diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/disable-proc.inc | 82 | ||||
-rw-r--r-- | etc/profile-a-l/jumpnbump-menu.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/tremulous.profile | 5 | ||||
-rw-r--r-- | etc/profile-m-z/warsow.profile | 7 | ||||
-rw-r--r-- | etc/templates/profile.template | 1 |
5 files changed, 93 insertions, 4 deletions
diff --git a/etc/inc/disable-proc.inc b/etc/inc/disable-proc.inc new file mode 100644 index 000000000..81a8883f3 --- /dev/null +++ b/etc/inc/disable-proc.inc | |||
@@ -0,0 +1,82 @@ | |||
1 | # This file is overwritten during software install. | ||
2 | # Persistent customizations should go in a .local file. | ||
3 | include disable-proc.local | ||
4 | |||
5 | blacklist /proc/acpi | ||
6 | blacklist /proc/asound | ||
7 | blacklist /proc/bootconfig | ||
8 | blacklist /proc/buddyinfo | ||
9 | blacklist /proc/cgroups | ||
10 | blacklist /proc/cmdline | ||
11 | blacklist /proc/config.gz | ||
12 | blacklist /proc/consoles | ||
13 | #blacklist /proc/cpuinfo | ||
14 | blacklist /proc/crypto | ||
15 | blacklist /proc/devices | ||
16 | blacklist /proc/diskstats | ||
17 | blacklist /proc/dma | ||
18 | #blacklist /proc/driver | ||
19 | blacklist /proc/dynamic_debug | ||
20 | blacklist /proc/execdomains | ||
21 | blacklist /proc/fb | ||
22 | #blacklist /proc/filesystems | ||
23 | blacklist /proc/fs | ||
24 | blacklist /proc/i8k | ||
25 | blacklist /proc/interrupts | ||
26 | blacklist /proc/iomem | ||
27 | blacklist /proc/ioports | ||
28 | blacklist /proc/irq | ||
29 | blacklist /proc/kallsyms | ||
30 | blacklist /proc/kcore | ||
31 | blacklist /proc/keys | ||
32 | blacklist /proc/key-users | ||
33 | blacklist /proc/kmsg | ||
34 | blacklist /proc/kpagecgroup | ||
35 | blacklist /proc/kpagecount | ||
36 | blacklist /proc/kpageflags | ||
37 | blacklist /proc/latency_stats | ||
38 | #blacklist /proc/loadavg | ||
39 | blacklist /proc/locks | ||
40 | blacklist /proc/mdstat | ||
41 | #blacklist /proc/meminfo | ||
42 | blacklist /proc/misc | ||
43 | #blacklist /proc/modules | ||
44 | #blacklist /proc/mounts | ||
45 | blacklist /proc/mtrr | ||
46 | #blacklist /proc/net | ||
47 | blacklist /proc/partitions | ||
48 | blacklist /proc/pressure | ||
49 | blacklist /proc/sched_debug | ||
50 | blacklist /proc/schedstat | ||
51 | blacklist /proc/scsi | ||
52 | #blacklist /proc/self | ||
53 | blacklist /proc/slabinfo | ||
54 | blacklist /proc/softirqs | ||
55 | blacklist /proc/spl | ||
56 | #blacklist /proc/stat | ||
57 | blacklist /proc/swaps | ||
58 | #blacklist /proc/sys | ||
59 | blacklist /proc/sysrq-trigger | ||
60 | blacklist /proc/sysvipc | ||
61 | #blacklist /proc/thread-self | ||
62 | blacklist /proc/timer_list | ||
63 | blacklist /proc/tty | ||
64 | #blacklist /proc/uptime | ||
65 | #blacklist /proc/version | ||
66 | blacklist /proc/version_signature | ||
67 | blacklist /proc/vmallocinfo | ||
68 | #blacklist /proc/vmstat | ||
69 | #blacklist /proc/zoneinfo | ||
70 | |||
71 | blacklist /proc/sys/abi | ||
72 | blacklist /proc/sys/crypto | ||
73 | blacklist /proc/sys/debug | ||
74 | blacklist /proc/sys/dev | ||
75 | blacklist /proc/sys/fs | ||
76 | blacklist /proc/sys/net | ||
77 | blacklist /proc/sys/user | ||
78 | blacklist /proc/sys/vm | ||
79 | |||
80 | noblacklist /proc/sys/kernel/osrelease | ||
81 | noblacklist /proc/sys/kernel/yama | ||
82 | blacklist /proc/sys/*/* | ||
diff --git a/etc/profile-a-l/jumpnbump-menu.profile b/etc/profile-a-l/jumpnbump-menu.profile index 8d391b90f..59d762f55 100644 --- a/etc/profile-a-l/jumpnbump-menu.profile +++ b/etc/profile-a-l/jumpnbump-menu.profile | |||
