From 097aba97d8cb0a848f1f21018f65c58d48ef3cb2 Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Thu, 14 Mar 2019 12:01:43 +0000
Subject: Hardening compressors (#2594)

* Harden atool

* Harden cpio

* Fix ordering in private-* options

* Harden gzip

* Harden tar

* Harden bsdtar

* Harden+ tar

* Harden+ gzip

* Harden+ cpio

* Create bzip2.profile

* Description for bunzip2

* Add bzip2/bunzip2 to firecfg
---
 etc/atool.profile | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'etc/atool.profile')

diff --git a/etc/atool.profile b/etc/atool.profile
index c82108cef..b17498e9d 100644
--- a/etc/atool.profile
+++ b/etc/atool.profile
@@ -18,15 +18,21 @@ noblacklist /usr/share/perl*
 
 include disable-common.inc
 # include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
+apparmor
 caps.drop all
-netfilter
+hostname atool
+ipc-namespace
+machine-id
 net none
+netfilter
 no3d
 nodvd
+nodbus
 nogroups
 nonewprivs
 noroot
@@ -39,9 +45,11 @@ seccomp
 shell none
 tracelog
 
+# private-bin atool,perl
 private-cache
-# private-bin atool
 private-dev
 # without login.defs atool complains and uses UID/GID 1000 by default
 private-etc alternatives,passwd,group,login.defs
 private-tmp
+
+memory-deny-write-execute
-- 
cgit v1.2.3-70-g09d2