1 files changed, 8 insertions, 0 deletions
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
index d0430d5ca..6637b8d02 100644
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@@ -7,6 +7,9 @@ include dnscrypt-proxy.local
 # Persistent global definitions
 include globals.local
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
 noblacklist /sbin
 noblacklist /usr/sbin
@@ -20,10 +23,13 @@ include disable-xdg.inc
 whitelist /usr/share/dnscrypt-proxy
 include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
 caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
 ipc-namespace
 machine-id
+netfilter
 no3d
 nodbus
 nodvd
@@ -34,6 +40,8 @@ nou2f
 novideo
 protocol inet,inet6
 seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice
+shell none
+tracelog
 disable-mnt
 private

diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index d0430d5ca..6637b8d02 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile
@@ -7,6 +7,9 @@ include dnscrypt-proxy.local
7	# Persistent global definitions	7	# Persistent global definitions
8	include globals.local	8	include globals.local
9		9
		10	blacklist /tmp/.X11-unix
		11	blacklist ${RUNUSER}/wayland-*
		12
10	noblacklist /sbin	13	noblacklist /sbin
11	noblacklist /usr/sbin	14	noblacklist /usr/sbin
12		15
@@ -20,10 +23,13 @@ include disable-xdg.inc
20		23
21	whitelist /usr/share/dnscrypt-proxy	24	whitelist /usr/share/dnscrypt-proxy
22	include whitelist-usr-share-common.inc	25	include whitelist-usr-share-common.inc
		26	include whitelist-var-common.inc
23		27
		28	apparmor
24	caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot	29	caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
25	ipc-namespace	30	ipc-namespace
26	machine-id	31	machine-id
		32	netfilter
27	no3d	33	no3d
28	nodbus	34	nodbus
29	nodvd	35	nodvd
@@ -34,6 +40,8 @@ nou2f
34	novideo	40	novideo
35	protocol inet,inet6	41	protocol inet,inet6
36	seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice	42	seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice
		43	shell none
		44	tracelog
37		45
38	disable-mnt	46	disable-mnt
39	private	47	private