2 files changed, 11 insertions, 1 deletions
diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile
index 4d92157d0..387b5f0a7 100644
--- a/etc/profile-a-l/clementine.profile
+++ b/etc/profile-a-l/clementine.profile
@@ -12,22 +12,29 @@ noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 include whitelist-var-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-runuser-common.inc
+apparmor
 caps.drop all
 nonewprivs
 noroot
 notv
 nou2f
 novideo
-protocol unix,inet,inet6
+protocol unix,inet,inet6,netlink
 # blacklisting of ioprio_set system calls breaks clementine
 seccomp !ioprio_set
 private-dev
 private-tmp
+dbus-system none
+# dbus-user none
diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile
index 3ef8ad64a..bd95cb1de 100644
--- a/etc/profile-m-z/ping.profile
+++ b/etc/profile-m-z/ping.profile
@@ -54,3 +54,6 @@ private-tmp
 # memory-deny-write-execute is built using seccomp; nonewprivs will kill it
 #memory-deny-write-execute
+dbus-user none
+dbus-system none

diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile index 4d92157d0..387b5f0a7 100644 --- a/etc/profile-a-l/clementine.profile +++ b/etc/profile-a-l/clementine.profile
@@ -12,22 +12,29 @@ noblacklist ${MUSIC}
12		12
13	include disable-common.inc	13	include disable-common.inc
14	include disable-devel.inc	14	include disable-devel.inc
		15	include disable-exec.inc
15	include disable-interpreters.inc	16	include disable-interpreters.inc
16	include disable-passwdmgr.inc	17	include disable-passwdmgr.inc
17	include disable-programs.inc	18	include disable-programs.inc
18	include disable-xdg.inc	19	include disable-xdg.inc
19		20
20	include whitelist-var-common.inc	21	include whitelist-var-common.inc
		22	include whitelist-usr-share-common.inc
		23	include whitelist-runuser-common.inc
21		24
		25	apparmor
22	caps.drop all	26	caps.drop all
23	nonewprivs	27	nonewprivs
24	noroot	28	noroot
25	notv	29	notv
26	nou2f	30	nou2f
27	novideo	31	novideo
28	protocol unix,inet,inet6	32	protocol unix,inet,inet6,netlink
29	# blacklisting of ioprio_set system calls breaks clementine	33	# blacklisting of ioprio_set system calls breaks clementine
30	seccomp !ioprio_set	34	seccomp !ioprio_set
31		35
32	private-dev	36	private-dev
33	private-tmp	37	private-tmp
		38
		39	dbus-system none
		40	# dbus-user none


diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile index 3ef8ad64a..bd95cb1de 100644 --- a/etc/profile-m-z/ping.profile +++ b/etc/profile-m-z/ping.profile
@@ -54,3 +54,6 @@ private-tmp
54		54
55	# memory-deny-write-execute is built using seccomp; nonewprivs will kill it	55	# memory-deny-write-execute is built using seccomp; nonewprivs will kill it
56	#memory-deny-write-execute	56	#memory-deny-write-execute
		57
		58	dbus-user none
		59	dbus-system none