1 files changed, 7 insertions, 0 deletions
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
index d0430d5ca..65722b3ef 100644
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@@ -7,6 +7,8 @@ include dnscrypt-proxy.local
 # Persistent global definitions
 include globals.local
+blacklist /tmp/.X11-unix
 noblacklist /sbin
 noblacklist /usr/sbin
@@ -20,10 +22,13 @@ include disable-xdg.inc
 whitelist /usr/share/dnscrypt-proxy
 include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
 caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
 ipc-namespace
 machine-id
+netfilter
 no3d
 nodbus
 nodvd
@@ -34,6 +39,8 @@ nou2f
 novideo
 protocol inet,inet6
 seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice
+shell none
+tracelog
 disable-mnt
 private

diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index d0430d5ca..65722b3ef 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile
@@ -7,6 +7,8 @@ include dnscrypt-proxy.local
7	# Persistent global definitions	7	# Persistent global definitions
8	include globals.local	8	include globals.local
9		9
		10	blacklist /tmp/.X11-unix
		11
10	noblacklist /sbin	12	noblacklist /sbin
11	noblacklist /usr/sbin	13	noblacklist /usr/sbin
12		14
@@ -20,10 +22,13 @@ include disable-xdg.inc
20		22
21	whitelist /usr/share/dnscrypt-proxy	23	whitelist /usr/share/dnscrypt-proxy
22	include whitelist-usr-share-common.inc	24	include whitelist-usr-share-common.inc
		25	include whitelist-var-common.inc
23		26
		27	apparmor
24	caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot	28	caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
25	ipc-namespace	29	ipc-namespace
26	machine-id	30	machine-id
		31	netfilter
27	no3d	32	no3d
28	nodbus	33	nodbus
29	nodvd	34	nodvd
@@ -34,6 +39,8 @@ nou2f
34	novideo	39	novideo
35	protocol inet,inet6	40	protocol inet,inet6
36	seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice	41	seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice
		42	shell none
		43	tracelog
37		44
38	disable-mnt	45	disable-mnt
39	private	46	private