1 files changed, 14 insertions, 12 deletions
diff --git a/etc/tar.profile b/etc/tar.profile
index 14fc00d21..1232bb372 100644
--- a/etc/tar.profile
+++ b/etc/tar.profile
@@ -5,17 +5,17 @@ quiet
 # Persistent local customizations
 include tar.local
 # Persistent global definitions
-# added by included profile
+include globals.local
-#include globals.local
-blacklist /tmp/.X11-unix
+include disable-common.inc
+include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
+include disable-passwdmgr.inc
-ignore noroot
+include disable-programs.inc
 apparmor
+caps.drop all
 hostname tar
 ipc-namespace
 machine-id
@@ -24,23 +24,25 @@ no3d
 nodbus
 nodvd
 nogroups
+nonewprivs
+#noroot
 nosound
 notv
 nou2f
 novideo
+protocol unix
+seccomp
 shell none
 tracelog
+x11 none
 # support compressed archives
-private-bin sh,bash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop
+private-bin bash,bzip2,compress,gtar,gzip,lbzip2,lzip,lzma,lzop,sh,tar,xz
 private-cache
 private-dev
-private-etc alternatives,passwd,group,localtime
+private-etc alternatives,group,localtime,passwd
 private-lib libfakeroot
-memory-deny-write-execute
 # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic)
 writable-var
-include default.profile
+memory-deny-write-execute

diff --git a/etc/tar.profile b/etc/tar.profile index 14fc00d21..1232bb372 100644 --- a/etc/tar.profile +++ b/etc/tar.profile
@@ -5,17 +5,17 @@ quiet
5	# Persistent local customizations	5	# Persistent local customizations
6	include tar.local	6	include tar.local
7	# Persistent global definitions	7	# Persistent global definitions
8	# added by included profile	8	include globals.local
9	#include globals.local
10
11	blacklist /tmp/.X11-unix
12		9
		10	include disable-common.inc
		11	include disable-devel.inc
13	include disable-exec.inc	12	include disable-exec.inc
14	include disable-interpreters.inc	13	include disable-interpreters.inc
15		14	include disable-passwdmgr.inc
16	ignore noroot	15	include disable-programs.inc
17		16
18	apparmor	17	apparmor
		18	caps.drop all
19	hostname tar	19	hostname tar
20	ipc-namespace	20	ipc-namespace
21	machine-id	21	machine-id
@@ -24,23 +24,25 @@ no3d
24	nodbus	24	nodbus
25	nodvd	25	nodvd
26	nogroups	26	nogroups
		27	nonewprivs
		28	#noroot
27	nosound	29	nosound
28	notv	30	notv
29	nou2f	31	nou2f
30	novideo	32	novideo
		33	protocol unix
		34	seccomp
31	shell none	35	shell none
32	tracelog	36	tracelog
		37	x11 none
33		38
34	# support compressed archives	39	# support compressed archives
35	private-bin sh,bash,tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop	40	private-bin bash,bzip2,compress,gtar,gzip,lbzip2,lzip,lzma,lzop,sh,tar,xz
36	private-cache	41	private-cache
37	private-dev	42	private-dev
38	private-etc alternatives,passwd,group,localtime	43	private-etc alternatives,group,localtime,passwd
39	private-lib libfakeroot	44	private-lib libfakeroot
40
41	memory-deny-write-execute
42
43	# Debian based distributions need this for 'dpkg --unpack' (incl. synaptic)	45	# Debian based distributions need this for 'dpkg --unpack' (incl. synaptic)
44	writable-var	46	writable-var
45		47
46	include default.profile	48	memory-deny-write-execute