From 947337b257612a0291f883149f1e001ccf26112b Mon Sep 17 00:00:00 2001
From: rusty-snake <print_hello_world+Public@protonmail.com>
Date: Sat, 13 Apr 2019 12:23:22 +0200
Subject: More disable-exec and hardening

---
 README              |  4 ++--
 etc/default.profile |  3 +++
 etc/display.profile |  1 +
 etc/etr.profile     | 11 +++++++++--
 etc/feh.profile     |  1 +
 5 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/README b/README
index 6f3342650..8aa1bf691 100644
--- a/README
+++ b/README
@@ -547,11 +547,11 @@ rusty-snake (https://github.com/rusty-snake)
 	- added profiles: kid3-qt, kid3-cli, anki, utox
 	- fixed profiles: kdenlive, bibletime, rhythmbox, gajim, seahorse
 	- fixed profiles: libreoffice, gnome-maps, wget, seahorse-tool
-	- fixed profiles: gnome-logs, klavaro
+	- fixed profiles: gnome-logs, klavaro, default
 	- hardened profiles: disable-common.inc, disable-programs.inc
 	- hardened profiles: gajim, evince, ffmpeg, feh-network.inc, qtox
 	- hardened profiles: gnome-clocks, meld, minetest, youtube-dl
-	- hardened profiles: bibletime, whois
+	- hardened profiles: bibletime, whois, etr, display, feh
 	- gnome-mpv was renamed to celluloid
 	- updates for ~/.cargo and ~/.python-history
 Salvo 'LtWorf' Tomaselli (https://github.com/ltworf)
diff --git a/etc/default.profile b/etc/default.profile
index 3eacf9546..95a6e8095 100644
--- a/etc/default.profile
+++ b/etc/default.profile
@@ -19,6 +19,8 @@ include disable-programs.inc
 # apparmor
 caps.drop all
 # ipc-namespace
+# machine-id
+# net none
 netfilter
 # no3d
 # nodbus
@@ -33,6 +35,7 @@ noroot
 protocol unix,inet,inet6
 seccomp
 # shell none
+# tracelog
 
 # disable-mnt
 # private
diff --git a/etc/display.profile b/etc/display.profile
index e66fa3ae9..0bab32db1 100644
--- a/etc/display.profile
+++ b/etc/display.profile
@@ -17,6 +17,7 @@ noblacklist /usr/local/lib/python3*
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
diff --git a/etc/etr.profile b/etc/etr.profile
index cf13a42de..d93d3de63 100644
--- a/etc/etr.profile
+++ b/etc/etr.profile
@@ -8,14 +8,18 @@ include globals.local
 noblacklist ${HOME}/.etr
 
 include disable-common.inc
+include disable-exec.inc
+include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-xdg.inc
 
 mkdir ${HOME}/.etr
 whitelist ${HOME}/.etr
 include whitelist-common.inc
 include whitelist-var-common.inc
 
+apparmor
 caps.drop all
 net none
 nodbus
@@ -28,8 +32,11 @@ nou2f
 protocol unix,netlink
 seccomp
 shell none
+tracelog
 
-# private-bin etr
+disable-mnt
+private-bin etr
+private-cache
 private-dev
-# private-etc alternatives
+# private-etc alternatives,drirc,machine-id,openal
 private-tmp
diff --git a/etc/feh.profile b/etc/feh.profile
index f020bace5..6a8071c28 100644
--- a/etc/feh.profile
+++ b/etc/feh.profile
@@ -8,6 +8,7 @@ include globals.local
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
-- 
cgit v1.2.3-70-g09d2