From 913ab0b418c561ab29d78ef4b689eaf75c3f5d8c Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Sun, 16 Jun 2019 13:42:48 +0200 Subject: consequent order of writable-* --- etc/kmail.profile | 5 ++--- etc/kopete.profile | 2 +- etc/less.profile | 2 +- etc/mutt.profile | 2 +- etc/ssh.profile | 2 +- etc/tar.profile | 4 ++-- etc/tor.profile | 2 +- etc/unbound.profile | 2 +- 8 files changed, 10 insertions(+), 11 deletions(-) diff --git a/etc/kmail.profile b/etc/kmail.profile index 009b2c063..0b602c79a 100644 --- a/etc/kmail.profile +++ b/etc/kmail.profile @@ -53,9 +53,8 @@ protocol unix,inet,inet6,netlink # we need to allow chroot, io_getevents, ioprio_set, io_setup, io_submit system calls seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice # tracelog -# writable-run-user is needed for signing and encrypting emails -writable-run-user private-dev # private-tmp - interrupts connection to akonadi, breaks opening of email attachments - +# writable-run-user is needed for signing and encrypting emails +writable-run-user diff --git a/etc/kopete.profile b/etc/kopete.profile index 5e931ddac..e0bdce059 100644 --- a/etc/kopete.profile +++ b/etc/kopete.profile @@ -31,8 +31,8 @@ notv nou2f protocol unix,inet,inet6,netlink seccomp -writable-var private-dev private-tmp +writable-var diff --git a/etc/less.profile b/etc/less.profile index bc85e5ad5..897d38b9d 100644 --- a/etc/less.profile +++ b/etc/less.profile @@ -34,7 +34,6 @@ protocol unix seccomp shell none tracelog -writable-var-log # The user can have a custom coloring script configured in ${HOME}/.lessfilter. # Enable private-bin and private-lib if you are not using any filter. @@ -42,5 +41,6 @@ writable-var-log # private-lib private-cache private-dev +writable-var-log memory-deny-write-execute diff --git a/etc/mutt.profile b/etc/mutt.profile index 419e17e95..c424dbb85 100644 --- a/etc/mutt.profile +++ b/etc/mutt.profile @@ -54,6 +54,6 @@ novideo protocol unix,inet,inet6 seccomp shell none -writable-run-user private-dev +writable-run-user diff --git a/etc/ssh.profile b/etc/ssh.profile index 17d286b18..ce0e54a0d 100644 --- a/etc/ssh.profile +++ b/etc/ssh.profile @@ -37,6 +37,6 @@ tracelog private-cache private-dev # private-tmp # Breaks when exiting +writable-run-user memory-deny-write-execute -writable-run-user diff --git a/etc/tar.profile b/etc/tar.profile index 71f7414bc..7e1fa8b92 100644 --- a/etc/tar.profile +++ b/etc/tar.profile @@ -43,7 +43,7 @@ private-cache private-dev private-etc alternatives,group,localtime,passwd private-lib libfakeroot - -memory-deny-write-execute # Debian based distributions need this for 'dpkg --unpack' (incl. synaptic) writable-var + +memory-deny-write-execute diff --git a/etc/tor.profile b/etc/tor.profile index e896b609a..13d071635 100644 --- a/etc/tor.profile +++ b/etc/tor.profile @@ -40,7 +40,6 @@ novideo protocol unix,inet,inet6 seccomp shell none -writable-var disable-mnt private @@ -49,3 +48,4 @@ private-cache private-dev private-etc alternatives,ca-certificates,crypto-policies,passwd,pki,ssl,tor private-tmp +writable-var diff --git a/etc/unbound.profile b/etc/unbound.profile index 50304d223..e152ee7ea 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile @@ -30,11 +30,11 @@ notv nou2f novideo seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice -writable-var disable-mnt private private-dev +writable-var # mdwe can break modules/plugins memory-deny-write-execute -- cgit v1.2.3-70-g09d2