From 508dc3ae991e6f0418eaf42babaf5de6db4f7cd9 Mon Sep 17 00:00:00 2001
From: Kelvin <kmk3.code@protonmail.com>
Date: Sun, 20 Dec 2020 00:03:33 +0000
Subject: disable-common.inc: add missing dns tools (#3828)

Add the missing binaries in the DNS section, as suggested by @glitsj16:
https://github.com/netblue30/firejail/pull/3810#issuecomment-742920539

Packages and their relevant binaries:

* bind: dnssec-*
* knot: khost
* unbound: unbound-host
---
 etc/inc/disable-common.inc | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'etc/inc')

diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index 2b56bb5be..d88506d90 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -517,16 +517,19 @@ blacklist /proc/config.gz
 blacklist ${PATH}/dig
 blacklist ${PATH}/dlint
 blacklist ${PATH}/dns2tcp
+blacklist ${PATH}/dnssec-*
 blacklist ${PATH}/dnswalk
 blacklist ${PATH}/drill
 blacklist ${PATH}/host
 blacklist ${PATH}/iodine
 blacklist ${PATH}/kdig
+blacklist ${PATH}/khost
 blacklist ${PATH}/knsupdate
 blacklist ${PATH}/ldns-*
 blacklist ${PATH}/ldnsd
 blacklist ${PATH}/nslookup
 blacklist ${PATH}/resolvectl
+blacklist ${PATH}/unbound-host
 
 # rest of ${RUNUSER}
 blacklist ${RUNUSER}/*.lock
-- 
cgit v1.2.3-54-g00ecf