diff options
Diffstat (limited to 'etc/dnscrypt-proxy.profile')
-rw-r--r-- | etc/dnscrypt-proxy.profile | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index d0430d5ca..65722b3ef 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -7,6 +7,8 @@ include dnscrypt-proxy.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | blacklist /tmp/.X11-unix | ||
11 | |||
10 | noblacklist /sbin | 12 | noblacklist /sbin |
11 | noblacklist /usr/sbin | 13 | noblacklist /usr/sbin |
12 | 14 | ||
@@ -20,10 +22,13 @@ include disable-xdg.inc | |||
20 | 22 | ||
21 | whitelist /usr/share/dnscrypt-proxy | 23 | whitelist /usr/share/dnscrypt-proxy |
22 | include whitelist-usr-share-common.inc | 24 | include whitelist-usr-share-common.inc |
25 | include whitelist-var-common.inc | ||
23 | 26 | ||
27 | apparmor | ||
24 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot | 28 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot |
25 | ipc-namespace | 29 | ipc-namespace |
26 | machine-id | 30 | machine-id |
31 | netfilter | ||
27 | no3d | 32 | no3d |
28 | nodbus | 33 | nodbus |
29 | nodvd | 34 | nodvd |
@@ -34,6 +39,8 @@ nou2f | |||
34 | novideo | 39 | novideo |
35 | protocol inet,inet6 | 40 | protocol inet,inet6 |
36 | seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice | 41 | seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice |
42 | shell none | ||
43 | tracelog | ||
37 | 44 | ||
38 | disable-mnt | 45 | disable-mnt |
39 | private | 46 | private |