diff options
-rw-r--r-- | etc/profile-a-l/clipit.profile | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/etc/profile-a-l/clipit.profile b/etc/profile-a-l/clipit.profile index ef1800aaa..0356547cd 100644 --- a/etc/profile-a-l/clipit.profile +++ b/etc/profile-a-l/clipit.profile | |||
@@ -13,7 +13,9 @@ include disable-common.inc | |||
13 | include disable-devel.inc | 13 | include disable-devel.inc |
14 | include disable-exec.inc | 14 | include disable-exec.inc |
15 | include disable-interpreters.inc | 15 | include disable-interpreters.inc |
16 | include disable-proc.inc | ||
16 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | include disable-shell.inc | ||
17 | include disable-xdg.inc | 19 | include disable-xdg.inc |
18 | 20 | ||
19 | mkdir ${HOME}/.config/clipit | 21 | mkdir ${HOME}/.config/clipit |
@@ -21,6 +23,8 @@ mkdir ${HOME}/.local/share/clipit | |||
21 | whitelist ${HOME}/.config/clipit | 23 | whitelist ${HOME}/.config/clipit |
22 | whitelist ${HOME}/.local/share/clipit | 24 | whitelist ${HOME}/.local/share/clipit |
23 | include whitelist-common.inc | 25 | include whitelist-common.inc |
26 | include whitelist-run-common.inc | ||
27 | include whitelist-runuser-common.inc | ||
24 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | 29 | include whitelist-var-common.inc |
26 | 30 | ||
@@ -34,6 +38,7 @@ nodvd | |||
34 | nogroups | 38 | nogroups |
35 | noinput | 39 | noinput |
36 | nonewprivs | 40 | nonewprivs |
41 | noprinters | ||
37 | noroot | 42 | noroot |
38 | nosound | 43 | nosound |
39 | notv | 44 | notv |
@@ -41,9 +46,18 @@ nou2f | |||
41 | novideo | 46 | novideo |
42 | protocol unix | 47 | protocol unix |
43 | seccomp | 48 | seccomp |
49 | tracelog | ||
44 | 50 | ||
45 | disable-mnt | 51 | disable-mnt |
52 | private-bin clipit,xdotool | ||
46 | private-cache | 53 | private-cache |
47 | private-dev | 54 | private-dev |
55 | private-lib libxdo.so.* | ||
48 | private-tmp | 56 | private-tmp |
49 | 57 | ||
58 | dbus-user none | ||
59 | dbus-system none | ||
60 | |||
61 | #memory-deny-write-execute | ||
62 | restrict-namespaces | ||
63 | read-only ${HOME} | ||