1 files changed, 7 insertions, 2 deletions
diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile
index 2db1548a4..13efd2fa8 100644
--- a/etc/profile-a-l/dnsmasq.profile
+++ b/etc/profile-a-l/dnsmasq.profile
@@ -9,9 +9,10 @@ include globals.local
 noblacklist /sbin
 noblacklist /usr/sbin
+noblacklist /var/lib/libvirt
 blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}
 include disable-common.inc
 include disable-devel.inc
@@ -19,6 +20,9 @@ include disable-interpreters.inc
 include disable-programs.inc
 include disable-xdg.inc
+whitelist /var/lib/libvirt/dnsmasq
+whitelist /var/run
 caps.keep net_admin,net_bind_service,net_raw,setgid,setuid
 no3d
 nodvd
@@ -33,5 +37,6 @@ seccomp
 disable-mnt
 private
-private-cache
 private-dev
+private-tmp
+writable-var

diff --git a/etc/profile-a-l/dnsmasq.profile b/etc/profile-a-l/dnsmasq.profile index 2db1548a4..13efd2fa8 100644 --- a/etc/profile-a-l/dnsmasq.profile +++ b/etc/profile-a-l/dnsmasq.profile
@@ -9,9 +9,10 @@ include globals.local
9		9
10	noblacklist /sbin	10	noblacklist /sbin
11	noblacklist /usr/sbin	11	noblacklist /usr/sbin
		12	noblacklist /var/lib/libvirt
12		13
13	blacklist /tmp/.X11-unix	14	blacklist /tmp/.X11-unix
14	blacklist ${RUNUSER}/wayland-*	15	blacklist ${RUNUSER}
15		16
16	include disable-common.inc	17	include disable-common.inc
17	include disable-devel.inc	18	include disable-devel.inc
@@ -19,6 +20,9 @@ include disable-interpreters.inc
19	include disable-programs.inc	20	include disable-programs.inc
20	include disable-xdg.inc	21	include disable-xdg.inc
21		22
		23	whitelist /var/lib/libvirt/dnsmasq
		24	whitelist /var/run
		25
22	caps.keep net_admin,net_bind_service,net_raw,setgid,setuid	26	caps.keep net_admin,net_bind_service,net_raw,setgid,setuid
23	no3d	27	no3d
24	nodvd	28	nodvd
@@ -33,5 +37,6 @@ seccomp
33		37
34	disable-mnt	38	disable-mnt
35	private	39	private
36	private-cache
37	private-dev	40	private-dev
		41	private-tmp
		42	writable-var