aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--etc/dig.profile2
-rw-r--r--etc/nslookup.profile2
-rw-r--r--etc/unknown-horizons.profile4
-rw-r--r--src/profstats/main.c12
4 files changed, 10 insertions, 10 deletions
diff --git a/etc/dig.profile b/etc/dig.profile
index f283db962..673af1526 100644
--- a/etc/dig.profile
+++ b/etc/dig.profile
@@ -25,7 +25,6 @@ include disable-xdg.inc
25#mkfile ${HOME}/.digrc -- see #903 25#mkfile ${HOME}/.digrc -- see #903
26whitelist ${HOME}/.digrc 26whitelist ${HOME}/.digrc
27include whitelist-common.inc 27include whitelist-common.inc
28include whitelist-runuser-common.inc
29include whitelist-usr-share-common.inc 28include whitelist-usr-share-common.inc
30include whitelist-var-common.inc 29include whitelist-var-common.inc
31 30
@@ -33,7 +32,6 @@ apparmor
33caps.drop all 32caps.drop all
34ipc-namespace 33ipc-namespace
35machine-id 34machine-id
36memory-deny-write-execute
37netfilter 35netfilter
38no3d 36no3d
39nodbus 37nodbus
diff --git a/etc/nslookup.profile b/etc/nslookup.profile
index 9ed6ef1e9..000cc1075 100644
--- a/etc/nslookup.profile
+++ b/etc/nslookup.profile
@@ -23,7 +23,6 @@ include disable-xdg.inc
23 23
24whitelist ${HOME}/.nslookuprc 24whitelist ${HOME}/.nslookuprc
25include whitelist-common.inc 25include whitelist-common.inc
26include whitelist-runuser-common.inc
27include whitelist-usr-share-common.inc 26include whitelist-usr-share-common.inc
28include whitelist-var-common.inc 27include whitelist-var-common.inc
29 28
@@ -31,7 +30,6 @@ apparmor
31caps.drop all 30caps.drop all
32ipc-namespace 31ipc-namespace
33machine-id 32machine-id
34memory-deny-write-execute
35netfilter 33netfilter
36no3d 34no3d
37nodbus 35nodbus
diff --git a/etc/unknown-horizons.profile b/etc/unknown-horizons.profile
index 489de67bb..7dc13e284 100644
--- a/etc/unknown-horizons.profile
+++ b/etc/unknown-horizons.profile
@@ -23,7 +23,6 @@ include whitelist-var-common.inc
23 23
24apparmor 24apparmor
25caps.drop all 25caps.drop all
26# memory-deny-write-execute - doesn't work
27nodvd 26nodvd
28nogroups 27nogroups
29nonewprivs 28nonewprivs
@@ -40,3 +39,6 @@ disable-mnt
40private-dev 39private-dev
41# private-etc alternatives,ca-certificates,crypto-policies,pki,ssl 40# private-etc alternatives,ca-certificates,crypto-policies,pki,ssl
42private-tmp 41private-tmp
42
43# doesn't work - maybe all Tcl/Tk programs have this problem
44# memory-deny-write-execute
diff --git a/src/profstats/main.c b/src/profstats/main.c
index ac02c69bc..29acdc7bd 100644
--- a/src/profstats/main.c
+++ b/src/profstats/main.c
@@ -68,9 +68,9 @@ static void usage(void) {
68 printf(" --private-dev - print profiles without private-dev\n"); 68 printf(" --private-dev - print profiles without private-dev\n");
69 printf(" --private-tmp - print profiles without private-tmp\n"); 69 printf(" --private-tmp - print profiles without private-tmp\n");
70 printf(" --seccomp - print profiles without seccomp\n"); 70 printf(" --seccomp - print profiles without seccomp\n");
71 printf(" --memory-deny-write-execute - profile without it\n"); 71 printf(" --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n");
72 printf(" --whitelist-var - print profiles without \"include whitelist-var-common.inc\"\n"); 72 printf(" --whitelist-var - print profiles without \"include whitelist-var-common.inc\"\n");
73 printf(" --whitelist-runuser - print profiles without \"include whitelist-runuser-common.inc\"\n"); 73 printf(" --whitelist-runuser - print profiles without \"include whitelist-runuser-common.inc\" or \"blacklist ${RUNUSER}\"\n");
74 printf(" --whitelist-usrshare - print profiles without \"include whitelist-usr-share-common.inc\"\n"); 74 printf(" --whitelist-usrshare - print profiles without \"include whitelist-usr-share-common.inc\"\n");
75 printf(" --debug\n"); 75 printf(" --debug\n");
76 printf("\n"); 76 printf("\n");
@@ -111,9 +111,10 @@ void process_file(const char *fname) {
111 cnt_noexec++; 111 cnt_noexec++;
112 else if (strncmp(ptr, "include whitelist-var-common.inc", 32) == 0) 112 else if (strncmp(ptr, "include whitelist-var-common.inc", 32) == 0)
113 cnt_whitelistvar++; 113 cnt_whitelistvar++;
114 else if (strncmp(ptr, "include whitelist-runuser-common.inc", 32) == 0) 114 else if (strncmp(ptr, "include whitelist-runuser-common.inc", 36) == 0 ||
115 strncmp(ptr, "blacklist ${RUNUSER}", 20) == 0)
115 cnt_whitelistrunuser++; 116 cnt_whitelistrunuser++;
116 else if (strncmp(ptr, "include whitelist-usr-share-common.inc", 32) == 0) 117 else if (strncmp(ptr, "include whitelist-usr-share-common.inc", 38) == 0)
117 cnt_whitelistusrshare++; 118 cnt_whitelistusrshare++;
118 else if (strncmp(ptr, "include disable-common.inc", 26) == 0) 119 else if (strncmp(ptr, "include disable-common.inc", 26) == 0)
119 cnt_ssh++; 120 cnt_ssh++;
@@ -271,7 +272,8 @@ int main(int argc, char **argv) {
271 printf(" private-tmp\t\t\t%d\n", cnt_privatetmp); 272 printf(" private-tmp\t\t\t%d\n", cnt_privatetmp);
272 printf(" whitelist var\t\t%d (include whitelist-var-common.inc)\n", cnt_whitelistvar); 273 printf(" whitelist var\t\t%d (include whitelist-var-common.inc)\n", cnt_whitelistvar);
273 printf(" whitelist run/user\t\t%d (include whitelist-runuser-common.inc)\n", cnt_whitelistrunuser); 274 printf(" whitelist run/user\t\t%d (include whitelist-runuser-common.inc)\n", cnt_whitelistrunuser);
274 printf(" whitelist usr/share\t\t%d (include whitelist-usr-share-common.inc)\n", cnt_whitelistusrshare); 275 printf(" whitelist usr/share\t\t%d (include whitelist-usr-share-common.inc\n", cnt_whitelistusrshare);
276 printf("\t\t\t\t\tor blacklist ${RUNUSER})\n");
275 printf(" net none\t\t\t%d\n", cnt_netnone); 277 printf(" net none\t\t\t%d\n", cnt_netnone);
276 printf("\n"); 278 printf("\n");
277 return 0; 279 return 0;
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 19:10:47 +0000