From c2a22e2a1d4eea6f41b2dee967c95842ad7f8372 Mon Sep 17 00:00:00 2001 From: David Thole Date: Sat, 1 Jun 2019 06:37:04 -0500 Subject: Adding blacklist for teams-for-linux --- etc/disable-programs.inc | 3 +++ 1 file changed, 3 insertions(+) (limited to 'etc/disable-programs.inc') diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index eb0f73ba2..a3fac50bb 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -745,3 +745,6 @@ blacklist /var/games/slashem blacklist /var/games/vulturesclaw blacklist /var/games/vultureseye blacklist /var/lib/games/Maelstrom-Scores + +# ${HOME}/.config directory +blacklist ${HOME}/.config/teams-for-linux \ No newline at end of file -- cgit v1.2.3-70-g09d2 From 9f60dc8901be9d2019656645698f7081c0f17984 Mon Sep 17 00:00:00 2001 From: David Thole Date: Sun, 2 Jun 2019 20:49:49 -0500 Subject: Narrowed it down that I can use shell none, but can't use private-tmp --- etc/disable-programs.inc | 2 +- etc/teams-for-linux.profile | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) (limited to 'etc/disable-programs.inc') diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index a3fac50bb..debef6523 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -747,4 +747,4 @@ blacklist /var/games/vultureseye blacklist /var/lib/games/Maelstrom-Scores # ${HOME}/.config directory -blacklist ${HOME}/.config/teams-for-linux \ No newline at end of file +blacklist ${HOME}/.config/teams-for-linux diff --git a/etc/teams-for-linux.profile b/etc/teams-for-linux.profile index 3cbf6f709..4a3874281 100644 --- a/etc/teams-for-linux.profile +++ b/etc/teams-for-linux.profile @@ -26,8 +26,7 @@ nou2f novideo protocol unix,inet,inet6,netlink seccomp -# shell none -# tracelog +shell none private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh,teams-for-linux private-dev -- cgit v1.2.3-70-g09d2 From 46c8b9377bc698e0662644aa6dcef0e7f9bf45e6 Mon Sep 17 00:00:00 2001 From: David Thole Date: Mon, 3 Jun 2019 19:52:57 -0500 Subject: Applying recent changes requested --- etc/disable-programs.inc | 3 +-- etc/teams-for-linux.profile | 23 +++++++++++------------ 2 files changed, 12 insertions(+), 14 deletions(-) (limited to 'etc/disable-programs.inc') diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index debef6523..aa1205549 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -597,6 +597,7 @@ blacklist ${HOME}/.surf blacklist ${HOME}/.sword blacklist ${HOME}/.sylpheed-2.0 blacklist ${HOME}/.synfig +blacklist ${HOME}/.config/teams-for-linux blacklist ${HOME}/.tconn blacklist ${HOME}/.teeworlds blacklist ${HOME}/.thunderbird @@ -746,5 +747,3 @@ blacklist /var/games/vulturesclaw blacklist /var/games/vultureseye blacklist /var/lib/games/Maelstrom-Scores -# ${HOME}/.config directory -blacklist ${HOME}/.config/teams-for-linux diff --git a/etc/teams-for-linux.profile b/etc/teams-for-linux.profile index 3df0e6027..51a76bad4 100644 --- a/etc/teams-for-linux.profile +++ b/etc/teams-for-linux.profile @@ -6,21 +6,22 @@ include teams-for-linux.local # Persistent global definitions include globals.local -caps.drop all - -mkdir ${HOME}/.config/teams-for-linux -whitelist ${HOME}/.config/teams-for-linux noblacklist ${HOME}/.config/teams-for-linux -include whitelist-common.inc -include whitelist-var-common.inc include disable-common.inc include disable-devel.inc -include disable-passwdmgr.inc -include disable-interpreters.inc include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc include disable-programs.inc +mkdir ${HOME}/.config/teams-for-linux +whitelist ${HOME}/.config/teams-for-linux +whitelist ${DOWNLOADS} +include whitelist-common.inc +include whitelist-var-common.inc + +caps.drop all netfilter nodvd nogroups @@ -33,11 +34,9 @@ protocol unix,inet,inet6,netlink seccomp shell none +disable-mnt private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh,teams-for-linux +private-cache private-dev private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf private-tmp -private-cache -disable-mnt - - -- cgit v1.2.3-70-g09d2