From aa2bdffc4b4d0437dd710a70546c87b8f882b100 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Tue, 12 Mar 2019 20:44:51 +0000
Subject: add disable-exec.inc to all profiles with apparmor (#2576)

* add disable-exec.inc to all profiles with apparmor - #2385 #2505

* drop disable-exec.inc from generic electron.profile
---
 etc/disable-exec.inc | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 etc/disable-exec.inc

(limited to 'etc/disable-exec.inc')

diff --git a/etc/disable-exec.inc b/etc/disable-exec.inc
new file mode 100644
index 000000000..c535af7d4
--- /dev/null
+++ b/etc/disable-exec.inc
@@ -0,0 +1,11 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include disable-exec.local
+
+noexec ${HOME}
+noexec ${RUNUSER}
+noexec /dev/shm
+noexec /tmp
+# /var/tmp is noexec by default
+# just in case there is a keep-var-tmp option:
+noexec /var/tmp
-- 
cgit v1.2.3-54-g00ecf