1 files changed, 10 insertions, 0 deletions
diff --git a/etc/cpio.profile b/etc/cpio.profile
index f63e0a552..b6f7e7f9f 100644
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@@ -13,14 +13,21 @@ noblacklist /sbin
 noblacklist /usr/sbin
 include disable-common.inc
+# include disable-devel.inc
+include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+apparmor
 caps.drop all
+hostname cpio
+ipc-namespace
+machine-id
 net none
 no3d
 nodbus
 nodvd
+nogroups
 nonewprivs
 nosound
 notv
@@ -30,4 +37,7 @@ seccomp
 shell none
 tracelog
+private-cache
 private-dev
+memory-deny-write-execute

diff --git a/etc/cpio.profile b/etc/cpio.profile index f63e0a552..b6f7e7f9f 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile
@@ -13,14 +13,21 @@ noblacklist /sbin
13	noblacklist /usr/sbin	13	noblacklist /usr/sbin
14		14
15	include disable-common.inc	15	include disable-common.inc
		16	# include disable-devel.inc
		17	include disable-exec.inc
16	include disable-passwdmgr.inc	18	include disable-passwdmgr.inc
17	include disable-programs.inc	19	include disable-programs.inc
18		20
		21	apparmor
19	caps.drop all	22	caps.drop all
		23	hostname cpio
		24	ipc-namespace
		25	machine-id
20	net none	26	net none
21	no3d	27	no3d
22	nodbus	28	nodbus
23	nodvd	29	nodvd
		30	nogroups
24	nonewprivs	31	nonewprivs
25	nosound	32	nosound
26	notv	33	notv
@@ -30,4 +37,7 @@ seccomp
30	shell none	37	shell none
31	tracelog	38	tracelog
32		39
		40	private-cache
33	private-dev	41	private-dev
		42
		43	memory-deny-write-execute