@@ -10,7 +10,7 @@ include jumpnbump-menu.local | |||
10 | # Allow python (blacklisted by disable-interpreters.inc) | 10 | # Allow python (blacklisted by disable-interpreters.inc) |
11 | include allow-python3.inc | 11 | include allow-python3.inc |
12 | 12 | ||
13 | private-bin jumpnbump-menu,python3* | 13 | private-bin env,jumpnbump-menu,python3* |
14 | 14 | ||
15 | # Redirect | 15 | # Redirect |
16 | include jumpnbump.profile | 16 | include jumpnbump.profile |
diff --git a/etc/profile-m-z/tremulous.profile b/etc/profile-m-z/tremulous.profile index 4e16df553..96541ae25 100644 --- a/etc/profile-m-z/tremulous.profile +++ b/etc/profile-m-z/tremulous.profile | |||
@@ -8,6 +8,9 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.tremulous | 9 | noblacklist ${HOME}/.tremulous |
10 | 10 | ||
11 | # Allow /bin/sh (blacklisted by disable-shell.inc) | ||
12 | include allow-bin-sh.inc | ||
13 | |||
11 | include disable-common.inc | 14 | include disable-common.inc |
12 | include disable-devel.inc | 15 | include disable-devel.inc |
13 | include disable-exec.inc | 16 | include disable-exec.inc |
@@ -41,7 +44,7 @@ shell none | |||
41 | tracelog | 44 | tracelog |
42 | 45 | ||
43 | disable-mnt | 46 | disable-mnt |
44 | private-bin tremded,tremulous,tremulous-wrapper | 47 | private-bin env,sh,tremded,tremulous,tremulous-wrapper |
45 | private-cache | 48 | private-cache |
46 | private-dev | 49 | private-dev |
47 | private-tmp | 50 | private-tmp |
diff --git a/etc/profile-m-z/warsow.profile b/etc/profile-m-z/warsow.profile index b57f9ba1d..2f818b733 100644 --- a/etc/profile-m-z/warsow.profile +++ b/etc/profile-m-z/warsow.profile | |||
@@ -11,6 +11,9 @@ ignore noexec ${HOME} | |||
11 | noblacklist ${HOME}/.cache/warsow-2.1 | 11 | noblacklist ${HOME}/.cache/warsow-2.1 |
12 | noblacklist ${HOME}/.local/share/warsow-2.1 | 12 | noblacklist ${HOME}/.local/share/warsow-2.1 |
13 | 13 | ||
14 | # Allow /bin/sh (blacklisted by disable-shell.inc) | ||
15 | include allow-bin-sh.inc | ||
16 | |||
14 | include disable-common.inc | 17 | include disable-common.inc |
15 | include disable-devel.inc | 18 | include disable-devel.inc |
16 | include disable-exec.inc | 19 | include disable-exec.inc |
@@ -39,13 +42,13 @@ noroot | |||
39 | notv | 42 | notv |
40 | nou2f | 43 | nou2f |
41 | novideo | 44 | novideo |
42 | protocol unix,inet,inet6 | 45 | protocol unix,inet,inet6,netlink |
43 | seccomp | 46 | seccomp |
44 | shell none | 47 | shell none |
45 | tracelog | 48 | tracelog |
46 | 49 | ||
47 | disable-mnt | 50 | disable-mnt |
48 | private-bin warsow | 51 | private-bin basename,bash,dirname,sed,sh,uname,warsow |
49 | private-cache | 52 | private-cache |
50 | private-dev | 53 | private-dev |
51 | private-tmp | 54 | private-tmp |
diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 7628313e0..44197b547 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template | |||
@@ -116,6 +116,7 @@ include globals.local | |||
116 | #include disable-devel.inc | 116 | #include disable-devel.inc |
117 | #include disable-exec.inc | 117 | #include disable-exec.inc |
118 | #include disable-interpreters.inc | 118 | #include disable-interpreters.inc |
119 | #include disable-proc.inc | ||
119 | #include disable-programs.inc | 120 | #include disable-programs.inc |
120 | #include disable-shell.inc | 121 | #include disable-shell.inc |
121 | #include disable-write-mnt.inc | 122 | #include disable-write-mnt.inc |