_ssh++; |
@@ -271,7 +272,8 @@ int main(int argc, char **argv) { | |||
271 | printf(" private-tmp\t\t\t%d\n", cnt_privatetmp); | 272 | printf(" private-tmp\t\t\t%d\n", cnt_privatetmp); |
272 | printf(" whitelist var\t\t%d (include whitelist-var-common.inc)\n", cnt_whitelistvar); | 273 | printf(" whitelist var\t\t%d (include whitelist-var-common.inc)\n", cnt_whitelistvar); |
273 | printf(" whitelist run/user\t\t%d (include whitelist-runuser-common.inc)\n", cnt_whitelistrunuser); | 274 | printf(" whitelist run/user\t\t%d (include whitelist-runuser-common.inc)\n", cnt_whitelistrunuser); |
274 | printf(" whitelist usr/share\t\t%d (include whitelist-usr-share-common.inc)\n", cnt_whitelistusrshare); | 275 | printf(" whitelist usr/share\t\t%d (include whitelist-usr-share-common.inc\n", cnt_whitelistusrshare); |
276 | printf("\t\t\t\t\tor blacklist ${RUNUSER})\n"); | ||
275 | printf(" net none\t\t\t%d\n", cnt_netnone); | 277 | printf(" net none\t\t\t%d\n", cnt_netnone); |
276 | printf("\n"); | 278 | printf("\n"); |
277 | return 0; | 279 | return 0; |