From 6da539894c7ecbcf43d3e9910c90f25ea5eb662d Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Wed, 26 Jun 2019 18:50:46 +0000
Subject: Hardening a few profiles (#2800)

* Harden curl.profile

* Harden dnscrypt-proxy.profile

* Harden unbound.profile

* Harden unbound.profile
---
 etc/dnscrypt-proxy.profile | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'etc/dnscrypt-proxy.profile')

diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
index ae248f2e8..169b23f5f 100644
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@@ -13,19 +13,24 @@ blacklist /tmp/.X11-unix
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
 caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
+ipc-namespace
+machine-id
 no3d
+nodbus
 nodvd
 nonewprivs
 nosound
 notv
 nou2f
 novideo
+protocol inet,inet6
 seccomp.drop _sysctl,acct,add_key,adjtimex,clock_adjtime,delete_module,fanotify_init,finit_module,get_mempolicy,init_module,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioperm,iopl,kcmp,kexec_file_load,kexec_load,keyctl,lookup_dcookie,mbind,migrate_pages,modify_ldt,mount,move_pages,open_by_handle_at,perf_event_open,perf_event_open,pivot_root,process_vm_readv,process_vm_writev,ptrace,remap_file_pages,request_key,set_mempolicy,swapoff,swapon,sysfs,syslog,umount2,uselib,vmsplice
 
 disable-mnt
-- 
cgit v1.2.3-70-g09d2