1 files changed, 10 insertions, 2 deletions
diff --git a/etc/atool.profile b/etc/atool.profile
index c82108cef..b17498e9d 100644
--- a/etc/atool.profile
+++ b/etc/atool.profile
@@ -18,15 +18,21 @@ noblacklist /usr/share/perl*
 include disable-common.inc
 # include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+apparmor
 caps.drop all
-netfilter
+hostname atool
+ipc-namespace
+machine-id
 net none
+netfilter
 no3d
 nodvd
+nodbus
 nogroups
 nonewprivs
 noroot
@@ -39,9 +45,11 @@ seccomp
 shell none
 tracelog
+# private-bin atool,perl
 private-cache
-# private-bin atool
 private-dev
 # without login.defs atool complains and uses UID/GID 1000 by default
 private-etc alternatives,passwd,group,login.defs
 private-tmp
+memory-deny-write-execute

diff --git a/etc/atool.profile b/etc/atool.profile index c82108cef..b17498e9d 100644 --- a/etc/atool.profile +++ b/etc/atool.profile
@@ -18,15 +18,21 @@ noblacklist /usr/share/perl*
18		18
19	include disable-common.inc	19	include disable-common.inc
20	# include disable-devel.inc	20	# include disable-devel.inc
		21	include disable-exec.inc
21	include disable-interpreters.inc	22	include disable-interpreters.inc
22	include disable-passwdmgr.inc	23	include disable-passwdmgr.inc
23	include disable-programs.inc	24	include disable-programs.inc
24		25
		26	apparmor
25	caps.drop all	27	caps.drop all
26	netfilter	28	hostname atool
		29	ipc-namespace
		30	machine-id
27	net none	31	net none
		32	netfilter
28	no3d	33	no3d
29	nodvd	34	nodvd
		35	nodbus
30	nogroups	36	nogroups
31	nonewprivs	37	nonewprivs
32	noroot	38	noroot
@@ -39,9 +45,11 @@ seccomp
39	shell none	45	shell none
40	tracelog	46	tracelog
41		47
		48	# private-bin atool,perl
42	private-cache	49	private-cache
43	# private-bin atool
44	private-dev	50	private-dev
45	# without login.defs atool complains and uses UID/GID 1000 by default	51	# without login.defs atool complains and uses UID/GID 1000 by default
46	private-etc alternatives,passwd,group,login.defs	52	private-etc alternatives,passwd,group,login.defs
47	private-tmp	53	private-tmp
		54
		55	memory-deny-write-execute