diff options
Diffstat (limited to 'etc/profile-m-z/xonotic.profile')
-rw-r--r-- | etc/profile-m-z/xonotic.profile | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/etc/profile-m-z/xonotic.profile b/etc/profile-m-z/xonotic.profile index 949988c3b..aa8cc7d0e 100644 --- a/etc/profile-m-z/xonotic.profile +++ b/etc/profile-m-z/xonotic.profile | |||
@@ -14,12 +14,17 @@ include disable-exec.inc | |||
14 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
15 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
16 | include disable-programs.inc | 16 | include disable-programs.inc |
17 | include disable-xdg.inc | ||
17 | 18 | ||
18 | mkdir ${HOME}/.xonotic | 19 | mkdir ${HOME}/.xonotic |
19 | whitelist ${HOME}/.xonotic | 20 | whitelist ${HOME}/.xonotic |
21 | whitelist /usr/share/xonotic | ||
20 | include whitelist-common.inc | 22 | include whitelist-common.inc |
23 | include whitelist-runuser-common.inc | ||
24 | include whitelist-usr-share-common.inc | ||
21 | include whitelist-var-common.inc | 25 | include whitelist-var-common.inc |
22 | 26 | ||
27 | apparmor | ||
23 | caps.drop all | 28 | caps.drop all |
24 | netfilter | 29 | netfilter |
25 | nodvd | 30 | nodvd |
@@ -32,12 +37,17 @@ novideo | |||
32 | protocol unix,inet,inet6 | 37 | protocol unix,inet,inet6 |
33 | seccomp | 38 | seccomp |
34 | shell none | 39 | shell none |
40 | tracelog | ||
35 | 41 | ||
36 | disable-mnt | 42 | disable-mnt |
37 | private-bin bash,blind-id,darkplaces-glx,darkplaces-sdl,dirname,grep,ldd,netstat,ps,readlink,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl | 43 | private-cache |
44 | private-bin basename,bash,blind-id,cut,darkplaces-glx,darkplaces-sdl,dirname,glxinfo,grep,head,ldd,netstat,ps,readlink,sed,sh,uname,xonotic,xonotic-glx,xonotic-linux32-dedicated,xonotic-linux32-glx,xonotic-linux32-sdl,xonotic-linux64-dedicated,xonotic-linux64-glx,xonotic-linux64-sdl,xonotic-sdl,xonotic-sdl-wrapper,zenity | ||
38 | private-dev | 45 | private-dev |
39 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl | 46 | private-etc alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,group,host.conf,hostname,hosts,ld.so.cache,ld.so.preload,localtime,machine-id,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl |
40 | private-tmp | 47 | private-tmp |
41 | 48 | ||
42 | dbus-user none | 49 | dbus-user none |
43 | dbus-system none | 50 | dbus-system none |
51 | |||
52 | read-only ${HOME} | ||
53 | read-write ${HOME}/.xonotic | ||